8DG42227LAA - V1 - 1350 OMS Administration Guide Vol 1 - Common Tools and Processes (R9.6)

Title page
1350 OMS | 9.6

1350 OMS Administration Guide, Vol 1: Common Tools and Processes
8DG42227LAAA-Vol1
Issue 3 | September 2014
Legal notice
Legal notice
Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective
owners.
The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein.
Copyright © 2014 Alcatel-Lucent. All rights reserved.
Notice
Every effort was made to ensure that the information in this document was complete and accurate at the time of printing. However, information is subject to
change.
Warranty
Alcatel-Lucent provides a limited warranty for this product. For more information, consult your local Alcatel-Lucent customer support team.
Ordering information
The ordering number for this document is 8DG42227LAAA-Vol1. To order 1350 OMS information products, contact your local Alcatel-Lucent customer
support team.
Technical support
For technical support, contact your local customer service support team. You can reach them via the Web at the Alcatel-Lucent Customer Support web site
(http://www.alcatel-lucent.com/support) or the customer support telephone number listed at the Alcatel-Lucent Contact Us web site (http://www.alcatel-
lucent.com/contact).
Information product support
For questions or concerns about this or any other Alcatel-Lucent information product, please contact us at one of the following numbers: (888) 727 3615 (for
the continental United States) · +1 (630) 713 5000 (for all countries).
Contents
About this document

Purpose ............................................................................................................................................................................................ xv
xv
What's new ..................................................................................................................................................................................... xv

xv
Safety information ....................................................................................................................................................................... xv

xv
Intended audience ........................................................................................................................................................................ xv

xv
Conceptual and task content ................................................................................................................................................... xvi

xvi
Format of task content .............................................................................................................................................................. xvi

xvi
Typographical conventions used for content .................................................................................................................. xvii
Marking conventions used for content .............................................................................................................................. xvii
Technical content ...................................................................................................................................................................... xvii

xvii
Treatment of terms .................................................................................................................................................................. xviii

xviii
Related documentation .......................................................................................................................................................... xviii

xviii
Document formats ....................................................................................................................................................................... xx

xx
On-line help ................................................................................................................................................................................... xx

xx
Ordering information ................................................................................................................................................................. xx

xx
How to comment .......................................................................................................................................................................... xx

xx
1 Product and Administration Overview
Overview ...................................................................................................................................................................................... 1-1

1-1
1350 OMS Overview ............................................................................................................................................................... 1-2

1-2
1350 OMS Modules for System Resiliency and Northbound Communication ................................................. 1-6
1-6
ANTP ............................................................................................................................................................................................ 1-7

1-7
Common Security and Access .............................................................................................................................................. 1-8

1-8
....................................................................................................................................................................................................................................
1350 OMS iii
8DG42227LAAA-Vol1 9.6
Issue 3 September 2014
Contents
....................................................................................................................................................................................................................................
System Administrator Responsibilities ........................................................................................................................... 1-10
1-10
2 Applications and Their Instances and Virtual Machines
Overview ...................................................................................................................................................................................... 2-1

2-1
Instance and Virtual Machine Overview .......................................................................................................................... 2-2

2-2
Remove an Instance of an Application ............................................................................................................................. 2-4

2-4
Free System Resources Used by an Application Instance ......................................................................................... 2-6

2-6
3 Configurations
Overview ...................................................................................................................................................................................... 3-1

3-1
Configuration Preparation ..................................................................................................................................................... 3-2

3-2
1350 OMS EML IP Configuration ..................................................................................................................................... 3-4

3-4
Static Routing Configurations .............................................................................................................................................. 3-5

3-5
Routing Configurations for Client Applications ............................................................................................................ 3-9

3-9
Multi-LAN Configurations ................................................................................................................................................. 3-11

3-11
4 Node Name Management for the HP-UX Platform
Overview ...................................................................................................................................................................................... 4-1

4-1
Node Name Management Tool ............................................................................................................................................ 4-2

4-2
Establish a Group and Initialize Node Name Management Persistent Data ....................................................... 4-6
4-6
Add a New Member to the Group ...................................................................................................................................... 4-7

4-7
Add a New External Node to the Group ........................................................................................................................ 4-10

4-10
Remove a Member from a Group ..................................................................................................................................... 4-12

4-12
List the Database Contents of a Group Member Node ............................................................................................. 4-14

4-14
Align All Group Member Nodes to a Specified Member Node ............................................................................ 4-15
4-15
Align One Group Member Node to Another Group Member Node .................................................................... 4-16
4-16
Open Two Groups for Communication .......................................................................................................................... 4-17

4-17
Import Node Information Between Two Different Groups ..................................................................................... 4-19

4-19
Merge Nodes in Two Groups into One Group ............................................................................................................. 4-21

4-21
Change the IP Address of a Remote Node .................................................................................................................... 4-23

4-23
Change the IP Address of the Current/Local Node .................................................................................................... 4-26

4-26
....................................................................................................................................................................................................................................
iv 1350 OMS
Contents
....................................................................................................................................................................................................................................
Change the Hostname of a Remote Node ...................................................................................................................... 4-29
4-29
Change the Hostname of the Current/Local Node ..................................................................................................... 4-32

4-32
Change the Subnetwork Mask ........................................................................................................................................... 4-35

4-35
Change the Gateway IP Address and Hostname ......................................................................................................... 4-36

4-36
Add a Server to the Current DNS Configuration ........................................................................................................ 4-38

4-38
Change a Server in the Current DNS Configuration ................................................................................................. 4-40

4-40
Remove a Server from the Current DNS Configuration .......................................................................................... 4-42

4-42
5 HP-UX Platform System Backup and Restore
Overview ...................................................................................................................................................................................... 5-1

5-1
Backup and Restore Overview ............................................................................................................................................. 5-2

5-2
scbackup Overview .................................................................................................................................................................. 5-3

5-3
Backup Strategies ..................................................................................................................................................................... 5-6

5-6
Backup Tape Sets ...................................................................................................................................................................... 5-8

5-8
Backup Restrictions and Requirements .......................................................................................................................... 5-10

5-10
Troubleshoot a Backup ......................................................................................................................................................... 5-11

5-11
Restore and screstore ............................................................................................................................................................ 5-13

5-13
Troubleshoot a Restore ......................................................................................................................................................... 5-15

5-15
Mirror Configurations ........................................................................................................................................................... 5-20

5-20
Run scdisk_read_check to Read and Check the Disk ............................................................................................. 5-21

5-21
Perform a Tape Check .......................................................................................................................................................... 5-23

5-23
Run scbackup for a Local Disk or an Application Instance Backup ................................................................... 5-24
5-24
Run scbackup Using a Disk Directory as the Supporting Output Media ........................................................... 5-29
5-29
Verify the Readability of the fbackup Tape .................................................................................................................. 5-33

5-33
Boot from the IRT for PA-RISC Servers ....................................................................................................................... 5-34

5-34
Boot from the IRT for Itanium Servers .......................................................................................................................... 5-37

5-37
Run screstore to Restore Data from the fbackup Media .......................................................................................... 5-45
5-45
Run the scmirrorfs Tool to Set Up the Mirrored Configuration ............................................................................ 5-52
5-52
6 Red Hat Enterprise Linux Backup and Restore
Overview ...................................................................................................................................................................................... 6-1

6-1
....................................................................................................................................................................................................................................
1350 OMS v
Contents
....................................................................................................................................................................................................................................
Backup and Restore for the Server Host .......................................................................................................................... 6-2
6-2
Restore a Backup Created with scbackup ........................................................................................................................ 6-7

6-7
Troubleshoot the Could not mount device(s) Error Message ................................................................................. 6-12
6-12
Backup and Restore of Virtual Machines ...................................................................................................................... 6-14

6-14
Full Backup and Restore Example - scVMBackup Execution on a NFS Mounted File System .............. 6-16
6-16
Full Backup and Restore Example - VM Restore from NFS Mounted File System ..................................... 6-18
6-18
Full Backup and Restore Example - Backup/Restore to/from USB Disk ......................................................... 6-20
6-20
Backup/Restore Best Practices .......................................................................................................................................... 6-23

6-23
Mount USB Keys And Hard Disks .................................................................................................................................. 6-24

6-24
7 Mirror Disks for the HP-UX Platform
Overview ...................................................................................................................................................................................... 7-1

7-1
Mirrored Disk Overview ........................................................................................................................................................ 7-2

7-2
Install the Mirror Disk/UX .................................................................................................................................................... 7-4

7-4
Configure Disk Fault Protection with Mirror Disk/UX® .......................................................................................... 7-6

7-6
8 Network Depot for the HP-UX Platform and Application Software
Overview ...................................................................................................................................................................................... 8-1

8-1
Network Depot Overview ...................................................................................................................................................... 8-2

8-2
Run scbuilddepot to Create or Update the HP-UX Platform Software Depot ................................................... 8-4
8-4
Add Software to the HP-UX Platform Software Depot .............................................................................................. 8-7

8-7
Create the Application Software Depot ............................................................................................................................ 8-8

8-8
Edit the .rhosts file to Authorize Access to the Application Software Depot ................................................... 8-10
8-10
9 General Operations
Overview ...................................................................................................................................................................................... 9-1

9-1
Restart the HP® Servers ......................................................................................................................................................... 9-2

9-2
Decompress a Compressed .gz File ................................................................................................................................... 9-5

9-5
10 Security
Overview ................................................................................................................................................................................... 10-1

10-1
Security Overview ................................................................................................................................................................. 10-2

10-2
....................................................................................................................................................................................................................................
vi 1350 OMS
Contents
....................................................................................................................................................................................................................................
Security Banners ..................................................................................................................................................................... 10-8
10-8
Security Profiles ................................................................................................................................................................... 10-11

10-11
Web Portal Macro Functions and Default User Profiles ........................................................................................ 10-14
10-14
PMC Management Macro Functions and Default User Profiles ........................................................................ 10-15
10-15
Session Management Macro Functions and Default User Profiles ................................................................... 10-16
10-16
Alarm and FM Related Macro Functions and Default User Profiles ................................................................ 10-17
10-17
User Management Macro Functions and Default User Profiles ......................................................................... 10-19
10-19
SMF Macro Functions and Default User Profiles .................................................................................................... 10-20

10-20
Log Files ................................................................................................................................................................................. 10-23

10-23
Audit Files for the HP-UX Platform ............................................................................................................................. 10-27

10-27
Sample security.parms File ............................................................................................................................................... 10-29

10-29
System Security Parameters ............................................................................................................................................. 10-32

10-32
Prepare to Set Up Security ............................................................................................................................................... 10-42

10-42
Set Up Security with Any Profile ................................................................................................................................... 10-44

10-44
Change a Manufacturer's Default Passwords ............................................................................................................ 10-46

10-46
Verify and Kill Processes on the HP-UX Platform .................................................................................................. 10-48

10-48
Remove Security .................................................................................................................................................................. 10-50

10-50
Troubleshoot and Fix /etc/passwd File Problems on the HP-UX Platform .................................................... 10-51
10-51
Authorize Access to the Depot Machine on the HP-UX Platform ..................................................................... 10-53
10-53
11 HP® Printer Configurations for HP® Servers
Overview ................................................................................................................................................................................... 11-1

11-1
HP® Printer Configuration Overview .............................................................................................................................. 11-2

11-2
Configure an HP® Printer in the Local Spooler Queue ............................................................................................ 11-3

11-3
Start the HP-UX System Spooler ..................................................................................................................................... 11-8

11-8
Configure an HP® Printer upon Booting from the Local System ......................................................................... 11-9
11-9
12 Troubleshooting
Overview ................................................................................................................................................................................... 12-1

12-1
....................................................................................................................................................................................................................................
1350 OMS vii
Contents
....................................................................................................................................................................................................................................
General Troubleshooting
Troubleshooting ...................................................................................................................................................................... 12-3

12-3
Ping a Node .............................................................................................................................................................................. 12-6

12-6
Activate the KDC Log on the HP-UX Platform ......................................................................................................... 12-8

12-8
Deactivate the KDC Log on the HP-UX Platform .................................................................................................. 12-10

12-10
Action to avoid raising of Java Security Warning .................................................................................................... 12-11

12-11
System / Environment
Overview ................................................................................................................................................................................. 12-12

12-12
OS Percentage Usage ......................................................................................................................................................... 12-13

12-13
Manage Semaphores ........................................................................................................................................................... 12-14

12-14
Unlock the Login to the 1350 OMS .............................................................................................................................. 12-15

12-15
Add Nodes to the 1350 OMS Kerberos System Configuration .......................................................................... 12-16
12-16
System Installation and Customization
Overview ................................................................................................................................................................................. 12-18

12-18
Troubleshoot 1350 OMS System License Problems .............................................................................................. 12-19

12-19
Remove the WDM Component from the 1350 OMS ............................................................................................. 12-21
12-21
Product Installation
Troubleshoot Product Installation Failures (no space/file busy) ........................................................................ 12-23

12-23
Configure and Test the Centralized User DB in a Distributed Environment ................................................. 12-26
12-26
Product Customization
Overview ................................................................................................................................................................................. 12-37

12-37
Customize a 1350 OMS Component while Other Components Are Running ............................................. 12-38
12-38
Perform a Manual Customization/De-customization (without using the Install Wizard) ......................... 12-40
12-40
Perform a Fast Customization of the MS-GUI Package ........................................................................................ 12-42

12-42
Customizing WDM to Exclude the Remote eOMS ................................................................................................ 12-44

12-44
System Applications Management
PMC2 Process Monitoring ............................................................................................................................................... 12-45

12-45
SAS, UDM, LDAP .............................................................................................................................................................. 12-48

12-48
....................................................................................................................................................................................................................................
viii 1350 OMS
Contents
....................................................................................................................................................................................................................................
Web Desktop Administration ........................................................................................................................................... 12-51
12-51
Cannot Connect to the Authentication Server ........................................................................................................... 12-61

12-61
Work Arounds for the MS-GUI ...................................................................................................................................... 12-63

12-63
Work Arounds for Database Management .................................................................................................................. 12-67

12-67
General Work Arounds for Application Problems ................................................................................................... 12-69

12-69
Work Arounds for File System Management ............................................................................................................ 12-71

12-71
NMA Basic Debug/Configuration Notes
Logging .................................................................................................................................................................................... 12-73

12-73
Configuration ......................................................................................................................................................................... 12-76

12-76
13 GSP and MP Configuration
Overview ................................................................................................................................................................................... 13-1

13-1
GSP and MP Overview ........................................................................................................................................................ 13-2

13-2
Configure the GSP ................................................................................................................................................................. 13-3

13-3
Verify Access to the GSP LAN Console ...................................................................................................................... 13-11

13-11
Access to the GSP Console .............................................................................................................................................. 13-13

13-13
Configure the MP ................................................................................................................................................................. 13-15

13-15
14 File System Management for the HP-UX Platform
Overview ................................................................................................................................................................................... 14-1

14-1
File System Management Overview ............................................................................................................................... 14-2

14-2
File System Management Tools ........................................................................................................................................ 14-3

14-3
A List of Abbreviations
Abbreviations ............................................................................................................................................................................ A-1

A-1
Index
....................................................................................................................................................................................................................................
1350 OMS ix
Contents
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
x 1350 OMS
List of tables
10-1 HP-UX and RHEL System Security Parameters ....................................................................................... 10-33
12-1 Mapping of the Server Role String to the 1350 OMS Profile .............................................................. 12-29
12-2 Common and Device Specific Configurable Parameters ....................................................................... 12-30
....................................................................................................................................................................................................................................
1350 OMS xi
List of tables
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
xii 1350 OMS
List of figures
6-1 Mondo Rescue Menu - Welcome ......................................................................................................................... 6-8
6-2 Mondo Rescue - Formatting Partitions .............................................................................................................. 6-8
6-3 Mondo Rescue - Restoring from Archives ....................................................................................................... 6-9
6-4 Mondo Rescue - Alert to Regenerate the initrd? ............................................................................................ 6-9
6-5 Mondo Rescue - Mondo Restored Your System .......................................................................................... 6-10
6-6 Mondo Rescue - Review the mondorestore.log File .................................................................................. 6-10
6-7 Mondo Rescue - OK to Disregard Kernel Panic Errors ............................................................................ 6-11
....................................................................................................................................................................................................................................
1350 OMS xiii
List of figures
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
xiv 1350 OMS
About this document
About this document
Purpose
This preface provides an overview of this information product (IP), which is the
Alcatel-Lucent 1350 OMS Administration Guide, Vol 1: Common Tools and Processes.
The purpose of the 1350 OMS Administration Guide, Vol 1: Common Tools and Processes
is to explain to system and network administrators how to administer and to maintain the
1350 OMS 9.6.
What's new
This document has been reissued on to support the 1350 OMS 9.6.
Safety information
This document does not contain any safety information (cautions or warnings) because
the 1350 OMS is a software product.
Important! When working with any hardware that is associated with any piece of
software, always refer to the safety information that the hardware manufacturer provides
for that particular piece of hardware. For example, when working with an HP® server,
refer to safety information that is provided in the HP® documentation for that server.
When working with any Alcatel-Lucent network element, refer to safety information that
is provided in the Alcatel-Lucent documentation for that particular NE.
Intended audience
The 1350 OMS Administration Guide, Vol 1: Common Tools and Processes is written
primarily for operations personnel who administer and maintain the 1350 OMS. This
document can be used by anyone who needs specific administration information about the
features, applications, and operations of the 1350 OMS. These people are you, its users.
...................................................................................................................................................................................................................................
1350 OMS xv
About this document
....................................................................................................................................................................................................................................
Conceptual and task content
In the broadest sense, this document contains the following types of content:
• Conceptual content, which is background information, is given so users can better
understand the tasks that must be performed. The presentation of conceptual
information varies according to the topic being explained—sections, subsections,
tables, figures, and screen captures can be commonly found.
• Task content, which includes step-by-step instructions, is provided so users can
administer, provision, and maintain the system. The task information is typically
presented as series of tasks that follows the conceptual information.
The conceptual information complements and enhances the step-by-step instructions that
are found in each task. To optimize the use of the conceptual and task content, users
should consider the following:
• The conceptual information should be used to broaden your general knowledge of the
network management system. It is best if you read all conceptual information and
have a good understanding of the concepts being presented before undertaking the
step-by-step instructions given in any task.
• The conceptual and task portions of the document have extensive hyperlinks. Use
these links to toggle between the two types of information presented so you can
access all pertinent information related to particular concepts and tasks.
• The task information is based on a user needs analysis that has been performed for
each management system user job; therefore, use the task information to get the job at
hand done quickly and with minimal system impact.
Format of task content

Each task consists of sections that are called When to use, Related information, Before
you begin, and Task. The intent of these sections is self-explanatory—they explain when
you should use the task, any related information that you would need to know while doing
the task, and what you need to consider or do before you start the task.
When a task does not have any related information that must be considered before it is
started, the Related information section for that task states the following:
This task does not have any related information.
When a task does not have any conditions that must be considered before it is started, the
Before you begin section for that task states the following:
This task does not have any preconditions.
Each Task section consists of steps. The completion of all steps, which are sequentially
numbered, is required for the entire task to be completed successfully. In some instances,
a step might be prefaced with the wording Optional, which indicates that the step can be
skipped and the task can still be completed successfully. A task is considered to be
completed when all of its steps are completed and when the wording End of Steps
appears.
....................................................................................................................................................................................................................................
xvi 1350 OMS
About this document
....................................................................................................................................................................................................................................
Many times, the management system affords users with multiple ways to accomplish the
same task. In these instances, this type of task gives the user several Methods of how to
accomplish the same set of steps successfully.
Typographical conventions used for content

This document uses the following typographical conventions:
• User input or path navigation on the administration and application GUIs is
identified with this type.
• User input in the UNIX® environment is identified with this
type.
• System output in the UNIX® environment is identified with
this type..
• GUI fields/parameters and their options are identified with this type.
• Document titles or words that are being defined or emphasized are identified with this
type.
Marking conventions used for content

The following convention is used to indicate a path, which is a flow of buttons and/or
menu items that you must navigated through to arrive at a destination on the GUI:
Actions > EML > Create NE
This same convention is also used to show a path through a series of menu items, for
example:
Click the filtering tool and select Node > Node Type.
All mouse selections are presumed to be left clicks. Right click mouse selections are
indicated as the following:
Right click the highlighted item and follow the path: Search > Clients.
Or, if brevity is needed, the same path could be documented as:
RClick item > Search > Clients.
Occasionally, a set of 1350 OMS features is not supported for all NEs or for all operating
components and/or environments. This set of features is clearly marked to show these
exceptions.
Technical content
In general, the technical content in this document is augmented by technical content that
is provided in other documents in this documentation set and/or in the document set of the
particular network element (NE ) or piece of hardware in the network configuration. It is
the user's responsibility to read all pertinent material in all documentation sets in order to
understand a particular concept or procedure and/or to implement the procedure in his or
her working environment.
....................................................................................................................................................................................................................................
1350 OMS xvii
About this document
....................................................................................................................................................................................................................................
This document contains information on the complete line of NEs that the 1350 OMS
supports. Each release of the 1350 OMS and its applications supports certain NEs within
the Alcatel-Lucent family of optical NEs. Mention of NEs or specific NE features in the
text of this document, or any document in the 1350 OMS documentation set, that are not
supported in this particular product release can apply to prior or future product releases.
Such material may not be currently visible or operable on the GUI and/or the server and
has been added only as a convenience for our customers. This material is subject to
change. For a list of NEs that are supported in the 1350 OMS 9.6, contact your
Alcatel-Lucent local customer service support team.
This document, or any document in the 1350 OMS documentation set, may contain
information that is related to features, service packs (SPs), maintenance releases, or other
updates that our product and its applications supported in prior releases or is to support in
the near future. This material may not be visible or operable on the supported servers
and/or GUI, and has been added only as a convenience for our customers. This material is
subject to change. For a list of all supported features for a particular release, contact your
Treatment of terms
A term that is presented in the text of this document, along with any used abbreviation for
the term, is typically defined where the term is initially introduced.
Many of the more generic terms that are defined in this document, along with the terms
that are defined in other documents in this documentation set, are also defined in the
Glossary, which is part of the 1350 OMS Getting Started Guide. We encourage our users
to rely on the Glossary for a comprehensive set of terms and any abbreviations of the
terms.
Related documentation
The following documents are related to the 1350 OMS Administration Guide, Vol 1:
Common Tools and Processes, 9.6:
1. The 1350 OMS Installation Guide (8DG42227MAAA) explains how to perform the
installation of the 1350 OMS and its components.
2. The 1350 OMS Getting Started Guide (8DG42227AAAA) explains the look-and-feel
of the 1350 OMS user and administration GUIs to new users. This document contains
a complete explanation of the 1350 OMS information product set and a glossary of
terms that is applicable to the documentation set.
3. The 1350 OMS Administration Guide (8DG42227LAAA) explains how to use the
tools and the administration GUIs to administer and maintain the element
management layer, network management layer, and service management layer of the
1350 OMS.
....................................................................................................................................................................................................................................
xviii 1350 OMS
About this document
....................................................................................................................................................................................................................................
This document consists of the following volumes:
• The 1350 OMS Administration Guide, Vol 1: Common Tools and Processes
(8DG42227LAAA-Vol1) explains how to administer and maintain the common
tools and processes that are associated with the 1350 OMS.
•
The 1350 OMS Administration Guide, Vol 2: Common GUI Functions
(8DG42227LAAA-Vol2) explains how to administer and maintain the common
administration GUIs that are associated with the 1350 OMS.
4. The 1350 OMS EML Guide (8DG42227BAAA) explains how to administer and
provision the 1350 OMS EML application of the 1350 OMS, which is the element
management layer of the 1350 OMS.
5. The 1350 OMS PKT Guide (8DG42227DAAA) explains how to administer and
provision the Packet (PKT) application of the 1350 OMS that provides Ethernet
network management layer support.
6. The 1350 OMS SDH Guide (8DG42227CAAA) explains how to administer and
provision the Synchronous Digital Hierarchy (SDH) network management layer of the
1350 OMS.
7. The 1350 OMS WDM Guide (8DG42227QAAA) explains how to administer and
provision the 1350 OMS WDM, which provides the Wavelength Division
Multiplexing (WDM) and Dense Wavelength Division Multiplexing (DWDM)
network management layer for the 1350 OMS.
8. The 1350 OMS Service Assurance Guide (8DG42227FAAA) explains alarm
management and performance monitoring for the 1350 OMS.
9. 1350 OMS CLI Reference (8DG42227KAAA) provides detailed reference material on
the Command Line Interface for the advanced user of the 1350 OMS.
10. The 1350 OMS eOMS Guide explains how to administer and provision the eOMS.
The document consists of the following volumes:
• The 1350 OMS eOMS Guide, Vol 1: Getting Started (8DG42227RAAA-Vol1)
explains the look-and-feel of the1350 OMS eOMS GUI. In addition, this
document contains a glossary of terms for the 1350 OMS eOMS set of documents.
• The 1350 OMS eOMS Guide, Vol 2: Administration (8DG42227RAAA-Vol2)
explains how to administer the 1350 OMS eOMS.
• The 1350 OMS eOMS Guide, Vol 3: Network Element Management
(8DG42227RAAA-Vol3) explains how to use the 1350 OMS eOMS to provision
and manage network elements.
• The 1350 OMS eOMS Guide, Vol 4: Connection Management (8DG42227RAAA-
Vol4) explains how to provision and manage connections in the 1350 OMS eOMS
environment of the 1350 OMS.
• The 1350 OMS eOMS Guide, Vol 5: Ethernet Management (8DG42227RAAA-
Vol5) explains how to use the Ethernet Management feature to provision and
manage Ethernet connections in the 1350 OMS eOMS environment of the 1350
OMS.
• The 1350 OMS eOMS Guide, Vol 6: Service Assurance (8DG42227RAAA-Vol6)
explains how to manage and interpret fault and performance monitoring
information that is collected from the 1350 OMS eOMS environment of the 1350
OMS.
....................................................................................................................................................................................................................................
1350 OMS xix
About this document
....................................................................................................................................................................................................................................
The 1350 OMS 9.6 also supports modules for system resiliency and northbound
communication. These modules are explained in the following documents:
• The 1350 OMS HA Guide (8DG42227GAAA) explains how to install, administer, and
use the High Availability feature.
• The 1350 OMS OI Guide (8DG42227HAAA) explains how to install, administer, and
use the Open Interfaces that are supported for the 1350 OMS.
Document formats
This document is available for use in PDF, HTML, EPUB, and MOBI formats.
On-line help
The 1350 OMS help systems are designed to consider the task that the user is performing
and to help the user complete the task.
Contact sensitive help, which defines many GUI fields, is available; and other types of
help can be accessed from the GUI menu.
Ordering information
The ordering number for this particular document is 8DG42227LAAA-Vol1. Contact
your local Alcatel-Lucent local customer service support team for details.
In addition, to order the 1350 OMS and/or any of its applications, add-on features or
upgrades, contact your local Alcatel-Lucent local customer service support team.
How to comment
To comment on this document, go to the Online Comment Form (http://infodoc.alcatel-
lucent.com/comments/) or e-mail your comments to the Comments Hotline
(comments@alcatel-lucent.com).
....................................................................................................................................................................................................................................
xx 1350 OMS
1 1roduct and
P
Administration Overview
Overview
Purpose
This chapter provides an overview of the 1350 OMS and the system administration
functions provided to maintain the 1350 OMS applications.
Contents
1350 OMS Overview 1-2

1350 OMS Modules for System Resiliency and Northbound Communication 1-6
ANTP 1-7
Common Security and Access 1-8
System Administrator Responsibilities 1-10
...................................................................................................................................................................................................................................
1350 OMS 1-1
Product and Administration Overview 1350 OMS Overview
....................................................................................................................................................................................................................................
1350 OMS Overview

1350 OMS and its supported management layers
The 1350 OMS is a network management system that supports several management
layers that can accommodate and grow with a customer's optical network.
The Element Management Layer, or EML, provides the functionality that is needed to
access any Alcatel-Lucent supported network elements (NEs) that are deployed in a
customer network. The EML provides a single access point for communication with an
NE.
The Network Management Layer, or NML, provides the functionality that is needed to
commission, provision, and supervise the network that is deployed in a customer premise.
The Service Management Layer, or SML, provides the functionality that is needed to
commission, provision, and supervise a Virtual Private Network (VPN) that an
Alcatel-Lucent customer deploys to its end users or to its customers.
1350 OMS and its applications

The 1350 OMS is the Alcatel-Lucent converged and unified network management
system. It manages the complete portfolio of Alcatel-Lucent's active network elements
(NEs) and it maintains the complete portfolio of Alcatel-Lucent's legacy NEs.
The 1350 OMS consists of the following set of integrated, licensed applications:
• “1350 OMS EML” (p. 1-2)
• “1350 OMS WDM” (p. 1-3)
• “1350 OMS PKT” (p. 1-3)
• “1350 OMS SDH” (p. 1-3)
Refer to the 1350 OMS Getting Started Guide for a more detailed system description.
1350 OMS EML

The 1350 OMS EML application provides element level management (EML) capabilities
for both Alcatel-Lucent ANSI and ETSI NEs. Its set of protocol adapters supports basic
NE functions such as NE MIB backup/restore and software downloads. Because the 1350
OMS provides all of the element layer functions that are required to manage the deployed
network, it requires the 1350 OMS EML application and/or the 1350 OMS eOMS legacy
management system to also be deployed. (See “Legacy management and NE support”
(p. 1-4).)
Refer to the following documents and contact your Alcatel-Lucent local customer service
support team for additional details:
• 1350 OMS EML Guide
• 1350 OMS Service Assurance Guide
....................................................................................................................................................................................................................................
1-2 1350 OMS
....................................................................................................................................................................................................................................
1350 OMS WDM
The 1350 OMS WDM application provides Wavelength Division Multiplexing (WDM)
and Dense Wavelength Division Multiplexing (DWDM) support along with provisioning,
alarm correlation, and historical PM correlation capabilities.
• 1350 OMS WDM Guide
For 1350 OMS support of WDM and DWDM in a legacy system, refer to “Legacy
management and NE support” (p. 1-4) for details.
1350 OMS PKT

The 1350 OMS PKT application provides Ethernet network management layer support
along with provisioning, alarm correlation, and historical PM data services. Ethernet
services include Multi-Protocol Label Switching (MPLS), Transport-Multi-Protocol Label
Switching (T-MPLS), bridging, connection-oriented traffic, and packet rings.
• 1350 OMS PKT Guide
1350 OMS SDH

The 1350 OMS SDH application provides the Synchronous Digital Hierarchy (SDH)
network management layer along with provisioning, alarm correlation, and PM
correlation capabilities. The 1350 OMS SDH functions as a client for the 1350 OMS
WDM application and as a server for the 1350 OMS PKT application.
• 1350 OMS SDH
• 1350 OMS CLI Reference
For 1350 OMS support of SDH in a legacy system, refer to “Legacy management and NE
support” (p. 1-4) for details.
1350 OMS software and the Web

1350 OMS is run through an Internet browser-based Graphical User Interface (GUI). It
supports the standard web features that a browser offers, such as bookmarks, back,
forward, reload, and print.
....................................................................................................................................................................................................................................
1350 OMS 1-3
....................................................................................................................................................................................................................................
The Web Desktop is the available mechanism that both system administrators and users
can use to access the 1350 OMS GUI. It provides a central access point from which both
system administrators and users are authenticated and from which they can navigate to
the Web Portal to access the 1350 OMS applications.
The Web Portal is a Java application that is started when the administrator or user logs in
from the Web Desktop. The Web Portal provides the administrator with a view of all 1350
OMS applications and manages GUI navigation between the subsystem components. The
Web Portal also provides various methods of navigation—such as menus, icons, and a left
tree navigation area—between applications and tools.
From the 1350 OMS Web Portal, administrators can set up each application and its users,
and users can access the network and element level applications that enable the family of
Alcatel-Lucent NEs to be provisioned.
Refer to the 1350 OMS Getting Started Guide for a more detailed description of the look
and feel of the software and for a glossary of terms and acronym list.
Legacy management and NE support

Through its Web Portal, the 1350 OMS provides users with the ease of accessing and
using the familiar embedded Optical Management System (eOMS) to provision the NEs
that are managed through the 1350 OMS eOMS and the NEs that are managed through an
XML-over-socket (XoS) interface (such as TNA, CNA, or ITM-SC).
Refer to the following documents for additional information on the 1350 OMS eOMS:
• 1350 OMS eOMS Guide, Vol 1: Getting Started
• 1350 OMS eOMS Guide, Vol 2: Administration
• 1350 OMS eOMS Guide, Vol 3: Network Element Management
• 1350 OMS eOMS Guide, Vol 4: Connection Management
• 1350 OMS eOMS Guide, Vol 5: Ethernet Management
• 1350 OMS eOMS Guide, Vol 6: Service Assurance
Because the 1350 OMS provides all of the element layer functions that are required to
manage the deployed network, it requires the 1350 OMS EML application and/or the
1350 OMS eOMS legacy management system to also be deployed. (See “1350 OMS
EML” (p. 1-2).)
1350 OMS supported NEs

The 1350 OMS supports the Alcatel-Lucent family of optical network elements (NEs). To
accommodate the world of optical transmission standards, these NEs operate using
different transport structures and they support different native command languages.
Contact your local customer support team for a list of NEs that are supported by the 1350
OMS and its particular applications.
Important! Each release of the 1350 OMS and its applications supports certain NEs
within the Alcatel-Lucent family of optical NEs. Mention of NEs or specific NE features
in the text of this document, or any document in the 1350 OMS documentation set, that
....................................................................................................................................................................................................................................
1-4 1350 OMS
....................................................................................................................................................................................................................................
are not supported in this particular product release can apply to prior or future product
releases. Such material may not be currently visible or operable on the GUI and/or the
server and has been added only as a convenience for our customers. This material is
subject to change. For a list of NEs that are supported in the 1350 OMS 9.6, contact your
....................................................................................................................................................................................................................................
1350 OMS 1-5
Product and Administration Overview 1350 OMS Modules for System Resiliency and Northbound
Communication
....................................................................................................................................................................................................................................
1350 OMS Modules for System Resiliency and Northbound

Communication
1350 OMS HA
The 1350 OMS supports High Availability (HA) as an added value module, which is
referred to as the 1350 OMS HA. The 1350 OMS HA software package is installed on top
of an already installed and configured NML and EML platform and independently of any
other application such as the 1350 OMS SDH, 1350 OMS PKT, or 1350 OMS WDM or
any element manager such as the 1350 OMS EML or 1350 OMS eOMS.
As its name suggests, the 1350 OMS HA provides high availability to these applications
whose main task is to manage transport networks. It protects the 1350 OMS applications
and its HP® server platform against hardware and software failures that could be caused
by system failures (such as the failure of the system power supply or a system
component), a site failure (such as a natural disaster or fire), a backplane failure, a
processor failure, or any unplanned outage.
The 1350 OMS HA is explained in detail in the 1350 OMS HA Guide
(8DG42227GAAA). This document includes installation, administration, and user
information for the 1350 OMS High Availability (HA) feature.
Contact your Alcatel-Lucent local customer service support team for additional details.
1350 OMS OI
The 1350 OMS OI software package is installed on top of an already installed and
configured MW-INT platform and independently of any other application such as the
1350 OMS SDH, 1350 OMS PKT, or 1350 OMS WDM any element manager such as the
1350 OMS EML or 1350 OMS eOMS.
The 1350 OMS OI enables the 1350 OMS applications to export or import data to
multiple external operation systems (OSs). The 1350 OMS OI is a flexible, powerful, and
effective set of generic OS-to-OS interfaces (GENOS) that allow an external OS to
synchronize alarms, performance monitoring, network inventory, and remote inventory
data with any of the 1350 OMS applications.
The 1350 OMS OI is explained in detail in the 1350 OMS OI Guide (8DG42227HAAA).
This document includes installation, administration, and user information for the Open
Interfaces (OIs) that are supported for the 1350 OMS.
Contact your Alcatel-Lucent local customer service support team for additional details.
....................................................................................................................................................................................................................................
1-6 1350 OMS
Product and Administration Overview ANTP
....................................................................................................................................................................................................................................
ANTP
ANTP Overview
ANTP is an Alcatel-Lucent proprietary network time protocol (NTP) that enables a
precise, real-time clock alignment between the NEs and a reference clock source, such as
an ANTP server. ANTP is based on an algorithm that NTP implements and uses in the
UNIX® environment.
While NTP functions in TCP/IP environment, ANTP protocol is based on OSI layer 3
(Connectionless Network Protocol, or CLNP) communication services. To synchronize
the NE and the reference source, modifications in the interface and packet format of
standard NTP product enable it to be plugged on top of CLNP.
ANTP is based on a client-server paradigm. The NE functions as the client, while the
ANTP server is typically located on the network manager. The client (the NE)
periodically queries the server to discover the current time and date on the server. This
periodic query enables round trips delays and average statistical values to be calculated
for the best real-time alignment of the client (the NE) and server.
ANTP and RTC distributed system architecture

To guarantee the alignment of the operations systems (OSs) and the NE clocks, ANTP
must keep the NEs synchronized with the reference clock servers, independent of the
reference source; therefore, the network must be synchronized internally and externally.
For example, ANTP gets its clock speed from a UNIX®-based workstation and
distributes the clock speed to the NEs. The native NTP protocol then gets the real-time
clock (RTC) speed from an external device, such as a global positioning satellite (GPS),
and distributes the clock speed to the OSs. The clock is then distributed by one
workstation (likely the OS itself) to the NEs using ANTP protocol.
To guard against DCN or workstation failures, two ANTP servers exist in the
management network. One ATNP server has a higher priority than the other ANTP server.
If one server fails, the NE automatically refers to the other. Only a double ANTP server
failure, or a failure in the related DCN, would force the NEs to function in RTC
free-running clock-mode. In general, the two ANTP servers do not have to be co-located.
....................................................................................................................................................................................................................................
1350 OMS 1-7
Product and Administration Overview Common Security and Access
....................................................................................................................................................................................................................................
Common Security and Access

Platform security
The 1350 OMS affords secure configuration modes that run on existing certified/validated
hardware and software without any, or with acceptable levels of, performance
degradation.
The hardware vendor of choice guarantees that the platform has built-in protection
mechanisms that avoid security circumvention during setup, re-configuration, start-up,
boot time, or system shut down prior to any applications being operational. The system
hardware configuration is designed to use redundant components such as disks, CPUs,
and memory to ensure data integrity if a system failure should occur.
Operating system security for logins

The operating system requires a non-blank (not null) user ID for successful user login into
the 1350 OMS platform and any default identifiers (user IDs and/or passwords) must be
disabled, including default system users.
Important! Both operating system users and administrators do not have any rights that
are automatically granted or defaulted to them at the application level.
Operating system security restrictions of commands and protocols

The operating system restricts the following:
• The number of ports and services that the application uses.
• The default or purposeful activation of certain UNIX/Red Hat Enterprise Linux
commands (such as rlogin, rsh, whois, traceroute, ...) and protocols (such as TFPT,
...).
Operating system and third party software maintenance

Operating system patches for HP-UX Unix, Red Hat Enterprise Linux, or Windows that
are classified as an emergency or an urgent/recommended patch are evaluated, certified,
and validated to determine the impact, if any, to the 1350 OMS. Contact your
Alcatel-Lucent local customer service support team for details.
Third party application security restrictions

The 1350 OMS restricts the number of ports and services that the third party application
(including databases such as Oracle) uses.
All third party applications must restrict the use of non-blank (not null) user passwords
for platform access. In addition, scripts for third part applications prohibit the use of
passwords in clear text. Any default passwords are changed to customer specific
passwords during installation.
....................................................................................................................................................................................................................................
1-8 1350 OMS
Product and Administration Overview Common Security and Access
....................................................................................................................................................................................................................................
System-wide OA&M security
The 1350 OMS affords a single backup and restore capability for all data domains that are
associated with the core applications. In addition, the system supports a central start/stop
of the entire platform, one embedded component, or one process group.
For Disaster Recovery configurations, a system backup facility is available if the security
of a system has been compromised and recovery to a secure state is needed.
Terminal servers, workstations, and client desktop PCs

User desktop PCs are vulnerable components of a network management solution. Even if
dedicated desktops are used, the use of shared corporate PCs as network management
client desktops has become a clear trend. Often, these shared corporate PCs run other
applications and have direct Internet access; consequently, these machines can be attacked
directly, infected with malware, or used as jumping-off points to attack an organization’s
internal network.
To combat the vulnerability of Microsoft products, the 1350 OMS supports both the
Internet Explorer and the Mozilla Firefox browsers.
To separate the PC (the access zone) from the web server (the session zone), the 1350
OMS supports the use of its GUI over Windows, GUI servers (such as GoGlobal),
Workstations, or Citrix terminal servers.
To determine entire system configuration, all software, including 1350 OMS, third party
software, client software, plug-ins, and patches, should be accounted for.
The 1350 OMS supports a Windows terminal server and up to 15 client sessions per
server. The client sessions can originate from HP-UX/Red Hat Enterprise Linux and/or
Windows PC client terminals.
....................................................................................................................................................................................................................................
1350 OMS 1-9
Product and Administration Overview System Administrator Responsibilities
....................................................................................................................................................................................................................................
System Administrator Responsibilities

Overview
The system administrator of the 1350 OMS is responsible for the initial and day-to-day
administration of the 1350 OMS system and its applications and add-on features.
The system administrator must be knowledgeable of the HP® servers and the HP-UX
operating system, which are the platform of the 1350 OMS. The system administrator
must have a working knowledge of UNIX® commands, MS Windows®-based PCs, web
browsers, and network data communications.
Most importantly, the system administrator must be familiar with the documentation that
is provided with each hardware and software component of the 1350 OMS and its
applications and add-on features.
Application management
The system administrator is responsible for managing the 1350 OMS and its applications
and keeping the HP-UX OS up and running, which includes the following:
• Process monitoring and configuration
• Logs management
• Trace management
• Backup and restore operations
• NE maintenance including software downloads and saving TPs
• Reconfigurations (stack and processes)
Preventative Maintenance
The system administrator is responsible for preventative maintenance of the 1350 OMS
and its applications, which includes the following:
• Minimize the consequences of hardware and software failures
• Avoid full file systems
Corrective Maintenance
The system administrator is responsible for corrective maintenance of the 1350 OMS and
its applications, which includes the following:
• Power supplies
• Full file systems
• Hardware failures (disk crashes, SCSI errors)
• Software failures (UNIX® operating system, application bugs)
....................................................................................................................................................................................................................................
1-10 1350 OMS
2 2 pplications and Their
A
Instances and Virtual
Machines
Overview
Purpose
This chapter provides the administrator with the conceptual information and the
associated tasks that pertain to the instances and virtual machines of a particular 1350
OMS application.
Contents
Instance and Virtual Machine Overview 2-2

Remove an Instance of an Application 2-4
Free System Resources Used by an Application Instance 2-6
...................................................................................................................................................................................................................................
1350 OMS 2-1
Applications and Their Instances and Virtual Machines Instance and Virtual Machine Overview
....................................................................................................................................................................................................................................
Instance and Virtual Machine Overview

Instance and virtual machine definition
The 1350 OMS supports the 1350 OMS PKT, 1350 OMS SDH, and 1350 OMS WDM
applications, along with the 1350 OMS eOMS and 1350 OMS EML element level
management systems (EMLs). Each single running occurrence of any of these
applications or EMLs that is installed and customized in the 1350 OMS management
system is referred to as an instance when it occurs in an HP-UX server or as a virtual
machine when it occurs in a Red Hat Enterprise Linux environment.
Instance on an HP-UX server

On an HP-UX server, multiple applications can run together sharing the same operating
system. Each occurrence of an application is called instance. Multiple instances of an
application mean that the application has been loaded several times.
Any instance has its own processes and private data host in a dedicated file system.
Instance naming
In the 1350 OMS, an instance name for an application has this format:
<Short_Application_Name>_<Instance_ID>-<Application_Version>
Where:
Application is the supported 1350 OMS application, which can be the 1350 OMS PKT,
1350 OMS SDH, or 1350 OMS WDM applications or the 1350 OMS eOMS or 1350
OMS EML EMLs.
Examples:
Examples of instance names could be the following:
SDH_1-9.6
EOMS_2-9.6
EML_2-9.6
SY_1-9.1.1
Instance customization and decustomization

The 1350 OMS allows the addition of and the removal of application instances on an
existing server. Each new application instance must be customized before it can be
configured and used. When the application instance is removed from the 1350 OMS, it
must be removed from MW_INT control via decustomization, which involves invoking
the Decustom tool.
....................................................................................................................................................................................................................................
2-2 1350 OMS
Applications and Their Instances and Virtual Machines Instance and Virtual Machine Overview
....................................................................................................................................................................................................................................
Instance types for the HP-UX platform
The 1350 OMS supports the following types of instances for the HP-UX platform:
• A Master instance is that instance of an application that supplies all data concerning
that application.
• A Client instance is that instance of an application that is requesting all data
concerning the application from the master instance.
When configuring a 1350 OMS application, that configuration must be created only on
Master instances. The configuration is not required on client instances.
Related tasks
The following tasks are related to instances:
• “Remove an Instance of an Application” (p. 2-4)
• “Free System Resources Used by an Application Instance” (p. 2-6)
To install an instance of an application, refer to the 1350 OMS Installation Guide.
Virtual machine format for the Red Hat Enterprise Linux Server Platform
Within the Red Hat Enterprise Linux servers, applications run in a specific virtual
machine. Each application has a dedicated operating system, with a specific software
platform, RAM, NICs, and hard disks.
The format for the name of the virtual machine consists of the following:
VM hostname, application name, instance type, and identification number of application
instance
Virtual machines can be managed through Red Hat's Virtual Machine Manager for the
most common tasks such as start, stop, and access to the console.
Virual machine types

The Red Hat Enterprise Linux edition of the operating system for the 1350 OMS supports
the following types of virtual machines:
• A Master VM is a virtual machine of an application that supplies all of the data for
that application.
• A Presentation VM is an aggregation of client instances for all applications. It
provides management of the whole system from a single access point. The 1350 OMS
web desktop is only accessible through presentation VMs.
....................................................................................................................................................................................................................................
1350 OMS 2-3
Applications and Their Instances and Virtual Machines Remove an Instance of an Application
....................................................................................................................................................................................................................................
Remove an Instance of an Application

When to use
Use this task to remove an instance of an application.
Related information
See the following topic in this document:
• “Instance and Virtual Machine Overview” (p. 2-2)
For details about how to install an instance of an application, refer to the 1350 OMS
Installation Guide.
Before you begin

When an application instance is being removed from the 1350 OMS is said to be
decustomized.
Task
Complete the following steps to remove the instance of an application.
...................................................................................................................................................................................................
1 From the Web portal, follow this path to stop the application by selecting the name of the
application instance.
Actions > Stop > Selected item
Result: The application instance is stopped.
...................................................................................................................................................................................................
2 Log out from application or the 1350 OMS (alcatel) account.

...................................................................................................................................................................................................
3 Log in as root.
...................................................................................................................................................................................................
4 Enter the following command line to remove/decustomize the instance from the
MW-INT:
…,root> /alcatel/Kernel/script/Decustom <Application_Instance>
Example:
/alcatel/Kernel/script/Decustom PKT 1-9.6
The MW-INT no longer manages this instance of the 1350 OMS PKT named PKT 1-9.6.
...................................................................................................................................................................................................
5 Enter the following command lines to remove all files that are associated with the
application instance:
…,root> cd /usr/Systems [Enter]
....................................................................................................................................................................................................................................
2-4 1350 OMS
Applications and Their Instances and Virtual Machines Remove an Instance of an Application
....................................................................................................................................................................................................................................
…,root> rm -Rf <Application_Instance>/* [Enter]
…,root> rm -f /alcatel/BackupArea/<Application_Instance> [Enter]
…,root> rm -f /alcatel/MirrorArea/<Application_Instance> [Enter]
...................................................................................................................................................................................................
6 Enter the following command lines to kill any and all process that belong to the
application or the 1350 OMS (alcatel) user:
…,root> ps -efa | grep <application user> [Enter]
Enter the following command to kill all process numbers that the previous command
listed:
…,root> kill -<process number> [Enter]
…,root> ps -efa | grep alcatel [Enter]
Carefully identify those processes that belong to the particular application that is to be
removed. Enter the following command to kill all process numbers that the previous
command listed:
…,root> kill -<process number> [Enter]
...................................................................................................................................................................................................
7 If a new release of the application is to be installed, all current packages for the release
must be removed.
First, enter the following command lines to remove the remaining directories for NMS,
NMA, and NMC:
…,root> cd /alcatel/<release number>/NMS [Enter]
…,root> rm -rf <application> [Enter]
…,root> cd /alcatel/<release>/NMA [Enter]
…,root> rm -rf <application>*/ <release> [Enter]
On the master workstation only, enter the following commands:
…,root> cd /alcatel/<release>/NMC [Enter]
…,root> rm -rf TAO_INT/<release> [Enter]
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 2-5
Applications and Their Instances and Virtual Machines Free System Resources Used by an Application Instance
....................................................................................................................................................................................................................................
Free System Resources Used by an Application Instance

When to use
Use this task to free the system resources that an instance of application uses.
Related information
• “Instance and Virtual Machine Overview” (p. 2-2)
For details about how to install an instance of an application, refer to the 1350 OMS
Installation Guide.
Before you begin

Use this task only to free system resources such as a logical volume and disk space, swap
space, and the UNIX® kernel configuration.
Task
Complete the following steps to free the system resources application instance uses.
...................................................................................................................................................................................................
1 Log in as root user.

…,root # /SCINSTALL/bin/scmanageswp [Enter]
Result: The SWP (Software Package) main menu outputs its main menu, which is
similar to the following:
---------------- SWP MAIN MENU ----------------

1 - Predispose new SWP
2 - View predisposed SWP
3 - Remove SWP
4 - Create new SWP INSTANCE
5 - View created SWP INSTANCE
6 - Remove SWP INSTANCE
a - apply
e - Exit
Insert choice and press [Enter]:
...................................................................................................................................................................................................
2 Select 6 and press Enter.

Result: The SWP outputs a display that is similar to the following:
Remove INSTANCE
Item SWP Name SWP Version INSTANCE Number INSTANCE
Dimension
---- --------------- ----------- --------------- --------------------
1 <App Name> <Release> 1 <Application>_IM_Medium
Enter 'q' to Quit, 'd' to Display again or the Item Number :
....................................................................................................................................................................................................................................
2-6 1350 OMS
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Select the number of the particular application instance to be removed and press Enter.
<application instance number> [Enter]
Selected INSTANCE is candidate to be removed from system:

<application instance> <number selected>
Please confirm your selection ? (y/n)
...................................................................................................................................................................................................
4 If the number that represents the application instance to be removed is correct, enter y for
yes and press Enter.
y [Enter]
Remove planned for INSTANCE: <Application_Instance>

Press [Enter] to continue.
=>>> WARNING: No more INSTANCE are configured on this system.
...................................................................................................................................................................................................
5 Press Enter.
Press Enter again.
[Enter] [Enter]
Result: The SWP main menu outputs its main menu again.
...................................................................................................................................................................................................
6 Select a to Apply:
a [Enter]
Result: The SWP begins the removal. As the logical file system is modified, the
workstation reboots.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 2-7
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
2-8 1350 OMS
3 Configurations
3
Overview
Purpose
This chapter provides the administrator with the conceptual information and the
associated tasks that pertain to the configuration of the overall 1350 OMS.
Contents
Configuration Preparation 3-2

1350 OMS EML IP Configuration 3-4
Static Routing Configurations 3-5
Routing Configurations for Client Applications 3-9
Multi-LAN Configurations 3-11
...................................................................................................................................................................................................................................
1350 OMS 3-1
Configurations Configuration Preparation
....................................................................................................................................................................................................................................
Configuration Preparation
Configuration process
The installed TMN system applications must be configured to run properly; and to run
properly, the following must be created:
• Configuration files
• Databases
The configuration must be created only on master systems. The configuration is not
required on client systems.
1350 OMS EML Configuration

Before starting the configuration of any 1350 OMS EML instance, you must configure all
LAN interfaces that are planned to be used by Retix Stack using the HP® System
Management Homepage (SMH) application. For each LAN interface (including lan0),
you must define an alias name for the SUPERVISION_AREA during the configuration. This
information is used to define the relationship between the Retix Stack and the LAN
interface.
Important! The alias name of the interface must be different from the hostname. The
suggested name is the following:
osilan <LAN number>
Where:
<LAN number> is the LAN logical number, which allows the LAN card to be readily
identified with Retix Stack configured.
Important! If an instance of 1350 OMS HA is installed, the same SUPERVISION_AREA
parameters must be used on both the main and spare hosts.
When the LAN interfaces have been configured with the SMH application, you must
remove the unnecessary reference to the hostname added by SMH into the /etc/hosts
(excluding lan0) for a new IP Address definition line.
Example:
If you configure the lan1 of host_xx to the address 192.200.200.21 with alias osilan1,
SMH adds the following new line in the /etc/hosts file:
192.200.200.21 host_xx osilan1
You have to change this line by removing the reference to host_xx. It should resemble the
following:
192.200.200.21 osilan1
Save the modified /etc/hosts file.
....................................................................................................................................................................................................................................
3-2 1350 OMS
Configurations Configuration Preparation
....................................................................................................................................................................................................................................
Master and client integration
If any application client instances exist and the 1350 OMS SDH is not installed, the 1350
OMS EML clients must be integrated with their master. Refer to the for details.
....................................................................................................................................................................................................................................
1350 OMS 3-3
Configurations 1350 OMS EML IP Configuration
....................................................................................................................................................................................................................................
1350 OMS EML IP Configuration

IP routing configuration
To guarantee the functioning of the 1350 OMS EML, the internet protocol (IP) routing
must be correctly configured on the following:
• The Industry Standard Architecture (ISA) boards on ADMs.
• Any external client application (for example: USM).
IP routing for the ISA board

With dynamic routing, you can guarantee the service if a single failure occurs. To reach
the ISA boards from the Element manager and USM, the IP routing must be configured
correctly. Since the ISA boards are always in a different subnetwork, a configuration file
must be used to specify how the destination is to be reached.
The configuration file depends on the type of routing to be used.
The different types of routing are the following:
• Static routing
Static routing does not have any impact on the TCP/IP networking; but, if the gateway
goes down, the destinations are unreachable.
• Dynamic routing
With dynamic routing, you can guarantee the service if a single failure occurs.
Important! With both routing methods, the network mask (netmask) must be the same
for all interfaces that belong to the same subnetwork.
If different values of the netmask are set on the interfaces, communication is not
guaranteed and dynamic routing cannot operate.
....................................................................................................................................................................................................................................
3-4 1350 OMS
Configurations Static Routing Configurations
....................................................................................................................................................................................................................................
Static Routing Configurations

Static Routing Configuration Example for the ISA Board
To enable the communication between 1350 OMS EML systems and the ISA boards with
static routing, administrators must use the route command to declare the network where
the ISA boards are located and the relationship with the gateway.
For configuring static routing, the following format of the route command is used:
HP-UX input:
...,sys,root # route add net <network> netmask <mask> <gateway>
1 [Enter]
Linux input:
...,sys,root # route add net <network> netmask <mask> gw
<gateway> [Enter]
For both HP-UX and Linux input:
Where:
network is the IP network address (logical AND IP address of node and netmask) to
which the ISA board IP belongs. For example: an ISA with IP address 10.6.4.33 and
netmask 255.255.0.0 belongs to the network 10.6.0.0.
mask is the bit setting. If the bit is set to 1, it identifies the part of the address that is
related to the network. If the bit is set to 0, it identifies the host in the address.
gateway or gw is the IP address of the router or ADM GNE that allows access to the
destination ISA board.
HP-UX input:
When the right configuration is reached, add following lines to the
/etc/rc.config.d/netconf file so the information is saved after a system reboot:
..,sys,root # vi /etc/rc.config.d/netconf [Enter]
Type G and insert the following lines:
ROUTE_DESTINATION [<x>]=”net <network>”

ROUTE_MASK [<x>]=<netmask>
ROUTE_GATEWAY [<x>]=<gateway>
ROUTE_COUNT [<x>]=1
ROUTE_ARGS [<x>]=”“
Linux input:
Linux has a file for each LAN card that is in the /etc/sysconfig/network-scripts
directory, in which the name has to be root-<ethx>.
Where:
ethx is the name of the LAN that will be used for that routing. If the file does not exist, it
has to be created.
....................................................................................................................................................................................................................................
1350 OMS 3-5
....................................................................................................................................................................................................................................
The file contents have to be:
ADDRESS<x>=<network>
NETMASK<x>=<netmask>
GATEWAY<x>=<gateway>
For both HP-UX and Linux input:
Where:
<x> is the last defined ROUTE_DESTINATION number plus 1 or 0 (zero) if a route
destination is not yet defined.
<mask> is the bit setting. If the bit is set to 1, it identifies the part of address related to the
network. If the bit is set to 0, it identifies the host in the address.
<network> is the IP network address (logical AND IP address of node and netmask) to
which the ISA board IP belongs.
<gateway> is the IP address of the router or ADM GNE that allows access to the
Save and exit the file by typing x! and press the Enter key.
Important! Remember to add a new routing destination to the routing table for each
new network defined for the ISA board. (Edit the /etc/rc.config.d/netconf file.)
Static Routing Configuration Example on the Master Workstation

To configure the 1350 OMS EML master system (Lan0, IP address = 10.2.1.6 and Lan1,
IP address = 10.3.7.5) to reach the ISA board (IP address = 10.61.4.33), the gateway to
reach the network where the ISA board is located must be defined. Using example
addresses, the ISA board can be reached from a Gateway Network Element (GNE), which
means that the IP address of the GNE is used as the gateway. (Note that in other
configurations, the gateway can be a router.) The ISA board network can be identified by
executing the logical AND between the IP address of the board, which is 10.61.4.33 and
its netmask:
IP address = 10.61.4.33
Logical AND'd
Netmask = 255.255.0.0
----------------------------
network = 10.61.0.0
The configuration is created by defining a GNE IP address (10.3.7.6) as a gateway to
reach the ISA board (IP address = 10.61.4.33), with following command:
..,sys,root # route add network 10.61.0.0 netmask 255.255.0.0
10.3.7.6 1 [Enter]
Check network connectivity by executing the ping command from the 1350 OMS EML
master system to the ISA board (IP address = 10.61.4.33):
..,sys,root # ping 10.61.4.33 64 10 [Enter]
Use the netstat -r command to verify the routing table contents.
....................................................................................................................................................................................................................................
3-6 1350 OMS
....................................................................................................................................................................................................................................
When the correct configuration is reached, add the proper configuration lines to the
/etc/rc.config.d/netconf file.
Note: when the gateway GNE fails, the ISA board will become unreachable in this
configuration. To recover, you must modify the routing table to remove the route from
the failed GNE (IP address 10.3.7.6) and to set up a new route from an alternative
GNE (for example, IP address 10.3.7.7).
Static Routing Configuration Example on the 1350 OMS EML Client

The 1350 OMS EML client function includes all machines that run the 1350 OMS EML.
The 1350 OMS EML client (Lan0, IP address = 10.2.1.7) must communicate with the ISA
board (IP 10.61.4.33) through the 1350 OMS EML master system and the GNE.
You must define lan0 of 1350 OMS EML master system as the gateway by entering
following command on the 1350 OMS EML client system:
..,sys,root # route add 10.61.0.0 netmask 255.255.0.0 10.2.1.6 1
[Enter]
Check the network connectivity by executing a ping command from the 1350 OMS EML
client to the ISA board:
..,sys,root # ping 10.61.4.33 64 10 [Enter]
Important! The ping command can fail because the 1350 OMS EML master system is
not yet configured to forward the packages.
When the right configuration is reached, add the following configuration lines to
the/etc/rc.config.d/netconf file:
HP-UX input:
ROUTE_DESTINATION[1]=10.61.0.0
ROUTE_MASK[1]=255.255.0.0
ROUTE_GATEWAY[1]=10.2.1.6
ROUTE_COUNT[1]=1
ROUTE_ARGS[1]=
Linux input:
ADDRESS0=10.61.0.0
NETMASK0=255.255.0.0
GATEWAY0=10.2.1.6
Where:
The last defined ROUTE_DESTINATION is a number, plus 1 or 0 (zero) if a route
<mask> is the bit setting. If the bit is set to 1, it identifies the part of address related to the
network. If the bit is set to 0, it identifies the host in the address.
....................................................................................................................................................................................................................................
1350 OMS 3-7
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
3-8 1350 OMS
Configurations Routing Configurations for Client Applications
....................................................................................................................................................................................................................................
Routing Configurations for Client Applications

Overview
Using the 1350 OMS EML with a multi-stack option requires additional configuring to
enable the correct communication between the client and the master applications. They
must communicate with each other within an environment where the Retix Stacks can be
installed on the 1350 OMS EML master system, and they can be instanced for each LAN
card equipped on the system. The client application can be installed on the 1350 OMS
EML master and presentation instances and also on the 1350 OMS SDH and US.
To enable communication of all the installed applications in the configuration, the
administrator must configure the communication among all LAN cards involved.
For Retix Stacks instances on the lan0 card, additional configurations are not required
because the connectivity and/or the routing has to be guaranteed to allow other
communications.
For Retix Stacks instances on a LAN that are different from lan0, the connectivity must
be created and verified.
The most common 1350 OMS EML configuration with a multi-stack option has two or
more LAN cards, each of which is connected to a different LAN segment. This
configuration allows traffic to be shared on different segments, and is used to avoid the
mixing of IP and OSI traffic.
When the Retix Stacks is configured on a LAN board other than lan0, the routing table on
the 1350 OMS EML client machine must be configured.
Examples of the following configuration scenarios are provided:
• Systems that are located in the same site that partially share the same LAN segment;
see “Same site systems sharing same LAN segment” (p. 3-9).
• Systems that are located in different sites that have full router connections; see
“Different site systems with full router connections” (p. 3-10).
• Systems that are located in different sites that do not have full router connections; see
“Different site systems without full router connections” (p. 3-10).
Same site systems sharing same LAN segment

This configuration includes having two systems that are located in the same site partially
share the same LAN segment. In this configuration, the internal routing of the HP-UX
system can set up the communication, which means that the packets from lan0 of the
1350 OMS EML client reach the lan1 of the 1350 OMS EML master through lan0 of the
1350 OMS EML master itself.
For this configuration, enter the following command on the 1350 OMS EML client
system:
..,sys,root # route add <IP address lan1 SHM> <IP address lan0
SHM> 1 [Enter]
....................................................................................................................................................................................................................................
1350 OMS 3-9
Configurations Routing Configurations for Client Applications
....................................................................................................................................................................................................................................
Enter the following command to verify the correct data entry on the 1350 OMS EML
client:
..,sys,root # ping <IP address lan1 SHM> [Enter]
ROUTE_DESTINATION [<x>]=<IP address lanx 1350 OMS EML master>
ROUTE_GATEWAY [<x>]=<IP address lan0 1350 OMS EML master>
ROUTE_COUNT [<x>]=1
Where:
<x> is the next available value. Check the already existing ROUTE_GATEWAY in the
file.
<IP address lanx 1350 OMS EML master> is the IP address of the LAN that differs from
lan0, which must be reached by passing through lan0.
<IP address lan0 1350 OMS EML master> is the IP address of lan0 of the 1350 OMS
EML master system.
Important! Before you modify the /etc/rc.config.d/netconf file, copy the original file
by entering (as root) the following command
cp /etc/rc.config.d/netconf /etc/rc.config.d/netconf.orig
Different site systems with full router connections

In this configuration, all involved routers must be configured to route the IP protocol and
to allow the communication among all LAN cards.
Different site systems without full router connections

This configuration includes having two systems that are located in different sites that do
not have full router connections; different LAN segments exist and only the lan0 segment
is connected by way of IP routers. In this configuration, the internal routing of the HP-UX
system can set up the communication.
Important! On the router that is connected to the 1350 OMS EML master lan0, you
must configure the 1350 OMS EML master system as the next hop to reach the lan1.
....................................................................................................................................................................................................................................
3-10 1350 OMS
Configurations Multi-LAN Configurations
....................................................................................................................................................................................................................................
Multi-LAN Configurations
Overview
When the 1350 OMS EML is installed with HP-UX 11iV3 (Hewlett Packard Unix), all
LANs that are present in configuration—for both master and presentation systems—must
have an IP address, even if they are not being used.
The Retix Stack can be used on more than one LAN board. Every LAN board that is
being used must be configured with an appropriate TCP/IP address. Usually lan0 is
automatically configured by the HP-UX Operating System in the installation phases, but
other LANs must also be configured.
LAN configuration guidelines

The following guidelines apply when configuring a LAN board:
• Other machines that are connected to the Local Area Network (LAN) cannot have the
same IP address.
All used IP addresses must be defined in a specific addressing plan, which the
customer typically provides.
• Other boards cannot be configured on the same machine with an IP address that
belongs to the same subnetwork.
If two LAN boards belong to the same subnetwork on the same system, the UNIX®
routing process cannot determine which way to transmit the messages.
• The first and the last address of each subnetwork is reserved.
• The network IP address 127.0.0.0 cannot be used.
To identify the subnetwork of an IP address, you have to perform the local AND between
the IP address and the netmask.
Examples:
Two addresses that look similar, but belong to different networks:
IP address 192.1.1.1 with netmask 255.255.255.0 -> Subnet 192.1.1.0
Two addresses that look different, but belong to the same network:
To check the relationship between IP Address and netmask, enter the ifconfig command
for each LAN board and check the broadcast value. The values must be different.
Example:
..,sys,root # ifconfig lan1

lan1: flags=963<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,MULTICAST
inet 192.1.1.1 netmask ffffff00 broadcast 192.1.1.255
....................................................................................................................................................................................................................................
1350 OMS 3-11
Configurations Multi-LAN Configurations
....................................................................................................................................................................................................................................
..,sys,root # ifconfig lan2
lan2: flags=963<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,MULTICAST
inet 192.1.2.1 netmask ffffff00 broadcast 192.1.2.255
The IP belongs to this ISA board. For example: an ISA board with the IP address of
10.6.4.33 has the netmask of 255.255.0.0 and belongs to the network 10.6.0.0.
Where:
<mask> is the bit setting. If the bit is set to 1, the address part that is related to the
network is identified. If the bit is set to 0, the host address is identified.
HP-UX input:
ROUTE_DESTINATION[1]=10.61.0.0
ROUTE_MASK[1]=255.255.0.0
ROUTE_GATEWAY[1]=10.2.1.6
ROUTE_COUNT[1]=1
ROUTE_ARGS[1]=
Linux input:
ADDRESS0=10.61.0.0
NETMASK0=255.255.0.0
GATEWAY0=10.2.1.6
Where:
The last defined ROUTE_DESTINATION is a number plus 1 or 0 (zero) if a route
<mask> is the bit setting. If the bit is set to 1, the address part that is related to the
network is identified. If the bit is set to 0, the host address is identified.
Important! Remember to add a new routing destination to the routing table for each
new network defined for the ISA board. (Edit the /etc/rc.config.d/netconf file.)
....................................................................................................................................................................................................................................
3-12 1350 OMS
4 4 ode Name Management
N
for the HP-UX Platform
Overview
Purpose
This chapter provides the 1350 OMS network administrator with the conceptual
information and the associated tasks that pertain to the Node Name Management tool for
the HP-UX Platform.
Contents
Node Name Management Tool 4-2

Establish a Group and Initialize Node Name Management Persistent Data 4-6
Add a New Member to the Group 4-7
Add a New External Node to the Group 4-10
Remove a Member from a Group 4-12
List the Database Contents of a Group Member Node 4-14
Align All Group Member Nodes to a Specified Member Node 4-15
Align One Group Member Node to Another Group Member Node 4-16
Open Two Groups for Communication 4-17
Import Node Information Between Two Different Groups 4-19
Merge Nodes in Two Groups into One Group 4-21
Change the IP Address of a Remote Node 4-23
Change the IP Address of the Current/Local Node 4-26
Change the Hostname of a Remote Node 4-29
Change the Hostname of the Current/Local Node 4-32
Change the Subnetwork Mask 4-35
Change the Gateway IP Address and Hostname 4-36
Add a Server to the Current DNS Configuration 4-38
Change a Server in the Current DNS Configuration 4-40
Remove a Server from the Current DNS Configuration 4-42
...................................................................................................................................................................................................................................
1350 OMS 4-1
Node Name Management for the HP-UX Platform Node Name Management Tool
....................................................................................................................................................................................................................................
Node Name Management Tool

Node Name Management tool definition and purpose
The Node Name Management tool is one of the administrator tools that is a part of the
Alcatel-Lucent Middle Ware Operating System (MS_OS) package of support tools. This
package of tools eases the administration of the HP-UX operating system in the
Alcatel-Lucent software environment.
The Node Name Management tool provides a centralized and integrated mechanism to
administer the IP address and hostname for the HP® servers that are used within the 1350
OMS application. It allows the administrator to configure the TCP/IP address and
hostname, along with the relationship of the TCP/IP address to the hostname, on all of the
nodes in a 1350 OMS network.
Important! This tool does not provide any support for the design of the IP network.
Node Name Management tool and the working group concept

The Node Name Management tool is based on a working group concept. The working
group is an entity that includes all of the nodes that need to communicate and work
together. The first node that is placed in the working group creates the group and is a
group member; other nodes can then be added.
Each node that belongs to the working group has a copy of the entire node name
repository, and it can add a new member to the group, or remove an existing one. These
nodes are referred to as member nodes. Any action can be completed if a quorum of
member nodes exists. Refer to the “Add a New Member to the Group” (p. 4-7) task.
Besides member nodes, the Node Name Management tool also supports external nodes in
the working group repository database. External nodes are other nodes in the TPC/IP
network; meaning, they are nodes such as printers or any other machines that are not
running the 1350 OMS application based on the MW-INT. These external nodes can be
added and removed like a member node, however, they cannot remove or add other
nodes, nor can they be used to reach the node group member quorum. Refer to the “Add a
New External Node to the Group” (p. 4-10) task.
Node Name Management tool interface and basic functions

The Node Name Management tool supports the following basic functions through a menu
driven interface:
Network Management Nodes (V2.3.5) -

Management options:
1-INIT = network map init. 11-CHIPADDR = change IP addr.
2-ADD = add a node 12-CHNODENAME = change hostname
3-REMOVE = remove a node 13-CHNETMASK = change netmask
4-PUT = put network map 14-CHGATEWAY = change gateway
5-LIST = list network map 15-DNSADD = add to DNS
6-TOTALIGN = alignment each node 16-DNSCHANGE = change DNS
7-ACTALIGN = alignment a single node 17-DNSREMOVE = remove from DNS
....................................................................................................................................................................................................................................
4-2 1350 OMS
....................................................................................................................................................................................................................................
8-GRPOPEN = open the current group
9-GRPIMPORT = import a remote group
10-GRPMERGE = merge two groups [0] - exit
Enter management option [0..17] :
The following menu options are available:
1. INIT is used to install the first 1350 OMS system in the entire group and to initialize
the Node Management persistent data to create the group to which group members are
to belong. Refer to the “Establish a Group and Initialize Node Name Management
Persistent Data” (p. 4-6) task.
2. ADD is used to add a new node/host and to enable the addition of any type of
node/host to the database. Standalone member nodes, external nodes, and cluster
nodes can be added. Refer to the “Add a New Member to the Group” (p. 4-7) and the
“Add a New External Node to the Group” (p. 4-10) tasks.
3. REMOVE is used to remove an existing node/host from the database. Current member
nodes, external nodes, and cluster nodes can be removed. Refer to the “Remove a
Member from a Group” (p. 4-12) task.
4. PUT is used to update the node name database of a remote group member, which can
be useful to align a node database.
5. LIST is used to view the database contents of the current or any other group member
node. Refer to the “List the Database Contents of a Group Member Node”
(p. 4-14) task.
6. TOTALIGN is used to align all group member nodes to one specified member. Refer to
the “Align All Group Member Nodes to a Specified Member Node” (p. 4-15) task.
7. ACTALIGN is used to align a specific group member node to another group member
node. Refer to the “Align One Group Member Node to Another Group Member
Node” (p. 4-16) task.
8. GRPOPEN is used to open groups for communication; that is, to enable communication
between distinct two groups to which both the current and the remote hosts belong.
Refer to the “Open Two Groups for Communication” (p. 4-17) task.
9. GRPIMPORT is used to import information between groups; that is, to include the
remote group descriptions on the current local group hosts. Refer to the “Import Node
Information Between Two Different Groups” (p. 4-19) task.
10. GRPMERGE is used to merge the nodes that belong to two groups into one group; that
is, to obtain a single group that contains the description of the nodes of both groups.
Refer to the “Merge Nodes in Two Groups into One Group” (p. 4-21) task.
11. CHIPADDR is used to change the Internet Protocol (IP) address of a system that is
configured with the Node Name Management tool. Refer to the “Change the IP
Address of a Remote Node” (p. 4-23) and “Change the IP Address of the
Current/Local Node” (p. 4-26) tasks.
12. CHNODENAME is used to change the node/host name. Refer to the “Change the
Hostname of a Remote Node” (p. 4-29) and “Change the Hostname of the
Current/Local Node” (p. 4-32) tasks.
13. CHNETMASK is used to change the subnetwork mask of a group member host. Refer to
the “Change the Subnetwork Mask” (p. 4-35) task.
....................................................................................................................................................................................................................................
1350 OMS 4-3
....................................................................................................................................................................................................................................
14. CHGATEWAY is used to change the current gateway Internet Protocol (IP) address and
host name of a group member host. Refer to the “Change the Gateway IP Address and
Hostname” (p. 4-36) task.
15. DNSADD is used to add a new server to the current Domain Name Service (DNS)
configuration of a group member host. Refer to the “Add a Server to the Current DNS
Configuration” (p. 4-38) task.
16. DNSCHANGE is used to modify the current Domain Name Service (DNS) configuration
of a group member host. Refer to the “Change a Server in the Current DNS
Configuration” (p. 4-40) task.
17. DNSREMOVE is used is used to remove an existing server from the current Domain
Name Service (DNS) configuration of a group member host. Refer to the “Remove a
Server from the Current DNS Configuration” (p. 4-42) task and the “Change a Server
in the Current DNS Configuration” (p. 4-40) task.
0 is used to exit the Node Name Management tool.
Node Name Management tool security

The use of the Node Name Management tool security is two fold. It is used for the
following:
• To include a new node in the group, a member node has to add the new node to the
database.
• To authorize group access, the new node must perform an add action on the other
group members.
Example:
A group has three member nodes named hosta, hostb, and hostc. To add hostd to the
group, hosta, hostb, or hostc would have to add hostd to the database, which means that
all three nodes would then know hostd and its IP address, and would have to accept
requests implicitly from that source. Once hostd has been added to the database, hostd
would then have to accept the working group membership by performing an add action
itself by specifying one of the other group members. With this action, hostd authorizes the
other group member to operate on itself.
Node Name Management tool functional restrictions

The Node Name Management tool bases network communication on the MW-INT
Remotizer library, which means that the MW-INT has to be installed and customized
before it can correctly execute the Node Name Management tool. The Node Name
Management tool cannot be started before MW-INT installation and customization.
For the correct execution of the tool, the involved machines cannot differ more than 5
minutes in their system times.
Important! The relevant system time does not take into account time zones, so
administrators must check the time difference by entering the following command:
date -u
Refer to the 1350 OMS Installation Guide for more details on time synchronization.
....................................................................................................................................................................................................................................
4-4 1350 OMS
....................................................................................................................................................................................................................................
Node Name Management tool network example
The following Node Name Management tool example aids in the understanding of the
Node Name Management tool. In addition, this example is referred to in the following
tasks:
• “Change the IP Address of a Remote Node” (p. 4-23)
• “Change the IP Address of the Current/Local Node” (p. 4-26)
• “Change the Hostname of a Remote Node” (p. 4-29)
• “Change the Hostname of the Current/Local Node” (p. 4-32)
Example:
The following five HP9000 servers are within one network management system. Their
identifying information is as follows:
• hosta IP address 192.200.49.1 Role SDH Client
• hostb IP address 192.202.21.7 Role EMLMaster
• hostc IP address 192.202.21.8 Role SDH Client
• hostd IP address 192.202.22.4 Role SDH Master
• hoste IP address 192.200.22.5 Role EML Master
In addition, other network equipment, such as routers, local and network printers, PCs,
and time synchronization equipment, can be identified as follows:
• router1 IP address 192.200.49.244 Left LAN router
• router2 IP address 192.202.21.244 Central LAN router
• gpsrec1 IP address 192.202.21.51 Time synchronization through Global Position
System
• router3 IP address 192.202.22.244 Right LAN router
• lp1 IP address 192.202.22.6 Network line printer
In this example, hosta is connected to a WAN, which in turn, enables it to communicate
with four other hosts, a GPS time receiver, and a network printer through three routers.
....................................................................................................................................................................................................................................
1350 OMS 4-5
Node Name Management for the HP-UX Platform Establish a Group and Initialize Node Name Management
Persistent Data
....................................................................................................................................................................................................................................
Establish a Group and Initialize Node Name Management

Persistent Data
When to use
Use this task to establish a group and to initialize the Node Name Management persistent
data.
Related information
• “Node Name Management Tool” (p. 4-2)
Before you begin

Be aware that you are installing the first NMS for the entire network.
Task
Complete the following steps to establish a group and to initialize the Node Name
Management persistent data.
...................................................................................................................................................................................................
1 Log in to a node as root.

Result: You now have superuser privileges.
...................................................................................................................................................................................................
2 Enter the following command to run the Node Name Management tool:
...sys,root # scNMmng [Enter]
Result: The Network Management Nodes menu is displayed.
...................................................................................................................................................................................................
3 Enter the number 1 to establish a group and to initialize the Node Name Management
persistent data.
Result: The group is created and the Node Name Management persistent data has
been initialized when the following message is displayed:
** MESSAGE: node "<hostname>" (<IP address>) initialized.
...................................................................................................................................................................................................
4 To return to the main menu, press Enter.

To exit the tool, press 0, then press Enter.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
4-6 1350 OMS
Node Name Management for the HP-UX Platform Add a New Member to the Group
....................................................................................................................................................................................................................................
Add a New Member to the Group

When to use
Use this task to add a new member to the group.
Important! This task is to be used only when the new member to be added is running
the TMN system based on the MW-INT.
Related information
See the following topics in this document:
• “Establish a Group and Initialize Node Name Management Persistent Data”
(p. 4-6) task
Before you begin

You must have completed all of the steps in the “Establish a Group and Initialize Node
Name Management Persistent Data” (p. 4-6) task.
Because the Node Name Management tool has been designed to guarantee the security of
the entire system, the following safeguards apply:
• Your access to any group member in the configuration must be formally granted.
• You cannot perform any operations on a new group member without prior
authorization to access to it.
• You cannot add a new member to a group in one step. Adding a new member to a
group is a two step process in which the new node is first authorized to access the
group, and then the new (which becomes the current) node authorizes communication
with all other nodes belonging to the group.
To add a new member to the group perform the node addition on two group members in
the following order:
1. The new member must be authorized to access the group.
Add the new member on a member node that already belongs to the group. This
addition stores the new member in the database of all the nodes that belong to the
group and makes the new member known to other group members. Refer to “Task 1:
Add a New Member to the Group” (p. 4-8) task.
2. The newly added (current) member must authorize communication with all group
members.
Execute the add on the newly added (current) node that has just joined the group. This
addition allows the newly added (current) group node member to retrieve the node
name database from any other group member. Refer to “Task 2: Make the New
Member Join the Group” (p. 4-8) task.
Important! When executing some commands, the following message might appear. If
it does appear, ignore it.
....................................................................................................................................................................................................................................
1350 OMS 4-7
....................................................................................................................................................................................................................................
Redefining sub ConnectionManager::GetConnectionPort at /
alcatel/Kernel/lib/lib_perl/Remotizer.pm line 695
Task 1: Add a New Member to the Group

Complete the following steps to add a new member to the group.
...................................................................................................................................................................................................
1 Log in to a system that is already a group member as root.

...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 2 to add a new member to the group.

Result: The ADD - Management option is displayed.
...................................................................................................................................................................................................
4 Enter the number 2 to add a remote group node member.

...................................................................................................................................................................................................
5 Enter the hostname and IP address of the new remote member. Wait until the tool
completes execution.
Result: The new group member has been added to the group and is known to all other
group members.
...................................................................................................................................................................................................

...................................................................................................................................................................................................
7 Go to “Task 2: Make the New Member Join the Group” (p. 4-8).
E...................................................................................................................................................................................................
N D O F S T E P S
Task 2: Make the New Member Join the Group

Complete the following steps to make the new member join the group.
...................................................................................................................................................................................................
1 Log in to the new member, which was formerly known as the remote member, as root.
....................................................................................................................................................................................................................................
4-8 1350 OMS
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 2 to add the new group member to the group.
...................................................................................................................................................................................................
4 Enter the number 1 to add the current node.

...................................................................................................................................................................................................
5 Enter the hostname and IP address of the group member node. Wait until the tool
Result: The new node is now a member of the group.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 4-9
Node Name Management for the HP-UX Platform Add a New External Node to the Group
....................................................................................................................................................................................................................................
Add a New External Node to the Group

When to use
Use this task to add a new external node to the group.
Important! This task is to be used only when the new node to be added (such as a
printer) is NOT running the TMN system based on the MW-INT.
Related information
• “Establish a Group and Initialize Node Name Management Persistent Data”
(p. 4-6) task
Before you begin

Complete all of the steps in the“Establish a Group and Initialize Node Name Management
Persistent Data” (p. 4-6) task.
Important! When executing some commands, the following message might appear. If
it does appear, ignore it.
Redefining sub ConnectionManager::GetConnectionPort at /
alcatel/Kernel/lib/lib_perl/Remotizer.pm line 695
Task
Complete the following steps to add a new external node to the group.
...................................................................................................................................................................................................

...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 2 to add a new group member to the group.

...................................................................................................................................................................................................
4 Enter the number 3 to add a remote external node member.
....................................................................................................................................................................................................................................
4-10 1350 OMS
Node Name Management for the HP-UX Platform Add a New External Node to the Group
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
5 Enter the hostname and IP address of the new host. Wait until the tool completes
execution.
Result: The new group member has been added to the group and is known to all
group members. Its information is automatically distributed to the entire group.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 4-11
Node Name Management for the HP-UX Platform Remove a Member from a Group
....................................................................................................................................................................................................................................
Remove a Member from a Group

When to use
Use this task to remove a member from a group.
Important! The remove option of the Node Name Management tool can also remove
a system if it cannot be reached through the network.
Related information
Before you begin

Task
Complete the following steps to remove a member from a group.
...................................................................................................................................................................................................

...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 3 to remove a node from the group.

Result: The Remove menu is displayed.
...................................................................................................................................................................................................
4 Choose the menu option that is related to the action that you want to execute.
The Remove option enables you to remove the following:
• Remove Entry for the Current Node
Entries for the current node can be removed one of two ways:
1. One for the primary or physical hostname
2. Another for the virtual hostname for cluster configurations
• Remove Entry for Other Group Member
You can remove the entry for other group members for both the primary and virtual
hostname.
• Remove Entry for External Nodes
....................................................................................................................................................................................................................................
4-12 1350 OMS
Node Name Management for the HP-UX Platform Remove a Member from a Group
....................................................................................................................................................................................................................................
You can remove the entry for external nodes.
...................................................................................................................................................................................................
5 Enter the hostname and IP address of the node to be removed. Wait until the tool
Result: The node has been removed from the group and from all group member
databases.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 4-13
Node Name Management for the HP-UX Platform List the Database Contents of a Group Member Node
....................................................................................................................................................................................................................................
List the Database Contents of a Group Member Node

When to use
Use this task to list the database contents of a group member node.
Related information
Before you begin

Task
Complete the following steps to list the database contents of a group member node.
...................................................................................................................................................................................................

...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 5 to list the database contents of a group member node.
...................................................................................................................................................................................................
4 Enter the hostname and IP address of the node in which the database contents are to be
listed. Wait until the tool completes execution.
Result: The database contents of the specified node are displayed.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
4-14 1350 OMS
Node Name Management for the HP-UX Platform Align All Group Member Nodes to a Specified Member Node
....................................................................................................................................................................................................................................
Align All Group Member Nodes to a Specified Member Node

When to use
Use this task to align all group member nodes to a specified member node.
Related information
• “Align One Group Member Node to Another Group Member Node” (p. 4-16) task
Before you begin

Task
Complete the following steps to align all group member nodes to a specified node.
...................................................................................................................................................................................................

...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 6 to align all group member nodes to a specified node.
...................................................................................................................................................................................................
4 Enter the hostname and IP address of the node to which all group members are to be
aligned. Wait until the tool completes execution.
Result: All group member nodes are now aligned with the specified node.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 4-15
Node Name Management for the HP-UX Platform Align One Group Member Node to Another Group Member
Node
....................................................................................................................................................................................................................................
Align One Group Member Node to Another Group Member

Node
When to use
Use this task to align one group member node to another group member node.
Related information
• “Align All Group Member Nodes to a Specified Member Node” (p. 4-15) task
Before you begin

Task
Complete the following steps to align one group member node to another group member
node.
...................................................................................................................................................................................................

...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 7 to align one group member node to another group member node.
...................................................................................................................................................................................................
4 Enter the hostname and IP address of the two nodes to be aligned. Wait until the tool
Result: The two group member nodes are now aligned.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
4-16 1350 OMS
Node Name Management for the HP-UX Platform Open Two Groups for Communication
....................................................................................................................................................................................................................................
Open Two Groups for Communication

When to use
Use this task to open groups for communication; that is, to enable communication
between distinct two groups to which both the current and the remote node members
belong.
Related information
Before you begin

The GRPOPEN, GRPIMPORT, and GRPMERGE options of the Node Name
Management tool enable the communication and, eventually, the merging of two different
groups that are configured on the same network.
To perform this type of merge, execute two different tasks in the following sequence:
1. Enable communication between distinct two groups to which both the current and the
remote nodes belong by way of the GRPOPEN option using this task.
2. Then, choose one of the following options and their related tasks:
• Include the remote group description on the current group node by way of the
GRPIMPORT option using the “Import Node Information Between Two Different
Groups” (p. 4-19) task.
• Merge the current and remote node groups to obtain a single group that contains the
description of the nodes of both groups by way of the GRPMERGE option using the
“Merge Nodes in Two Groups into One Group” (p. 4-21) task.
Task
Complete the following steps to open groups for communication.
...................................................................................................................................................................................................
1 Log in to the group member system that you want to enable a remote connection to as
root.
...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 8 to open the current group.
....................................................................................................................................................................................................................................
1350 OMS 4-17
Node Name Management for the HP-UX Platform Open Two Groups for Communication
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
4 Enter the hostname and IP address of the remote node to which you want to link. Wait
until the tool completes execution.
Result: The two groups to which the current and the remote nodes belong are now
linked and can communicate.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
4-18 1350 OMS
Node Name Management for the HP-UX Platform Import Node Information Between Two Different Groups
....................................................................................................................................................................................................................................
Import Node Information Between Two Different Groups

When to use
Use this task to import information between groups; that is, to include the remote group
descriptions on the current local group nodes.
Related information
Before you begin

node groups that are configured on the same network.
To perform this type of merge, execute two different tasks in the following sequence:
1. Enable communication between the two distinct groups to which both the current and
the remote nodes belong via the option GRPOPEN using the “Open Two Groups for
Communication” (p. 4-17) task. Note: this task requires you to complete the “Open
Two Groups for Communication” (p. 4-17) task.
2. Then, choose one of the following options and their related tasks:
• Include the remote group description on the current group host by way of the
GRPIMPORT option using this task.
description of the nodes of both groups by way of the GRPMERGE option using the
“Merge Nodes in Two Groups into One Group” (p. 4-21) task.
Task
Complete the following steps to import information between two different groups.
...................................................................................................................................................................................................
1 Complete the steps in the “Open Two Groups for Communication” (p. 4-17) task.
...................................................................................................................................................................................................
2 Log in to the group member system for which you want to configure the nodes of the
remote group as root.
Important! The group member system MUST BE the same remote node that you
specified during the “Open Two Groups for Communication” (p. 4-17) task.
...................................................................................................................................................................................................
....................................................................................................................................................................................................................................
1350 OMS 4-19
Node Name Management for the HP-UX Platform Import Node Information Between Two Different Groups
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
4 Enter the number 9 to import the information of the remote group.

...................................................................................................................................................................................................
5 Enter the hostname and IP address of the remote node to which you want to link. Wait
Important! The hostname and IP address MUST BE the same remote node hostname
and IP address that you specified during the “Open Two Groups for Communication”
(p. 4-17) task.
Result: The configuration of each node member of a local group includes the
description of all node members of the remote group.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
4-20 1350 OMS
Node Name Management for the HP-UX Platform Merge Nodes in Two Groups into One Group
....................................................................................................................................................................................................................................
Merge Nodes in Two Groups into One Group

When to use
Use this task to merge the nodes that belong to two groups into one group; that is, to
obtain a single group that contains the description of the nodes of both groups.
Related information
Before you begin

node groups that are configured on the same network.
To perform this type of merge, you must execute two different tasks in the following
sequence:
1. Enable communication between two distinct groups to which both the current and the
remote nodes belong by way of the GRPOPEN option using the “Open Two Groups
for Communication” (p. 4-17) task. Note that Step 1 of this task requires you to
complete the “Open Two Groups for Communication” (p. 4-17) task.
2. Then choose one of the following options and their related tasks:
• Include the remote group description on the current group node by way of the
GRPIMPORT option using the “Import Node Information Between Two Different
Groups” (p. 4-19) task.
description of the nodes of both groups by way of the GRPMERGE option using this
task.
Task
Complete the following steps to merge the nodes that belong to two groups into one
group.
...................................................................................................................................................................................................
1 Complete the steps in the “Open Two Groups for Communication” (p. 4-17) task.
...................................................................................................................................................................................................
2 Log in to the group member system for which you want to configure the nodes of the
remote group as root.
Important! The group member system MUST BE the same remote node that you
specified during the “Open Two Groups for Communication” (p. 4-17) task.
....................................................................................................................................................................................................................................
1350 OMS 4-21
Node Name Management for the HP-UX Platform Merge Nodes in Two Groups into One Group
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
...................................................................................................................................................................................................
4 Enter the number 10 to merge the nodes that belong to two groups into one group.
...................................................................................................................................................................................................
5 Enter the hostname and IP address of the remote node to which you want to merge. Wait
Important! The hostname and IP address MUST BE that of the same remote node that
you specified during the “Open Two Groups for Communication” (p. 4-17) task.
Result: All node members of the two groups have been merged into a single group.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
4-22 1350 OMS
Node Name Management for the HP-UX Platform Change the IP Address of a Remote Node
....................................................................................................................................................................................................................................
Change the IP Address of a Remote Node

When to use
Use this task to change the IP address of a remote node; meaning, change the IP address
on a remote network node, but not the IP address of the node to which you are logged on.
Related information
• “Change the IP Address of the Current/Local Node” (p. 4-26)
Before you begin

Important! Some key points to remember about changing an IP address are the
following:
• To communicate using the hostname alias, two nodes must have the correct hostname
and IP address in the /etc/hosts file.
• The relationship between the hostname and IP address must be changed in the entire
network.
• The new IP address must agree with IP addressing plan of the local area network
(LAN) in which the system is to operate. Duplicate IP addresses are not allowed.
• When the IP address is changed or when the IP network or subnetwork (RFC 1878) is
changed, any related routing information must also be changed.
• When the IP address is changed on a node, communication with that node can be lost.
Any open connection can come down because changing the IP address shuts down
LAN services.
The Node Name Management tool (scNMmng) cannot be run on any node in which
the IP address is to be changed by using remote network connections (such as a telnet
connection or Xterminal emulation GOGlobal-UX), the X Motif interface, or any
connection that involves the LAN interface because the connection can be lost and the
Common Desktop Environment (CDE) can get blocked. If you are changing the IP
address on an HP9000 workstation, exit any CDE interface and log in in console
mode (black screen).
• Because the tool cannot identify when it begins execution from a network opened
shell, it cannot perform any checks to prevent execution from an incorrect source.
To perform this type of change, execute two different tasks in the following order:
1. Change the IP address of a remote node; meaning, change the IP address on a remote
network node, but not the IP address of the node to which you are logged on. This
change is performed in this task.
2. Change the IP address of the current/local node; meaning, the IP address of the node
to which you are currently logged on. This change is performed in the “Change the IP
Address of the Current/Local Node” (p. 4-26) task.
....................................................................................................................................................................................................................................
1350 OMS 4-23
....................................................................................................................................................................................................................................
Important! The change must be performed in this order. Communication cannot be
established again unless both of these tasks are completed. In addition, before you
proceed with another set of tasks, verify that communication is once again established
between the nodes that have the new IP addresses and the remaining group members.
Task
Complete the following steps to change the IP address of a remote node; meaning, change
the IP address on a remote network node, but not the IP address of the node to which you
are logged on
...................................................................................................................................................................................................
1 Log in to the group member node as root.

Note: In the steps that follow, the examples given are in relationship to the text and
example provided in “Node Name Management tool network example” (p. 4-5). As you
look at the examples, imagine that you are working on the hostb node and are changing
the IP address of the hostc node from the IP address of 192.202.21.8 to 192.202.21.99.
Example:
hostb in “Node Name Management tool network example” (p. 4-5).
...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 11 to change the IP address of a remote member node.

Result: The CHANGE-IP - Management options: menu is displayed:
CHANGE-IP - Management options:

1 - change the IP addr. on current node
2 - change the IP addr. on remote node (member)
[0] - Main menu
...................................................................................................................................................................................................
4 Enter the number 2 to change the IP address of the remote member node.
Result: The tool begins to prompt you for the hostname, old IP address, new IP
address, and network ID of the remote member node/host.
...................................................................................................................................................................................................
5 Enter the hostname for the remote host/node at the following prompt:
Please insert the HOSTNAME for remote host :
<remote host/node name> [Enter]
....................................................................................................................................................................................................................................
4-24 1350 OMS
....................................................................................................................................................................................................................................
Example:
hostc in “Node Name Management tool network example” (p. 4-5).
...................................................................................................................................................................................................
6 Enter the old IP address for the remote host/node at the following prompt:
Please insert the OLD IP ADDR. for remote host :
<old IP address of the remote host/node> [Enter]
Example:
192.202.21.8 in “Node Name Management tool network example” (p. 4-5).
...................................................................................................................................................................................................
7 Enter the new IP address for the remote host/node at the following prompt:
Please insert the NEW IP ADDR. for remote host :
<new IP address of the remote host/node> [Enter]
Example:
...................................................................................................................................................................................................
8 Enter the network ID for the remote host/node at the following prompt:
Please insert the NETWORK ID for remote host :
<LAN ID for the remote host/node> [Enter]
Example:
0=lan1, 1=lan1, ... in “Node Name Management tool network example” (p. 4-5).
Result: The tool prompts you to confirm your choices.
...................................................................................................................................................................................................
9 At the following prompt, answer Y for yes:

Do you confirm the execution [Y/N - def.=Y]? : Y
Result: The tool outputs the following warning:
WAIT THE END OF THE ACTIVITY (DO NOT PRESS ANY KEY !!).
When the tool completes execution, it displays the following:
** MESSAGE: IP ad. of "<hostname>" (<current IP address>)
changed in <new IP address>. Press [Enter] to continue.
The IP address of the indicated node has been changed.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 4-25
Node Name Management for the HP-UX Platform Change the IP Address of the Current/Local Node
....................................................................................................................................................................................................................................
Change the IP Address of the Current/Local Node

When to use
Use this task to change the IP address of the current/local node, meaning, the IP address
of the node to which you are currently logged on.
Related information
• “Change the IP Address of a Remote Node” (p. 4-23)
Before you begin

Important! Some key points to remember about changing an IP address are the
following:
network.
• The new IP address must agree with IP addressing plan of the local area network
(LAN) in which the system is to operate. Duplicate IP addresses are not allowed.
• When the IP address is changed or when the IP network or subnetwork (RFC 1878) is
changed, any related routing information must also be changed.
• When the IP address is changed on a node, communication with that node can be lost.
Any open connection can come down because changing the IP address shuts down
LAN services.
The Node Name Management tool (scNMmng) cannot be run on any node in which
the IP address is to be changed by using remote network connections (such as a telnet
connection, Xterminal emulation, GoGlobal-UX), the X Motif interface, or any
connection that involves the LAN interface because the connection can be lost and the
CDE can get blocked. If you are changing the IP address on an HP9000 workstation,
exit any CDE interface and log in in console mode (black screen).
• Because the tool cannot identify when it begins execution from a network opened
shell, it cannot perform any checks to prevent execution from an incorrect source.
1. Change the IP address of the remote node; meaning, change the IP address on the
remote network node, but not the IP address of the node to which you are logged on.
This change is performed in the “Change the IP Address of a Remote Node”
(p. 4-23) task.
2. Change the IP address of the current/local node; meaning, the IP address of the node
to which you are currently logged on. This change is performed in this task.
....................................................................................................................................................................................................................................
4-26 1350 OMS
....................................................................................................................................................................................................................................
between the nodes that have the new IP addresses and the remaining group members.
Task
Complete the following steps to change the IP address of the current/local node; meaning,
the IP address of the node to which you are currently logged on.
...................................................................................................................................................................................................
1 Complete the steps in the “Change the IP Address of a Remote Node” (p. 4-23) task.
...................................................................................................................................................................................................
2 Log in to the current/local group member node as root.

look at the examples, imagine that you are working on hostc node and are changing the IP
address of the hostc node from the IP address of 192.202.21.8 to 192.202.21.99.
Example:
...................................................................................................................................................................................................
...................................................................................................................................................................................................
4 Enter the number 11 to change the IP address of a node.

Result: The CHANGE-IP - Management options: menu is displayed:
CHANGE-IP - Management options:

1 - change the IP addr. on current node
2 - change the IP addr. on remote node (member)
[0] - Main menu
...................................................................................................................................................................................................
5 Enter the number 1 to change the IP address on the current member node.
Result: The tool begins to prompt you for the old IP address, new IP address, and
network ID of the current host/node.
...................................................................................................................................................................................................
6 Enter the old IP address for the current/local node at the following prompt:
....................................................................................................................................................................................................................................
1350 OMS 4-27
....................................................................................................................................................................................................................................
Please insert the OLD IP ADDR. for local host :
<old IP address of the current/local host> [Enter]
Example:
...................................................................................................................................................................................................
7 Enter the new IP address for the current/local node at the following prompt:
Please insert the NEW IP ADDR. for local host :
<new IP address of the current/local host> [Enter]
Example:
...................................................................................................................................................................................................
8 Enter the network ID for the current/local node at the following prompt:
Please insert the NETWORK ID for local host :
<LAN ID for the current/local host> [Enter]
Example:
0=lan1, 1=lan1, ... in “Node Name Management tool network example” (p. 4-5).
Result: The tool prompts you to confirm your choices.
...................................................................................................................................................................................................

Important! Because a re-configuration of MW-INT services is required, the tool
execution might take awhile. Do not abort the execution of the tool.
The IP address of indicated node has been changed.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
4-28 1350 OMS
Node Name Management for the HP-UX Platform Change the Hostname of a Remote Node
....................................................................................................................................................................................................................................
Change the Hostname of a Remote Node

When to use
Use this task to change the hostname of a remote node; meaning, change the hostname on
a remote network node, but not the hostname of the node to which you are logged on.
Important! The change hostname option of the Node Name Management tool is not
allowed on a cluster member.
Related information
• “Change the Hostname of the Current/Local Node” (p. 4-32)
Before you begin

Important! Some key points to remember about changing the hostname are the
following:
network.
• When the hostname is changed on a node, communication with that node can be lost.
1. Change the hostname of the remote node, meaning, change the host name on a remote
network node, but not the hostname of the node to which you are logged on. This
change is performed in this task.
2. Change the hostname of the current/local node; meaning, change the hostname of the
node to which you are currently logged on. This change is performed in the “Change
the IP Address of the Current/Local Node” (p. 4-26) task.
between the nodes that have the new hostname and the remaining group members.
Task
Complete the following steps to change the hostname of a remote node; meaning, change
the hostname on a remote network node, but not the hostname of the node to which you
are logged on
...................................................................................................................................................................................................
1 Log in to the group member node as root.
....................................................................................................................................................................................................................................
1350 OMS 4-29
....................................................................................................................................................................................................................................
illustration provided in “Node Name Management tool network example” (p. 4-5). As you
look at the examples, imagine that you are working on the hostb node and are changing
the hostname of the hostc node from hostc to hostx.
Example:
hostb in “Node Name Management tool network example” (p. 4-5).
...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 12 to change the hostname of a remote member node.

Result: The CHANGE-NODE - Management options: menu is displayed:
CHANGE-NODE - Management options:

1 - change the hostname on current node
2 - change the hostname on remote node (member)
[0] - Main menu
...................................................................................................................................................................................................
4 Enter the number 2 to change the hostname of the remote member node.
Result: The tool begins to prompt you for the old hostname, IP address, and new
hostname of the remote member node/host.
...................................................................................................................................................................................................
5 Enter the old hostname for the remote host/node at the following prompt:
Please insert the OLD HOSTNAME for remote host :
<old remote host/node name> [Enter]
Example:
...................................................................................................................................................................................................
6 Enter the IP address for the remote host/node at the following prompt:
Please insert the IP ADDR. for remote host :
<IP address of the old remote host/node> [Enter]
Example:
....................................................................................................................................................................................................................................
4-30 1350 OMS
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
7 Enter the new hostname for the remote host/node at the following prompt:
Please insert the NEW HOSTNAME for local host :
<new hostname of the remote host/node> [Enter]
Example:
hostx in “Node Name Management tool network example” (p. 4-5).
...................................................................................................................................................................................................

** MESSAGE: nodename "<hostname>" changed in <new hostname>.
The hostname of indicated node has been changed.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 4-31
Node Name Management for the HP-UX Platform Change the Hostname of the Current/Local Node
....................................................................................................................................................................................................................................
Change the Hostname of the Current/Local Node

When to use
Use this task to change the hostname of the current/local node, meaning, the hostname of
the node to which you are currently logged on.
Important! The change hostname option of the Node Name Management tool is not
allowed on a cluster member.
Related information
• “Change the Hostname of a Remote Node” (p. 4-29)
Before you begin

Important! Some key points to remember about changing the hostname are the
following:
network.
• When the hostname is changed on a node, communication with that node can be lost.
1. Change the hostname of a remote node; meaning, change the host name on a remote
network node, but not the hostname of the node to which you are logged on. This
change is performed in the “Change the Hostname of a Remote Node” (p. 4-29) task.
2. Change the hostname of the current/local node, meaning change the hostname of the
node to which you are currently logged on. This change is performed in this task.
between the nodes that have the new hostname and the remaining group members.
The end of this task requires a system reboot and the running of the ChangeHostName
tool, which must be run to update the hostname in MW-INT environment (including the
Kerberos database).
Task
Complete the following steps to change the hostname of the current/local node; meaning,
the hostname of the node to which you are currently logged on.
...................................................................................................................................................................................................
1 Complete the steps in the “Change the Hostname of a Remote Node” (p. 4-29) task.
....................................................................................................................................................................................................................................
4-32 1350 OMS
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
2 Log in to the current/local group member node as root.

look at the examples, imagine that you are working on hostc node and are changing the
hostname of the hostc node from hostc to hostx.
Example:
...................................................................................................................................................................................................
...................................................................................................................................................................................................
4 Enter the number 12 to change the hostname of the local/current node.

Result: The CHANGE-NODE - Management options menu is displayed:
CHANGE-NODE - Management options:

1 - change the hostname on current node
2 - change the hostname on remote node (member)
[0] - Main menu
...................................................................................................................................................................................................
5 Enter the number 1 to change the IP address on the current member node.
Result: The tool begins to prompt you for the new hostname of the current host/node.
...................................................................................................................................................................................................
6 Enter the new hostname for the current/local host at the following prompt:
Please insert the NEW HOSTNAME for local host :
<new hostname of the current/local host> [Enter]
Example:
hostx in “Node Name Management tool network example” (p. 4-5).
...................................................................................................................................................................................................

....................................................................................................................................................................................................................................
1350 OMS 4-33
....................................................................................................................................................................................................................................
Important! Because a reconfiguration of MW-INT services is required, the tool
execution might take awhile. Do not abort the execution of the tool.
When the first execution phase completes, the following message is displayed:
**WARNING: a system reboot will be executed immediately after this operation!

**At the end of system reboot, is mandatory to perform manually the
**following command (as ”root”):
**
**/alcatel/Kernel/etc/ChangeHostName.pl –hostname <new_hostname>
The name of the indicated node has been changed
The IP address of indicated node has been changed.
...................................................................................................................................................................................................
8 Press the Enter key to perform the system reboot:

Enter
Result: The system is rebooted.
...................................................................................................................................................................................................
9 Once the system reboots, log in to the system as root.

...................................................................................................................................................................................................
10 Enter the following command line to execute the ChangeHostName tool, which is run to
update the hostname in MW-INT environment (including the Kerberos database):
/alcatel/Kernel/etc/ChangeHostName.pl –hostname <new_hostname>
Example:
In the “Node Name Management tool network example” (p. 4-5), <new_hostname>
would be hostx.
Result: The execution of the ChangeHostName tool takes about 100 minutes. Do not
abort the tool.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
4-34 1350 OMS
Node Name Management for the HP-UX Platform Change the Subnetwork Mask
....................................................................................................................................................................................................................................
Change the Subnetwork Mask

When to use
Use this task to change the subnetwork mask, which includes each network interface that
is configured.
Related information
Before you begin

Task
Complete the following steps to change the subnetwork mask, which includes each
network interface that is configured.
...................................................................................................................................................................................................
1 Log in to the group node in which you want to change the subnetwork mask as root.
...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 13 to change the subnetwork mask.

...................................................................................................................................................................................................
4 At the prompts, enter the new subnetwork mask and the LAN identification number
(0=lan0, 1=lan1, etc.). Wait until the tool completes execution.
Result: The new subnetwork mask is automatically activated for the current host.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 4-35
Node Name Management for the HP-UX Platform Change the Gateway IP Address and Hostname
....................................................................................................................................................................................................................................
Change the Gateway IP Address and Hostname

When to use
Use this task to change the IP address and hostname of a gateway, which includes each
Related information
Before you begin

Task
Complete the following steps to change the IP address and hostname of a gateway on
each network interface that is configured.
...................................................................................................................................................................................................
1 Log in to the group node in which you want to change the subnetwork mask as root.
...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 14 to change the IP address and hostname of a gateway on each
...................................................................................................................................................................................................
4 At the prompts, enter the current gateway IP address that is to be replaced.

To modify the default gateway, specify default. Do not specify the current IP gateway
address that is to be replaced. Then, specify the new gateway hostname and the
new gateway IP address.
Wait until the tool completes execution.
Result: The new gateway, the IP address, and hostname are automatically activated
for the current host.
...................................................................................................................................................................................................
....................................................................................................................................................................................................................................
4-36 1350 OMS
Node Name Management for the HP-UX Platform Change the Gateway IP Address and Hostname
....................................................................................................................................................................................................................................
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 4-37
Node Name Management for the HP-UX Platform Add a Server to the Current DNS Configuration
....................................................................................................................................................................................................................................
Add a Server to the Current DNS Configuration

When to use
Use this task to add a server to the current Domain Name System (DNS) configuration for
a group member host. If the DNS is not already configured, it is initialized.
Related information
Before you begin

Task
Complete the following steps to add a server in the current Domain Name System (DNS)
configuration for a group member host.
...................................................................................................................................................................................................
1 Log in to the group member node in which you want to add the DNS configuration
information as root.
...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 15 to add or update the DNS configuration.

...................................................................................................................................................................................................
4 Enter the hostname of the new DNS server at the following prompt:
Please insert the NEW DNS NAMESERVER HOSTNAME for local host :
<new DNS_hostname> <new DNS hostname> [Enter]
Important! You must know the name of the Domain Name Service and the nameserver.
...................................................................................................................................................................................................
5 Enter the IP address of the new DNS server at the following prompt:
Please insert the NEW DNS NAMESERVER IP ADDR for local host
<new_DNS IP address> [Enter]
Important! You must know the name of the Domain Name Service and the nameserver.
....................................................................................................................................................................................................................................
4-38 1350 OMS
Node Name Management for the HP-UX Platform Add a Server to the Current DNS Configuration
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
6 At the next prompt, do one of the following:

• If the Domain Name System (DNS) is not yet configured on the current host, enter the
local domain name of the new DNS server.
• If the DNS is already configured on the current host, press Enter to confirm the
current local domain name that is automatically displayed.
Please insert the NEW DNS NAMESERVER DOMAIN for local host
<new_DNS domain> [Enter]
Result: The new DNS configuration is automatically updated on the current host.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 4-39
Node Name Management for the HP-UX Platform Change a Server in the Current DNS Configuration
....................................................................................................................................................................................................................................
Change a Server in the Current DNS Configuration

When to use
Use this task to modify the current Distributor Names Server (DNS) configuration of a
group member node. Specifically, this task enables you to do the following:
• Replace a DNS nameserver that is currently configured with a new DNS nameserver.
• Replace the current local domain name with a new domain name.
• Perform an update of the search domain list.
Related information
Before you begin

Task
Complete the following steps to modify the current Distributor Names Server (DNS)
configuration of a group member node.
...................................................................................................................................................................................................
1 Log in to the group member node where you want to change the DNS as root.
...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 16 to add or update the DNS configuration.

...................................................................................................................................................................................................
4 If you want to replace a DNS nameserver that is currently configured, enter the current
name of the DNS nameserver at the following prompt:
current DNS nameserver name <current DNS nameserver> [Enter]
...................................................................................................................................................................................................
5 If you want to replace a DNS nameserver that is currently configured, enter the new DNS
server at the following prompt:
new DNS nameserver name <new DNS nameserver> [Enter]
....................................................................................................................................................................................................................................
4-40 1350 OMS
Node Name Management for the HP-UX Platform Change a Server in the Current DNS Configuration
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
6 If you want to replace the DNS nameserver that is currently configured, enter its new IP
address at the following prompt:
new DNS nameserver IP addr
<IP address of the new DNS server host> [Enter]
...................................................................................................................................................................................................
7 Optional: To change the DNS local domain name, enter the new name of the local
domain at the following prompt or press Enter to maintain the current local domain
name:
new DNS local domain name
<new DNS local domain name>/<blank for the current search domain
list> [Enter]
...................................................................................................................................................................................................
8 Optional: To change the current search list, enter the new name of the search list at the
following prompt or press Enter to maintain the current search domain list:
search list for host-name lookup
<Name of the new serach list>/<blank for the current search
domain list> [Enter]
Result: The new DNS configuration is automatically updated on the current member
node.
...................................................................................................................................................................................................

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 4-41
Node Name Management for the HP-UX Platform Remove a Server from the Current DNS Configuration
....................................................................................................................................................................................................................................
Remove a Server from the Current DNS Configuration

When to use
Use this task to remove a server from the current Distributor Names Server (DNS)
configuration.
Related information
Before you begin

If the DNS server specified is the last server that is configured on the local node, the DNS
will be un-configured.
Task
Complete the following steps to remove a server from the current Distributor Names
Server (DNS) configuration.
...................................................................................................................................................................................................
1 Log in to the group member node where you want to remove the DNS nameserver as
root.
...................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Enter the number 17 to remove the DNS nameserver.

...................................................................................................................................................................................................
4 At the following prompts, enter the name of the DNS nameserver, which is currently
defined, that must be removed. (Note that the IP address is automatically displayed.)
Please insert the OLD DNS NAMESERVER HOSTNAME for local host:
<current DNS nameserver> [Enter]
Please insert the OLD DNS NAMESERVER IP ADDR. for local host:
<current DNS nameserver IP Address> [Enter]
...................................................................................................................................................................................................
....................................................................................................................................................................................................................................
4-42 1350 OMS
....................................................................................................................................................................................................................................
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 4-43
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
4-44 1350 OMS
5 5 P-UX Platform System
H
Backup and Restore
Overview
Purpose
information and the associated tasks that pertain to the backup and recovery of the 1350
OMS.
Contents
Backup and Restore Overview 5-2

scbackup Overview 5-3
Backup Strategies 5-6
Backup Tape Sets 5-8
Backup Restrictions and Requirements 5-10
Troubleshoot a Backup 5-11
Restore and screstore 5-13
Troubleshoot a Restore 5-15
Mirror Configurations 5-20
Run scdisk_read_check to Read and Check the Disk 5-21
Perform a Tape Check 5-23
Run scbackup for a Local Disk or an Application Instance Backup 5-24
Run scbackup Using a Disk Directory as the Supporting Output Media 5-29
Verify the Readability of the fbackup Tape 5-33
Boot from the IRT for PA-RISC Servers 5-34
Boot from the IRT for Itanium Servers 5-37
Run screstore to Restore Data from the fbackup Media 5-45
Run the scmirrorfs Tool to Set Up the Mirrored Configuration 5-52
...................................................................................................................................................................................................................................
1350 OMS 5-1
HP-UX Platform System Backup and Restore Backup and Restore Overview
....................................................................................................................................................................................................................................
Backup and Restore Overview

Backup and restore functional definition
The backup and restore function is one of the administrator functions that is a part of the
Alcatel-Lucent Middle Ware Operating System (MW_OS) package of support tools. This
package of tools eases the administration of the HP-UX® operating system in the
Alcatel-Lucent software environment.
Backup and restore can be run through the execution of online commands, and each is
integrated with other MW_OS features (for example, disk mirror management).
Backup and restore storage areas

The backup and restore function can operate on the following different storage areas:
• System area, which includes mostly programs, but also application independent data.
• Disks that are local to the system, which includes all disks but not shared disks in
cluster systems that share data configurations.
• Application instances, which includes application data that is stored on local or on
shared disks.
Backup focuses on the type of data that is stored on the disks. Backup has the ability to
distinguish between system data and application instance data, which can be backed up
separately.
....................................................................................................................................................................................................................................
5-2 1350 OMS
HP-UX Platform System Backup and Restore scbackup Overview
....................................................................................................................................................................................................................................
scbackup Overview
Backup objective
The backup procedure provides the administrator with an easy-to-use tool to store, on
tape or on a disk directory (local or remote mounted via Network File System - NFS), the
contents of the disks and the disk partitioning. The backup can be used if a disk failure
occurs or if data corruption becomes evident.
All backups are done using the scbackup command.
Backup tools
The backup procedure uses the following HP-UX® tools:
• fbackup, which is the backup tool that is included in the HP-UX® 11.31 Core.
• Ignite-UX, which is an add-on HP® tool for system installation services.
The versions of the tool that are certified are listed in the following table. The behavior of
scbackup is only guaranteed with the versions that are listed in the following table. Using
an older version of the tool can cause the backup to fail.
Full System Backup and Restore

Tool Version
HP-UX 11i 11.31
Ignite-UX C.7.11.444
scbackup syntax
The command syntax of scbackup is as follows:
The following syntax is the typical format for a backup:
scbackup [-t <minutes>] [-a <dir_name>][-o <option list>] [-d] ARG...
The following syntax must be used when errors occur during the backup and the disk
mirroring must be recovered. The failed backup displays a warning message that this
syntax must be used:
scbackup -R
The following syntax is used to print the procedure version or for help:
scbackup -v | -h
....................................................................................................................................................................................................................................
1350 OMS 5-3
....................................................................................................................................................................................................................................
Where:
• -t <minutes> specifies the time to wait in minutes to insert a new tape. If the time
expires, the backup is terminated. The default is an infinite waiting time. This option
is not allowed if the -a option is specified.
• -a <dir_ name> specifies that the output of the backup is to be generated in a file that
is stored on the associated disk directory (<dir_name>). This directory can be
mapped on a local disk or on a remote disk that has been mounted by the Network
File System (NFS). The filename will have the format:
<hostname>_<yymmdd>-<time>_fbackup.out
For example: tlvsnk_101123-15.21_fbackup.out
Important! The disk directory must already be specified in /etc/fstab using the
following syntax:
<directory> <mount-point> <type> <options> <backup frequency> <pass
number> [<comment>]
Example for a local directory:
/dev/vg01/lvol3 /bck_dir vxfs nolargefiles,delaylog 0 0
Example for a remote directory:
nodeName:/bck_dir /bck_dir nfs rw,nolargefiles 0 0
For more information about the syntax of fstab, refer the fstab man page.
• -o <option_list> specifies the command options, which can be one of the following:
noIRT | IRTonly
online | offline
One option, or none, can be selected from each pair:
– noIRT skips the IRT production.
– IRTonly makes only an IRT version.
Note: If the -a option is specified and the creation of the IRT is required, use
either of the following:
scbackup -a <dir_name> ... .
Or:
scbackup -a <dir_name> -o IRTonly ...
The scbackup does not provide a bootable tape; but, it does provide a bootable
ISO image that can be used to reproduce the current system configuration. (This
bootable image must be burned on a DVD.) The image is stored on the associated
disk directory (<dir_name>) with a filename that has this format:
<hostmane>_<yymmdd>-<time>_image.iso
For example: tlvsnk-101123_15.21_image.iso
....................................................................................................................................................................................................................................
5-4 1350 OMS
....................................................................................................................................................................................................................................
– online forces the online backup. If online is not specified, the default is offline.
– offline forces the offline backup, which is the default.
• -d, which is for test purposes only, specifies that a dry-run is to be done. When -d is
specified, most checks are performed, but a tape is not written to. The -d option is not
available if the -a option is specified.
• -R specifies that a recovery is to be done. When -R is specified, a recovery from
previous disk mirroring errors occurs.
• -v specifies that a version is to be done. It prints the procedure version and exits.
• -h specifies that a short help page is to be displayed. It displays the page and exits.
• ARG, which are the command arguments, are as follows:
system specifies a system disk backup. Local application instances are ignored.
<name_version_id> specifies an application instance backup. More than one instance
can be specified.
<no arguments> specifies a local disk backup. The entire contents of the local disk
are backed up.
For backups of application instances, the command format, in its simplest form, is the
following:
...,sys,root # scbackup instance_0 ... instance_n [Enter]
This command format produces a tape that contains the application instances that are
listed as command arguments. Each command argument has the following format:
<name>_<version>_<id>
The data for <name>_<version>_<id> can be retrieved with the following command:
scinstance -l
A shared instance backup is allowed only if the instance has status SMVI-SA, which is the
instance is active on its master system.
Example:
....sys,root # scbackup SDH_9.6.0_1 EML_9.6.0_1
This command line backs up two application instances; the tool automatically determines
if these instances should be backed up online or standard/offline.
....................................................................................................................................................................................................................................
1350 OMS 5-5
HP-UX Platform System Backup and Restore Backup Strategies
....................................................................................................................................................................................................................................
Backup Strategies
Types of backups
The following types of backups can be done using scbackup:
• “Online backups” (p. 5-6)
• “Standard backups” (p. 5-6)
Online backups
Online backups are used to back up disks without having to shut down and reboot the
system.
Online backups are typically performed during these scenarios:
• When the logical volumes to be backed up are mirrored and in a stable state; and, the
administrator does not select the offline option.
During this scenario, the administrator must stop all applications, the logical volumes
are split, the backup is performed, and the administrator is advised that the
applications can be restarted.
• When the administrator has forced an online backup using the online option, which
overrides the default.
During this scenario, the administrator must stop all applications that involve the
particular logical volumes. The applications can be restarted when the backup is
completed.
Important! If the administrator does not specify online or offline in the scbackup
command line, the default is offline.
Standard backups
Standard backups, which are also referred to as offline backups, require the system to be
shut down and a reboot to occur when backing up the local disks. All applications are
stopped, either by a system shutdown or by a command.
A standard backup is performed during the following scenarios:
• At least one of the logical volumes to be backed up is not mirrored or its mirroring
state is not stable and the administrator has not selected the online option.
• The administrator has forced the backup using the offline option to override the
default.
Instance backups
An instance backup is used to back up the Alcatel-Lucent TMN application data. All
application instances, local or shared, can be backed up. (Local instances can also be
backed up through the steps that are given in the “Run scbackup for a Local Disk or an
Application Instance Backup” (p. 5-24) task.)
....................................................................................................................................................................................................................................
5-6 1350 OMS
HP-UX Platform System Backup and Restore Backup Strategies
....................................................................................................................................................................................................................................
The steps to back up applications instances are those steps that are listed in “Run
scbackup for a Local Disk or an Application Instance Backup” (p. 5-24) task, unless the
following scenarios occur:
• An IRT is not made.
• The standard backup does not perform a system shutdown and reboot when the shared
instances have to be backed up. The backup only requires the applications to be shut
down while the backup is writing data to tape.
Refer to “scbackup syntax” (p. 5-3) for a detailed explanation of the command syntax to
use when backing up an application instance.
After the tool analyzes the options that are specified in the command line, it outputs a
display that is similar to the following:
The backup will be carried out with the following choices:

Ignite Recovery Tape (IRT) : -
System disk backup : No
Instances : SDH_9.6.0_1 EML_9.6.0_1
Time-out on tape changing : No
On-line / Off-Line Backup : Auto
Dry-run exec : No
Do you want to continue (y|n) ? :
....................................................................................................................................................................................................................................
1350 OMS 5-7
HP-UX Platform System Backup and Restore Backup Tape Sets
....................................................................................................................................................................................................................................
Backup Tape Sets

When Backup Tape Sets Can Be Made
Backup tape sets can only be made if the –a option is not specified when the scbackup
command is executed.
Number and types of tape sets

Several tape sets can be written to back up the full system. We recommend using two
basic tape sets, plus another set for clustered systems that are in a data sharing
configuration.
The recommended tape sets are the following:
• “First set: the IRT Set” (p. 5-8)
• “Second set: the fbackup set containing the entire local disk” (p. 5-8)
• “Third set: the fbackup set for the shared application instances” (p. 5-9)
Important! If both digital audio tape (DAT) and digital linear tape (DLT) devices are
available, the recommended tape sets can be created using these different types of tape
cassettes; meaning, a DAT tape can be used for the IRT set and DLT tapes for the other
sets. However, each set must be made up of just one type of tape cassettes.
First set: the IRT Set

The first tape set is the Ignite-UX Recovery Tape (IRT) set, which is typically created
online by Ignite-UX, with a reduced HP-UX OS, and run using one 4 GB tape. This set is
produced using the IRTonly option.
The IRT contains a reduced image of the HP-UX operating system and it can be used for
system reboot and a minimal installation. The IRT also contains a description of the local
disk configuration. Ignite-UX can read this configuration upon system installation to
rebuild the disk structure; however, Ignite-UX cannot manage the disk mirroring;
meaning, if the backed up system had mirrored disks, the mirroring must be rebuilt
manually on the recovered system.
Second set: the fbackup set containing the entire local disk
The second tape set is created by the fbackup tool and it contains the entire contents of
the local disk. This backup can be done online or offline. The tool can automatically
choose the most appropriate type of backup depending on the system configuration and
the status; however, the administrator can override any automatic choices.
Depending on the data size, more than one tape might be needed.
....................................................................................................................................................................................................................................
5-8 1350 OMS
HP-UX Platform System Backup and Restore Backup Tape Sets
....................................................................................................................................................................................................................................
Third set: the fbackup set for the shared application instances
The third, and optional, tape set is created by fbackup and it contains the contents of
disks where the shared application instances have been configured. This backup can be
done online or offline. The tool can automatically choose the most appropriate type of
backup depending on the system configuration and the status; however, the administrator
can override any automatic choices.
Depending on the data size, more than one tape might be needed.
Alternate tape set combination

An alternate tape set combination could include the following:
• “First set: the IRT Set” (p. 5-8)
• Alternate Second set: The system data set.
This set is similar to “Second set: the fbackup set containing the entire local disk”
(p. 5-8), but it does not include the backup of the local application instances.
• Alternate Third set: “Third set: the fbackup set for the shared application instances”
(p. 5-9).
This set contains the backup of all the application instances defined on the system,
both local and shared. This set can be split further in two subsets: one for local and
one for shared application instances.
....................................................................................................................................................................................................................................
1350 OMS 5-9
HP-UX Platform System Backup and Restore Backup Restrictions and Requirements
....................................................................................................................................................................................................................................
Backup Restrictions and Requirements

fbackup restrictions
If the system that you are to back up has volume groups that are inactive or logical
volumes that are not mounted, the backup procedure displays warning messages that
these areas will not be backed up.
Important! We strongly recommend that you do not back up file systems that are
mounted using a path that contains a symbolic link because a recovery archive error can
occur during the restore.
Mirror Disk configuration rebuild restriction

After restoring the data, the restore procedure informs the user if the system was mirrored
at the backup time. The mirror rebuild is not managed directly by the restore tool, but it
must be activated separately. Refer to “Mirror Configurations” (p. 5-20).
For systems that are protected with Mirror/Disk UX, you can proceed with the full online
disk backup using the scbackup tool. After the disk restore is completed with screstore,
you can invoke scmirrorfs to rebuild the mirror configuration. With scmirrorfs, you must
specify the mirror disks to be used. Refer to “Run the scmirrorfs Tool to Set Up the
Mirrored Configuration” (p. 5-52) for details.
Console restriction
fbackup is executed in single user mode during the HP-UX boot phase.
Important! If you shut off the console terminal or disconnect the Web console during
the execution of fbackup, fbackup is interrupted and the backup does not complete.
Required disk space requirement

The Ignite-UX tool requires at least 128 Mbyte free in the file system where the /var
directory is located.
scbackup-screstore version incompatibility

The scbackup-screstore version 3.2 is compatible with the version 3.0 and newer
versions of the Alcatel-Lucent backup-restore; therefore, the tapes that were produced
with the version 3.0 and newer versions of scbackup-screstore can be used by version
3.2 and beyond.
Important! Label the new tapes correctly and separate them from the old tapes.
....................................................................................................................................................................................................................................
5-10 1350 OMS
HP-UX Platform System Backup and Restore Troubleshoot a Backup
....................................................................................................................................................................................................................................
Troubleshoot a Backup
Log files
The scbackup tool creates one log file that records all data that pertains to the entire
backup:
/SCINSTALL/log/scbackup.log
Full mirror faults

The check on the system full mirror can fail for the following reasons:
• At least one logical volume is not mirrored.
• At least one logical volume has a stale status.
The tool skips the online backup unless the administrator has forced the online backup
with the online option.
System crashes
If a system crash occurs during an online backup, the configuration of the original disk
must be recovered, which is done automatically at system start-up.
Split operation problems

If the applications have not been stopped, problems can occur during the split operation
of an online backup. The backup tool ends and automatically starts a recovery.
Time-out expiration
If the administrator started the backup with the -t option and does not fulfill a request for
a new tape cassette within the set time, the backup tool terminates and must be run again.
Should this scenario occur, backup can be run with the -o noIRT option, which skips the
creation of the IRT.
MERGE-DELETE problems
Any MERGE-DELETE problems are typically the cause of faulty disk mirroring. The
administrator should check the log file for errors and manually run the scbackup -R
command.
Login messages
If problems occur at the end of a standard/offline backup, the fbackup tool displays
warning or error messages upon login. The administrator should check both types of
messages in the /SCINSTALL/log/scbackup.log file to determine the nature of the message
and/or the potential problem.
After a backup on tape, the following warning message can be ignored:
WARNING: unable to read a volume header.
....................................................................................................................................................................................................................................
1350 OMS 5-11
HP-UX Platform System Backup and Restore Troubleshoot a Backup
....................................................................................................................................................................................................................................
With Error messages, check the /SCINSTALL/log/scbackup.log to determine the cause of
the errors. The tape set is not useful and the backup must be rerun.
To clear the messages from being displayed, remove the
/var/adm/fbackfiles/fbackup.msg file.
....................................................................................................................................................................................................................................
5-12 1350 OMS
HP-UX Platform System Backup and Restore Restore and screstore
....................................................................................................................................................................................................................................
Restore and screstore

Restore purpose
The restore tool is used to restore, on the same physical system, the complete contents of
the same physical system where the backup tapes as OS images have been made. Any
system restore on different hardware is not guaranteed.
Restore phases
The restore consists of the following phases:
• The first phase uses the IRT tape set or ISO image, and it recreates the Logical
Volume Manager (LVM) disk configuration of the local disks that exists at backup
time. In addition, it installs a minimal operating system that allows the system to be
booted from disk. This phase destroys the existing content of the local disks.
• The second phase recovers the contents of the local disks, which are typically grouped
in the volume group vg00. The administrator must run the screstore tool to complete
this phase.
• The third, and optional phase, recreates the volume groups for the shared instances
and recovers data on external disks. The administrator must run the screstore tool to
complete this phase.
screstore syntax
The command syntax for screstore is the typical format for a backup:
screstore [-a <dir_name>] [ARG] ...
Where:
-a <dir_name> specifies that the input of restore is a file that is stored on the associated
disk directory (<dir_name>) with the following name:
<hostname>_<yymmdd>-<time>_fbackup.out
Example:
tlvsnk_101123-15.21_fbackup.out
-v prints the version of the tool.
-o displays a short help file.
[ARG] are the command arguments for the application instances.
Example:
...,sys,root # screstore SDH_9.6.0.1
If an argument is not specified, the contents of the entire backup tape or ISO image is
restored/recovered.
....................................................................................................................................................................................................................................
1350 OMS 5-13
HP-UX Platform System Backup and Restore Restore and screstore
....................................................................................................................................................................................................................................
IRT recovery
Note: If you performed a backup on a directory disk (using the –a option with the
scbackup command), the IRT is a DVD that contains the bootable ISO image.
The recovery of the Ignite-UX Recovery Tape (IRT), includes the following activities,
which are performed by booting the HP Integrity system from the IRT:
• Reconfiguration all of the hard disks in use, exactly as they were, at backup time.
• Restoration of a minimum HP-UX® operating system on the hard disks so the
frecover tool can be run.
Restoring shared instances

The restore for shared instances is performed the same way in which the restores are
performed for local disks; however, the file systems for these application instances are not
created in the first recovery step by Ignite-UX, so it becomes the responsibility of the
restore tool. Refer to Step 7 of the “Run screstore to Restore Data from the fbackup
Media” (p. 5-45) task for details.
Any shared instance can be restored to the system providing the following requirements
are met:
• The instance is displayed in the following command output:
scinstance l-
• The status of the instance is SMVI-SA
• The status of the instance is not SMVI-SA, but its volume group has not already been
created.
....................................................................................................................................................................................................................................
5-14 1350 OMS
HP-UX Platform System Backup and Restore Troubleshoot a Restore
....................................................................................................................................................................................................................................
Troubleshoot a Restore
IRT rebooting errors
If Ignite-UX encounters errors during the recovery, output similar to the following is
displayed:
ERROR: The disk at HW path: 0/0/1/1.2.0 was specified in the configuration

files but does not exist on the system. And since
allow_disk_remap=false, no attempt to find a substitute will be made.
Because of the error(s) above, the user-interface must be
used to correct them... Non-interactive install canceled.
Press Return to continue:
When the administrator presses Enter, Ignite-UX then outputs a display that is similar to
the following:
Hardware Summary: System Model: 9000/800/rp7400

+--------------------+---------------+------------------+ [Scan Again]
| Disks: 10 (113.9GB)| Floppies: 0 | LAN cards: 3 |
| CD/DVDs: 1 | Tapes: 1 | Memory: 2040Mb|
| Graphics Ports: 0 | IO Buses: 8 | CPUs: 4 | [H/W Details]
+--------------------+---------------+------------------+
[ Install HP-UX ]
[ Run a Recovery Shell ]
[ Advanced Options
[ Read Sys-Admin Message ]
[ Reboot ] [ Help ]
This display indicates that something different exists in the system configuration that is
preventing Ignite-UX from performing the automatic recovery; therefore, to bypass the
problem, the administrator must run Ignite-UX manually.
No automatic reboot from the IRT

Occasionally, the machine does not reboot automatically from the IRT. It can stop for a
long time (more than 20 minutes), after the display of the following message:
NOTE: tlinstall is searching filesystem - please be patient
If the reboot does not occur automatically, the administrator can force the reboot by
entering the following command:
[Ctrl]c
Scripts that fail during the reboot from the IRT

Because the IRT restores only a subset of entire HP-UX® operating system and nothing
of the particular 1350 OMS application, some errors can occur.
The following is a useless error message regarding some scripts/tools that have failed.
This type of message should be ignored:
Copy processor logs to /var/tombstones [FAILED]

....................................................................................................................................................................................................................................
1350 OMS 5-15
....................................................................................................................................................................................................................................
Clean UUCP [FAILED]
Starting HP-UX Secure Shell [FAILED]
Start Kerberos V5 daemons [FAILED]
Start mail daemon [FAILED]
Starting RPC daemon if needed [FAILED]
Starting Alcatel License Daemon [FAILED]
* - An error has occurred!
* - Refer to the file /etc/rc.log for more information.
Console messages that are displayed during the reboot from the IRT
Because the IRT restores only a subset of entire HP-UX® operating system and nothing
of 1350 OMS application, errors can occur.
The following is a useless error message that occurs when the system is rebooted from the
restored disks. This type of message occurs because of the partial recovery that Ignite-UX
performs and because of the temporary inconsistency between the restored files and the
contents of /etc/inittab. The messages disappear after the recovery of the fbackup set;
and in general, output that is similar to the following display should be ignored:
INIT: Command is respawning too rapidly.

Will try again in 5 minutes.
Check for possible errors.
id: .....
screstore checks and messages

The media that is used as input during the restore process could be the following:
• A tape (one or more) or a DVD that is used as the IRT
• A tape (one or more) or an ISO image file that is generated by fbackup.
To prevent errors due to a media (tape or DVD) labeling mistake or a simple media swap,
the screstore tool performs initial checks before it starts the restoration of the file system.
If an inconsistency exists between the data that is present on the input media and the
system configuration, screstore outputs an error or warning message for the following
typical reasons:
• The IRT media (tape or DVD) and fbackup media (tape or ISO image file) were not
produced on the same system; meaning, media from different systems have been
mixed.
The source of the media must be checked.
• The IRT and fbackup media were produced at different times and with different
system configurations, which means that the administrator is trying to restore an
fbackup media on a system in which the disk configuration is different from the target
file system, on a system that is not available, or on a system that is not large enough to
perform the restore.
....................................................................................................................................................................................................................................
5-16 1350 OMS
....................................................................................................................................................................................................................................
The validity of the media must be checked.
• The input media is correct, but something was modified during the Ignite-UX
recovery process (interactive restore installation), or after the successful Ignite-UX
recovery and before the screstore process.
If an inconsistency does occur, the screstore process must be stopped to determine and
correct the problem, then screstore must be rerun.
WARNING: Current host is different from...

Output similar to the following occurs when the input media is mixed up. Change the
fbackup media or restart the recovery from the beginning with the correct IRT.
*************************************************************
WARNING: Current host is different from the one backed up.
Current host -> hosta
Backedup host -> hostb
*************************************************************
ERROR: Volume group name...

When output that is similar to the following is displayed, a volume group configuration
mismatch has occurred; therefore, the IRT and fbackup input media must be verified for
consistency.
***************************************************
ERROR: Volume group name "<volume group name>"
present on tape but not defined on system
***************************************************
WARNING: Volume group name...

When output that is similar to the following is displayed, a volume group configuration
mismatch has occurred; therefore, the IRT and fbackup input media must be verified for
consistency.
***************************************************
WARNING: Volume group name "<vg_name>"
is present on tape but not ACTIVATED on system
***************************************************
When this warning is displayed, the volume group must be activated with the vgchange
command:
vgchange -a y <Volume Group>
Error: Logical volume ...

When the following error message is displayed, the IRT and the fbackup input media
must be verified for consistency.
****************************************************
ERROR: Logical volume "<lv_name>"
....................................................................................................................................................................................................................................
1350 OMS 5-17
....................................................................................................................................................................................................................................
present on tape but not defined on system
****************************************************
When the following error message is displayed, the logical volume must be mounted with
the mount <lv_name> <mount_point> command.
mount: /dev/vg00/lvol11 was either ignored or not found in /etc/
fstab
***************************************************
ERROR: Logical volume "<lv_name>"
has been created but not mounted on system
***************************************************
If the command succeeds, screstore must be rerun. If the command fails, the IRT and
fbackup input media must be verified for consistency.
WARNING: Different mount points...

must be verified for consistency:
******************************************************************
WARNING: Different mount points found for the Logical volume <lv_name>
actual mount point - > <act_mp>
tape mount point - > <tape_mp>
****************************************************************
ERROR: The mount point...

must be verified for consistency:
******************************************************************
ERROR: Mount Point: <mount_point>
is not a directory
****************************************************************
WARNING: The mount point...

When the following message is displayed, a nesting of the mount point directory has
occurred. You should have one or more empty directories; and if you do, you can proceed.
If you do not, check the contents of the directories.
******************************************************************
WARNING: Mount Point: <mount_point>
is not an empty directory
****************************************************************
....................................................................................................................................................................................................................................
5-18 1350 OMS
....................................................................................................................................................................................................................................
WARNING: The file system mount:
When the following message is displayed, the IRT and fbackup input media were not
produced by the same execution of scbackup and not enough room exists to store the data
on the media.
Use the scextendfs command to extend the file system:
scextendfs <filesystem> <free Megabytes>
******************************************************************
WARNING: The file system mount on <mount_point>
has not enough free space:
to recover the logical volume
actual free space - > 500 Mb
required space - > 550 Mb
*****************************************************************
....................................................................................................................................................................................................................................
1350 OMS 5-19
HP-UX Platform System Backup and Restore Mirror Configurations
....................................................................................................................................................................................................................................
Mirror Configurations
The scmirrorfs tool
The scmirrorfs tool is used to assign and/or reassign disks for the mirror copy of data.
This tool requires the administrator to enter the device names of the primary disk and the
alternate disk that must be used to store the mirror copy of the data. Use of the scmirrorfs
tool can possibly change the configuration.
Disk requirements
The following disk requirements apply:
• The administrator must know the names of the primary and the alternate disks that are
to be used in the mirror configuration.
• The disks that belong to the mirror copy disk do not have to be physically identical to
the main disk set.
• The amount of space on both disks must be sufficient to store all of the logical volume
that is currently defined.
• The disks that belong to the mirror copy disk set should not share the same SCSI bus
as the main disk. When the configuration script recognizes that the disk that is being
added to the mirror copy is connected to a SCSI bus that is already in use for the main
disk set, output similar to the following is displayed:
WARNING: Controller disk already used in “Main path (pvg0)"
Do you want to choose another disk ?
To guarantee the machine functionality if the disk controller fails, you must to choose
another disk that belongs to another chain.
....................................................................................................................................................................................................................................
5-20 1350 OMS
HP-UX Platform System Backup and Restore Run scdisk_read_check to Read and Check the Disk
....................................................................................................................................................................................................................................
Run scdisk_read_check to Read and Check the Disk

When to use
Use this task to run scdisk_read_check to read and check the disk before you run
scbackup.
Related information
• “Backup and Restore Overview” (p. 5-2)
Before you begin

Because the online backup determines if a full mirrored/stable disk configuration is
present and, providing the offline backup is not-selected, splits the logical volumes to
prepare the data for the online backup from the mirrored disks, it can call attention to a
latent disk problem; therefore we suggest that you run the scdisk_read_check tool,
which reads and checks the disk prior to running scbackup.
Important! Some disk failures can cause commands to go into endless loops that can
only be terminated by the first reboot of the system.
Task
Complete the following steps to run the scdisk_read_check tool, which reads and checks
the disk.
...................................................................................................................................................................................................
1 Log in to the system in which the backup is to be performed as root.

...................................................................................................................................................................................................
2 Enter the following command to initialize the tool:

...,sys,root # scdisk_read_check [Enter]
Result: The scdisk_read_check tool shows you the disk that is being read and
scanned so you can identify certain areas if a failure is found.
=><date/time stamp>
=>START: OSConf Disk Read check
--- Disk read check for Volume Group: /dev/vg00 ---
Note: record size is 64 MByte
<date/time stamp> Start read check of disk c2t5d0
Disk Size 8678 MByte (note: must be check 135 records)
135+1 records in
135+1 records out
real 8:28.0
user 0.0
sys 3.5
....................................................................................................................................................................................................................................
1350 OMS 5-21
HP-UX Platform System Backup and Restore Run scdisk_read_check to Read and Check the Disk
....................................................................................................................................................................................................................................
<date/time stamp> End successfully
=><date/time stamp>
=>END: OSConf Disk Read check
...,sys,root #
If the tool executes successfully, you can proceed with the backup.
Important! If the tool issues I/O errors or if it gets stopped (CPU activity does not
occur for the process), a hardware problem exists. Correct the problem before you
proceed with the backup.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
5-22 1350 OMS
HP-UX Platform System Backup and Restore Perform a Tape Check
....................................................................................................................................................................................................................................
Perform a Tape Check

When to use
Use this task to perform a tape check using scbackup without the -a option.
Related information
Before you begin

Do not use this task if you have used the -a option during the execution of the scbackup
command.
Task
Complete the following steps to perform a tape check.
...................................................................................................................................................................................................

...................................................................................................................................................................................................
2 Enter the following command to perform the tape check:

...,sys,root # ls /dev/rmt [Enter]
Result: The command output is displayed.
...................................................................................................................................................................................................
3 Visually verify that the /dev/rmt exists and that it is not empty.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 5-23
HP-UX Platform System Backup and Restore Run scbackup for a Local Disk or an Application Instance
Backup
....................................................................................................................................................................................................................................
Run scbackup for a Local Disk or an Application Instance

Backup
When to use
If you are not using the -a option of the scbackup command, use this task to run the
scbackup tool to run a local disk backup or an application instance backup using a tape as
the output media.
Important! If you are using the -a option of the scbackup command, do not use this task;
use the “Run scbackup Using a Disk Directory as the Supporting Output Media”
(p. 5-29) task.
Related information
• “Backup Restrictions and Requirements” (p. 5-10)
• “Troubleshoot a Backup” (p. 5-11)
• “Mirror Configurations” (p. 5-20)
Before you begin

This task could take 2 hours to perform. Make sure that you have sufficient time and that
you are available to answer all tool prompts.
The scbackup tool has a 60 minute default for a time-out on the tape request; meaning,
the tool asks you to insert a new tape and you have 60 minutes to insert a new tape. When
you invoke the tool, you can change or disable this time-out period by using the -t option
on the command line:
...,sys,root # scbackup -t <minutes>
Example:
To increase the time out to 180 minutes, you would enter the following command line:
....sys,root # scbackup -t 180
To disable the time out to 0 minutes, you would enter the following command line:
...,sys,root # scbackup -t 0
Task
Complete the following steps to run the scbackup tool using a tape as the output media.
...................................................................................................................................................................................................

Important! The root password is saved in the IRT. This password will be needed during
recovery time. Do not forget this password.
....................................................................................................................................................................................................................................
5-24 1350 OMS
Backup
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
2 Enter the following command to initialize the scbackup tool:

...,sys,root # scbackup [Enter]
Important! This command syntax is the simplest form of the command. It produces an
IRT tape set and backs up the local disks, which are typically the local disks that are in
volume group vg00. Refer to “scbackup syntax” (p. 5-3) for the complete syntax of the
command and variations on the backup. In addition, to back up an application instance,
refer to “Instance backups” (p. 5-6) for details and “scbackup syntax” (p. 5-3) for the
complete syntax of the command.
Result: After the tool analyzes the options that you specified in the command line, it
outputs a display that is similar to the following:

Ignite Recovery Tape (IRT) : Yes
System disk backup : Yes
Instances : EML_9.6.0_1 MW_INT_9.6.0.1
Dry-run exec : No
...................................................................................................................................................................................................
3 At the following prompt, answer y for yes:

Do you want to continue (y|n) ? : y
Result: The tool prompts you to enter the tape device that is to be used for writing the
IRT.
...................................................................................................................................................................................................
4 If the IRT is to be created, enter the tape device that is to be used for writing the IRT and
press Enter, or press Enter to select the file that is displayed:
Enter tape device for Ignite <default=<tape device>>:
<tape device> [Enter]
Example:
Enter tape device for Ignite <default=<tape device>>:
/dev/rmt/0m [Enter]
Important! The tape device must be of type NO-REWIND. In addition, its name must be
in the format of the following:
/dev/rmt/<x>mn
Where: x is a digit from 0 to 9.
....................................................................................................................................................................................................................................
1350 OMS 5-25
Backup
....................................................................................................................................................................................................................................
Result: The tool prompts you to mount a tape in the tape drive.
Please insert a tape labelled 'Ignite' into device <tape_
device>.
Press [Enter] when ready.
...................................................................................................................................................................................................
5 Mount an unprotected tape cassette and wait until the drive light stops blinking.
...................................................................................................................................................................................................
6 When the blinking light stops blinking and the device light becomes stable, press Enter to
create the IRT:
Enter
Result: The creation of the IRT can take up to 40 minutes. Any error that is detected
aborts the execution of the tool. The tool outputs the status of the execution on your
monitor.
When the IRT completes without errors, the following message is displayed:
**************************************************
Please, label the Ignite Recovery Tape as:
<host> - Ignite Bootable - <date> <time>
...................................................................................................................................................................................................
7 Enter the following command lines to print vital information regarding the contents of the
tape. This step is imperative because this information can be useful if a disk failure
occurs.
...,sys,root # vgdisplay -v [Enter]
...,sys,root # scextendfs -i [Enter]
Result: The system outputs vital information regarding the contents of the tape.
...................................................................................................................................................................................................
8 Label the tape properly, remember the root password that was staved in the IRT, and store
the printout containing the output of the vgdisplay and scextendfs commands with the
tape.
Result: Once the tool completes the creation of the IRT, it prompts you for the
HP-UX® device file for the fbackup.
...................................................................................................................................................................................................
9 Enter the tape device that you want to use to back up the entire disk and press Enter, or
press Enter to select the file that is displayed:
Enter tape device for Fbackup <default=<tape_device>>:
<tape device> [Enter]
Example:
....................................................................................................................................................................................................................................
5-26 1350 OMS
Backup
....................................................................................................................................................................................................................................
Enter tape device for Fbackup <default=<tape device>>:
/dev/rmt/0m [Enter]
Important! The tape device must of type NO-REWIND. In addition, its name must be in
the format of the following:
/dev/rmt/<x>mn
Where: x is a digit from 0 to 9.
Result: The tool verifies that all logical volumes that are going to be backed up are
correctly mounted on the system. In addition, the tool determines if the system should
be backed up online or offline. The system choice can be overridden by using the
option -o. Note: the tool tries to guarantee the consistency of the backed up data; so,
we suggest that you do not override the system choice.
...................................................................................................................................................................................................
10 For an online backup...

If disk splitting is to occur, stop all applications and be present to answer all prompts
that the tool outputs.
One of the copies of the logical volume is removed from the mirror and is used for the
backup. When the disk splitting is completed, the tool prompts you to restart the
applications. Upon backup completion, the logical volumes are automatically reduced,
that is the disk copies are removed from the mirror system for backup, they are put back,
and the mirror is restored to its normal state.
If disk splitting is not to occur, stop all applications and be present to answer all
prompts that the tool outputs. When the backup completes, the tool prompts you to restart
the applications.
For a standard (offline) backup...
When the tool prompts you to stop the applications and to continue with the backup, you
must answer Yes or the backup aborts. The tool continues to prompt you to establish a
grace period (in minutes) in which the user can use to log off the system before it shuts
down. If you press Enter without setting a grace time, the system reboots immediately.
After the system shutdown, you must connect to the system console to follow the backup
execution. If the backup fails, you are notified of the backup failure upon login.
For all types of backups...
Important! You must always be present during a backup to answer the prompts that the
tool outputs. Prompts include when to start and stop applications and requests to remove
the current tape and insert a new one. By default, the tool can wait for an indefinite
amount of time for a new tape; therefore, an unattended backup can virtually last forever.
In addition, the tool does not check the contents of the inserted cassette tape. Any data
that has previously been written on a tape is overwritten and lost. Use only new and/or
scratch tapes.
....................................................................................................................................................................................................................................
1350 OMS 5-27
Backup
....................................................................................................................................................................................................................................
Result: The tool outputs the following:
**************************************************
Please, label the tape volume(s) as:
<host> - Fbackup Volume i of <n>
<date/time stamp> - local full
***************************************************
...................................................................................................................................................................................................
11 Remove and label the tape appropriately.

...................................................................................................................................................................................................
12 View the results of the backup by accessing the following file:

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
5-28 1350 OMS
HP-UX Platform System Backup and Restore Run scbackup Using a Disk Directory as the Supporting
Output Media
....................................................................................................................................................................................................................................
Run scbackup Using a Disk Directory as the Supporting Output

Media
When to use
If you are using the -a option of the scbackup command, use this task to use a disk
directory as the output media when running scbackup command.
Related information
Before you begin

Use this task if you have used the -a option and you cannot run scbackup for a local disk
or an application instance backup.
Task
Use this task to use a disk directory as the output media when running scbackup
command.
...................................................................................................................................................................................................

Important! The root password is saved in the IRT. You will need this password during
recovery time. Do not forget this password.
...................................................................................................................................................................................................
2 Optional: To optimize the tool's behavior and to reduce execution time, use the
excluded-list file(s) to specify the application files and directories that are to be excluded
from the backup. The application files and the directories will be backed up by the
application specific tools.
You can have more than one excluded-list file; but, all of the excluded-list files have to be
stored in the /sbin/SC_ExcludeFiles directory, which is created automatically during the
1350OMS-MW_OS installation.
...................................................................................................................................................................................................
3 Enter the following command to initialize the scbackup tool:

..., sys, root # scbackup -a <dir_name> [Enter]
Where: <dir_name> is the path of the disk directory (local or remote) where scbackup
output will be stored.
Important! This command syntax is the simplest form of the command. It produces an
IRT ISO image file and backs up the local disks, which are typically the local disks that
are in volume group vg00. Refer to “scbackup Overview” (p. 5-3) for the complete syntax
....................................................................................................................................................................................................................................
1350 OMS 5-29
Output Media
....................................................................................................................................................................................................................................
of the command and variations on the backup. In addition, to back up an application
instance, refer to “Instance backups” (p. 5-6) for details on how to perform a backup on a
particular instance of an application.
Result: After the tool analyzes the options that you specified in the command line, it
outputs a display that is similar to the following:

Ignite Recovery Tape (IRT) : Yes
System disk backup : Yes
Instances :
Dry-run exec : No
Directory archive on disk :<dir_name>
**************************************************************
ATTENTION: You are using the following <LOCAL/REMOTE> disk
directory:
<dir_name>
**************************************************************
...................................................................................................................................................................................................
4 When the system prompts you to continue, answer y for yes:

Do you want to continue (y|n) ? : y
Result: The tool starts to create an IRT ISO image file that has the format:
<directory>/<hostname>_<yymmdd>-<time>_fbackup.out
Example:
tlvsnk_101123-15.21_fbackup.out
When the IRT ISO image file creation completes without errors, a message similar to
the following is displayed:
**************************************************
ISO Image creation: "/bck_test/tlvsnk-110728_14.52_image.iso"
**************************************************
Bootable ISO Image procedure ended
Press <Enter> to continue...
...................................................................................................................................................................................................
5 At the following prompt, press Enter to continue:

Press <Enter> to continue...: Enter
Result: The tool continues to save the application files.
When the preliminary checks are finished, the following message is displayed:
********************************************************************
ATTENTION: You are going to perform the standard system backup, but
this requires a system SHUTDOWN-REBOOT.
*******************************************************************
....................................................................................................................................................................................................................................
5-30 1350 OMS
Output Media
....................................................................................................................................................................................................................................
********************************************************************
ATTENTION: It is better to stop applications before shutting down the system,
Please, do it before answering 'YES' next question.
*********************************************************************
WARNING: Answering "NO" to the following question, will terminate the backup
procedure.
Continue with system SHUTDOWN & REBOOT (y|n) ? :
...................................................................................................................................................................................................
6 At the following prompt, answer y for yes:

Continue with system SHUTDOWN & REBOOT (y|n) ? : y
Result: The tool starts with to shut down and reboot the system.
At some point during the boot sequence, user files are backed up. A message similar
to the following is displayed:
BACKUP: writing on file "/bck_test/tlvsnk-110728_14.55_
fbackup.out"
The tool verifies that all logical volumes that are going to be backed up are correctly
mounted on the system. In addition, the tool determines if the system should be
backed up online or offline. The system choice can be overridden by using the option
-o. Note: the tool tries to guarantee the consistency of the backed up data; so, we
suggest that you do not override the system choice.
When the ISO image that contains the creation of the user files completes without any
errors, a message similar to the following is displayed:
OFF-LINE backup.............................................
OK
The backup is completed and the reboot sequence continues until the end.
...................................................................................................................................................................................................
7 For an online backup:

If disk splitting is to occur, stop all applications and be present to answer all prompts that
the tool outputs.
One of the copies of the logical volume is removed from the mirror and is used for the
backup. When the disk splitting is completed, the tool prompts you to restart the
applications. Upon backup completion, the logical volumes are automatically reduced;
that is, the disk copies are removed from the mirror system for the backup, they are put
back, and the mirror is restored to its normal state.
If disk splitting is not to occur, stop all applications and be present to answer all prompts
that the tool outputs. When the backup completes, the tool prompts you to restart the
applications.
...................................................................................................................................................................................................
8 For a standard (offline) backup:
....................................................................................................................................................................................................................................
1350 OMS 5-31
Output Media
....................................................................................................................................................................................................................................
When the tool prompts you to stop the applications and to continue with the backup, you
must answer Yes or the backup aborts. The tool continues to prompt you to establish a
grace period (specified in minutes) in which you can use to log off the system before it
shuts down. If you press Enter without setting a grace period, the system reboots
immediately.
...................................................................................................................................................................................................
9 View the results of the backup by accessing the following file:

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
5-32 1350 OMS
HP-UX Platform System Backup and Restore Verify the Readability of the fbackup Tape
....................................................................................................................................................................................................................................
Verify the Readability of the fbackup Tape

When to use
Use this task to verify the readability of the fbackup tape.
Important! If you are using the -a option of the scbackup command, you cannot use this
task.
Related information
• “Backup Restrictions and Requirements” (p. 5-10)
• “Troubleshoot a Backup” (p. 5-11)
Before you begin

You cannot use this task if you have specified the -a option of the scbackup command.
Task
Complete the following verify the readability of the fbackup tape.
...................................................................................................................................................................................................
1 Log in to the system as root user.

...................................................................................................................................................................................................
2 Mount the first tape in the tape drive.

...................................................................................................................................................................................................
3 Enter the following command to read the tape:

..., sys,root # /usr/sbin/frecover -rvN -f /dev/rmt/ <tape
device> [Enter]
Result: The command reads the tape. If the command does not display any I/O errors,
the tape is readable.
...................................................................................................................................................................................................
4 Repeat steps 2 and 3 for every tape that was made during the backup.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 5-33
HP-UX Platform System Backup and Restore Boot from the IRT for PA-RISC Servers
....................................................................................................................................................................................................................................
Boot from the IRT for PA-RISC Servers

When to use
Use this task to boot from the Ignite-UX Recovery Tape (IRT) for a PA-RISC server.
Important! If you have specified the -a option of the scbackup command, the IRT will
be a DVD instead of a tape.
Related information
• “Restore and screstore” (p. 5-13)
• “Troubleshoot a Restore” (p. 5-15)
Before you begin

This task is only to be used for the PA-RISC servers. Make sure you use the appropriate
task for your site.
Important! If you have an Itanium server, use the “Boot from the IRT for Itanium
Servers” (p. 5-37) task.
Task for PA-RISC Servers

Complete the following steps to boot from the IRT for a PA-RISC server.
...................................................................................................................................................................................................
1 Switch off the machine.

...................................................................................................................................................................................................
2 Connect a tape drive that is compatible with the IRT to the system.
...................................................................................................................................................................................................
3 Insert the IRT into the drive (tape or DVD).

...................................................................................................................................................................................................
4 Switch on the system.

Result: The following message is displayed:
To discontinue, press any key within 10 seconds.
...................................................................................................................................................................................................
5 Press any key to get the console main menu.

...................................................................................................................................................................................................
6 Enter the following command to view the device where the IRT was inserted.
sea
....................................................................................................................................................................................................................................
5-34 1350 OMS
....................................................................................................................................................................................................................................
Result: The system displays information that is similar to the following:
Path# Device Path (dec) Device Path (mnem) Device Type and Utilities Rev
----- ----------------- ------------------ ------------------------- ----
P0 0/0/2/0.0 ide.0 Random access media 1
IPL
P1 0/1/1/0.1 intscsia.1 Sequential access media 1
IPL
P2 0/1/1/0.0 intscsia.0 Random access media 1
IPL
P3 0/1/1/1.5 intscsib.5 Random access media 1
IPL
IPL
IPL
Important! A tape device is always referred to as Sequential access media. A DVD
device is always referred to as Ide.0.
...................................................................................................................................................................................................
7 Enter the following command to boot from the device where the IRT is inserted:
boot <device_path_number>
Where: device_path_number is the path number that corresponds to one of the device
types (tape or DVD) that is listed in the Results of Step 6.
Example:
boot P1
...................................................................................................................................................................................................
8 At the following prompt, enter N (for No) so you do not interact with the IPL:
Interact with IPL (Y, N or C) > N
Result: The machine begins to boot from the device where the IRT is inserted.
Output similar to the following is displayed:
HARD Booted
ISL Revision ......
ISL Booting hpux (;0) INSTALL
Boot
...: tape (...
If the boot starts correctly, the ISL prompt is not displayed after 3 minutes. Ignite-UX
performs the recovery of the LVM disk structure and the HP-UX® OS in a minimum
configuration. You do not have to enter any commands; you only must check the
output for error messages.
The IRT reboots the system twice. The recovery from the IRT can take up to 90
minutes, depending on the system model. Wait until the end of the second reboot.
If the boot does not start successfully, go to “IRT rebooting errors” (p. 5-15).
....................................................................................................................................................................................................................................
1350 OMS 5-35
....................................................................................................................................................................................................................................
If the machine does not reboot automatically, go to “No automatic reboot from the
IRT” (p. 5-15).
After successful completion of the Ignite-UX recovery, the system displays output
that is similar to the following:
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
5-36 1350 OMS
HP-UX Platform System Backup and Restore Boot from the IRT for Itanium Servers
....................................................................................................................................................................................................................................
Boot from the IRT for Itanium Servers

When to use
Use this task to boot from the Ignite-UX Recovery Tape (IRT) for an Itanium server.
Important! If you have specified the -a option of the scbackup command, the IRT will
be a DVD instead of a tape.
Related information
Before you begin

This task is only to be used for the Itanium machines (rx2660, rx2800i2, rx6600, and
rx7640). Make sure you use the appropriate task for your site.
Important! If you have an PA-RISC server, use the “Boot from the IRT for PA-RISC
Servers” (p. 5-34) task.
Task 1 for Itanium Servers: Determine the EFI Path of the Tape Drive
For an Itanium server, complete the following steps to determine the EFI path of the tape
drive.
...................................................................................................................................................................................................
1 Reboot the system and stop the reboot process at the EFI menu before it times out.
...................................................................................................................................................................................................
2 From the Boot Menu, select EFI Shell [Built-in]
....................................................................................................................................................................................................................................
1350 OMS 5-37
....................................................................................................................................................................................................................................
Result: The system output is similar to the following:
Searching for device

Scci<Pun3,Lun0> HP DAT160 WP8A <160 MBytes/sec>
Lodaing : EFI Shell [Built-in]
EFI Shell VEFI version 2.00 [14.62]

Device mapping table
...
...................................................................................................................................................................................................
3 At the Shell> prompt, enter the reconnect -r command to identify the tape drive
path and to get it SCSI physical unit number (Pun) and logical unit number (Lun). The
Pun and Lun numbers can be mapped to the last part of the EFI device path.
Shell> reconnect -r
An example from our site:
....................................................................................................................................................................................................................................
5-38 1350 OMS
....................................................................................................................................................................................................................................
Result: The system output is similar to the following:
Important! The Pun and Lun numbers that can be mapped to the last part of the EFI
device path are displayed in the output as Pun3,Lun0. Therefore, the EFI device path
for the example at our site is the following:
Acpi(HWP0002,700)/Pci(1|0)/Scsi(Pun3,Lun0)
E...................................................................................................................................................................................................
N D O F S T E P S
Task 2 for Itanium Servers: Configure the Tape Boot Option

Once you know the EFI device path, complete the following steps to configure the tape
boot option.
...................................................................................................................................................................................................
1 Reboot the system and stop the reboot process at the EFI menu before it times out.
...................................................................................................................................................................................................
2 From the Boot Menu, select Boot Configuration.
....................................................................................................................................................................................................................................
1350 OMS 5-39
....................................................................................................................................................................................................................................
Result: The Boot Configuration menu is displayed.

...................................................................................................................................................................................................
3 At the Boot Configuration menu, select Add Boot Entry.
Result: The File System Explore menu is displayed.

...................................................................................................................................................................................................
4 From the File System Explore menu, select the tape drive from which you want to boot.
Important! To select the correct device use the Pun and Lun that suffix the EFI device
path at your site.
Example at our site:
Load File [Acip<HWP0002,PNP0A03.700>/Pci<1:0>/Pci>4:1>/Scsi<Pun3,Lun0...
....................................................................................................................................................................................................................................
5-40 1350 OMS
....................................................................................................................................................................................................................................
Result: The Enter Description for this entry: dialog box is displayed.
...................................................................................................................................................................................................
5 In the Enter Description for this entry: dialog box, enter descriptive text for
the entry that you have made.
Important! The descriptive text that you enter will appear in the Boot Menu listing.
dat160
....................................................................................................................................................................................................................................
1350 OMS 5-41
....................................................................................................................................................................................................................................
Result: The Enter Load Options or press <Enter> if none dialog box is
displayed.
...................................................................................................................................................................................................
6 In the Enter Load Options or press <Enter> if none dialog box, press
Enter, without adding any load options:
Enter Load Options or press <Enter> if none <Enter>
Result: The Save changes to NVRAM? dialog box is displayed.

...................................................................................................................................................................................................
7 If you have not made any mistakes, in the Save changes to NVRAM? dialog box, enter
Y for yes.
If you have made a mistake, in the Save changes to NVRAM? dialog box, press N, for
no.
....................................................................................................................................................................................................................................
5-42 1350 OMS
....................................................................................................................................................................................................................................
Result: If you answered Y to save the changes to NVRAM, your changes are saved
and your new boot option is displayed with the descriptive text that you entered in the
EFI Boot Manager main Boot Menu, which is now redisplayed.
...................................................................................................................................................................................................
8 To boot the server from the Ignite-UX recovery tape, select your Load File from the
EFI Boot Manager main Boot Menu and press Enter.
dat160 <Enter>
....................................................................................................................................................................................................................................
1350 OMS 5-43
....................................................................................................................................................................................................................................
Result: The Ignite-UX recovery process takes approximately 30 to 40 minutes. After
successful completion of the Ignite-UX recovery, the system displays output that is
similar to the following:
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
5-44 1350 OMS
HP-UX Platform System Backup and Restore Run screstore to Restore Data from the fbackup Media
....................................................................................................................................................................................................................................
Run screstore to Restore Data from the fbackup Media

When to use
Use this task to run the screstore tool to restore data from the fbackup tapes or by using
a directory as the input source.
Related information
Before you begin

You can perform this task using one of two methods:
• By using a tape, which is explained in “Task 1: Using a Tape” (p. 5-46).
• By using a directory, which is explained in “Task 2: Using a Directory” (p. 5-49).
Perform this task from the console or from a terminal that is connected to the system
video output. Do not perform this task on an open network session because if you are
disconnected from the network, the restore would not have any recovery procedure and
the restoration would have to be started from the beginning.
Do not log in with the GoGlobal-UX tool. This tool is not available.
When the tool outputs warnings and error messages during the restore process, output that
is similar to the following is displayed:
*****************************************************************************
NOTE: Restore device check issued some warnings.
Restoring from this <device> could result in a wrong system
Please, verify carefully each warning before answering
the following question.
*****************************************************************************
Do you want to continue with restore (y|n) ? :
Where: <device> will be:
• tape for an screstore from a tape device
• disk archive for restore from an ISO image file
Refer to “Troubleshoot a Restore” (p. 5-15) and analyze the warnings; and, if necessary,
correct any problems before you answer y to continue the restoration.
....................................................................................................................................................................................................................................
1350 OMS 5-45
....................................................................................................................................................................................................................................
Task 1: Using a Tape
Complete the following steps to run the screstore tool to restore data from the fbackup
tapes.
...................................................................................................................................................................................................
1 Log in as root using the same password that was active when the backup was done.
After restoring the IRT, only the operating system is restored, which means that not all
of the required files are currently available; therefore, messages such as the following
are displayed. Ignore these messages because they disappear when the restoration is
completed.
Cannot chdir to /var/news
cat: Cannot open /SCINSTALL/data/boot_version*: No such file
or directory
...................................................................................................................................................................................................
2 Optional: If you must complete any preliminary tasks on the system before you activate
the restore, create a command file called screstore_init in the SCINSTALL/etc directory
that can be executed before the frecover.
...................................................................................................................................................................................................
3 Enter the following command to invoke the screstore tool and to start the restoration:
..,sys,root # screstore [Enter]
Important! This command is shown in its simplest form. Refer to “screstore syntax”
(p. 5-13) for the complete syntax of this command.
Result: The tool prompts you to enter the file that has to be used for the restoration:
**************************************************
Selection of Tape device
Enter tape device for Frecover <default=<tape device>>
...................................................................................................................................................................................................
4 At the following prompt, enter the HP-UX® file that is associated with the tape device
that you want to use for the fbackup tape set and press Enter, or press Enter to select the
file that is displayed:
<directory/filename> [Enter]
Example:
/dev/rmt/0m [Enter]
....................................................................................................................................................................................................................................
5-46 1350 OMS
....................................................................................................................................................................................................................................
Result: The tool prompts you to mount the first tape of the fbackup tape set.
...................................................................................................................................................................................................
5 Mount the first tape cassette into the tape device, wait until the tape device is ready, and
press Enter to start:
Enter
Result: The tool outputs the expected tape label and asks you to verify it to the tape
that you are have just mounted.
...................................................................................................................................................................................................
6 If the labels match, specify y to continue.

If the labels do not match, specify n to stop the restoration/recovery.
Result: The recovery procedure continues to check the tape consistency, volume
groups, and logical volumes that are to be restored. If any check fails and the error is
not recoverable, the tool aborts or displays a warning message. When all checks are
completed, the recovery procedure prompts you to continue.
When performing an instance restore, the tool checks the instances that are found on
the tape BEFORE it checks the volume groups. If the mount point for the file system
of an instance is not found in the systems, the tool outputs a similar warning and asks
you if you want it to create the mount point. The tool outputs this type of message for
every missing mount point. If you are performing an instance restore, go to Step 7.
Important! Read the warning messages that the tool outputs during this phase and
answer y to continue only if you are sure that the warning messages are meaningless
to your configuration.
...................................................................................................................................................................................................
7 For an instance restore only, enter y when the tool outputs a display similar to the
following to create mount points:
The mount point <mount point>

does not exist. The procedure will try to create it
Do you want the procedure to create the missing mount point (y|n) ?
Result: The tool invokes the scextendfs routine, which detects the available hardware
and prompts you to create the instance volume group on an external disk device that it
discovers. If the choice that is discovered is suitable to you, answer y and scextendfs
continues to create the needed mount points.
...................................................................................................................................................................................................
8 If the tool determines that you must change the run level, stop all TMN applications and
specify y for yes when the tool prompts you to go to run level 3:
Are you ready, system go to run level 3 (y|n) ? : y
Result: The recovery begins.
Important! Be present during this phase of the recovery because you might have to
load/remove tapes.
....................................................................................................................................................................................................................................
1350 OMS 5-47
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
9 Mount the next tape when the following message is displayed:

Please MOUNT next TAPE Volume
Result: Once the tape is mounted, the tool outputs a message that is similar to the
following:
message: frecover(5404): Press return when the next volume is
ready on /dev/rmt/0m:
...................................................................................................................................................................................................
10 Press Enter to continue:

Enter
Result: The tool continues to output messages such as the following, which you can
ignore:
frecover(1075): moved emsagent to emsagent.2510 since it was
executing. Remove emsagent.2510 when done.
If you mount the wrong tape, go to Step 11 and note that the tool outputs a message
frecover(5423): incorrect volume mounted;

frecover(5424): expected volume 1, and got 2
frecover(5433): Do you wish to continue using this volume?([yY]/[nN]) n
frecover(5412): Do you wish to try to salvage this volume?([yY]/[nN]) n
frecover(5411): Do you wish to try a different volume? ([yY]/[nN]) y
PLEASE MOUNT next TAPE Volume
...................................................................................................................................................................................................
11 If you mounted the correct tape, the frecover has ended. See the Results in Step 12.
If you mounted the incorrect tape, mount the correct tape now (after the previous message
appears), and then press Enter. Go to Step 12.
...................................................................................................................................................................................................
12 If you initially mounted the incorrect tape and have since mounted the correct tape or if
you initially entered the correct tape, the frecover tool has ended.
Result: The frecover tool has ended successfully. If the system was mirrored at the
backup time, the procedure reminds you to rebuild the disk mirroring using the
scmirrorfs when ends.
...................................................................................................................................................................................................
13 If you need to rebuild the mirror, activate the scmirrorfs tool.

...................................................................................................................................................................................................
14 Press Enter to continue.
....................................................................................................................................................................................................................................
5-48 1350 OMS
....................................................................................................................................................................................................................................
Result: The Physical Group Volume 0 is created to restore the volume groups and the
tool informs you that the system must be restarted for full functionality. In addition, it
prompts you to specify a grace time for the user to log off before a system shut down
occurs.
...................................................................................................................................................................................................
15 At the following prompt, enter the grace time for the user's log off in minutes or press
Enter for an immediate shut down
Enter the grace time for user's logoff before shutting down or
press [Enter] for immediate shutdown
Grace time (in sec.) >
...................................................................................................................................................................................................
16 After the system restart, restore the Alcatel-Lucent TMN applications data following the
appropriate, if any, recovery procedure and you can start up all applications.
E...................................................................................................................................................................................................
N D O F S T E P S
Task 2: Using a Directory

Complete the following steps to run the screstore tool using a disk directory as the input.
...................................................................................................................................................................................................

...................................................................................................................................................................................................
2 Optional: If you must complete any preliminary tasks on the system before you activate
the restore, create a command file called screstore_init in the SCINSTALL/etc directory
that can be executed before the frecover.
...................................................................................................................................................................................................
3 Enter the following command to invoke the screstore tool:

..,sys,root # screstore -a <directory> [Enter]
Where: <directory> is the path of the disk directory where is stored the ISO image file to
use as input for this tool.
Important! This command is shown in its simplest form. Refer to “screstore syntax”
(p. 5-13) for the complete syntax of this command.
Result: The tool outputs the expected ISO image label.
...................................................................................................................................................................................................
4 When the tool outputs the expected tape label, it then asks you to verify it to the tape that
you have just mounted.
If the ISO image file labels match, enter y to continue:
....................................................................................................................................................................................................................................
1350 OMS 5-49
....................................................................................................................................................................................................................................
Is the label OK (y|n) ? : y
If the ISO image file labels do not match, enter n to stop the restoration/recovery:
Is the label OK (y|n) ? : n
Result: The recovery procedure continues to check the tape consistency, volume
groups, and logical volumes that are to be restored. If any check fails and the error is
not recoverable, the tool aborts or displays a warning message. When all checks are
completed, the recovery procedure prompts you to continue.
When performing an instance restore, the tool checks the instances that are found on
the tape BEFORE it checks the volume groups. If the mount point for the file system
of an instance is not found in the system, the tool outputs a similar warning and asks
you if you want it to create the mount point. The tool outputs this type of message for
every missing mount point. If you are performing an instance restore, go to Step 5.
Important! Read the warning messages that the tool outputs during this phase and
answer y to continue only if you are sure that the warning messages are not applicable
to your configuration.
The frecover tool ends successfully. If the system was mirrored at the time of the
backup, the procedure reminds you to rebuild the disk mirroring using the scmirrorfs
when it ends.
...................................................................................................................................................................................................
5 For an instance restore only, enter y when the tool outputs a display similar to the
following to create mount points:
The mount point <mount point>

does not exist. The procedure will try to create it
Do you want the procedure to create the missing mount point (y|n) ?
Result:
The tool invokes the scextendfs routine, which detects the available hardware and
prompts you to create the instance volume group on an external disk device that it
discovers. If the choice that is discovered is suitable to you, answer y and scextendfs
continues to create the needed mount points.
...................................................................................................................................................................................................
6 If you need to rebuild the mirror, run scmirrorfs.

...................................................................................................................................................................................................
7 Press Enter to continue.

Result: The Physical Group Volume 0 is created to restore the volume groups and the
tool informs you that the system must be restarted for full functionality. In addition, it
prompts you to specify a grace time for the user to log off before a system shut down
occurs.
...................................................................................................................................................................................................
8 At the following prompt, enter the grace time for the user's log off in minutes or press
Enter for an immediate shut down
....................................................................................................................................................................................................................................
5-50 1350 OMS
....................................................................................................................................................................................................................................
Enter the grace time for user's logoff before shutting down or
press [Enter] for immediate shutdown
Grace time (in sec.) >
...................................................................................................................................................................................................
9 After the system restart, restore the Alcatel-Lucent TMN applications data following the
appropriate, if any, recovery procedure and you can start up all applications.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 5-51
HP-UX Platform System Backup and Restore Run the scmirrorfs Tool to Set Up the Mirrored Configuration
....................................................................................................................................................................................................................................
Run the scmirrorfs Tool to Set Up the Mirrored Configuration

When to use
Use this task to run the scmirrorfs tool to set up the mirrored disk configuration. This
task requires you to enter the device names of the primary disk and the alternate disk that
must be used to store the mirror copy of the data.
Related information
Before you begin

Read “Mirror Configurations” (p. 5-20) carefully before you begin this procedure.
Task
Complete the following steps to set up the mirrored disk configuration.
...................................................................................................................................................................................................
1 Log in as root using the same password that was active when the backup was done.
...................................................................................................................................................................................................
2 Enter the following command to invoke the scmirrorfs tool:

..,sys,root # scmirrorfs vg00 [Enter]
Result: The tool outputs a display that is similar to the following:
=><date/time stamp>
=>START: OSConf File(s) System Mirroring
Hardware detection in progress, please wait ........
Total disk(s) found = 6
Total CDRoms found = 1
Press [Enter] to continue...
...................................................................................................................................................................................................
3 Press the Enter key to continue with the mirror copy of the data.
Result: The tool displays output that is similar to the following. Note the entry for
Pri_Boot.
_______________________________________________________________
Disks Selection
Mirroring need Alternate Boot disk on Volume Group:"vg00"
______________________________________________________________
Device MByte Hardware Path Usage Type VolGroup
....................................................................................................................................................................................................................................
5-52 1350 OMS
....................................................................................................................................................................................................................................
_______________________________________________________________
c1t2d0 8680 0/0/1/1.2.0 Pri_Boot _Main_ vg00
c2t2d0 8680 0/0/2/0.2.0 _(free)_ ______ __
c4t8d0 8680 0/4/0/0.8.0 _(free)_ ______ __
c4t9d0 8680 0/4/0/0.9.0 _(free)_ ______ __
c5t12d0 8680 0/7/0/0.12.0 _(free)_ ______ __
c5t13d0 8680 0/7/0/0.13.0 _(free)_ ______ __
...................................................................................................................................................................................................
4 At the following prompt, enter the name of an alternative device from which to boot:
Select Alternate BOOT dev name or [q] to quit: <device name>
Result: The tool displays output that is similar to the following. Note the entries for
Pri_Boot and Alt_Boot.
Disk Selection
________________________________________________________________
__________________________________________________________________
c2t2d0 8680 0/0/2/0.2.0 _(free)_ ______ __
c4t8d0 8680 0/4/0/0.8.0 Alt_Boot Mirror vg00
c4t9d0 8680 0/4/0/0.9.0 _(free)_ ______ __
c5t12d0 8680 0/7/0/0.12.0 _(free)_ ______ __
c5t13d0 8680 0/7/0/0.13.0 _(free)_ ______ __
_________________________________________________________________
Confirm selection of device "<device name>"
...................................................................................................................................................................................................
5 At the following set of prompts, enter y to confirm the selection of the alternate device
from which to boot:
Confirm selection of device <device name>.
Press [y] for yes, [n] for no or [q] to quit, then press [Enter] y
Result: The tool displays output that is similar to the following. Extraneous lines have
been deleted for ease of reading/use.
NOTE: Updating of LVM physical volume group information file

NOTE: Set Logical Vol allocation policy to "PVG-strict" x select Volume
Group
NOTE: Preparation of Mirroring Volume Group: "vg00"
NOTE: Mirroring all Logical Volume of Volume Group: "vg00"
=><date/time stamp>
....... Mirroring Logical Volume:"/dev/vg00/lvol1",
with Allocation policy "contiguous"
...
=><date/time stamp>
....... Mirroring Logical Volume:"/dev/vg00/lvol10"
NOTE: Check /etc/lvmrc ..... =><date/time stamp>
NOTE: Set Alternate Boot Hardware Path to disk:"c4t8d0"
=><date/time stamp>
....................................................................................................................................................................................................................................
1350 OMS 5-53
....................................................................................................................................................................................................................................
=>END: OSConf File(s) System Mirroring
Restore Warning and/or Error Messages
...................................................................................................................................................................................................
6 If you receive any restore warnings or error messages, see “Troubleshoot a Restore”
(p. 5-15) for details.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
5-54 1350 OMS
6 6ed Hat Enterprise Linux
R
Backup and Restore
Overview
Purpose
This chapter provides the conceptual material and the tasks that users need to perform
backup and restore procedures on Red Hat Enterprise Linux server.
The 1350OMS MW_OS backup and restore for Red Hat Enterprise Linux is structured
separately for the following:
• backup/restore of the server host, which is explained in the “Backup and Restore for
the Server Host” (p. 6-2) section of this chapter.
• backup and restore of virtual machines, which is explained in the “Backup and
Restore of Virtual Machines” (p. 6-14) section of this chapter.
Important! The data integrity of a virtual machine can only be guaranteed when the
backup is executed on a virtual machine that is stopped.
Contents
Backup and Restore for the Server Host 6-2

Restore a Backup Created with scbackup 6-7
Troubleshoot the Could not mount device(s) Error Message 6-12
Backup and Restore of Virtual Machines 6-14
Full Backup and Restore Example - scVMBackup Execution on a NFS Mounted 6-16
File System
Full Backup and Restore Example - VM Restore from NFS Mounted File 6-18
System
Full Backup and Restore Example - Backup/Restore to/from USB Disk 6-20
Backup/Restore Best Practices 6-23
Mount USB Keys And Hard Disks 6-24
...................................................................................................................................................................................................................................
1350 OMS 6-1
Red Hat Enterprise Linux Backup and Restore Backup and Restore for the Server Host
....................................................................................................................................................................................................................................
Backup and Restore for the Server Host

scbackup tool overview
The scbackup tool is designed to save a copy of the server host disk contents to a
different storage media, such as a local file system, NFS mounted file system, DVD, tape,
or USB storage device.
The backup creates an ISO, which is an archive file (also known as a disk image) of an
optical disc. It is composed of the data contents of every written sector of an optical disc,
including the optical disc file system.
The ISO image format is used to perform the backup on a local hard disk, DVD, tape, a
USB device, and NFS mounted file systems.
The behavior of scbackup is to save the disk contents, excluding any areas that are
devoted to virtual machines.
scbackup syntax
The syntax of scbackup, which is the script that is designed to perform the server host
backup, is the following:
scbackup [-m <media>] [-l <logfile>] [-[0-9]] [-V] [-f] [-h] [-v]
Where:
-m or –media specifies the media type. Possible values are dvd, tape, or nfs.
-l or -log specifies a log file different from the default. If you do not specify a logfile, then
/SCINSTALL/log/scbackup.log is assumed.
-[0-9] is the set compression level between 0 and 9 (where 0 = no compression, 9 =
maximum compression). -[0-9] allows you to change the default compression that is
used. The default value is 8 for ISO image.
-V or -verify is to verify the backup when it has completed.
-f or -full includes the virtual machine directory in the backup set.
-h or -help provides a short help description.
-v or -version provides the scbackup version.
The scbackup tool is interactive; meaning, it asks you where the backup file should be
stored, and which device or directory should be used depending on the media that you
have selected.
scbackup with a DVD

When you specify the -m iso option, the backup is created as a set of one or more DVD
ISO images. These images can then be used for burning physical DVDs media or they be
used as virtual media by the HP Integrated-Lights Out management interface (ILO). The
only information requested by the -m iso option is the directory location where ISO
images should be written.
....................................................................................................................................................................................................................................
6-2 1350 OMS
....................................................................................................................................................................................................................................
=><date/time stamp>
=>START: whole system backup
You chose to do the backup creating DVD iso images.
Enter directory where store DVD ISO images

[default = /var/cache/mondo ]:
You can press [Enter] to accept the default directory (/var/cache/mondo) or specify
your own preferred directory.
Note: If you specify a custom target directory, its contents are not included in the
backup.
Regardless of whether you specify a custom directory or the default path is accepted,
the contents of the /var/cache/mondo directory is never included in the backup.
You can also store ISO mages on a USB hard drive or a USB key. You must ensure that
the size of the disk can accommodate the entire backup.
Note: If you choose to store the backup on a USB disk or USB key, you must provide
the USB drive mount point and the backup storage directory. Refer to details provided
later in this chapter.
scbackup with a tape

When you specify the -m tape option, the backup creates a set of one or more tapes that
contain the applications data.
No other information is requested.
=><date/time stamp>
You chose to do the backup using a tape device. Please, verify

that a tape device is connected to the system or connect one right
now (maybe you have to reboot the system if the tape has not been
configured yet)
Press <Enter> when ready...

Press Enter to continue. Then, insert a new tape in the tape device that you want to use
and select it.
Example:
TAPE Selection
______________________________________________________
# Device General status info Model
1 /dev/st0 BOT ONLINE DAT160
______________________________________________________
Enter the tape device number or [q] to quit "scbackup":
Select the tape to use for the backup entering the tape ID, which is 1 in the previous
example.
....................................................................................................................................................................................................................................
1350 OMS 6-3
....................................................................................................................................................................................................................................
NOTE: A tape is already loaded on device "DAT160"

Do you want to use this tape media for backup?
Press [y] for yes or [n] for no, then press [Enter]
Press y to continue and then press Enter.
The WELCOME TO MONDO RESCUE window is displayed and the Backing up filesystem
pop-up displays the percentage of completion:
Wait until the ALERT window, which informs you that the Mondo Archive has
finished its run..., is displayed:
....................................................................................................................................................................................................................................
6-4 1350 OMS
....................................................................................................................................................................................................................................
Select OK and Enter to complete the procedure.
scbackup with NFS

scbackup can store backup files on a USB external drive (disk or key).
Note: A USB disk or key that is formatted as FAT32 is not supported.
As a prerequisite, you must have at least a USB disk or key that is connected to the server
that you want to backup. You can then execute scbackup with the -m usb option.
No other information is requested.
=><date/time stamp>
You chose to do the backup using an USB disk.
Please, verify that an USB disk is connected to the system or

connect one right now.
Press Enter when ready.

Press Enter to continue. Then, insert the number of USB disk that you want to use and
select it.
Example:
USB Selection
---------------------------------------------------------
....................................................................................................................................................................................................................................
1350 OMS 6-5
....................................................................................................................................................................................................................................
# Device Size(mb) Model Used
1 /dev/sda 160041 SAMSUNG HM160JI No
---------------------------------------------------------
Enter the USB disk number or [q] to quit "scbackup": 1
Select the USB disk to use for the backup by entering the disk ID, which is 1 in the
previous example.
WARNING: Mondoarchive will format the USB disk:

ALL DATA on the disk will be LOST!
Do you want to continue?
Press [y] for yes or [n] for no, then press [Enter] y
Press y to continue and then press Enter.
The WELCOME TO MONDO RESCUE window is displayed and the Backing up filesystem
window displays the percentage of completion. Refer to the example in “scbackup with a
tape” (p. 6-3).
Wait until the ALERT window, which informs you that the Mondo Archive has finished its
run, is displayed. Refer to the example in “scbackup with a tape” (p. 6-3).
Select OK and Enter to complete the procedure.
....................................................................................................................................................................................................................................
6-6 1350 OMS
Red Hat Enterprise Linux Backup and Restore Restore a Backup Created with scbackup
....................................................................................................................................................................................................................................
Restore a Backup Created with scbackup

Restoration
The host system restore can be done only by booting the server host from the DVD
bootable media, which is the first ISO image of the backup set.
Important! To perform the restore, you need to access the server console; therefore, you
must have a video, a keyboard, and a mouse physically connected to the server, or
through a keyboard-video-monitor (KVM) switch, or alternatively, remotely through the
HP ILO with Advanced license.
Restore from DVD ISO images

Backing up a server host using the –m option with value iso or nfs creates ISO image
files. To perform the restore using DVD media, you have to burn all ISO images created
by scbackup, which is typically done by copying them to a Windows PC that is equipped
with a DVD burner and DVD burning software. You then have to insert the first DVD
(identified by the ISO file name) in the server DVD reader, and then reboot the system or
power it on.
The ISO image file naming convention is the following:
bck-<hostname>-<year>-<month>-<day>-<sequence number>.iso
Where:
hostname is the name of host where backup has been produced.
year, month, and day collectively is the date when the backup was produced.
sequence number is the number of the DVD within the backup set.
Booting the system with the DVD inserted in the sever DVD drive causes the restore
automatic start.
After to start the recover procedure from DVD or tape, wait until the WELCOME TO
MONDO RESCUE menu is displayed:
....................................................................................................................................................................................................................................
1350 OMS 6-7
....................................................................................................................................................................................................................................
Figure 6-1 Mondo Rescue Menu - Welcome
The easiest way to proceed is to press Enter to confirm Automatically and wait for the
request of the next DVD or tape (if necessary) or restore completion.
Note: Refer to the Troubleshooting section in this chapter if error messages occur or for
details on confirmation requests.
Proceed with the Formatting partition as shown:
Figure 6-2 Mondo Rescue - Formatting Partitions
....................................................................................................................................................................................................................................
6-8 1350 OMS
....................................................................................................................................................................................................................................
Then, after the devices are mounted, the data recovery phase starts:
Figure 6-3 Mondo Rescue - Restoring from Archives
At the end of data recovery phase, proceed with the initrd rebuild as shown in the
following Alert screen, which asks you if you need to re-generate your initrd:
Figure 6-4 Mondo Rescue - Alert to Regenerate the initrd?
Select No and press Enter.

At the end of the data recovery, the system outputs another Alert as shown in the
following screen:
....................................................................................................................................................................................................................................
1350 OMS 6-9
....................................................................................................................................................................................................................................
Figure 6-5 Mondo Rescue - Mondo Restored Your System
This message informs you that the restoration is completed. Press Enter to confirm the
end of the recovery and to access a shell that allows you to review the mondorestore.log
file:
Figure 6-6 Mondo Rescue - Review the mondorestore.log File
Enter the exit command and then press Enter.

Important! Disregard any kernel panic errors that might be displayed, such as those that
are displayed at the bottom of the following figure. These errors can sometimes occur, but
they can be safely ignored because they are not relevant to the restoration completion:
....................................................................................................................................................................................................................................
6-10 1350 OMS
....................................................................................................................................................................................................................................
Figure 6-7 Mondo Rescue - OK to Disregard Kernel Panic Errors
Restore from tape

Insert the first tape of the backup tape set in the server tape reader; then, while booting the
system, the restore starts automatically.
Wait until the WELCOME TO MONDO RESCUE menu is displayed and refer to the steps
provided in the “Restore from DVD ISO images” (p. 6-7) section. beginning with Figure
6-1, “Mondo Rescue Menu - Welcome” (p. 6-8).
....................................................................................................................................................................................................................................
1350 OMS 6-11
Red Hat Enterprise Linux Backup and Restore Troubleshoot the Could not mount device(s) Error Message
....................................................................................................................................................................................................................................
Troubleshoot the Could not mount device(s) Error Message

When to use
Use this task to troubleshoot the error message, Could not mount device(s)
<path> -shall I abort?, which is illustrated in the following figure:
Related Information
Refer to the previous section.
Before you begin

This problem can occur if you are trying to restore the backup to a server with a disk that
is smaller than the one that was previously backed up.
Task
If the disk is the same size or larger than the backed up disk, a rounding up of the logical
volume size might have occurred when rebuilding the Logical Volume Manager. If this
error has occurred, you can continue the backup by executing following procedure:
Complete the following steps to continue the backup if a rounding up of the logical
volume size occurred when rebuilding the Logical Volume Manager.
...................................................................................................................................................................................................
1 Select Yes to access the recovery shell.

....................................................................................................................................................................................................................................
6-12 1350 OMS
Red Hat Enterprise Linux Backup and Restore Troubleshoot the Could not mount device(s) Error Message
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
2 Use the vi editor to open the /tmp/i-want-my-lvm file:

vi /tmp/i-want-my-lvm
...................................................................................................................................................................................................
3 Locate the line in the file with lvm lvcreate, where -n option has the associated value of
lvol_sys.
...................................................................................................................................................................................................
4 Change the value of -L option. Reduce it it by 64 units.

...................................................................................................................................................................................................
5 Save the change and exit vi editor.

...................................................................................................................................................................................................
6 Resume the restoration by entering the following command:

mondorestore
...................................................................................................................................................................................................
7 Repeat the restoration procedure normally.

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 6-13
Red Hat Enterprise Linux Backup and Restore Backup and Restore of Virtual Machines
....................................................................................................................................................................................................................................
Backup and Restore of Virtual Machines

An important note about virtual machines and backups
Data integrity is not guaranteed when a backup is executed on a running virtual machine.
Therefore, the backup of a virtual machine should only be executed when the machine is
stopped.
Two scripts to use

The scVMBackup and scVMRestore scripts enable you to create a repository for all virtual
machine backups that can be located in a local or NFS mounted file system, in USB keys,
or in USB hard disks.
The archive has been designed to store, in a single directory tree, the backup of all VMs
of a server host. It can keep multiple versions of a backup (default 2) that are
automatically rotated so the more recent ones are kept and the oldest ones are purged.
scVMBackup does not support an online backup. To perform the backup, you must first
shut down the virtual machine.
scVMBackup archive
The archive that scVMBackup creates is a multiple level directory structure.
At the first level, there are two directories:
• VMs
• backing_files
The backing_files directory contains a copy of all virtual disks, referred to as backing
files, by virtual machines, which allows you to restore this type of file if corruption or
accidental deletion should occur. The scVMBackup archive can also be stored on the NFS
mounted file system or on the USB disk, but only if the file system supports files that are
larger than 4GB.
Note: A USB disk or key that is formatted as FAT32 is not supported.
To store scVMBackup in an NFS file system or a USB drive, the file systems have to be
mounted manually first.
The VMs directory is where the virtual machines backup of all virtual machines is stored.
A specific directory with the same name of the VM is created beneath it where other
numbered directories host the virtual machine xml description and the copy of their
virtual disks.
....................................................................................................................................................................................................................................
6-14 1350 OMS
Red Hat Enterprise Linux Backup and Restore Backup and Restore of Virtual Machines
....................................................................................................................................................................................................................................
scVMBackup syntax
The syntax of scVMBackup is the following:
scVMBackup [-a <archive> | -t <tape> ] <vm name>
Where:
arhive is the name of the archive tree root directory.
tape is the name of the tape device.
vm name is the name of the virtual machine to back up.
scVMBackup checks if the virtual machine status is shut off. If it is shut off,
scVMBackup creates a dedicated subdirectory in the archive tree, dumps the virtual
machine description xml files to it, and copies all virtual disks there. Otherwise, the script
terminates with an error message.
scVMRestore syntax
The syntax of scVMRestore is the following:
scVMRestore [-a <archive> | -t <tape> ] <vm name>
Where:
arhive is the name of the archive tree root directory.
tape is the name of the tape device.
vm name is the name of the virtual machine to restore.
scVMRestore recovers the virtual machine from the xml saved dump and copies the
backed up virtual disk.
If the specified virtual machine already exists, the script first asks confirmation and then
shuts the virtual machine down (if it is running) and then deletes the virtual machine
before proceeding.
....................................................................................................................................................................................................................................
1350 OMS 6-15
Red Hat Enterprise Linux Backup and Restore Full Backup and Restore Example - scVMBackup Execution
on a NFS Mounted File System
....................................................................................................................................................................................................................................
Full Backup and Restore Example - scVMBackup Execution on

a NFS Mounted File System
Mount the file system
Use the mount command to mount the file system.
Mount NFS file system:

it185154,root,root # mount –t nfs 192.168.3.2:/backup /mnt
Check virtual machine name and status:

it185154,root,root # virsh list --all
Id Name State
----------------------------------------------------
- NTW_npr2_NPR_Master_2 shut off
Perform the backup - Backup Start
Perform backup:
185154,root,root # scVMBackup -a /mnt/VMBackup NTW_pkt3_PKT_Master_3
====== Backup Start <date/time stamp> ======

INFO: Starting Virtual Disks copy ---------------- <date/time stamp>
INFO: Copying /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/VD-MW_OS-
9.6.1.0.0-6.qcow2.img_clone <date/time stamp>
INFO: Copying /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/NTW_pkt3_
PKT_Master_3_2_swap.img <date/time stamp>
INFO: Copying /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/1350OMS_
PLT_9.6_1.0.9AD9.qcow2.img <date/time stamp>
INFO: Copying /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/NTW_pkt3_
PKT_Master_3_4.img <date/time stamp>
IW_9.6_1.0.9AD9.qcow2.img <date/time stamp>
PKT_9.6_9.6.0.0P13RP1LX.qcow2.img <date/time stamp>
INFO: /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/NTW_pkt3_PKT_
Master_3_2_swap.img successfully copied <date/time stamp>
INFO: /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/1350OMS_IW_9.6_
1.0.9AD9.qcow2.img successfully copied <date/time stamp>
INFO: /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/1350OMS_PKT_9.6_
9.6.0.0P13RP1LX.qcow2.img successfully copied <date/time stamp>
INFO: /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/1350OMS_PLT_9.6_
Master_3_4.img successfully copied <date/time stamp>
INFO: /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/VD-MW_OS-
9.6.1.0.0-6.qcow2.img_clone successfully copied <date/time stamp>
INFO: Virtual Disk copy successfully completed ---- <date/time
stamp>
INFO: Copying /var/lib/libvirt/images/VD-MW_OS-9.6.1.0.0-6.qcow2.img
to VD-MW_OS-9.6.1.0.0-6.qcow2.img <date/time stamp>
INFO: VD-MW_OS-9.6.1.0.0-6.qcow2.img successfully copied <date/time
stamp>
....................................................................................................................................................................................................................................
6-16 1350 OMS
Red Hat Enterprise Linux Backup and Restore Full Backup and Restore Example - scVMBackup Execution
on a NFS Mounted File System
....................................................................................................................................................................................................................................
Perform the backup - Backup Completed
====== Backup Completed <date/time stamp> ======

it185154,root,root #
it185154,root,root # ls -l /mnt/VMBackup/VMs/NTW_pkt3_PKT_Master_3/1
total 9141948
-rw-r--r-- 1 root root 613482496 Sep 6 08:52 1350OMS_IW_9.6_
1.0.9AD9.qcow2.img
-rw-r--r-- 1 root root 578577408 Sep 6 08:56 1350OMS_PKT_9.6_
9.6.0.0P13RP1LX.qcow2.img
-rw-r--r-- 1 root root 1079079424 Sep 6 08:56 1350OMS_PLT_9.6_
1.0.9AD9.qcow2.img
-rw-r--r-- 1 root root 329216 Sep 6 08:49 NTW_pkt3_PKT_Master_3_
2_swap.img
-rw-r--r-- 1 root root 10223616 Sep 6 08:58 NTW_pkt3_PKT_Master_3_
4.img
-rw-r--r-- 1 root root 3787 Sep 6 08:48 NTW_pkt3_PKT_Master_
3.xml
-rw-r--r-- 1 root root 7100697600 Sep 6 09:22 VD-MW_OS-9.6.1.0.0-
6.qcow2.img_clone
NFS file system dismount:
it185154,root,root # umount /mnt
....................................................................................................................................................................................................................................
1350 OMS 6-17
Red Hat Enterprise Linux Backup and Restore Full Backup and Restore Example - VM Restore from NFS
Mounted File System
....................................................................................................................................................................................................................................
Full Backup and Restore Example - VM Restore from NFS

Mounted File System
Mount NFS file system
Use the mount command to mount the NFS file system:
it185154,root,root # mount –t nfs 192.168.3.2:/backup /mn
Perform the restore with scVMRestore

Use scVMRestore to perform the restore:
it185154,root,root # scVMRestore -a /mnt/VMBackup NTW_pkt3_PKT_

Master_3
Identified Backup n. 1 executed on Sep 6 08:48
Enter the backup number to be restored:1
Checking backup consistency..
Perform the restore - Restore Started
====== Restore Started <date/time stamp> ======

Do you agree to delete NTW_pkt3_PKT_Master_3 virtual machine?: y
INFO: Deleting VM NTW_pkt3_PKT_Master_3
Domain NTW_pkt3_PKT_Master_3 has been undefined
INFO: Starting Virtual Disks restore --------------- <date/time

stamp>
INFO: Starting copying VD-MW_OS-9.6.1.0.0-6.qcow2.img_clone in place
<date/time stamp>
INFO: Starting copying NTW_pkt3_PKT_Master_3_2_swap.img in place
<date/time stamp>
INFO: Starting copying 1350OMS_PLT_9.6_1.0.9AD9.qcow2.img in place
<date/time stamp>
INFO: Starting copying NTW_pkt3_PKT_Master_3_4.img in place <date/
time stamp>
INFO: Starting copying 1350OMS_IW_9.6_1.0.9AD9.qcow2.img in place
<date/time stamp>
INFO: Starting copying 1350OMS_PKT_9.6_9.6.0.0P13RP1LX.qcow2.img in
place <date/time stamp>
INFO: NTW_pkt3_PKT_Master_3_2_swap.img successfully restored <date/
time stamp>
INFO: NTW_pkt3_PKT_Master_3_4.img successfully restored <date/time
stamp>
INFO: 1350OMS_PKT_9.6_9.6.0.0P13RP1LX.qcow2.img successfully
restored <date/time stamp>
INFO: 1350OMS_IW_9.6_1.0.9AD9.qcow2.img successfully restored <date/
time stamp>
INFO: 1350OMS_PLT_9.6_1.0.9AD9.qcow2.img successfully restored <date/
time stamp>2
INFO: VD-MW_OS-9.6.1.0.0-6.qcow2.img_clone successfully restored
<date/time stamp>
INFO: Virtual Disk Restore successfully completed ---- <date/time
stamp>
....................................................................................................................................................................................................................................
6-18 1350 OMS
Red Hat Enterprise Linux Backup and Restore Full Backup and Restore Example - VM Restore from NFS
Mounted File System
....................................................................................................................................................................................................................................
INFO: Defining VM NTW_pkt3_PKT_Master_3
Domain NTW_pkt3_PKT_Master_3 defined from /mnt/VMBackup/VMs/NTW_pkt3_
PKT_Master_3/1/NTW_pkt3_PKT_Master_3.xml
Perform the restore - Restore Completed
===== Restore Completed <date/time stamp> ======
NFS file system dismount
it185154,root,root # umount /mnt
....................................................................................................................................................................................................................................
1350 OMS 6-19
Red Hat Enterprise Linux Backup and Restore Full Backup and Restore Example - Backup/Restore to/from
USB Disk
....................................................................................................................................................................................................................................
Full Backup and Restore Example - Backup/Restore to/from

USB Disk
Identify the device name of a USB disk
To identify the device name of a USB disk, enter the lsscsi command before plugging in
the USB disk:
it185154,root,root # lsscsi
[3:0:0:0] disk HP LOGICAL VOLUME 5.70 /dev/sda
[3:3:0:0] storage HP P410i 5.70 -
Insert USB and repeat lsscsi

Plug in the USB disk and repeat the lsscsi command.
The output now lists one new line that corresponds to the new device:
it185154,root,root # lsscsi
[3:0:0:0] disk HP LOGICAL VOLUME 5.70 /dev/sda
[3:3:0:0] storage HP P410i 5.70 -
[6:0:0:0] disk SAMSUNG HM160JI /dev/sdb
Check the partitioning scheme of the USB disk

Check the partitioning scheme of the USB disk:
it185154,root,root # parted /dev/sdb print
Model: SAMSUNG HM160JI (scsi)

Disk /dev/sdb: 160GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags

1 32.3kB 160GB 160GB primary ntfs
Create a new mount point directory

Create a new mount point directory, then mount the USB disk:
it185154,root,root # mkdir /usb

it185154,root,root # mount /dev/sdb1 /usb
it185154,root,root # df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/vg_it185154-lvol_sys
566086848 199753680 337577612 38% /
tmpfs 24695284 12 24695272 1% /dev/shm
/dev/sda1 253871 38355 202409 16% /boot
/dev/sdb1 156288320 70760 156217560 1% /usb
....................................................................................................................................................................................................................................
6-20 1350 OMS
USB Disk
....................................................................................................................................................................................................................................
Run a backup on the USB disk just mounted - Initiate Backup and Backup Starts
Perform backup to the USB disk just mounted:
185154,root # scVMBackup -a /usb NTW_pkt3_PKT_Master_3
====== Backup Start <date/time stamp> ======

INFO: Starting Virtual Disks copy ---------------- <date/time
stamp>
INFO: Copying /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/VD-MW_
OS-9.6.1.0.0-6.qcow2.img_clone <date/time stamp>
INFO: Copying /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/NTW_
pkt3_PKT_Master_3_2_swap.img <date/time stamp>
PLT_9.6_1.0.9AD9.qcow2.img <date/time stamp>
INFO: Copying /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/NTW_
pkt3_PKT_Master_3_4.img <date/time stamp>
IW_9.6_1.0.9AD9.qcow2.img <date/time stamp>
PKT_9.6_9.6.0.0P13RP1LX.qcow2.img <date/time stamp>
Master_3_2_swap.img successfully copied <date/time stamp>
INFO: /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/1350OMS_IW_9.6_
INFO: /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/1350OMS_PKT_9.6_
9.6.0.0P13RP1LX.qcow2.img successfully copied <date/time stamp>
Master_3_4.img successfully copied <date/time stamp>
INFO: /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/1350OMS_PLT_9.6_
INFO: /var/lib/libvirt/images/NTW_pkt3_PKT_Master_3/VD-MW_OS-
9.6.1.0.0-6.qcow2.img_clone successfully copied <date/time stamp>
INFO: Virtual Disk copy successfully completed ---- <date/time
stamp>
Backup completed
====== Backup Completed <date/time stamp> ======
it185154,root,root # ls -l /usb/VMs/NTW_pkt3_PKT_Master_3/1
total 9141956
-rwxrwxrwx 1 root root 613482496 Sep 6 11:51 1350OMS_IW_9.6_
1.0.9AD9.qcow2.img
-rwxrwxrwx 1 root root 578577408 Sep 6 11:55 1350OMS_PKT_9.6_
9.6.0.0P13RP1LX.qcow2.img
-rwxrwxrwx 1 root root 1079079424 Sep 6 11:58 1350OMS_PLT_9.6_
1.0.9AD9.qcow2.img
-rwxrwxrwx 1 root root 329216 Sep 6 11:49 NTW_pkt3_PKT_Master_3_
2_swap.img
-rwxrwxrwx 1 root root 10223616 Sep 6 11:56 NTW_pkt3_PKT_Master_3_
4.img
-rwxrwxrwx 1 root root 3787 Sep 6 11:49 NTW_pkt3_PKT_Master_
3.xml
-rwxrwxrwx 1 root root 7100763136 Sep 6 12:30 VD-MW_OS-9.6.1.0.0-
6.qcow2.img_clone
....................................................................................................................................................................................................................................
1350 OMS 6-21
USB Disk
....................................................................................................................................................................................................................................
Perform the restore from the USB disk
it185154,root,root # scVMRestore -a /usb NTW_pkt3_PKT_Master_3

Identified Backup n. 1 executed on Sep 6 11:49
Enter the backup number to be restored:1
Checking backup consistency...
====== Restore Started <date/time stamp> ======

Do you agree to delete NTW_pkt3_PKT_Master_3 virtual machine?: y
INFO: Deleting VM NTW_pkt3_PKT_Master_3
Domain NTW_pkt3_PKT_Master_3 has been undefined
INFO: Starting Virtual Disks restore --------------- <date/time

stamp>
INFO: Starting copying VD-MW_OS-9.6.1.0.0-6.qcow2.img_clone in place
<date/time stamp>
INFO: Starting copying NTW_pkt3_PKT_Master_3_2_swap.img in place
<date/time stamp>
INFO: Starting copying 1350OMS_PLT_9.6_1.0.9AD9.qcow2.img in place
<date/time stamp>
INFO: Starting copying NTW_pkt3_PKT_Master_3_4.img in place <date/
time stamp>
INFO: Starting copying 1350OMS_IW_9.6_1.0.9AD9.qcow2.img in place
<date/time stamp>
INFO: Starting copying 1350OMS_PKT_9.6_9.6.0.0P13RP1LX.qcow2.img in
place <date/time stamp>
INFO: NTW_pkt3_PKT_Master_3_2_swap.img successfully restored <date/
time stamp>
INFO: NTW_pkt3_PKT_Master_3_4.img successfully restored <date/time
stamp>
INFO: 1350OMS_IW_9.6_1.0.9AD9.qcow2.img successfully restored <date/
time stamp>
INFO: 1350OMS_PKT_9.6_9.6.0.0P13RP1LX.qcow2.img successfully
restored <date/time stamp>
INFO: 1350OMS_PLT_9.6_1.0.9AD9.qcow2.img successfully restored <date/
time stamp>
INFO: VD-MW_OS-9.6.1.0.0-6.qcow2.img_clone successfully restored
<date/time stamp>
INFO: Virtual Disk Restore successfully completed ---- <date/time
stamp>2
INFO: Defining VM NTW_pkt3_PKT_Master_3
Domain NTW_pkt3_PKT_Master_3 defined from /usb/VMs/NTW_pkt3_PKT_
Master_3/1/NTW_pkt3_PKT_Master_3.xml
===== Restore Completed <date/time stamp> ======

....................................................................................................................................................................................................................................
6-22 1350 OMS
Red Hat Enterprise Linux Backup and Restore Backup/Restore Best Practices
....................................................................................................................................................................................................................................
Backup/Restore Best Practices

General best practices for backup/restore
Some general best practices for backup/restore are the following:
• Store a backup copy in a media other than the hard disks of the host server.
Recommended media include tape, USB keys, USB hard disks, or the hard disks of
another server.
• Do not forget the root password at backup time. Refresh your backup from
time-to-time to prevent password expiration.
Host best practices for backup/restore

Host specific best practices for backup/restore are the following:
• Perform a server host backup immediately after completing the first installation and
configuration.
• Perform a server host backup after any relevant change in installed software and/or
relevant configuration changes, such as new bridge definitions or IP address change.
• Do not include the virtual disks storage area in a full disk host backup.
Virtual machine best practices for backup/restore

Virtual machine best practices for backup/restore are the following:
• Perform a virtual machine backup each time new software is installed.
• Perform a virtual machine backup each time relevant configuration changes are made,
such as an IP address change or when a hardware component is added or removed.
• If you plan to use a USB disk or an NFS file system, we recommend that you do not
save the virtual machine backup on areas of the local server disk that would be
included in the host backup set because the backup/restore operations will take longer.
....................................................................................................................................................................................................................................
1350 OMS 6-23
Red Hat Enterprise Linux Backup and Restore Mount USB Keys And Hard Disks
....................................................................................................................................................................................................................................
Mount USB Keys And Hard Disks

Devices
Red Hat Enterprise Linux enables you to use various USB storage devices, including
USB pen drives and USB hard disks. In addition, it supports the creation of several
different file system types on these devices.
Note: To also enable use of these devices on a Microsoft Windows PC, format the
devices in NTFS format.
To mount a USB device, you have to define where it will be mounted in the Linux file
system tree. If the chosen mount-point directory does not exist, you need to create it
beforehand.
Because USB devices are hot-pluggable, the Linux device file that is to use them must be
created only at plug in time. Since the USB devices are managed by Linux as SCSI
devices, you can easily identify them by executing the lsscsi command before and after
USB device connection to the server host.
USB storage devices are often partitioned; so before proceeding, verify whether your
device is partitioned by entering the following command:
parted <USB file> print
Where:
USB file is the device name that was previously identified using the lsscsi command.
If the command issues output similar to the following, then your device is partitioned:
Model: SAMSUNG HM160JI (scsi)

Disk /dev/sda: 160GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags

1 32.3kB 160GB 160GB primary ntfs
If your device is partitioned, you can mount it by entering the following command:
mount /dev/ <USB file> part # mnt dir
Where:
USB file is the file that is assigned to your USB device.
part # is the partition number.
mnt dir is the directory mount point that was previously defined.
Example:
mkdir /usbdisk
mount /dev/sda1 /usbdisk
Otherwise, if the device is not partitioned, you can use:
mount /dev/USB file mnt dir
....................................................................................................................................................................................................................................
6-24 1350 OMS
....................................................................................................................................................................................................................................
Where:
USB file is the file that is assigned to your USB device.
mnt dir is the directory mount point that was previously defined.
Example:
mkdir /usbdisk
mount /dev/sda /usbdisk
....................................................................................................................................................................................................................................
1350 OMS 6-25
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
6-26 1350 OMS
7 7 irror Disks for the HP-UX
M
Platform
Overview
Purpose
This chapter provides the 1350 OMS system administrator with the conceptual
information and the associated tasks that pertain to mirrored disks for the HP-UX
platform..
Contents
Mirrored Disk Overview 7-2

Install the Mirror Disk/UX 7-4
Configure Disk Fault Protection with Mirror Disk/UX® 7-6
...................................................................................................................................................................................................................................
1350 OMS 7-1
Mirror Disks for the HP-UX Platform Mirrored Disk Overview
....................................................................................................................................................................................................................................
Mirrored Disk Overview

Mirrored Disk purpose
Mirror disks have two main purposes in the 1350 OMS system configuration:
• Mirrored disks enable the 1350 OMS to remain operational if a single disk fails.
• Mirrored disks enable the 1350 OMS to remain operational if a single disk controller
fails.
Mirrored disk configurations, along with the recommended Alcatel-Lucent software and
hardware configuration, afford the best high availability protection; therefore, we urge
administrators to follow the recommendations made.
Note: The new HP Integrity servers rx2660 and rx6600 can be equipped with the HP
Smart Array P400. In these configurations, the mirror disk is not required because the HP
S.A. P400 provides RAID 1 protection at the hardware level, providing the same level of
fault tolerance and improving performance.
Mirror disk installation and configuration is still required on the HP9000 and HP Integrity
servers without HP S.A. P400, such as the rx7640.
To determine if your HP Integrity server is equipped with a HP S.A. P400, enter the
following command:
…,root,sys # ioscan –kdciss
When the HA S.A. P400 is present, a line like this will be shown:
H/W Path Class Description

================================================
0/3/0/0/0/0 ext_bus PCIe SAS SmartArray P400 RAID Controller
Mirrored disk configuration methods

The configuration of fault disk protection with the Mirror Disk/UX® can be performed as
part of one of the following methods:
• As part of the initial system installation, which automatically executes disk mirroring
for the entire file system.
• As part of the system restoration from a full disk backup, which is explained in the
“Run the scmirrorfs Tool to Set Up the Mirrored Configuration” (p. 5-52) task and in
the “Configure Disk Fault Protection with Mirror Disk/UX®” (p. 7-6) task.
• As part of a new disk mirror configuration, which is explained in the “Install the
Mirror Disk/UX” (p. 7-4) task.
Mirrored disk configuration example

It is critical for administrators to be able to identify the hard disks that are present in a
configuration and how they are connected to the system box. This information is hidden
in the disk hardware path. The fist dot (“.”) in the hardware path distinguishes the
controllers.
....................................................................................................................................................................................................................................
7-2 1350 OMS
Mirror Disks for the HP-UX Platform Mirrored Disk Overview
....................................................................................................................................................................................................................................
In the following example, two different buses are shown: 0/5/1/0/4/1 and 0/5/1/0/4/0.
Each one has three disks connected.
Disks Selection
____________________________________________________________________
Device MByte Legacy Harware Path Usage Type VolGroup
____________________________________________________________________
disk17 140000 0/5/1/0/4/1.2.0 Pri_Boot _Main_ vg00
disk18 140000 0/5/1/0/4/1.1.0 _(free)_ ______ _______
disk19 140000 0/5/1/0/4/1.0.0 _(free)_ ______ _______
disk20 140000 0/5/1/0/4/0.2.0 _(free)_ ______ _______
disk21 140000 0/5/1/0/4/0.0.0 _(free)_ ______ _______
disk22 140000 0/5/1/0/4/0.1.0 _(free)_ ______ _______
____________________________________________________________________
The best mirror disk configuration, including controller fault resilience, is as follows:
disk17, disk18, and disk19 as Main units.
disk20, disk21, and disk22 as Copy units.
....................................................................................................................................................................................................................................
1350 OMS 7-3
Mirror Disks for the HP-UX Platform Install the Mirror Disk/UX
....................................................................................................................................................................................................................................
Install the Mirror Disk/UX

When to use
Use this task to install the Mirror Disk/UX software.
Important! Mirror Disk/UX is usually installed by Alcatel-Lucent installation tools,
along with the HP-UX operating system; however, if you must install Mirror Disk/UX,
use this task.
Related information
• “Mirrored Disk Overview” (p. 7-2)
Before you begin

Because the Mirror Disk/UX is HP® Software, verify that the proper use license is
available. In addition, know the name of the source device (the DVD/CD-ROM).
This procedure gives you the choice of installing the software now or postponing the
installation. Note: once you start this procedure, you can continue to install the software
at the current time or you can postpone the installation of the software; however, you
cannot cancel the installation of the software.
The Mirror Disk/UX installation forces a system reboot.
Task
Complete the following steps to install the Mirror Disk/UX software.
...................................................................................................................................................................................................
1 Log in to the system in which the Mirror Disk/UX software is to be installed as root.
...................................................................................................................................................................................................
2 Enter the following command to initialize the installation and press Enter:
..,sys, root # /SCINSTALL/etc/scinstall3PP MIRROR [Enter]
Result: The installation is initialized and the software prompts you to select the
software source.
...................................................................................................................................................................................................
3 When the software prompts you to select the source as CD/DVD or depot, choose 1,
which is DVD/CD-ROM, and press Enter:
--------------- LAYERED PRODUCTS Repository -------------

1 - DVD/CDRom
2 - DEPOT
q - quit
Insert choice and press [Enter]:
....................................................................................................................................................................................................................................
7-4 1350 OMS
Mirror Disks for the HP-UX Platform Install the Mirror Disk/UX
....................................................................................................................................................................................................................................
Result: The software prompts you to confirm the source device.
...................................................................................................................................................................................................
4 When the software prompts you to confirm the source device, enter the correct source
device and press Enter, or select the default by pressing Enter.
--- Device selection for LAYERED Products installation

Enter 'q' to Quit or the CD device [def=/dev/dsk/c3t2d0]:
Result: Before the software begins execution and the system is rebooted, the software
outputs a display similar to the following that gives you a final chance to postpone,
but NOT TO STOP, the installation:
**************************************************************
ATTENTION
Installation require shutdown and reboot
Applications is better already stopped before start installation
************************************************************
Do you want execute installation NOW?:
Press [y] for yes or [n] for no, then press [Enter]
...................................................................................................................................................................................................
5 When the software prompts you to execute the installation, answer y to start the
installation now or n to postpone, but not stop, the installation:
Press [y] for yes or [n] for no, then press [Enter] y/n [Enter]
Result: If you answered y, to start the installation, the reboot begins.
If you answered n to postpone the installation, resume the installation at a later time
and go to Step 6.
...................................................................................................................................................................................................
6 If you have postponed the installation, enter the following command line when you are
ready to resume the installation:
...,sys,root # /SCINSTALL/SCINSTALL start [Enter]
Result: The scinstall installation is restarted.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 7-5
Mirror Disks for the HP-UX Platform Configure Disk Fault Protection with Mirror Disk/UX®
....................................................................................................................................................................................................................................
Configure Disk Fault Protection with Mirror Disk/UX®

When to use
Use this task to configure disk fault protection with Mirror Disk/UX® after a full disk
backup or if the mirror configuration was skipped for any reason at installation time.
Related information
• “Mirrored Disk Overview” (p. 7-2)
Before you begin

This task requires the following conditions to be met for a mirror disk configuration:
• The HP Mirror Disk/UX is authorized and is installed on the system.
• The number of available hard disks are sufficient to create a copy of the entire file
system.
After the mirror disk configuration is set up, any file system that belongs to the mirror
group volume is then mirrored.
Task
Complete the following steps to configure disk fault protection with Mirror Disk/UX®
after a full disk backup or if the mirror configuration was skipped for any reason at
installation time.
...................................................................................................................................................................................................
1 Log in to the system in which the alternate boot disk is to be specified as root.
...................................................................................................................................................................................................
2 Enter the following command to initialize the tool and press Enter:
..,sys, root # scmirrorfs [Enter]
Result: The installation is initialized and the software prompts you to select the
alternate boot device:
____________________________________________________________________
Disks Selection
Mirroring need Alternate Boot disk on Volume Group:"vg00"
____________________________________________________________________
___________________________________________________________________
c2t2d0 8680 0/0/2/0.2.0 __Data__ _Main_ vg00D
c4t8d0 8680 0/4/0/0.8.0 _(free)_ ______ ________
D c4t9d0 8680 0/4/0/0.9.0 _(free)_ ______ ________
c5t12d0 8680 0/7/0/0.12.0 _(free)_ ______ ________
....................................................................................................................................................................................................................................
7-6 1350 OMS
....................................................................................................................................................................................................................................
c5t13d0 8680 0/7/0/0.13.0 _(free)_ ______ ________
____________________________________________________________________
Select Alternate BOOT dev name or [q] to quit:
...................................................................................................................................................................................................
3 When the tool prompts you, enter the name of the alternate boot device:
Select Alternate BOOT dev name or [q] to quit:
<name of the alternate boot device>
Important! Refer to “Mirrored disk configuration example” (p. 7-2) for the naming
conventions and pairing details.
Result: When the amount of disk space requested is reached, the tool displays output
NOTE: Updating of LVM physical volume group information file

NOTE: Set Logical Vol allocation policy = "PVG-strict" on Active Volume Group
NOTE: Preparation of Mirroring Volume Group: "vg00"
NOTE: Mirroring all Logical Volume of Volume Group: "vg00"
=><date/time stamp>
....... Mirroring Logical Volume:"/dev/vg00/lvol1",
with Allocation policy "contiguous"
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 7-7
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
7-8 1350 OMS
8 8 etwork Depot for the
N
HP-UX Platform and
Application Software
Overview
Purpose
information and the associated tasks that pertain to the management of the Network
Depot for the HP-UX platform and the application software.
Contents
Network Depot Overview 8-2

Run scbuilddepot to Create or Update the HP-UX Platform Software Depot 8-4
Add Software to the HP-UX Platform Software Depot 8-7
Create the Application Software Depot 8-8
Edit the .rhosts file to Authorize Access to the Application Software Depot 8-10
...................................................................................................................................................................................................................................
1350 OMS 8-1
Network Depot for the HP-UX Platform and Application Network Depot Overview
Software
....................................................................................................................................................................................................................................
Network Depot Overview

Network Depot purpose
The Network Depot tool enables the administrator to create a depot, or a reserved area,
where software can be stored.
Network Depot applications

The Network Depot for the 1350 OMS is the repository for the following types of
software:
• platform software, which is housed in the “Platform software depot” (p. 8-2).
• application software, which is housed in the “Application software depot” (p. 8-2)
Platform software depot

After the installation of the HP-UX 11iV3® operating system, the administrator can use
the scbuilddepot tool to create the platform software depot by reserving 8 GBytes or
more of space on the machine in which MW_OS is installed. This reserved space can
house all of the software that has been included on the CD-ROM. The creation of the
platform software depot enables the administrator to perform the remainder of the
platform software installation in an unattended mode.
The following tasks are related to the platform software depot:
• “Run scbuilddepot to Create or Update the HP-UX Platform Software Depot” (p. 8-4)
• “Add Software to the HP-UX Platform Software Depot” (p. 8-7)
Application software depot

The application software depot is used to house the 1350 OMS application software,
which consists of the MW-INT and all of the 1350 OMS components and feature
packages.
The following table lists the disk space that is required for these packages to swap and
install the packages. The values are specified in Megabytes.
Disk Requirements for the 1350 OMS Application Software

1350 OMSComponent/Package/Feature MBytes Required for the Depot
1350 OMS EML (EML) 3300
1350 OMS eOMS (eOMS) 850
MW_INT 700
1350 OMS PKT (PKT) 200
1350 OMS SDH (SDH) 450
Total 5500
....................................................................................................................................................................................................................................
8-2 1350 OMS
Network Depot for the HP-UX Platform and Application Network Depot Overview
Software
....................................................................................................................................................................................................................................
The following tasks are related to the applications software depot:
• “Create the Application Software Depot” (p. 8-8)
• “Edit the .rhosts file to Authorize Access to the Application Software Depot” (p. 8-10)
....................................................................................................................................................................................................................................
1350 OMS 8-3
Network Depot for the HP-UX Platform and Application Run scbuilddepot to Create or Update the HP-UX Platform
Software Software Depot
....................................................................................................................................................................................................................................
Run scbuilddepot to Create or Update the HP-UX Platform

Software Depot
When to use
Use this task to run the scbuilddepot tool to create or update the HP-UX platform
software depot.
Related information
• “Platform software depot” (p. 8-2)
Before you begin

To create a platform software depot, you need 8.6 GBytes of free space on an appropriate
hard disk.
Task
Complete the following steps to run scbuilddepot tool to create the platform software
depot.
...................................................................................................................................................................................................
1 Log in to the system in which the MW_OS software is installed as root.

...................................................................................................................................................................................................
2 Enter the following command to run the scbuilddepot tool and press Enter:
...,sys,root # scbuilddepot [Enter]
===================================================================
MW_OS Depot Builder
===================================================================
The depot copy requires 8.6 Gbytes extra space on disks
* Do you have enough space available [Y/N] :
...................................................................................................................................................................................................
3 When the tool prompts you about the space available, answer Y for yes:
The depot copy requires 8.6 Gbytes extra space on disks
* Do you have enough space available [Y/N] Y
...................................................................................................................................................................................................
4 At the following prompt, enter the source media, which is the CD-ROM, or press Enter
for the default device that is displayed, which is the CD-ROM that was used to install
HP-UX:
....................................................................................................................................................................................................................................
8-4 1350 OMS
....................................................................................................................................................................................................................................
* Enter the CDROM device [ /dev/dsk/c1t2d0 ] : Enter
Result: The tool outputs a display that is similar to the following to indicate that it is
checking/extending the directory for the creation of the depot:
NOTE: Checking/Extending /<directory> for depot creation
If the current size of the partition mounted at /<directory> is not large enough, new
disk resources are required until the requested size is reached. The tool outputs a
display that is similar to the following
Analyze Mount Point:"/<directory>"

Request free MegaByte(s): 1950
Evaluate size MegaByte(s): 4128
Hardware detection in progress, please wait ........
Total disk(s) found = 4
Total CDRoms found = 1
...................................................................................................................................................................................................
5 If additional/new disk resources are required, press the Enter key at the following
prompt:
Press [Enter] to continue... Enter
Result: The tool outputs a display that is similar to the following, which shows you
the amount of free space on each particular device:
Mount Point need 1536MB on /dev/vg00 (PVG0)

__________________________________________________________________
Disks Selection
Mount Point: /<directory>
____________________________________________________________________
____________________________________________________________________
c0t5d0 4088 8/12.5.0 Pri_Boot _Main_ vg00
c0t6d0 2048 8/12.6.0 __Data__ _Main_ vg00
c1t4d0 2048 8/16/5.4.0 _(free)_ ______ _____
c1t5d0 2048 8/16/5.5.0 _(free)_ ______ _____
___________________________________________________________________
Select Data Area (Main instance) dev name or [q] to quit:
...................................................................................................................................................................................................
6 At the following prompt, enter the name of the device to be used for the depot:
Select Data Area (Main instance) dev name or [q] to quit:
Example:
Select Data Area (Main instance) dev name or [q] to quit: c1t4d0
...................................................................................................................................................................................................
7 When the file system mounted at /<directory> is large enough to house the depot, the
tool prompts you to specify the first disk of the set:
....................................................................................................................................................................................................................................
1350 OMS 8-5
....................................................................................................................................................................................................................................
* Please insert CD SWP-OSCONF-V9.6.0 - 1/4 into the drive and
press [Enter] when ready
Insert the specified CD-ROM.
Press Enter when the LED on the CD-ROM stops blinking.
...................................................................................................................................................................................................
8 When the tool once again prompts you for the next CD-ROM in the set, replace the
current CD-ROM in the drive with the specified one.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
8-6 1350 OMS
Network Depot for the HP-UX Platform and Application Add Software to the HP-UX Platform Software Depot
Software
....................................................................................................................................................................................................................................
Add Software to the HP-UX Platform Software Depot

When to use
Use this task to add the following software to the Platform Software Depot:
• OSCONF Engine
• 3PP description
• NMS description
Related information
• “Platform software depot” (p. 8-2)
Before you begin

Task
Complete the following steps to add the software to the Platform Software Depot.
...................................................................................................................................................................................................
1 Insert SWP-1350OMS-MW_OS-V9.6.@@@ DVD in the drive.

...................................................................................................................................................................................................
2 Enter the following command line to mount the device and press Enter:
...,sys,root # mount -o rr /dev/dsk/<device name>/SD_CDROM [Enter]
...................................................................................................................................................................................................
3 Enter the following command lines to copy the software package and press Enter to
execute each command line:
...,sys,root # swcopy -x enforce_dependencies=false / [Enter]
-s /SD_CDROM 1350OMS-MW_OS @/<directory>/SCDEPOT [Enter]
...................................................................................................................................................................................................
4 Enter the following command to dismount the CD-ROM:

...,sys,root # umount /SD_CDROM [Enter]
...................................................................................................................................................................................................
5 Remove the CD-ROM from the drive.

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 8-7
Network Depot for the HP-UX Platform and Application Create the Application Software Depot
Software
....................................................................................................................................................................................................................................
Create the Application Software Depot

When to use
Use this task to create the application software depot.
Related information
• “Application software depot” (p. 8-2)
Before you begin

This task must be completed on the depot machine, which preferably should be a machine
in the network. The machine can be the same machine that you are installing, if you have
sufficient free disk space. Refer to the table in “Application software depot” (p. 8-2) to
determine how much space, in Megabytes, each software component or feature requires.
Repeat Step 4 to the end of this task for each CD-ROM that contains software that must
be installed.
Task
Complete the following steps to create the application software depot.
...................................................................................................................................................................................................
1 Log in to an Alcatel-Lucent depot machine as root.

...................................................................................................................................................................................................
2 Enter the following command to extend the /alcatel directory to allow the storage of the
application software and press Enter:
...,sys,root # scextendfs /alcatel/DEPOT <required disk size>
[Enter]
...................................................................................................................................................................................................
3 Enter the following command to change directories to the depot directory and press
Enter:
...,sys,root # cd /alcatel/DEPOT [Enter]
Result: You are now in the /alcatel/DEPOT directory.
...................................................................................................................................................................................................
4 Insert the CD-ROM into the drive.

...................................................................................................................................................................................................
5 Enter the following command to check the CD-ROM type and press Enter:
...,sys,root # fstyp /dev/dsk/ [Enter]
....................................................................................................................................................................................................................................
8-8 1350 OMS
Network Depot for the HP-UX Platform and Application Create the Application Software Depot
Software
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
6 Depending on whether the CD-ROM is a cdfs or hfs, use one of the following to mount
the CD at the /SD_CDROM directory:
If the CD-ROM type in the previous step is a cdfs, enter the following command and
press Enter:
...,sys,root # mount -o rr /dev/dsk/<cdrom device file> /SD_
CDROM [Enter]
If the CD-ROM type in the previous step is a hfs, enter the following command and press
Enter:
...,sys,root # mount -r /dev/dsk/<cdrom device file> /SD_CDROM
[Enter]
...................................................................................................................................................................................................
7 Enter the following command to copy the entire contents of the CD-ROM to the
/alcatel/DEPOT directory and press Enter:
...,sys,root # cp -p /SD_CDROM/* /alcatel/DEPOT [Enter]
...................................................................................................................................................................................................
8 Enter the following command to unmount the CD-ROM and press Enter:
...,sys,root # umount /SD_CDROM [Enter]
...................................................................................................................................................................................................
9 Remove the CD-ROM from the drive.

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 8-9
Network Depot for the HP-UX Platform and Application Edit the .rhosts file to Authorize Access to the Application
....................................................................................................................................................................................................................................
Edit the .rhosts file to Authorize Access to the Application

Software Depot
When to use
Use this task to edit the .rhosts file to authorize access to the Application Software
Depot.
Related information
• “Application software depot” (p. 8-2)
Before you begin

To retrieve the files for the 1350 OMS application software packages from the depot
machine, the access to these files must be granted to all root users of all machines that
must be installed. To authorize root access, temporarily add the hostname, followed by
the string root to the .rhosts file for each machine involved.
For example, if there were three machines, called hosta, hostb, and hostc (the depot
machine), you would have to install these three systems including the depot machine
(hostc).
All hosts that are defined in the .rhosts file, must also be defined in the /etc/hosts file.
Task
Complete the following steps to edit the .rhosts file to authorize access to the Application
Software Depot.
...................................................................................................................................................................................................
1 Log in to the machine in which the .rhost file resides.

...................................................................................................................................................................................................
2 Use the vi editor to access the .rhosts file and add the following lines:
hosta root
hostb root
hostc root
Save the changes that you have made to the file.
...................................................................................................................................................................................................
3 Specify these same hosts, in the same manner, the /etc/hosts file.
...................................................................................................................................................................................................
4 At the end of the installation, use the vi editor to access the .rhosts file and delete the
following lines:
hosta root
....................................................................................................................................................................................................................................
8-10 1350 OMS
....................................................................................................................................................................................................................................
hostb root
hostc root
Save the changes that you have made to the file.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 8-11
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
8-12 1350 OMS
9 General Operations
9
Overview
Purpose
This chapter contains the conceptual information and the related tasks that are needed for
the basic operation of the 1350 OMS.
Contents
Restart the HP® Servers 9-2

Decompress a Compressed .gz File 9-5
...................................................................................................................................................................................................................................
1350 OMS 9-1
General Operations Restart the HP® Servers
....................................................................................................................................................................................................................................
Restart the HP® Servers

When to use
Use this task to restart the HP® servers periodically. For 1350 OMS HA configurations,
use this task on the standby nodes only.
Related information
Before you begin

Important! For any restart situation, do not use the reboot command.
Task
...................................................................................................................................................................................................
1 From the machine on which the application is running, log in as alcatel.

...................................................................................................................................................................................................
2 Stop the applications using the PMC application. Select the applications on the PMC
window; and from the popup menu, select the command Stop, as shown in the following
figure:
....................................................................................................................................................................................................................................
9-2 1350 OMS
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
3 When these operations are completed, log in as root.

...................................................................................................................................................................................................
4 On the CDE front panel, press the terminal icon to start a UNIX terminal application.
Execute the command su -root
Stop the Kernel Services using the following command:
...,sys,root # /alu/Kernel/script/KernelServices stop [Enter]
...................................................................................................................................................................................................
5 Enter the following command to change directories:

cd /
....................................................................................................................................................................................................................................
1350 OMS 9-3
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
6 Enter the following command to reboot or stop the HP® servers gracefully:
shutdown -r now
or
shutdown -h now
The command is shutdown -h if you want to stop the system completely or
shutdown -r if you want to stop the system and restart it.
Note: If you are connected to the server, the shutdown command outputs the
following message:
SHUTDOWN PROGRAM
<date/time stamp> METDST
Do you want to send your own message?
(You must respond with 'y' or 'n'.):
Answer n to the question.
...................................................................................................................................................................................................
7 When the system is restarted, press the terminal icon to start a UNIX terminal application.
Execute the command su -root to in as root user.
...................................................................................................................................................................................................
8 Enter the following command to start the Kernel Services:

...,sys,root # /alu/Kernel/script/KernelServices start [Enter]
...................................................................................................................................................................................................
9 As the alcatel user, start the applications using the PMC application. Select the
applications on the PMC window; and from the popup menu, select the command Start.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
9-4 1350 OMS
General Operations Decompress a Compressed .gz File
....................................................................................................................................................................................................................................
Decompress a Compressed .gz File

When to use
Use this procedure to decompress a compressed .gz file.
Related information
Before you begin

This task offers you two ways to decompress a file: to decompress the file and to write it
to standard output, which is shown in Step 3, or to decompress a file and to redirect the
output to another file, which is shown in Step 4.
Task
Use this task to decompress a compressed .gz file.
...................................................................................................................................................................................................
1 From the machine on which the 1350 OMS application is running, log in to the
application.
...................................................................................................................................................................................................
2 To decompress a file and to write it to standard output, go to Step 3.

To decompress a file and to redirect the output to another file, go to Step 4.
...................................................................................................................................................................................................
3 Enter the following command to decompress a file to standard output:

/usr/contrib/bin/gunzip -c <file to be compressed.gz>
Result: The file that you specified as <file to be compressed.gz> is
decompressed to standard output. You have completed this task.
...................................................................................................................................................................................................
4 Enter the following command to decompress a file and to redirect the output to another
file:
/usr/contrib/bin/gunzip -c <file to be compressed.gz> > <output
directory/output file>
Example:
/usr/contrib/bin/gunzip -c /tmp/alarm.log.gz > tmp/alarm.log
Result: The file that you specified is decompressed and its output is redirected to the
file specified.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 9-5
General Operations Decompress a Compressed .gz File
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
9-6 1350 OMS
10 Security
10
Overview
Purpose
information and the associated tasks that pertain to the security of the overall 1350 OMS
network.
Contents
Security Overview 10-2

Security Banners 10-8
Security Profiles 10-11
Web Portal Macro Functions and Default User Profiles 10-14
PMC Management Macro Functions and Default User Profiles 10-15
Session Management Macro Functions and Default User Profiles 10-16
Alarm and FM Related Macro Functions and Default User Profiles 10-17
User Management Macro Functions and Default User Profiles 10-19
SMF Macro Functions and Default User Profiles 10-20
Log Files 10-23
Audit Files for the HP-UX Platform 10-27
Sample security.parms File 10-29
System Security Parameters 10-32
Prepare to Set Up Security 10-42
Set Up Security with Any Profile 10-44
Change a Manufacturer's Default Passwords 10-46
Verify and Kill Processes on the HP-UX Platform 10-48
Remove Security 10-50
Troubleshoot and Fix /etc/passwd File Problems on the HP-UX Platform 10-51
Authorize Access to the Depot Machine on the HP-UX Platform 10-53
...................................................................................................................................................................................................................................
1350 OMS 10-1
Security Security Overview
....................................................................................................................................................................................................................................
Security Overview
Security requirements
To guarantee the most secure system possible and to reduce the risk of security breaches,
1350 OMS sets up a secure configuration and hardens the system using the 1350 OMS
security configuration tool, which is scsecurity.
This security platform is based on user authentication, which is based on the following:
• The system identifies each user with a user identifier, or a UID.
• The system grants access to the system through the use of a password.
Security software requirements

The software that the 1350 OMS relies on and the software that is required for the
security set-up procedure for an HP-UX environment is summarized in the following
table:
1350 OMS Required Security Software for HP-UX Environment

Description Product Code
HP-UX® Bastille Security Hardening Tool B6849AA
HP-UX® Secure Shell T1471AA
Superuser DO ixSUDO
Log Rotate Tool logrotate
The software that the 1350 OMS relies on and the software that is required for the
security set-up procedure for a Red Hat Enterprise Linux environment is summarized in
the following table:
1350 OMS Required Security Software for Red Hat Enterprise Linux Environment
Description Product Code
HP-UX® Bastille Security Hardening Tool Bastille
HP-UX® Secure Shell openssh
Superuser DO sudo
Log Rotate Tool logrotate
Security configuration tool functional overview

The system is already preconfigured with a standard security level that can be improved
using the 1350 OMS security configuration tool: scsecurity. Before using the scsecurity
tool, the security must be properly set up to enable correct access to the system. During
the security setup, various messages are displayed. The output is similar to the following
for the two platforms:
....................................................................................................................................................................................................................................
10-2 1350 OMS
....................................................................................................................................................................................................................................
- HP_UX messages
Started Security Setup...
NOTE: Entering Critical Code Execution.
Security has disabled keyboard interrupts.
NOTE: Created banner message file:

/SCINSTALL/data/custom/short_banner_file
Please, review/replace the contents of this file
to apply more specifically to your organization.
/SCINSTALL/data/custom/long_banner_file
Created Security Profile for Users
NOTE: For the active users the security profile setting
will be enabled at the next login.
Executing XDMCP Configuration
Executing FTP Configuration
Executing FTP Banner Configuration
NOTE: "ftp banner file" has been created: /etc/ftpd/ftp_banner
Converting to a Trusted System ...
System successfully converted to a Trusted System.
Setting Security Defaults
The tool continues to display output that is similar to the following regarding Bastile:
Starting Bastille configuration ...

Bastille has disabled keyboard interrupts.
NOTE: Bastille is scanning the system configuration...
NOTE: Bastille is now locking down your system in accordance with your
answers in /etc/opt/sec_mgmt/bastille/config. Please be patient as
some modules may take a number of minutes, depending on the speed of
your machine.
NOTE: Executing File Permissions Specific Configuration
NOTE: Executing Daemon Specific Configuration
NOTE: Executing Account Security Specific Configuration
NOTE: Executing Inetd Specific Configuration
NOTE: Executing Sendmail Specific Configuration
NOTE: Executing DNS Specific Configuration
NOTE: Executing Apache Specific Configuration
NOTE: Executing Printing Specific Configuration
NOTE: Executing FTP Specific Configuration
NOTE: Executing HP-UX's Security Patch Check Configuration
NOTE: Executing HP-UX Specific Configuration
NOTE: Executing IPFilter Configuration
NOTE: Please check /var/opt/sec_mgmt/bastille/TODO.txt for further
instructions on how to secure your system.
... Bastille configuration ended.
....................................................................................................................................................................................................................................
1350 OMS 10-3
....................................................................................................................................................................................................................................
The tool continues to display output that is similar to the following regarding the Login
Banners Configuration and it continues to run:
Executing Login Banners Configuration

WARNING: "issue login message file" exists: /etc/issue
It will be replaced with a new one.
The previous copy will be saved as /etc/issue.previous
NOTE: "message of the day file" has been created: /etc/motd
NOTE: "ssh message file" has been created: /opt/ssh/etc/sshd_banner
Disabled login to accounts with empty password via SSH.
Enabled sftp configuration.
warning: commands will be executed using /usr/bin/sh
Updating Password Settings
The network access via SSH has been disabled for root.
<date/time stamp>
PAM configured with Default Goglobal root access disable
The network access via GOGLOBAL has been disabled for root.
Disabled cimserver
Disabled hpsmh
Admin Tools have been disabled.
- RHEL messages
Started Security Setup...

Security has disabled keyboard interrupts.

Created Security Profile for Users
NOTE: For the active users the security profile setting
will be enabled at the next login.
Executing XDMCP Configuration

Executing FTP Configuration
Executing FTP Banner Configuration
NOTE: "ftp banner file" has been created: /etc/vsftpd/vsftpd_banner
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
Setting Security Defaults
Starting Bastille configuration ...
Bastille has disabled keyboard interrupts.
NOTE: Bastille is scanning the system configuration...
....................................................................................................................................................................................................................................
10-4 1350 OMS
....................................................................................................................................................................................................................................
WARNING: AccountSecurity.umask was removed (not applicable).

Important! For Bastille execution on the Red Hat Enterprise Linux platform, ignore the
previous message (WARNING: AccountSecurity.umask was removed (not
applicable).) because it applies to a restriction that is not applicable.
The tool continues to display output that is similar to the following:
NOTE: Bastille is now locking down your system in accordance with your
answers in the "config" file. Please be patient as some modules
may take a number of minutes, depending on the speed of your
machine.
NOTE: Executing Firewall Specific Configuration
NOTE: Executing File Permissions Specific Configuration
NOTE: Executing Account Security Specific Configuration
NOTE: Executing Boot Security Specific Configuration
NOTE: Executing Inetd Specific Configuration
NOTE: Executing User Tool Specific Configuration
NOTE: Executing PAM Specific Configuration
NOTE: Executing Logging Specific Configuration
NOTE: Executing Daemon Specific Configuration
NOTE: Executing Sendmail Specific Configuration
NOTE: Executing DNS Specific Configuration

NOTE: Executing Apache Specific Configuration
NOTE: Executing Printing Specific Configuration
NOTE: Executing FTP Specific Configuration
NOTE: Executing Temporary Directory Specific Configuration
WARNING: Non-fatal warnings and errors have occurred in the configuration
of this system. Please view the following file for more details:
/var/log/Bastille/error-log
WARNING: ... Bastille configuration ended with warning.
See log file: /SCINSTALL/security/log/scsecurity.log
Executing Login Banners Configuration
WARNING: "message of the day file" exists: /etc/motd
The previous copy will be saved as /etc/motd.previous
NOTE: "ssh message file" has been created: /etc/ssh/sshd_banner
Disabled portmap
Disabled rwhod
Restrict root login only on console.
Disabled login to accounts with empty password via SSH.
<date/time stamp>
PAM configured with Default
Enabled sftp configuration.
Executing Sendmail Configuration
....................................................................................................................................................................................................................................
1350 OMS 10-5
....................................................................................................................................................................................................................................
Updating Password Settings
<date/time stamp>
PAM configured with Trusted
The network access via SSH has been disabled for root.
<date/time stamp>
PAM configured with Root access disable
The network access via GOGLOBAL has been disabled for root.
WARNING: Security configuration ended with Bastille warning.
Check the log file: /SCINSTALL/security/log/scsecurity.log
For the trusted-advanced profile, the tool displays output that is similar to the following
regarding the process accounting and the audit configuration on the HP-UX platform:
Executing Accounting Configuration

Accounting started
Executing Auditing Configuration
On the Red Hat Enterprise Linux platform, where the audit is not implemented, only a
message for the process accounting is printed instead:
Start process accounting

The tool concludes its display with output that is similar to the following that is intended
to call the administrator's attention to when scsecurity should be rerun and a note about
scsecurity revert.
ATTENTION: 'scsecurity' should be rerun whenever new software, OS revisions or

patches are installed.
It should also be rerun any time customizations are made that might
loosen security.
NOTE: Running 'scsecurity revert' will revert the security changes, but it
may not revert changes made in the interim
(manually or by programs).
In case of differences a copy of the modified files will be kept
so that you can compare them.
Security administration user and user groups

The security set up requires/creates the following items:
• The security administrator user (security)
• Two user groups, which are as follows:
—The security group for the security administrator (security)
—The specific security group for ftp guest users (ftpscoss)
....................................................................................................................................................................................................................................
10-6 1350 OMS
....................................................................................................................................................................................................................................
The user ID (UID) and group ID (GID) for these users and these groups are defined in
advance, and they must agree with the following UIDs and GIDs that have been defined
for the 1350 OMS environment:
1350 OMS Security User

User Name HP-UX UID Red Hat Enterprise Linux UID
security 199 599
1350 OMS Security Group

User Name HP-UX UID Red Hat Enterprise Linux UID
security 199 599
ftpscoss 197 597
....................................................................................................................................................................................................................................
1350 OMS 10-7
Security Security Banners
....................................................................................................................................................................................................................................
Security Banners
About security banners and scsecurity
The 1350 OMS security sets up banners pages that are displayed at login time for both the
shell and ftp access.
Administrators can choose between two kinds of banner messages:
• long
• short
Two variables have been introduced in the following security custom parameters file:
/SCINSTALL/security/data/custom/security.parms
These variables, along their comments, are the following:
• COMPANY_NAME=""
## Company name to be used in banner messages.
• SHORT_BANNER="NO"
## Enable short banner for login services: "YES" or "NO" in uppercase.
## "NO" default use long banner - "YES" use short banner.
If the variable COMPANY_NAME is empty when the security is activated for the first time,
the procedure stops. The following message is output:
Please, before to rerun the command, set the keyword 'COMPANY_NAME'

in the file:
The custom security.parms file is be created if it is not present.
The following files contain the custom banner messages and are created at during the first
security activation:
• /SCINSTALL/data/custom/long_banner_file
• /SCINSTALL/data/custom/short_banner_file

Administrators can customize these two banner messages with the appropriate
information to reflect their company and/or their use.
....................................................................................................................................................................................................................................
10-8 1350 OMS
....................................................................................................................................................................................................................................
Security banner locations
The following table provides the locations of the 1350 OMS security banners:
1350 OMS Security Banner Locations

Banner displayed HP-UX Banner File Red Hat Enterprise Linux Banner File
After log in from the shell /etc/motd /etc/motd
On a new terminal /etc/issue /etc/issue
For ftp access /etc/ftpd/ftp_banner /etc/vsftpd/vsftpd_banner
For ssh and sftp access /opt/ssh/etc/sshd_banner /etc/ssh/sshd_banner
Banner functional requirements

If the banner file is not present, scsecurity creates a reference to the custom banner file.
The reference is removed if scsecurity is reverted. Output similar to the following is
displayed:
NOTE: "message of the day file" has been created: /etc/motd

If the banner file exists, scsecurity saves the current file with the extension .previous
and creates a reference to the custom banner file. Output similar to the following is
displayed:

At revert time, scsecurity recovers the saved copy of the file. Output similar to the
following is displayed:
/etc/issue banner file was already defined before the security activation.
The saved copy of the banner will be recovered.
Security banner template

The banner template that is used to define the banner files contains the following text:
*******************************************************************
NOTICE TO USERS
This computer system is the private property of <COMPANY NAME> whether
individual, corporate or government. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.
By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
....................................................................................................................................................................................................................................
1350 OMS 10-9
....................................................................................................................................................................................................................................
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to
use this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.
********************************************************************
The banner template used to create the short banner message file contains the following
text:
This system is property of <company name>.

Access is restricted to authorized users only.
All activity may be monitored and reported.
If a revert of scsecurity occurs...

Important! If a security revert occurs, the system banner files are restored to their
original state. The customized banner files are not changed or are not removed; therefore,
they can be reused for the next security activation.
....................................................................................................................................................................................................................................
10-10 1350 OMS
Security Security Profiles
....................................................................................................................................................................................................................................
Security Profiles
Security profile types
Prior to setting up the security, administrators must select one of the following security
profiles:
• one profile named trusted-base
• one profile named trusted-advanced
Security profile features

Both the trusted-base and the trusted-advanced profiles set up the HP® Trusted System
and remove useless network services; however, the profiles do differ. Refer to the
following table:
Security Profile Features

Feature HP-UX tb HP-UX ta RHEL tb RHEL ta
®
HP Trusted System ✓ ✓
Set-up
Force password structure ✓ ✓
and aging
Shell login banner ✓ ✓ ✓ ✓
ftp login banner ✓ ✓ ✓ ✓
Disable un-used network ✓ ✓ ✓ ✓
services *
Disable miscellaneous ✓ ✓ ✓ ✓
daemons
Disable remote ✓ ✓ ✓ ✓
commands*
Disable telnet* ✓ ✓ ✓ ✓
Deactivate NFS* ✓ ✓ ✓ ✓
Deactivate NIS* ✓ ✓ ✓ ✓
Disable sendmail ✓ ✓ ✓ ✓
daemon*
Predispose sendmail ✓ ✓ ✓ ✓
execution through cron*
Disable ftp real user ✓ ✓ ✓ ✓
access
Configure sftp for ✓ ✓ ✓ ✓
ftpscoss group*
Disable XDMCP ✓ ✓ ✓ ✓
external access
....................................................................................................................................................................................................................................
1350 OMS 10-11
....................................................................................................................................................................................................................................
Security Profile Features

Feature HP-UX tb HP-UX ta RHEL tb RHEL ta
Disable the root login ✓ ✓ ✓ ✓
from anywhere other
than the system console*
Allow only root to use ✓ ✓ ✓ ✓
crontab and at
commands
Prevent execution on ✓ ✓ ✓ ✓
commands traceroute
and whois*
Updated SSH ✓ ✓ ✓ ✓
configuration*
Define default umask ✓ ✓ ✓ ✓
(022)*
Create security user ✓ ✓
Enable rotation on ✓ ✓
system log files
Create Audit log file ✓
systems
Configure Audit ✓
*These restrictions are preconfigured on the system during installation time (standard security
level). Both security profiles check if the system configuration is complete and re-apply the
restriction if necessary.
**HP-UX tb is HP-UX trusted-base; HP-UX ta is HP-UX trusted-advanced.
**RHEL tb is Red Hat Enterprise Linux trusted-base; RHEL ta is Red Hat Enterprise Linux
trusted-advanced.
Access to the secure host

When security is activated on the host, the following guidelines apply:
• The telnet command is no longer available. The ssh (secure shell) must be used.
• The r (remote) commands (such as rlogin and rcp) are disabled; therefore, the ssh
(secure shell) must be used for connections and scp (secure copy) must be used to
copy files.
• Root access is disabled via ssh and GoGlobal.
Secure Shell software is installed on all secure 1350 OMS systems; refer to the ssh and
scp man pages for more information.
....................................................................................................................................................................................................................................
10-12 1350 OMS
....................................................................................................................................................................................................................................
Security user-allowed commands
With the trusted-advanced profiles, a special user called security is automatically
created. This special user can manage other users with root user exception. In addition,
this special user can use the commands that are listed in the following tables to change the
password configuration; however, this user is disabled in case of scsecurity revert.
The following table provides the security user commands for the HP-UX operating
system.
HP-UX Security User Commands

Command Description and Use
getprpw Displays the user's protected password database settings.
modprpw Modifies the protected password database.
Updates the user's protected password database settings.
This command is only available to the superuser in a Trusted
System.
passwd Changes/Modifies the login password and associated attributes
with the login name. If the name is omitted, it defaults to
invoking the user's login name.
The following table provides the security user commands for the Red Hat Enterprise
Linux operating system:
Red Hat Enterprise Linux Security User Commands

Command Description and Use
chage Change user password expiration information.
This command normally is only available to the superuser.
passwd Changes/Modifies the login password and associated attributes
with the login name. If the name is omitted, it defaults to
invoking the user's login name.
Security and restrictions on High Availability configurations

For High Availability configurations, security for the 1350 OMS must be set up with the
same profile on every system.
....................................................................................................................................................................................................................................
1350 OMS 10-13
Security Web Portal Macro Functions and Default User Profiles
....................................................................................................................................................................................................................................
Web Portal Macro Functions and Default User Profiles

File
Web Portal - File

✓ is Allowed
File Administrator Constructor Operator Viewer
Exit ✓ ✓ ✓ ✓
Change ✓ ✓
Password
Check CA ✓ ✓
Certificate
Save ✓ ✓
Preferences ...
Logout ... ✓ ✓ ✓ ✓
Actions
Web Portal - Actions

✓ is Allowed
Actions Administrator Constructor Operator Viewer
Launch application ✓ ✓ ✓
Raise up application ✓
Stop application ✓
Add toobar ✓
Remove from toolbar ✓
Open folder ✓ ✓
Expand folders ✓ ✓ ✓ ✓
Collapse folders ✓ ✓ ✓ ✓
SEC
Security (SEC) Database Management is only allowed for users who have an
Administrator profile.
....................................................................................................................................................................................................................................
10-14 1350 OMS
Security PMC Management Macro Functions and Default User Profiles
....................................................................................................................................................................................................................................
PMC Management Macro Functions and Default User Profiles

Actions
PMC Actions
✓ is Allowed
Exit ✓ ✓ ✓ ✓
Start Selected Item ✓
Stop Selected Item ✓
Set Run Level ✓
Synchronize
View
PMC View
✓ is Allowed
View Administrator Constructor Operator Viewer
Info ✓ ✓ ✓ ✓
Selected Agent Trace ✓ ✓ ✓ ✓
PMC2 Log ✓ ✓ ✓ ✓
Local Configuration ✓ ✓ ✓ ✓
File
Agent Configuration ✓ ✓ ✓ ✓
File
Configuration
PMC Configuration
✓ is Allowed
Configuration Administrator Constructor Operator Viewer
Set Threshold ✓
....................................................................................................................................................................................................................................
1350 OMS 10-15
Security Session Management Macro Functions and Default User
Profiles
....................................................................................................................................................................................................................................
Session Management Macro Functions and Default User

Profiles
Actions
Session Administration - Actions

✓ is Allowed
Send a Message ✓ ✓ ✓
Force Log out ✓
Purge Closed Sessions ✓
Clear table selection ✓
Refresh Table ✓
File
Session Management - File

✓ is Allowed
File Administrator Constructor Operator Viewer
Duplicate Window ✓
Save Preferences ✓
Show Task Control ✓
Show Common Messages ✓
Stop Application ✓
Close ✓
Exit ✓
....................................................................................................................................................................................................................................
10-16 1350 OMS
Security Alarm and FM Related Macro Functions and Default User
Profiles
....................................................................................................................................................................................................................................
Alarm and FM Related Macro Functions and Default User

Profiles
Fault
Fault
✓ is Allowed
Users Administrator Constructor Operator Viewer
Current Alarms ✓ ✓ ✓ ✓
Historical Alarms ✓ ✓ ✓ ✓
Alarm Surveillance Current Alarms
Alarm Surveillance - Current Alarms

✓ is Allowed
Current Alarms Administrator Constructor Operator Viewer
Modify Filters ✓ ✓ ✓
Administration ✓
Synchronization ✓ ✓ ✓
Reserve Alarm ✓ ✓
Acknowledge Alarm ✓ ✓
Archive Alarm Manually ✓ ✓
Manual Purge ✓
Manual Clear ✓
Request Trouble Ticket ✓
Creation
Export Alarm ✓ ✓ ✓
Information
Get More Alarm ✓ ✓ ✓
Information
Navigation > Historical ✓ ✓ ✓
Alarm USM
Navigation > Topology ✓ ✓ ✓
Manager
Navigation > External ✓ ✓ ✓
Application
....................................................................................................................................................................................................................................
1350 OMS 10-17
Security Alarm and FM Related Macro Functions and Default User
Profiles
....................................................................................................................................................................................................................................
Alarm Surveillance Historical Alarms
Alarm Surveillance - Historical Alarms

✓ is Allowed
Historical Alarms Administrator Constructor Operator Viewer
Export Alarm ✓ ✓
Information
Get More Alarm ✓ ✓ ✓
Information
Retrieve Public Archive ✓ ✓
Retrieve from user file ✓ ✓
Remove user file ✓
Navigation > Current ✓ ✓ ✓
USM
Navigation > External ✓ ✓ ✓
Application
....................................................................................................................................................................................................................................
10-18 1350 OMS
Security User Management Macro Functions and Default User Profiles
....................................................................................................................................................................................................................................
User Management Macro Functions and Default User Profiles

User Management
User Management - user management

✓ is Allowed
User Management Administrator Constructor Operator Viewer
Create User ✓
Remove User ✓
Find User ✓
Search User ... ✓
Import ... ✓
Export ... ✓
Refresh Contexts ✓
System Management
User Management - System Management

✓ is Allowed
System Management Administrator Constructor Operator Viewer
Lock/Unlock Database ✓
Shut down hard ✓
Shut down soft ✓
Save preferences ✓
Navigation
User Management - Navigation

✓ is Allowed
Navigation Administrator Constructor Operator Viewer
Navigation to ACI ✓ ✓ ✓
....................................................................................................................................................................................................................................
1350 OMS 10-19
Security SMF Macro Functions and Default User Profiles
....................................................................................................................................................................................................................................
SMF Macro Functions and Default User Profiles

Log Management
Log Management - Log File

✓ is Allowed
Log File Administrator Constructor Operator Viewer
Log File Info ✓ ✓ ✓
Log Record ✓ ✓ ✓
Print
Log File Archive ✓ ✓ ✓
Log File Delete ✓ ✓ ✓
Log Management - Log Record

✓ is Allowed
Log Recprd Administrator Constructor Operator Viewer
Filter
Update
Log Record Info ✓ ✓ ✓
Trace Management
Trace Management - processes

✓ is Allowed
processes Administrator Constructor Operator Viewer
Edit Trace Level ✓ ✓ ✓
Trace File - Trace File

✓ is Allowed
Trace File Administrator Constructor Operator Viewer
Static View ✓ ✓ ✓ ✓
Dynamic View ✓ ✓ ✓ ✓
Reset View ✓ ✓ ✓ ✓
....................................................................................................................................................................................................................................
10-20 1350 OMS
....................................................................................................................................................................................................................................
Failure Management
FM - Workstation
✓ is Allowed
Workstation Administrator Constructor Operator Viewer
Do a Snapshot ✓ ✓ ✓
FM - OS Snapshot
✓ is Allowed
OS Snapshot Administrator Constructor Operator Viewer
Save Tape ✓ ✓ ✓
Lock ✓ ✓ ✓
Unlock ✓ ✓ ✓
Delete ✓ ✓ ✓
FM - Options
✓ is Allowed
Options Administrator Constructor Operator Viewer
Set Max ✓ ✓ ✓
Number of
Snapshots
Scheduler Management
Scheduler Management - plan

✓ is Allowed
plan Administrator Constructor Operator Viewer
New ✓
Edit ✓
Validate ✓
Stop ✓
Delete ✓
....................................................................................................................................................................................................................................
1350 OMS 10-21
....................................................................................................................................................................................................................................
Backup Management
Backup Management - job

✓ is Allowed
Job Administrator Constructor Operator Viewer
New ✓
Edit ✓
Remove from list ✓
Run ✓
Restore Management
Restore Management - load

✓ is Allowed
load Administrator Constructor Operator Viewer
All ✓ ✓ ✓ ✓
Disk ✓ ✓ ✓ ✓
Tape ✓ ✓ ✓ ✓
Cleanup Management
Cleanup Management - Cleanup

✓ is Allowed
Cleanup Administrator Constructor Operator Viewer
Details ✓ ✓ ✓
Clean ✓ ✓ ✓
....................................................................................................................................................................................................................................
10-22 1350 OMS
Security Log Files
....................................................................................................................................................................................................................................
Log Files
Log files functional overview
When the trusted-advanced security profiles are selected during an iteration of
scsecurity, a set of the following files are created or managed to record relevant system
occurrences:
“Log Files” (p. 10-23)
On a regular basis, the logrotate tool collects the log files. This tool periodically verifies
the files and moves them from their original location to a dedicated filesystem on the
/.ARCHIVE directory, where the files are compressed, encrypted, and archived if the
option is enabled by the ENCRYPT_ARCHIVE security parameter. This process ensures that
the largest amount of data is stored and guarantees a reasonable time between downloads.
Refer to “Encryption set up” (p. 10-26) for details.
Note: On the HP-UX system, the /.ARCHIVE file system is created to store the system log
files and about 10 audit files. Its dimension is based on the value that is defined in the in
“PRI_SWITCH” (p. 10-39) and “SEC_SWITCH” (p. 10-39) security parameters. On the
Red Hat Enterprise Linux system, the file system is created to store the system log files.
Its dimension is based on the value that is defined in the in “ARCHIVE_LOG_SIZE”
(p. 10-34) security parameter.
An email list that is available in the “WARN_USERS_LIST” (p. 10-41) security
parameter should be used to advise the administrator when the data in the ./ARCHIVE file
system exceeds the 80% threshold capacity and when the 90% threshold capacity is
crossed.
If the administrator does not move the files to another location or archives the files on
tape before the second threshold is reached, the oldest files are automatically removed to
make space available for the newest files.
Log files
Some system log files are automatically stored in the /.ARCHIVE directory for the
following reasons:
• To keep and maintain a long system history
• To prevent the abnormal growth of the file
The structure that is associated with the . /.ARCHIVE directory is created by scsecurity
during the initial activation of a trusted-advanced profile.
These log files are compressed and renamed according to the following naming
convention:
<log prefix>-<date>-<time>.gz
Where:
<log prefix> is a unique file prefix that is defined for each log file.
<date> is the date of the move and compression.
....................................................................................................................................................................................................................................
1350 OMS 10-23
Security Log Files
....................................................................................................................................................................................................................................
<time> is the time of the move and compression.
gz is the file type extension for gnu zip.
Example:
The cron log file is saved on January 1, 2013 at 15:57:59. In the /.ARCHIVE directory, the
respective log file is called:
cron.log-2013_01_01-15:57:49.gz
HP-UX archived log files

The following table provides a list of the archived log files for the HP-UX platform.
HP-UX Archived Log Files

Log File Prefix Log file Contains... Transferred to the
Archive...
/var/adm/wtmp wtmp A record of all logins Weekly, or when it
and logouts in binary becomes greater than
format 10 Mbytes
/var/adm/btmp btmp Bad login entries, in Monthly
binary format, for
each invalid login
attempt
/var/adm/syslog/ syslog.log All messages that are Weekly; can also be
syslog.log OLDsyslog.log sent to the UNIX saved as OLD in case
system log a system reboot
occurs in the mean
time
/var/adm/syslog/ mail.log Messages issued by Weekly
mail.log sendmail
/var/adm/cron/log cron.log The list of all Weekly; can also be
OLDcron.log commands performed saved as OLD in case
by the cron daemon a system reboot
occurs in the mean
time
/var/adm/sulog sulog The timestamp of Weekly
each su command
followed by the
username of the
executor and the new
username assumed
....................................................................................................................................................................................................................................
10-24 1350 OMS
Security Log Files
....................................................................................................................................................................................................................................
Red Hat Enterprise Linux archived log files
The following table provides a list of the archived log files for the Red Hat Enterprise
Linux platform.
Red Hat Enterprise Linux Archived Log Files

Log File Log Prefix Log File Contents Archiving Rules
/var/log/wtmp wtmp wtmp contains a This file is transferred
record of all logins weekly to the archive
and logouts in binary or when its size is
format. greater than 10M
Refer to the man bytes.
page for more detail.
/var/log/btmp btmp btmp contains bad This file is transferred
login entries, in monthly to the
binary format, for archive.
each invalid login
attempt.
/var/log/messages messages General message and This file is transferred
system related data. weekly to the archive.
/var/log/secure secure Authentication log. This file is transferred
weekly to the archive.
/var/log/maillog maillog Mail server logs. This file is transferred
/var/log/spooler spooler News errors of level This file is transferred
crit (critical) and weekly to the archive.
higher.
/var/log/boot.log boot.log System boot This file is transferred
messages. weekly to the archive.
/var/log/cron cron Cron logs (cron job). This file is transferred
/var/log/syslog syslog Additional logs added This file is transferred
by Bastille. weekly to the archive.
/var/log/kernel kernel Additional logs added This file is transferred
/var/log/loginlog loginlog Additional logs added This file is transferred
/var/log/pacct pacct Process account log. This file is transferred
/var/log/vsftpd.log vsftpd.log ftp daemon logs. This file is transferred
/var/log/xferlog xferlog weekly to the archive.
....................................................................................................................................................................................................................................
1350 OMS 10-25
Security Log Files
....................................................................................................................................................................................................................................
Encryption set up
The administrator can change the default security configuration so it archives audit files
(for HP-UX only) and log files in encrypted format. To enable this function, the
administrator must change the settings of both the “ENCRYPT_ARCHIVE”
(p. 10-35) and “CHANGE_ENCRYPT_PASSWORD” (p. 10-34) parameters to YES.
Important! We recommend that the administrator sets the encryption policy for both of
these parameters before the security is activated. It is dangerous to change the encryption
policy after security is activated; and if it must be done, it must be done carefully.
When the ENCRYPT_ARCHIVE and CHANGE_ENCRYPT_PASSWORD parameters
are set to YES, the tool outputs a display that is similar to the following, which requests
the encryption password during the security setup:
Setting Archive Log files Encrypt functionality

Encryption password will be substituted.
Use the previous one to decrypt old saved log files.
Insert the log files encryption password:
Insert again the log files encryption password:
Encryption password defined.
The encrypted files are then archived with the file extension .gzsec.
Important! After the new setup has been activated, the administrator must remember to
change the setting of the CHANGE_ENCRYPT_PASSWORD parameter to NO;
otherwise, at the next security configuration, the administrator is asked to change the
encryption password.
....................................................................................................................................................................................................................................
10-26 1350 OMS
Security Audit Files for the HP-UX Platform
....................................................................................................................................................................................................................................
Audit Files for the HP-UX Platform

Audit files
The audit records for the HP-UX platform are stored in two specific files that are located
in two specific file systems. Whenever the current file and file system that is in use is full,
the system automatically switches over to the second one. The 1350 OMS monitors this
activity every 5 minutes and saves the data that is stored in the dismissed file into the
archive file system in the /.ARCHIVE directory, where the files are compressed, encrypted,
and archived if the option is enabled by the “ENCRYPT_ARCHIVE” (p. 10-35) security
parameter. Refer to “Encryption set up” (p. 10-26) for details.
The audit files that the HP-UX audit function manages are the following:
• /.AUDITING/1/audfile
• /.AUDITING/2/audfile
During the initial activation of a trusted-advanced profile, the tool creates the structure
that is used to store the audit files and to produce output that is similar to the following:
Executing "Primary Audit log file" File System Configuration

=><date/time stamp>
=>START: MW_OS Extend/Create File(s) System
______________________________________________________________________
Analyze Mount Point:"/.AUDITING/1"
Request free: 121 MegaByte(s)
Evaluate size: 128 MegaByte(s)
Create Logical Volume x "/.AUDITING/1"
Extend Mount Point to 128 MByte
Making new file system (vxfs) on Mount Point
Mount /dev/vg00/lvol13 on /.AUDITING/1
Updating /etc/fstab x Mount Point
_____________________________________________________________________
=><date/time stamp>
=>END: MW_OS Extend/Create File(s) System
Executing "Secondary Audit log file" File System Configuration
=><date/time stamp>
=>START: MW_OS Extend/Create File(s)
System______________________________________________________________________
Analyze Mount Point:"/.AUDITING/2"
Create Logical Volume x "/.AUDITING/2"
Extend Mount Point to 128 MByte
Making new file system (vxfs) on Mount Point
Mount /dev/vg00/lvol14 on /.AUDITING/2
Updating /etc/fstab x Mount Point
______________________________________________________________________
=><date/time stamp>
=>END: MW_OS Extend/Create File(s) System
When a file is saved in either /.ARCHIVE area, the filename adheres to the following
naming convention:
....................................................................................................................................................................................................................................
1350 OMS 10-27
Security Audit Files for the HP-UX Platform
....................................................................................................................................................................................................................................
audfile-<date>-<time>.gz
Example:
audfile-2013_01_01-15:57:49.gz
The /.ARCHIVE file system is automatically created to store more than 10 audit files,
however, when the file system becomes full, the collected audit data is lost.
The current audit file is compressed and moved into the /.ARCHIVE directory each time
the 1350 OMS security reverts to the default HP-UX level through scsecurity revert.
....................................................................................................................................................................................................................................
10-28 1350 OMS
Security Sample security.parms File
....................................................................................................................................................................................................................................
Sample security.parms File

Contents of the security.parms file
The following lines display information about the warning and the inactivity timeout:
# NOTE: The variables defined in this file can be configured to

# best suite your needs, with the restrictions put in
# evidence using the form "ATTENTION: ...".
#
# YOU CAN MAKE CHANGES UNDER THIS LINE
# Users advised against problems
#
WARN_USERS_LIST="root" ## List of users separated by blank
# Shell Inactivity Timeout
#
SIT=1800 ## Shell Inactivity Timeout (seconds) (0=not active)
## Applicable for 'ksh', 'sh' (posix-shell) and 'bash' shell
## Used also for the SSH Inactivity Timeout
The following lines display information about encryption:
# Encrypt Archive
#
# NOTE: TO ACTIVATE THE ENCRYPT FUNCTIONALITY BOTH THE NEXT TWO VARIABLE MUST
BE SET TO "YES",
# AFTER THE FIRST ACTIVATION YOU CAN AVOID TO BE ASKED FOR THE "ENCRYPTION
PASSWORD CHANGE"
# SETTING TO "NO" THE VARIABLE CHANGE_ENCRYPT_PASSWORD
# ATTENTION: IF THE VALUE FOR THE ENCRYPT PASSWORD IS DEFINED|CHANGED YOU MUST
REMEMBER IT TO BE
# ABLE TO DECRYPT THE ENCRYPTED LOG FILES.
ENCRYPT_ARCHIVE="NO" ## Encrypt archive log files:"YES" or "NO"
in uppercase
CHANGE_ENCRYPT_PASSWORD="NO" ## Change encryption password:"YES"
or "NO" in uppercase
HP-UX Environment:
The following lines display information about un-trusted systems:
# Parameters for UN-Trusted Systems (SECURITY)

#
PASSWORD_MAXDAYS=180 ## Password expiration time interval (days)
#
# ATTENTION: IF THE VALUE OF THE NEXT VARIABLE IS CHANGED YOU SHOULD HAVE
PROBLEMS IN
# PASSWORD CHANGING. IT IS RECOMMENDED TO KEEP PASSWORD_MINDAYS=0
PASSWORD_MINDAYS=0 ## Minimum time interval between password changes
(days)
PASSWORD_WARNDAYS=14 ## Password expiration warning time interval (days)
PASSWORD_HISTORY_DEPTH=4 ## Password history depth
PASSWORD_MIN_DIGIT_CHARS=1 ## Password minimum digit characters
PASSWORD_MIN_SPECIAL_CHARS=1 ## Password minimum special characters
....................................................................................................................................................................................................................................
1350 OMS 10-29
....................................................................................................................................................................................................................................
MIN_PASSWORD_LENGTH=7 ## Minimum password length
#
# end of UN-Trusted System parameters
HP-UX Environment:
The following lines display information about trusted systems:
# Parameters for Trusted Systems

#
usrpick=YES ## User picks password
syspnpw=NO ## System does not generate pronounceable passwords
rstrpw=YES ## Check password for triviality
nullpw=NO ## Null passwords are not allowed
syschpw=NO ## System does not generate passwords having
characters only
sysltpw=NO ## System does not generate passwords having letters
only
#mintm=PASSWORD_MINDAYS ## ##From SECURITY##
#exptm=PASSWORD_MAXDAYS ## ##From SECURITY##
gptm=21 ## Grace period time (days)
llog=0 ## Last login time interval (days)
#expwarn=PASSWORD_WARNDAYS ## ##From SECURITY##
umaxlntr=-1 ## Maximum number of consecutive unsuccessful login
attempts before the account is locked (use default)
tmaxlntr=3 ## Maximum unsuccessful login tries allowed
dlylntr=2 ## Delay between login tries
lntmout=30 ## Login timeout in seconds
#
# End of Trusted System parameters
HP-UX Environment:
The following lines display information about auditing:
# Auditing
#
# ATTENTION: DO NOT CHANGE BELOW THIS LINE AFTER THE FIRST APPLY OF THE
SECURITY
PRI_SWITCH=102400 ## Switch size of primary audit log file (kbytes)
SEC_SWITCH=102400 ## Switch size of secondary audit log file (kbytes)
Red Hat Enterprise Linux Environment:
The following lines display information about password:
# Password parameters
#
PASSWORD_MAXDAYS=180 ## Password expiration time interval (days)
#
# ATTENTION: IF THE VALUE OF THE NEXT VARIABLE IS CHANGED YOU SHOULD HAVE
PROBLEMS IN
# PASSWORD CHANGING. IT IS RECOMMENDED TO KEEP PASSWORD_MINDAYS=0
PASSWORD_MINDAYS=0 ## Minimum time interval between password
changes (days)
....................................................................................................................................................................................................................................
10-30 1350 OMS
....................................................................................................................................................................................................................................
PASSWORD_WARNDAYS=14 ## Password expiration warning time interval
(days)
PASSWORD_HISTORY_DEPTH=5 ## Password history depth
PASSWORD_MIN_DIGIT_CHARS=1 ## Password minimum digit characters
PASSWORD_MIN_SPECIAL_CHARS=1 ## Password minimum special characters
MIN_PASSWORD_LENGTH=7 ## Minimum password length
The following lines display information about password and login parameters:
# Password and login parameters

#
gptm=21 ## Grace period time (days)
umaxlntr=0 ## Maximum number of consecutive unsuccessful
login attempts before the account is locked (0=disabled)
tmaxlntr=3 ## Maximum unsuccessful login tries allowed
The following lines display information about file system parameters:
# File Systems parameters

#
ARCHIVE_LOGS_SIZE=100 ## Archive file system: space reserved for
archived log files (Mbytes)
....................................................................................................................................................................................................................................
1350 OMS 10-31
Security System Security Parameters
....................................................................................................................................................................................................................................
System Security Parameters

Changing the system security parameters
Some of the settings for the system security parameters, such as the password parameters,
can be changed.
Important! We recommend that the system security parameters be changed before the
security environment is set up because any subsequent changes to the security
environment can result in security breaches or user problems. For example, if the
password lifetime is reduced, users could be deactivated without any advance notice.
Important! For the HP-UX operating system, we recommend that the system security
parameters for the Trusted System Configuration are not changed with the HP® System
Management Homepage (SMH).
Location and access to the system security parameters

The default settings for the security parameters are housed in the following file:
/SCINSTALL/security/lib/security.parms
To customize the security parameters, use the following file:
If this file is not present, a copy of the default file can be made using the following
command:
cp /SCINSTALL/security/lib/security.parms /
Changes to the custom security.parms file can be made when security is active by
logging in as root, using an editor command, and executing the appropriate command:
• scsecurity security
Where: security is used to set up security defaults for the password parameters. See
Table 10-1, “ HP-UX and RHEL System Security Parameters” (p. 10-33) for a list of
password parameters.
• scsecurity modify
Where: modify is used to change password settings (including setting up security
defaults) for the security parameters, password parameters, trusted system parameters
(for the HP-UX operating system) or login parameters (for the Red Hat Enterprise
Linux operating system), and the encryption parameters, which are set only if
trusted-advanced is the active profile. See Table 10-1, “ HP-UX and RHEL System
Security Parameters” (p. 10-33) for a list of these parameters.
If a new version of the security parameters file is delivered and a custom security
parameters file is found when a new version of MW-OS is installed, scsecurity outputs a
display similar to the following, which the administrator must follow:
WARNING:a CUSTOM security parameters file has been found:

....................................................................................................................................................................................................................................
10-32 1350 OMS
....................................................................................................................................................................................................................................
The file version is different from the new one installed as DEFAULT:
/SCINSTALL/security/lib/security.parms
NOTE: please complete the actions reported at follows:
- save the current custom file for reference
cp /SCINSTALL/security/data/custom/security.parms /
/SCINSTALL/security/data/custom/security.parms_save
- copy the default file in the custom directory
cp /SCINSTALL/security/lib/security.parms /
- apply your personal customization on the custom file
- finally remove the old saved custom file
rm /SCINSTALL/security/data/custom/security.parms_save
System security parameters and HA configurations

Important! For High Availability (HA) configurations, the security must be configured
at the same level and with the same parameters that are set on every system. A
non-aligned security set-up can cause serious problems.
System security parameter types

The system security parameters are one of the types that are listed in the following table:
Table 10-1 HP-UX and RHEL System Security Parameters
HP-UX and RHEL System Security Parameters

System Security Parameter Type Parameter
Audit Parameters (HP-UX) “PRI_SWITCH” (p. 10-39)
“SEC_SWITCH” (p. 10-39)
File Systems Parameters (RHEL) “ARCHIVE_LOG_SIZE” (p. 10-34)
Security Parameters “SIT” (p. 10-39)
“WARN_USERS_LIST” (p. 10-41)
Encryption Parameters “CHANGE_ENCRYPT_PASSWORD”
(p. 10-34)
“ENCRYPT_ARCHIVE” (p. 10-35)
Password Parameters* “MIN_PASSWORD_LENGTH” (p. 10-36)
“PASSWORD_HISTORY_DEPTH” (p. 10-37)
“PASSWORD_MAXDAYS” (p. 10-37)
“PASSWORD_MINDAYS” (p. 10-37)
“PASSWORD_MIN_DIGIT_CHARS”
(p. 10-38)
“PASSWORD_MIN_SPECIAL_CHARS”
(p. 10-38)
“PASSWORD_WARNDAYS” (p. 10-38)
....................................................................................................................................................................................................................................
1350 OMS 10-33
....................................................................................................................................................................................................................................
Table 10-1 HP-UX and RHEL System Security Parameters (continued)
HP-UX and RHEL System Security Parameters

System Security Parameter Type Parameter
Password and login Parameters (RHEL) “gptm” (p. 10-35)
“tmaxlntr” (p. 10-40)
“umaxlntr” (p. 10-41)
Trusted System Parameters (HP-UX)** “dlylntr” (p. 10-35)
“gptm” (p. 10-35)
“llog” (p. 10-36)
“lntmout” (p. 10-36)
“nullpw” (p. 10-36)
“rstrpw” (p. 10-39)
“syschpw” (p. 10-40)
“sysltpw” (p. 10-40)
“syspnpw” (p. 10-40)
“tmaxlntr” (p. 10-40)
“umaxlntr” (p. 10-41)
“usrpick” (p. 10-41)
Important! The parameters apply to both the HP-UX and Red Hat Enterprise Linux (RHEL)
platforms unless indicated differently.
*The password parameters are among the most useful and safest security parameters to
customize.
**We strongly recommend that these parameters are not changed with the HP System
Management Homepage (SMH).
ARCHIVE_LOG_SIZE
The ARCHIVE_LOG_SIZE file systems parameter specifies the size, in Mbyes, that is
reserved for the archived log files. The default is 100 Mbytes.
CHANGE_ENCRYPT_PASSWORD
The CHANGE_ENCRYPT_PASSWORD system security parameter specifies whether
the audit and log archive encryption password can be changed. For the initial password
set up, changing this parameter setting is useful; however, when data exists in the archive,
we do not recommend changing the settings of this parameter. The “EN-
CRYPT_ARCHIVE” (p. 10-35) is a related parameter. Refer to “Encryption set up”
The allowed values are YES and NO.
This parameter is an encryption parameter. This parameter and its values reside in the
following file:
....................................................................................................................................................................................................................................
10-34 1350 OMS
....................................................................................................................................................................................................................................
The scsecurity modify command line is used to change the initial value/setting of this
parameter.
dlylntr
The dlylntr (delay between login tries) system security parameter specifies the maximum
number of seconds that are to elapse between login tries.
The allowed values are numbers that represent elapsed seconds.
This parameter is a Trusted System drive parameter. This parameter and its values reside
in the following file:
parameter.
ENCRYPT_ARCHIVE
The ENCRYPT_ARCHIVE system security parameter specifies whether audit and log
archive encryption should be turned on or off. The “CHANGE_ENCRYPT_PASS-
WORD” (p. 10-34) is a related parameter. Refer to “Encryption set up” (p. 10-26) for
details.
The allowed values are YES, to turn on the archive encryption, and NO, to turn off the
archive encryption.
This parameter is an encryption parameter. This parameter and its values reside in the
following file:
parameter.
gptm
The gptm (grace period time maximum) system security parameter specifies the
maximum number of days that are allowed for a grace period, or that period of time in
which users are allowed to change their passwords.
The allowed values are numbers that represent the number of days. The default value is
21 days.
This parameter is also for password aging. This parameter and its values reside in the
following file:
parameter.
....................................................................................................................................................................................................................................
1350 OMS 10-35
....................................................................................................................................................................................................................................
llog
The llog (last log) system security parameter specifies the user inactivity time, which is
expressed in the number of days, that users have before their accounts are disabled
because they have not logged in to the system.
The allowed values are numbers that represent days; where the number 0 indicates
disabled. Note that setting this parameter to a value other than 0 can cause application
problems for the users.
parameter.
lntmout
The lntmout (login time out) system security parameter specifies the number of seconds
that are to elapse when logging in to the system before users are disconnected from the
network.
The allowed values are numbers that represent elapsed seconds.
parameter.
MIN_PASSWORD_LENGTH
The MIN_PASSWORD_LENGTH system security parameter specifies the minimum
number of characters that are allowed in a password.
The allowed value is a number that represents the number of characters. The default value
is 7 characters.
This parameter is a password parameter that handles the structure of a password. This
parameter and its values reside in the following file:
parameter.
nullpw
The nullpw (null password) system security parameter specifies whether users can enter a
null password.
....................................................................................................................................................................................................................................
10-36 1350 OMS
....................................................................................................................................................................................................................................
The allowed values are YES and NO. We strongly recommend that this password is set to
NO to prevent serious breaches in security.
parameter.
PASSWORD_HISTORY_DEPTH
The PASSWORD_HISTORY_DEPTH system security parameter specifies the number
times that users must change their passwords before they are allowed to reuse the same
password.
The allowed value is a number from 1 to 10. The default value is 5.
This parameter is a Password parameter that handles changing a password. This
parameter.
PASSWORD_MAXDAYS
The PASSWORD_MAXDAYS system security parameter specifies the maximum
number of days in which a particular password can remain current; or, the number of days
in the lifetime of one particular password before a user is not allowed system access.
The allowed value is a number that represents the number of days. The default value is
180 days.
This parameter is a password parameter that handles the aging of a password. This
parameter.
PASSWORD_MINDAYS
The PASSWORD_MINDAYS system security parameter specifies the minimum number
of days in which a particular password can remain current; or, the number of days in the
lifetime of one particular password before the user can change the password.
The allowed value is a number that represents the number of days. The default value is 0
days. Note: setting this parameter to a value other than 0 can cause application problems
for the users. The system prevents users from changing a password that is not older than
the specified number of days, which is the setting of the PASSWORD_MINDAYS.
....................................................................................................................................................................................................................................
1350 OMS 10-37
....................................................................................................................................................................................................................................
parameter.
PASSWORD_MIN_DIGIT_CHARS
The PASSWORD_MIN_DIGIT_CHARS system security parameter specifies the
minimum number of digits (numbers) that are allowed in a password.
The allowed value is a number that represents the number of digits allowed. The default
value is one (1) number.
parameter.
PASSWORD_MIN_SPECIAL_CHARS
The PASSWORD_MIN_SPECIAL_CHARS system security parameter specifies the
minimum number of special characters (such as *) that are allowed in a password.
The allowed value is a number that represents the number of special characters that are
allowed. The default value is one (1) special character.
parameter.
PASSWORD_WARNDAYS
The PASSWORD_WARNDAYS system security parameter specifies the number of days
in which users are warned, upon their login to the system, that their current password is
scheduled to expire.
The allowed value is a number that represents the number of days. The default value is 14
days.
parameter.
....................................................................................................................................................................................................................................
10-38 1350 OMS
....................................................................................................................................................................................................................................
PRI_SWITCH
The PRI_SWITCH system security parameter indicates the size of the primary audit log
file. Refer to “Audit Files for the HP-UX Platform” (p. 10-27) for additional details.
The allowed value is a numerical value indicating the size in kilobytes. This value is used
on the first application of the advanced security.
This parameter is an advanced security parameter.
This parameter and its values reside in the following file:
rstrpw
The rstrpw (restrict trivial passwords) system security parameter specifies whether
passwords are to be checked for trivialities.
SEC_SWITCH
The PRI_SWITCH system security parameter indicates the size of the seconday audit log
file. Refer to “Audit Files for the HP-UX Platform” (p. 10-27) for additional details.
The allowed value is a numerical value indicating the size in kilobytes. This value is used
on the first application of the advanced security.
This parameter is an advanced security parameter.
SIT
The SIT (shell inactivity timeout) system security parameter specifies the value in
seconds that the ksh and sh shells can be left inactive before a timeout occurs and the user
is automatically locked out.
The allowed value is a number that represents the number of seconds that can elapse
before a timeout can occur; and the number 0 to disable the feature.
parameter.
....................................................................................................................................................................................................................................
1350 OMS 10-39
....................................................................................................................................................................................................................................
syschpw
The syschpw (system character password) system security parameter specifies whether
the system can generate passwords that are composed of only characters.
Since the “usrpick” (p. 10-41) password is set to YES, this parameter should not be set
and is not a valid option.
sysltpw
The syschpw (system letter password) system security parameter specifies whether the
system can generate passwords that are composed of only letters.
syspnpw
The syspnpw (system pronounceable password) system security parameter forces the
system to generate a password that users can pronounce.
tmaxlntr
The tmaxlntr (maximum login tries) system security parameter specifies the maximum
number of unsuccessful login attempts before users are disconnected from the network.
The allowed values are numbers. The value of -1 on an HP-UX system or 0 on a Red Hat
Enterprise Linux system indicates that a check is not to be performed; and a number
greater than 0 indicates the number of allowed invalid attempts before the users are
disconnected from the network.
This parameter is a Trusted System drive parameter on HP-UX platform.
parameter.
....................................................................................................................................................................................................................................
10-40 1350 OMS
....................................................................................................................................................................................................................................
umaxlntr
The umaxlntr (unsuccessful maximum login tries) system security parameter specifies the
maximum number of consecutive invalid/unsuccessful login attempts before a user
account is locked.
The allowed values are numbers. The value of -1 on the HP-UX platform or 0 on the Red
Hat Enterprise Linux platform indicates that a check is not to be performed; and a number
greater than 0 means the number of allowed invalid attempts to log in to the system.
This parameter is a Trusted System drive parameter on HP-UX platform.
parameter.
usrpick
The usrpick (user pick) system security parameter specifies whether users can choose
their own passwords.
Important! This parameter must always be set to YES.
WARN_USERS_LIST
The WARN_USERS_LIST system security parameter is a list of users, separated by blank
spaces, who are to be e-mailed of security problems. Note: the mail is restricted to 1350
OMS system recipients only. Refer to “Log Files” (p. 10-23) for additional details.
The allowed values are a local username and a blank character space that separates one
user from the next.
This parameter is an advanced security parameter. This parameter and its values reside in
the following file:
....................................................................................................................................................................................................................................
1350 OMS 10-41
Security Prepare to Set Up Security
....................................................................................................................................................................................................................................
Prepare to Set Up Security

When to use
Use this task to prepare for the security set up.
Related information
• “Security Overview” (p. 10-2)
• “Security Profiles” (p. 10-11)
• “System Security Parameters” (p. 10-32)
Before you begin

Each step of this task refers you to other sections in this document that are important in
your understanding of the particular step.
Task
Complete the following steps to prepare for the security set up.
...................................................................................................................................................................................................
1 For the software that the 1350 OMS relies on and the software that is required for the
security set-up procedure, refer to “Security software requirements” (p. 10-2).
Note: The software that the security system requires is already included in the 1350 OMS
MW_OS platform.
...................................................................................................................................................................................................
2 Review and select the appropriate security profile for your needs.
Refer to “Security Profiles” (p. 10-11) and “Access to the secure host” (p. 10-12) for
details and considerations. In addition, for High Availability systems, refer to “Security
and restrictions on High Availability configurations” (p. 10-13).
...................................................................................................................................................................................................
3 To customize security defaults parameters, change the values in the following file:
Important for the HP-UX Platform! We strongly recommend that you make any
changes before security activation.
If you do make the modification when the security is configured, log in as root and enter
the following command to apply the new security values to the security configuration:
...,sys,root # scsecurity security [Enter]
Important! We strongly recommend that you do not change the Trusted System
configuration with the HP® System Management Homepage (SMH).
....................................................................................................................................................................................................................................
10-42 1350 OMS
Security Prepare to Set Up Security
....................................................................................................................................................................................................................................
Important! For High Availability configurations, the security must be configured at the
same level and with the same parameters set up on every system. A non-aligned security
setup can cause serious problems. Refer to “System Security Parameters” (p. 10-32) for
details.
...................................................................................................................................................................................................
4 To customize any additional advanced, encryption, trusted system parameters (for the
HP-UX platform ) or login parameters (for the Red Hat Enterprise Linux platform)
change the values in the following file:
If you do make the modification when the security is configured, log in as root and enter
the following command to apply the new security values to the security configuration:
scsecurity modify
Important! We strongly recommend that you do not change any Trusted System
parameters with the HP® System Management Homepage (SMH). In addition, some
Trusted System parameters cannot be modified with scsecurity modify.
Refer to “System Security Parameters” (p. 10-32) for details.
In addition, refer to “Location and access to the system security parameters”
(p. 10-32) for instructions on how to manage the customization of the security.parms
files.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 10-43
Security Set Up Security with Any Profile
....................................................................................................................................................................................................................................
Set Up Security with Any Profile

When to use
Use this task to set up security with any profile, which includes the trusted-base or
trusted-advanced profile.
Related information
• “Prepare to Set Up Security” (p. 10-42) task
Before you begin

Step 1 of this task requires you to complete the “Prepare to Set Up Security”
(p. 10-42) task.
Read “Security configuration tool functional overview” (p. 10-2) before you proceed with
this task.
For High Availability systems, refer to “Security and restrictions on High Availability
configurations” (p. 10-13) before you proceed with this task.
Task
Complete the following steps to set up security with any profile, which includes the
trusted-base or trusted-advanced profile.
...................................................................................................................................................................................................
1 Complete all of the steps in the “Prepare to Set Up Security” (p. 10-42) task.
...................................................................................................................................................................................................
2 Log in to the appropriate server as root.

...................................................................................................................................................................................................
3 Enter the following command followed by the profile type that reflects the appropriate
security level for your installation:
...,sys,root # scsecurity <profile type> [Enter]
Where:
<profile type> is trusted-base or trusted-advanced.
....................................................................................................................................................................................................................................
10-44 1350 OMS
Security Set Up Security with Any Profile
....................................................................................................................................................................................................................................
Result: The set-up for the scsecurity tool for the trusted-advanced profile requires
some disk space to be allocated.
For the software that the 1350 OMS relies on and the software that is required for the
security set-up procedure, refer to “Security software requirements” (p. 10-2). For
details on the tool output and additional user responses, refer to “Security
configuration tool functional overview” (p. 10-2).
...................................................................................................................................................................................................
4 If you are configuring security with a trusted-base profile, go to Step 6.

If you are configuring security with an trusted-advanced profile, go to Step 5.
...................................................................................................................................................................................................
5 If you are configuring security with a trusted-advanced profile, enter and then re-enter
the new password for the security user when the tool outputs a display similar to the
following:
Executing 'security' user creation

Define password for user 'security'
Changing password for security
Last successful password change for security: NEVER
Last unsuccessful password change for security: NEVER
New password:
Re-enter new password:
New password: <enter the new password here>
Re-enter password: <enter the new password here again>
Result: The tool checks the password, and upon its acceptance of the new password, it
outputs a display similar to the following:
Password successfully changed
...................................................................................................................................................................................................
6 Complete the steps in the “Verify and Kill Processes on the HP-UX Platform”
(p. 10-48) task.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 10-45
Security Change a Manufacturer's Default Passwords
....................................................................................................................................................................................................................................
Change a Manufacturer's Default Passwords

When to use
Use this task to change a manufacturer's default passwords.
Related information
Before you begin

To prevent unauthorized access to the system through the 1350 OMS default accounts, we
highly recommended that you provide a new, secure password to the following user
accounts:
• axadmin
• snml
• bmml
• wdm
• alcatel
Task
Complete the following steps to change a manufacturer's default passwords.
...................................................................................................................................................................................................
1 Log in to the system in a shell as root .

...................................................................................................................................................................................................
2 Enter command the following command:

passwd <user>
Where: <user> is one of the following account names:
axadmin, snml, bmml, wdm, or alcatel.
Result: The system prompts you to type a new password.
...................................................................................................................................................................................................
3 When prompted to enter a new password, type a new password and confirm it without
echo entered characters.
Important! Passwords must meet the rules that are set for the security policy.
...................................................................................................................................................................................................
4 Repeat step 2 and 3 for each user account.

....................................................................................................................................................................................................................................
10-46 1350 OMS
Security Change a Manufacturer's Default Passwords
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
5 Optional, but strongly recommended: Periodically change the password to the root
account.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 10-47
Security Verify and Kill Processes on the HP-UX Platform
....................................................................................................................................................................................................................................
Verify and Kill Processes on the HP-UX Platform

When to use
Use this task to verify and kill processes on the HP-UX Platform.
Related information
• “Set Up Security with Any Profile” (p. 10-44) task
Before you begin

Important! The steps in this task only refer to the HP-UX platform. They do not refer to
the Red Hat Enterprise Linux platform.
This task requires you to complete the “Prepare to Set Up Security” (p. 10-42) and “Set
Up Security with Any Profile” (p. 10-44) tasks.
When the scsecurity tool has set up the security configuration, you must verify the
contents of the /var/opt/sec_mgmt/bastille/TODO.txt file. In this TODO.txt file, Bastille
writes the running processes that are related to TCP/IP services that have been closed.
These processes are no longer started at the next reboot; however, if you want to
guarantee a higher security level, you must examine the contents of the file and identify
these processes. The process names are usually shown between two pound sign (#) lines.
See the TODO.txt example that is displayed in Step 1.
Task
Complete the following steps to verify and kill processes on the HP-UX Platform.
...................................................................................................................................................................................................
1 Open the TODO.txt file:

/var/opt/sec_mgmt/bastille/TODO.txt
Result: The file outputs lines of text that are similar to the following:
{<date/time stamp>}
---------------------------------------
Deactivating Inetd Service: rtools
---------------------------------------
The following process(es) are associated with the inetd service "rtools".
They are most likely associated with a session which was initiated prior to
running Bastille. To disable a process see "kill(1)" man pages or reboot
the system
Active Processes:
###################################
rlogind
###################################
{<date/time stamp>}
....................................................................................................................................................................................................................................
10-48 1350 OMS
Security Verify and Kill Processes on the HP-UX Platform
....................................................................................................................................................................................................................................
---------------------------------------
Deactivating Inetd Service: bootps
---------------------------------------
The following process(es) are associated with the inetd service "bootps".
They are most likely associated with a session which was initiated prior to
running Bastille. To disable a process see "kill(1)" man pages or reboot
the system
Active Processes:
###################################
bootpd
###################################
...................................................................................................................................................................................................
2 Determine the process names that must be killed. Note: the process names are typically
displayed between the two pound sign (#) lines.
...................................................................................................................................................................................................
3 Log in to the system as root.

...................................................................................................................................................................................................
4 Enter the following command to identify the process identifier (PID):

...,sys, root # UNIX95=ps -C <process name> [Enter]
Where:
process name is the name/names of the process or processes that you identified in the
TODO.txt file.
Result: The process identifiers are displayed in the PID column of the command
output.
...................................................................................................................................................................................................
5 Enter the following command for each identified PID and press Enter.
...,sys,root# kill -15 <PID> [Enter]
...................................................................................................................................................................................................
6 Repeat Step 4 and Step 5 for each process that is in the TODO.txt file.
...................................................................................................................................................................................................
7 Ask all authorized users to log out of the current session and log back in so they can be
connected to the system through the secure connection.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 10-49
Security Remove Security
....................................................................................................................................................................................................................................
Remove Security
When to use
Use this task to remove any existing security or to change the security profile.
Important! We do not recommend that the security configuration is reverted to that of
an unsecured configuration because it can affect password aging and the general
password definition.
Related information
• “Set Up Security with Any Profile” (p. 10-44)
• “Security user-allowed commands” (p. 10-13)
Before you begin

The security revert form of this tool restores the system to the state that it was in before
the security set up. If any changes were made to the system in the interim (either
manually, through the “Security user-allowed commands” (p. 10-13), or by other
programs), these changes should be reviewed to determine if they have broken the system
or compromised its security.
Note for HP-UX: If the trusted-advanced security profiles are in use, the current audit
file is compressed and moved into the /.ARCHIVE directory each time the 1350 OMS
security is reverted to the default HP-UX level through scsecurity revert.
Task
Complete the following steps to remove any existing security or to change a security
profile.
...................................................................................................................................................................................................
1 Log in to the system as root:

...................................................................................................................................................................................................
2 Enter the following command to remove security or to change a security profile:

...,sys,root # scsecurity revert [Enter]
Result: If any changes were made to the security configuration in the interim (either
manually or by other programs), the tool outputs a display that lists the changes.
...................................................................................................................................................................................................
3 If you are using the security revert to change a security profile, go to the “Set Up Security
with Any Profile” (p. 10-44) task to set up a security with a new profile.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
10-50 1350 OMS
Security Troubleshoot and Fix /etc/passwd File Problems on the
HP-UX Platform
....................................................................................................................................................................................................................................
Troubleshoot and Fix /etc/passwd File Problems on the HP-UX

Platform
When to use
Use this task to troubleshoot and fix /etc/passwd file problems on the HP-UX Platform.
Related information
Before you begin

The security for the 1350 OMS converts HP-UX in the Trusted System, along with the
/etc/passwd file. If the /etc/passwd conversion fails, the Trusted System conversion also
fails; however, other security actions are performed. When this problem occurs, output
similar to the following is displayed:
WARNING: Failed to Execute Command: /usr/lbin/tsconvert

Command Output: Creating secure password database...
Directories created.
....
Can't write protected database;
password file unchanged.
ERROR: Trusted system conversion was unsuccessful for an unknown reason.
You may try using SMH to do the conversion instead of Bastille.
Task
Complete the following steps to fix /etc/passwd file problems on the HP-UX Platform.
...................................................................................................................................................................................................
1 Complete the steps in the “Remove Security” (p. 10-50) task.

...................................................................................................................................................................................................
2 Use the following command to identify and fix the /etc/passwd error:
...,sys,root # pwck [Enter]
When using the pwck command, ignore irrelevant errors of the following type:
webadmin:*:40:1::/usr/obam/server/nologindir:/usr/bin/false
Login directory not found
goglobal:*:103:20:Graphon database user:/home/goglobal:/bin/sh
Login directory not found
....................................................................................................................................................................................................................................
1350 OMS 10-51
Security Troubleshoot and Fix /etc/passwd File Problems on the
HP-UX Platform
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Set up the security again.

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
10-52 1350 OMS
Security Authorize Access to the Depot Machine on the HP-UX
Platform
....................................................................................................................................................................................................................................
Authorize Access to the Depot Machine on the HP-UX Platform

When to use
Use this task to authorize access to the depot machine on the HP-UX platform.
Related information
Before you begin

For security, the HP® Software Distributor service is disabled. Because the depot
machine must distribute software when the system is configured with a security profile,
the depot machine must be set up to enable the access for the remote hosts.
The swacl command is used to view or modify the Access Control Lists (ACLs) that are
used to protect software products.
Task
Complete the following steps to authorize access to the depot machine on the HP-UX
Platform.
...................................................................................................................................................................................................
1 Enter the following command to grant access to the root user on the remote host:
..., root,sys # swacl -l host -M user:root@<hostname>:-r-t:
[Enter]
Result: The root user now has access on the remote host.
...................................................................................................................................................................................................
2 Enter the following command to remove access of the root user on the remote host:
..., root,sys # swacl -l host -D user:root@<hostname> [Enter]
Result: The root user no longer has access on the remote host.
...................................................................................................................................................................................................
3 Enter the following command to list the host ACL on the local host:
..., root,sys # swacl -l host [Enter]
Result: The host ACL is now listed on the local host.
...................................................................................................................................................................................................
4 Remove access after the software installation.

E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 10-53
Security Authorize Access to the Depot Machine on the HP-UX
Platform
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
10-54 1350 OMS
®
11 11 Printer Configurations
HP
for HP® Servers
Overview
Purpose
information and the associated tasks that pertain to HP® printer configurations for HP
servers.
Contents
HP® Printer Configuration Overview 11-2

Configure an HP® Printer in the Local Spooler Queue 11-3
Start the HP-UX System Spooler 11-8
®
Configure an HP Printer upon Booting from the Local System 11-9
...................................................................................................................................................................................................................................
1350 OMS 11-1
HP ® Printer Configurations for HP ® Servers HP® Printer Configuration Overview
....................................................................................................................................................................................................................................
HP® Printer Configuration Overview

The HP® printer configuration tool
To configure any HP® printer, the HP hppi tool must be used. This tool configures the
printer on the system so software can be downloaded from the network. In addition, this
tool also configures the spooler and the print queues on all declared systems.
Two HP® printer configurations

The following printer configurations are supported:
• A spool queue configuration is supported.
With this type of configuration, the administrator can configure an existing HP®
printer that is already active in the network by creating a spool queue.
Refer to “Configure an HP® Printer in the Local Spooler Queue” (p. 11-3) for details.
• A boot configuration is supported.
With this type of configuration, the administrator can configure an HP® printer by
loading the printer configuration remotely upon power-up of the printer.
Refer to “Configure an HP® Printer upon Booting from the Local System”
....................................................................................................................................................................................................................................
11-2 1350 OMS
HP ® Printer Configurations for HP ® Servers Configure an HP® Printer in the Local Spooler Queue
....................................................................................................................................................................................................................................
Configure an HP® Printer in the Local Spooler Queue

When to use
Use this task to configure a printer in the local spooler queue.
Related information
• “HP® Printer Configuration Overview” (p. 11-2)
• “Start the HP-UX System Spooler” (p. 11-8)
Before you begin

You will need following information when the spool queue is being set up in this task:
• The Name is a meaningful 8 character string that you assign to the printer. We advise
you to declare the printer name as an external code with scNMmng.
• The IP Address is the network IP address that you assign to the printer.
• The Default Queue prompt must be answered as Yes or No:
Is this the system default queue
We recommend that you set the first defined queue as the default queue.
• The Banner Page prompt must be answered as Yes or No:
Would you like to issue the banner page at the beginning of
any print job.
Task
Complete the following steps to configure a printer in the local spool queue.
...................................................................................................................................................................................................

...................................................................................................................................................................................................
2 Enter the following command to initialize the hppi tool for JetDirect printer installation:
..,sys,root # hppi [Enter]
Result: The tool outputs the JetDirect banner page, which is followed by the main
menu:
***************************************************************
***** *****
***** ***** JetDirect Printer Installer for UNIX
***** ***** Verison E.10.18
***** *****
***** ***** M A I N M E N U
***** *****
....................................................................................................................................................................................................................................
1350 OMS 11-3
....................................................................................................................................................................................................................................
User: [root] OS: (HP-UX B.11.11)
I N V E N T
****************************************************************
1) Spooler Administration (super-user only)
2) JetDirect Configuration (super-user only)
- TCP/IP configurable parameters
3) Diagnostics:
- diagnose printing problems
?) Help q) Quit
Please enter a selection (q - quit):
...................................................................................................................................................................................................
3 At the main menu, enter 1 to select Spooler Administration.

Result: The tool outputs the Spooler Administration banner page, which is followed
by its main menu:
Spooler:
1) Add printer to local spooler
2) Delete printer from local spooler
4) Install New Model Script
5) Remove Model Script
?) Help q) Quit
Please enter selection:
...................................................................................................................................................................................................
4 At the Spooler Administration menu, enter 1 to Add printer to local spooler.

Result: The system prompts you for the printer name or IP address:
...................................................................................................................................................................................................
5 At the following prompt, enter the printer name or the IP address:

Enter the network printer name or IP address (q - quit):
Note: if you have already declared the printer name in the /etc/hosts file through
scNMmng, enter the printer name. If you have not declared the printer name, enter the IP
address. We recommend that you enter the printer name and not the IP address because
you will have to review/change the printer configuration if the printer IP address changes.
Result: The system outputs a display similar to the following to enable the Realtime
Model Script update:
The latest model script can be downloaded from the web before creating
any queue. This can be done by enabling Realtime Model Script Update.The
Realtime Model Script Update can be Enabled/Disabled from the diagnostics menu.
...................................................................................................................................................................................................
6 At the following prompt, press the Enter key:

Do you want to Enable Realtime Model Script Update(0-Enable,
default-Disable): Enter
....................................................................................................................................................................................................................................
11-4 1350 OMS
....................................................................................................................................................................................................................................
Result: The tool outputs the following list of suggested parameter values:
The following is a list of suggested parameter values for this queue. You
may change any settings by selecting the corresponding non-zero numbers. The
values
will be used to configure this queue when '0' is selected.
To abort this configuration operation, press 'q'.
Configurable Parameters: Current Settings
------------------------ ----------------
1) Lp destination (queue) name: [<printername>_1]
2) Status Log [(No Log)]
3) Queue Class [(Not assigned)
4) Default Queue [NO]
5) Additional printer configuration...
...................................................................................................................................................................................................
7 At the following prompt enter 1 to change the LP queue:

Select an item for change, or '0' to configure (q - quit): 1
Result: The tool outputs a display similar to the following that lists the currently used
queue names:
Currently used names:

--------------------
(no queues are configured)
...................................................................................................................................................................................................
8 At the following prompt enter 1 to enter the LP destination name:

Enter the lp destination name (default=<Printer name>_1, q -
quit): <printer name>
Result: The tool updates the items in the Current Settings of the suggested
parameter values menu.
...................................................................................................................................................................................................
9 If you are configuring the first print queue or if you want to define this printer as the new
default queue, enter a 4 at the following prompt:
...................................................................................................................................................................................................
10 If you want to set the banner page issue, at the next suggested parameter values menu,
enter 5 at the following prompt:
The following is a list of suggested parameter values for this printer.

To abort this operation, press 'q'.
Configurable Parameters: Current Settings
------------------------ ----------------
....................................................................................................................................................................................................................................
1350 OMS 11-5
....................................................................................................................................................................................................................................
1) Model Script: [net_lj4x]
2) Default Printing Language [AUTO]
3) Job Recovery [ON]
4) True End-of-Job [ON]
5) Banner Page [OFF]
6) PostScript Level [Level 1]
...................................................................................................................................................................................................
11 If you want to set the banner page issue, enter 5 at the following prompt:
Result: The Banner Page current setting is changed from [OFF] to [ON] and the tool
re-displays the submenu issued.
...................................................................................................................................................................................................
12 At the following prompt, enter q to quit:

Select an item for change, or '0' to configure (q - quit): q
Result: The tool re-displays the Printer Characteristics Menu.
...................................................................................................................................................................................................
13 At the following prompt in the Printer Characteristics Menu, enter q to quit:

Result: When the spooler is not running, the tool outputs a display that is similar to
the following:
The spooler is already not running in the system!

It will not be switched on after the configuration
When the spooler is running, the tool outputs a display that is similar to the following:
Ready to shut down the spooler and configure the new print queue.
The spooler will be running again after the configuration is done.
WARNING: If there are jobs currently being printed, and the page count is
enabled (i.e. when True End-of-Job is turned on), this shutdown and rerun
of the spooler may result in incorrect page count.
...................................................................................................................................................................................................
14 If the spooler is running, enter the following command to verify that a print job is not
queued:
lpstat -t
If the spooler is not running, the tool outputs the following message to remind you to start
the spooler:
WARNING : The spooler is not running!

To print, turn on the spooler (lpsched)
....................................................................................................................................................................................................................................
11-6 1350 OMS
....................................................................................................................................................................................................................................
Result: The tool returns to the Spooler Administration menu.
...................................................................................................................................................................................................
15 At the Spooler Administration menu, enter q to exit the Spooler Administration menu.
Please enter selection: q [Enter]
q [Enter]
Result: The tool displays the Direct Printer Installation Main Menu.
...................................................................................................................................................................................................
16 At the Jet Direct Printer Installation Main Menu, enter q to exit the tool.
Please enter a selection (q - quit): q [Enter]
q [Enter]
Result: You have exited the tool.
...................................................................................................................................................................................................
17 Complete the steps in the “Start the HP-UX System Spooler” (p. 11-8) task.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 11-7
HP ® Printer Configurations for HP ® Servers Start the HP-UX System Spooler
....................................................................................................................................................................................................................................
Start the HP-UX System Spooler

When to use
Use this task to start the HP-UX system spooler
Related information
See the following topics in this document::
• “Configure an HP® Printer in the Local Spooler Queue” (p. 11-3)
Before you begin

The HP-UX system spooler is automatically started during system start-up only when a
print queue is defined. When you initially define the first queue, it typically does not run;
therefore, you must use the steps in this task to start the print queue manually.
Task
Complete the following steps to start the spooler.
...................................................................................................................................................................................................

...................................................................................................................................................................................................
2 Enter the following command to start the spooler:

..,sys,root # lpsched [Enter]
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
11-8 1350 OMS
HP ® Printer Configurations for HP ® Servers Configure an HP® Printer upon Booting from the Local
System
....................................................................................................................................................................................................................................
Configure an HP® Printer upon Booting from the Local System

When to use
Use this task to configure an HP® printer upon booting from the local system.
Related information
• “Start the HP-UX System Spooler” (p. 11-8)
Before you begin

This printer configuration enables you to load the printer configuration remotely upon
power-up time.
If you decide to use this method, we recommend the following:
• Choose two HP-UX systems that are configured to set up the printers.
• Keep the databases of these two systems synchronized.
You will need the following information when the boot configuration is being set up
during this task:
• Name is a meaningful 8 character string that you assign to the printer. We advise that
you declare the printer name as an external code with scNMmng.
• IP Address is the network IP address that you assign to the printer.
• LAN Hardware Address is the hardware address of the card, which is also known as
MAC(2). This address is typically a hexadecimal string that consists of six
colon-separated sets of hexadecimal notation in the format: 00:30:6E:08:AF:6F. You
must retrieve this address from the printer itself; refer to the printer documentation for
help.
Task
Complete the following steps to configure an HP® printer upon booting from the local
system.
...................................................................................................................................................................................................

...................................................................................................................................................................................................
2 Enter the following command to initialize the hppi tool for JetDirect printer installation:
..,sys,root # hppi [Enter]
Result: The tool outputs the JetDirect banner page, which is followed by the main
menu:
....................................................................................................................................................................................................................................
1350 OMS 11-9
System
....................................................................................................................................................................................................................................
****************************************************************
1) Spooler Administration (super-user only)
2) JetDirect Configuration (super-user only)
- TCP/IP configurable parameters
3) Diagnostics:
- diagnose printing problems
?) Help q) Quit
Please enter a selection (q - quit):
...................................................................................................................................................................................................
3 At the main menu, enter 2 to select JetDirect Configuration.

Result: The tool outputs the JetDirect banner page, which is followed by its main
menu:
Printer Network Interface:

1) Create printer configuration in BOOTP/TFTP database
2) Remove printer configuration from BOOTP/TFTP
3) Check Bootp and TFTP operation (super-user only)
- OR -
Telnet Configure JetDirect:
4) Set IP Address locally
(within your local subnet - router)
5) Open Telnet Session to JetDirect Card
?) Help Me Decide q) Quit
...................................................................................................................................................................................................
4 At the JetDirect Configuration menu, enter 1 to Create printer configuration in

BOOTP/TFTP database.
Result: The tool outputs a display similar to the following, which instructs you how
to answer a series of prompts:
These responses apply to all questions:

"q" - returns you to the next higher level menu
"?" - prints help text
<return> - skips optional parameters or selects the default value
...................................................................................................................................................................................................
5 At the following prompt, enter the LAN address of the printer:

Enter the printer's LAN hardware address: <MAC Address> [Enter]
...................................................................................................................................................................................................
6 At the following prompt, enter the name of the printer:

Enter the network printer name (q - quit): <Printer Name>
...................................................................................................................................................................................................
7 At the following prompt, enter the IP address of the printer:

Enter IP address: <Printer IP Address>
....................................................................................................................................................................................................................................
11-10 1350 OMS
System
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
8 At the following prompt, specify the printer name and the IP address of the printer that
should be added to the /etc/hosts file:
Add <Printer Name> and <Printer IP Address> to /etc/hosts? (y/n/
q, default=y) y
Result: The tool outputs a display similar to the following to remind you to update
your master source:
Printer name and IP address have been added to /etc/hosts.

If your /etc/hosts file is updated automatically from a master source,
add the name and IP address to your master source after the
configuration is complete.
The tool then outputs a display similar to the following on optional parameters that
you can set:
Following are optional parameters you may set for JetDirect. Select any non-
zero numbers to make the changes. The settings are used to create a
BOOTP/TFTP database when '0' is selected. To abort the operation, press
'q'
Other optional parameters:
-------------------------
1) Set printer location (uses tftp)
2) Set printer contact (uses tftp)
3) Set subnetmask
4) Set gateway
5) Set syslog (uses tftp)
6) Change idle timeout (uses tftp)
7) Create access list (up to 10 names).(Default: all allowed).(uses tftp)
8) Other SNMP parameters: (uses tftp)
(GET/SET community name, trap and community name, authentication
trap)
9) Set HP JetDirect lpd banner page
...................................................................................................................................................................................................
9 At the following prompt, enter 1 to set the printer location:

Select an item for change, or '0' to configure (q - quit):
1 [Enter]
...................................................................................................................................................................................................
10 At the following prompt, enter the name of the printer location:

Enter the printer location (q - quit): <Location name> [Enter]
...................................................................................................................................................................................................
11 At the following prompt, enter 0 to configure the printer:

....................................................................................................................................................................................................................................
1350 OMS 11-11
System
....................................................................................................................................................................................................................................
Result: The tool outputs a display that is similar to the following that confirms the
creation of the BOOTP/TFTP configuration database and the placement of the
configuration data.
Completed creating BOOTP/TFTP configuration database for <Printer Name>

Tftp service is also used to boot up JetDirect. Make sure /var/adm/inetd.sec
allows JetDirect's IP to access ftp service on this node.
Please wait...
(testing, please wait) ...
Testing BOOTP with 080009000000...:
RESULT: Passed BOOTP test 1 with 080009000000.
......
BOOTP/TFTP has been verified functional.
Configuration data is now in place. The next test is to ping the printer for
the IP name you just assigned it. To continue the test, you MUST do the
following so that the printer can configure itself with the configuration
data:
Power cycle the printer.
...................................................................................................................................................................................................
12 Power the printer off and on.

Result: The tool outputs a display that is similar to the following that requests you to
wait until the printer finishes its selftest.
Wait until the printer finishes the self test.

(Note: It may take 20 sec to 1 min for a token ring HP
JetDirect interface to finish the configuration.)
Press the return key to continue the test.
...................................................................................................................................................................................................
13 Press the Enter key on the keyboard to continue the test.

[Enter]
If you are not ready for the next test

(for example, the IP name has not taken affect in your DNS server),
press 'q' to return to the configuration menu now.
...................................................................................................................................................................................................
14 At the following prompt, enter y to send the test files to the printer:
Do you want to send test file(s) to this printer (y/n, default=
n)? y [Enter]
This test is using test files to demonstrate that data bytes can be
transmitted across the HP JetDirect interface setup.
As long as a few characters print out, the test is successful.
....................................................................................................................................................................................................................................
11-12 1350 OMS
System
....................................................................................................................................................................................................................................
The printer must be ready, i.e. online and not printing anything.
The following types of test files can be sent to the printer:
1) text file (if printer is in PCL or AUTO mode)
2) PostScript file (if printer is in PS or AUTO mode)
3) HP-GL/2 file (if it is a HPGL/2 plotter)
4) User supplied file
...................................................................................................................................................................................................
15 At the following prompt, enter 2 to indicate that the PostScript file should be transmitted:
Which one should be transmitted? (1/2/3/q, default=1) 2
Result: The tool displays output that is similar to the following that indicates that the
test file has been sent to the named printer:
Sending a test file to <Printer Name> ...

Result: The file has been successfully sent to <Printer Name>.
Check output!
...................................................................................................................................................................................................
16 At the following prompt, press the Enter key to continue:

Press the return key to continue ... [Enter]
Result: The tool displays the JetDirect Configuration Menu.
...................................................................................................................................................................................................
17 At the Jet Direct Configuration Menu, enter q to exit Configuration Menu.

Please selection: q [Enter]
Result: The tool outputs the JetDirect Main Menu.
...................................................................................................................................................................................................
18 At the Jet Direct Main Menu, enter q to exit the tool.

Please enter a selection (q - quit): q [Enter]
Result: You have exited the tool.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 11-13
System
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
11-14 1350 OMS
12 Troubleshooting
12
Overview
Purpose
information and the associated tasks that pertain to troubleshooting the overall 1350
OMS.
Contents
General Troubleshooting 12-3

Troubleshooting 12-3
Ping a Node 12-6
Activate the KDC Log on the HP-UX Platform 12-8
Deactivate the KDC Log on the HP-UX Platform 12-10
Action to avoid raising of Java Security Warning 12-11
System / Environment 12-12
OS Percentage Usage 12-13
Manage Semaphores 12-14
Unlock the Login to the 1350 OMS 12-15
Add Nodes to the 1350 OMS Kerberos System Configuration 12-16
System Installation and Customization 12-18
Troubleshoot 1350 OMS System License Problems 12-19
Remove the WDM Component from the 1350 OMS 12-21
Product Installation 12-23
Troubleshoot Product Installation Failures (no space/file busy) 12-23
Configure and Test the Centralized User DB in a Distributed Environment 12-26
Product Customization 12-37
Customize a 1350 OMS Component while Other Components Are Running 12-38
...................................................................................................................................................................................................................................
1350 OMS 12-1
Troubleshooting Overview
....................................................................................................................................................................................................................................
Perform a Manual Customization/De-customization (without using the Install 12-40

Wizard)
Perform a Fast Customization of the MS-GUI Package 12-42
Customizing WDM to Exclude the Remote eOMS 12-44
System Applications Management 12-45
PMC2 Process Monitoring 12-45
SAS, UDM, LDAP 12-48
Web Desktop Administration 12-51
Cannot Connect to the Authentication Server 12-61
Work Arounds for the MS-GUI 12-63
Work Arounds for Database Management 12-67
General Work Arounds for Application Problems 12-69
Work Arounds for File System Management 12-71
NMA Basic Debug/Configuration Notes 12-73
Logging 12-73
Configuration 12-76
....................................................................................................................................................................................................................................
12-2 1350 OMS
Troubleshooting Troubleshooting
....................................................................................................................................................................................................................................
Troubleshooting
Overview
Troubleshooting guidelines are provided in terms of symptoms and fixes, and any related
tasks that might accompany the fix.
Network configuration problems

Because the MW-INT and Kerberos configuration is designed to provide a high security
level, it must be able to identify the incoming ticket IP address. Therefore, two LAN
interface cards cannot be configured on the same system in the same subnetwork.
HP-UX Output:
# ifconfig lan0
lan0: flags=843<UP,BROADCAST,RUNNING,MULTICAST>
inet 10.12.20.234 netmask ffff0000 broadcast 10.12.255.255
#ifconfig lan1
lan1: flags=843<UP,BROADCAST,RUNNING,MULTICAST>
inet 10.12.21.10 netmask ffff0000 broadcast 10.12.255.255
LINUX Output:
..,root,root # ifconfig eth0

eth1 Link encap:Ethernet HWaddr 52:54:00:28:D3:AE
inet addr:192.168.100.173 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe28:d3ae/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:43 errors:0 dropped:0 overruns:0 frame:0
TX packets:1373 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2546 (2.4 KiB) TX bytes:681654 (665.6 KiB)
Interrupt:11 Base address:0xa000
...,root,root # ifconfig eth1

eth2 Link encap:Ethernet HWaddr 52:54:00:1D:47:6C
inet addr:192.168.100.183 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe1d:476c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:43 errors:0 dropped:0 overruns:0 frame:0
TX packets:65 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2546 (2.4 KiB) TX bytes:7408 (7.2 KiB)
Interrupt:10
....................................................................................................................................................................................................................................
1350 OMS 12-3
....................................................................................................................................................................................................................................
Note: In the previous output, the subnet mask splits the IP address information into the
subnet and host. The bit that is set to 1 in the netmask identifies the subnet; the bit that is
set to 0 identifies the host. Since the netmask is provided as a hexadecimal bit
representation and the IP address and four figures are dot separated, it is difficult to
identify the two IP address that are masked by netmask, which provides the same subnet.
The easiest way to compare the broadcast information shown is by the ifconfig command.
In the previous output, the display of the same broadcast value indicates if two IP
addresses differ in their binary representation and if they are in the same subnet.
Note: The addressing scheme is designed for optimal network behavior. To improve
network throughput, use the HP® Auto Port Aggregation.
Ticket is ineligible for postdating

A common error message that the MW-INT with Kerberos outputs describes time
differences among servers.
FATAL Error while sending command to host = <hostname> - Error = 5 (Ticket is

ineligible for postdating) at /alcatel/<release>/Kernel/lib/lib_perl/
Remotizer.pm
line <number>
When the hostname that is displayed in the message refers to a server that is different
from the one that has output the error, a time difference greater than five minutes between
the two severs clocks can exist.
Verify the times on the two system clocks by entering the following command:
...,root,sys $ date -u [Enter]
If the times are out of synchronization, verify the Network Time Protocol (NTP)
configuration. Refer to the 1350 OMS Installation Guide for details.
Cannot contact any KDC for requested realm

When a process on a local server cannot contact the remote or local KDC, output similar
to the following is displayed:
KRB5 XS: Cannot contact any KDC for requested realm while initializing krb5
FATAL Error while sending command to host = <hostname> -
Error = 5 (Cannot contact any KDC for requested realm)
at /alcatel/<release>/Kernel/lib/lib_perl/Remotizer.pm line <number>
The KDC daemon is not responding on the server that is identified as <hostname>.
Use the steps in the “Ping a Node” (p. 12-6) task to determine if the host can be reached.
If the host can be reached, log into that host server as root and stop/start the KDC daemon
by entering the following command:
...,root,sys $ /sbin/init.d/krbsrv stop ; /sbin/init.d/krbsrv start [Enter]
Important! When Kerberos is stopped and restarted, system malfunctions can occur.
....................................................................................................................................................................................................................................
12-4 1350 OMS
....................................................................................................................................................................................................................................
Unable to connect ConnectionManager
When a process on a local server cannot connect with the remote or local Connection
Manager daemon, communication cannot be established. Output similar to the following
is displayed:
FATAL Error while sending command to host = <hostname> -

Error = 11 (Unable to connect ConnectionManger) at
/alcatel/<release>/Kernel/lib/lib_perl/Remotizer.pm line <number>
To fix this problem, do the following:
1. Use the steps in the “Ping a Node” (p. 12-6) task to determine if the remote host can
be reached.
2. Enter the following command to check the Connection Manager daemon on the server
that is named as <hostname>:
...,root,sys $ ps -ef | grep conmgr.exe [Enter]
root 1963 1 0 08:54:19 ? 0:01 /alcatel/<release>/Kernel/bin/conmgr.exe

5001
5001
5001
root 9277 18294 0 15:36:11 pts/ta 0:00 grep conmgr.exe
Identify the process that has a 1 in the parent Process Identifier (PID) column, which is
the third column in the output example. Wait a while and re-enter the same command. If
the conmgr process has a 1 as a parent PID and it has the same PID in both the ps
outputs, it is stable. If a line is not displayed or if the two PIDs that are displayed are
different, contact your Alcatel-Lucent local customer service support team immediately.
KDC daemon log file

To identify the cause of a problem, you can force the Kerberos KDC to log its activity in
a log file. To force the KDC to produce a log file, change its start-up script and stop/start
the daemon. Refer to the “Activate the KDC Log on the HP-UX Platform” (p. 12-8) and
“Deactivate the KDC Log on the HP-UX Platform” (p. 12-10) tasks for details.
....................................................................................................................................................................................................................................
1350 OMS 12-5
Troubleshooting Ping a Node
....................................................................................................................................................................................................................................
Ping a Node
When to use
Use this task to ping a node/host; meaning, to verify if a node can communicate with the
local node/host.
Related information
Before you begin

Any node that is connected to the network has one or more network adapters (NAs), each
of which is configured with an IP address. To simplify network access and to allow for a
virtual IP address change, the IP address of the NAs is typically identified with an alias (a
name) that the system automatically translates to an IP address.
Command format:
ping <IP address/host name> <bytes> <packets>
Task
Complete the following step to ping a host.
...................................................................................................................................................................................................
1 Enter the following command to ping the host through its IP address:
...,root,sys $ ping <IP address/hostname> <bytes> <packets>
Example:
,sys,root # ping <IP address/host name> 64 5
The command outputs a display similar to the following:
PING 192.9.4.42: 64 byte packets

64 bytes from 192.9.4.4: icmp_seq=0. time=0. ms
----192.9.4.4 PING Statistics----
5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0
Result: The system outputs host information as shown in the example. Any error or
output with packet loss equal to 100% means the machine is unreachable or unknown.
If the host is unknown, the system outputs a display that is similar to the following:
....................................................................................................................................................................................................................................
12-6 1350 OMS
Troubleshooting Ping a Node
....................................................................................................................................................................................................................................
ping: host unknown
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 12-7
Troubleshooting Activate the KDC Log on the HP-UX Platform
....................................................................................................................................................................................................................................
Activate the KDC Log on the HP-UX Platform

When to use
Use this task to activate the Kerberos Key Distribution Center (KDC) log for the HP-UX
platform.
Related information
• “Deactivate the KDC Log on the HP-UX Platform” (p. 12-10)
Before you begin

To identify the cause of problem, you can force the Kerberos KDC to log its activity in a
file. To force the KDC to produce a log file, change its start-up script and stop/start the
daemon.
Task
Complete the following steps to activate the Kerberos KDC log.
...................................................................................................................................................................................................
1 Enter the following command to check free system space in the /var/adm/crash file:
...,root,sys $ bdf /var/adm/crash [Enter]
Result: The system outputs the crash file
...................................................................................................................................................................................................
2 In the /var/adm/crash file, check the Avail column to determine if more than 10,000
kilobytes are displayed.
...................................................................................................................................................................................................
3 Enter the following command lines to preserve a safe copy of the KDC start-up
procedure:
...,root,sys $ cd /sbin/init.d [Enter]
...,root,sys $ cp -p krbsrv krbsrv.save [Enter]
...................................................................................................................................................................................................
4 Using the vi editor, access the krbsrv file and replace the null file output in the kdcd start
command with the log file by changing the following line:
/opt/krb5/sbin/kdcd -l /dev/null
to:
/opt/krb5/sbin/kdcd -l /var/adm/crash/kdcd.log
...................................................................................................................................................................................................
5 Save the change and exit the file.

....................................................................................................................................................................................................................................
12-8 1350 OMS
Troubleshooting Activate the KDC Log on the HP-UX Platform
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
6 Enter the following command to restart the daemon:

...,root,sys $ /sbin/init.d/krbsrv stop ; /sbin/init.d/krbsrv
start [Enter]
...................................................................................................................................................................................................
7 Deactivate the KDC daemon log. Go to the “Deactivate the KDC Log on the HP-UX
Platform” (p. 12-10) task for details.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 12-9
Troubleshooting Deactivate the KDC Log on the HP-UX Platform
....................................................................................................................................................................................................................................
Deactivate the KDC Log on the HP-UX Platform

When to use
Use this task to deactivate the Kerberos KDC log on the HP-UX Platform
Related information
• “Activate the KDC Log on the HP-UX Platform” (p. 12-8)
Before you begin

To deactivate the KDC daemon log, simply replace the modified krbswr file with the
saved one, and stop/start the KDC.
Task
Complete the following steps to deactivate the Kerberos KDC log.
...................................................................................................................................................................................................
1 Enter the following command lines to restore the saved KDC start-up configuration:
...,root,sys $ cd /sbin/init.d [Enter]
...,root,sys $ mv krbsrv.save [Enter]
...................................................................................................................................................................................................
2 Enter the following command to restart the daemon:

...,root,sys $ /sbin/init.d/krbsrv stop ; /sbin/init.d/krbsrv
start [Enter]
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
12-10 1350 OMS
Troubleshooting Action to avoid raising of Java Security Warning
....................................................................................................................................................................................................................................
Action to avoid raising of Java Security Warning

When to use
Use this task to avoid raising of Java security warning each time an application is opened
on 1350 OMS.
Related information
Before you begin

Task
Complete the following steps to avoid raising of Java security warning.
...................................................................................................................................................................................................
1 Log in to the system as root user on the Presentation server.

...................................................................................................................................................................................................
2 Enter the following command lines to move the certification file:

...,root,sys $ ln -sf /alu/NMC/WEBEN/2.28/mytrustCA.cer /usr/
Systems/Global_Instance/APACHE/web-server/docs/WebDesktop/WEBEN/
jar/mytrustCA.cer [Enter]
...................................................................................................................................................................................................
3 Download the file mytrustCA.cer on the PC inserting the following URL in the Web
Browser
http://<Presentaiton IP Address>/WEBEN/jar/mytrustCA.cer
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 12-11
....................................................................................................................................................................................................................................
Overview
Purpose
This section explains problems that can arise regarding the system and system
environment.
Contents
OS Percentage Usage 12-13

Manage Semaphores 12-14
Unlock the Login to the 1350 OMS 12-15
Add Nodes to the 1350 OMS Kerberos System Configuration 12-16
....................................................................................................................................................................................................................................
12-12 1350 OMS
Troubleshooting OS Percentage Usage
....................................................................................................................................................................................................................................
OS Percentage Usage
What to do
To investigate the Operating System (OS) percentage usage when the system appears too
slow, use the command top -s1.
The IDLE percentage of the machine must be greater than 0; if the IDLE percentage of
the machine is not greater than 0, problems can exist that are related to the following:
• Processes: too many processes are running and some of them can be looping.
• Memory: the memory usage is too high.
....................................................................................................................................................................................................................................
1350 OMS 12-13
Troubleshooting Manage Semaphores
....................................................................................................................................................................................................................................
Manage Semaphores
When to use
Use this task to manage semaphores.
Related information
• “Activate the KDC Log on the HP-UX Platform” (p. 12-8)
Before you begin

Task
Complete the following steps to manage semaphores.
...................................................................................................................................................................................................
1 Activate a terminal window on the system server machine.

...................................................................................................................................................................................................
2 To display the semaphores used in a session, enter the following command:

ipcs -s
Result: The IPC status for the current instance is displayed.
IPC Status from /dev/kmem as of <date/time stamp>

T ID KEY MODE OWNER GROUP
Semaphores:
....
s 29 0x00001c13 --ra-ra---- axadmin gadmin
....
...................................................................................................................................................................................................
3 To remove a semaphore, enter the following command:

ipcrm -s 29
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
12-14 1350 OMS
Troubleshooting Unlock the Login to the 1350 OMS
....................................................................................................................................................................................................................................
Unlock the Login to the 1350 OMS

When to use
Use this task to unlock the login to the 1350 OMS.
Related information
Before you begin

The login is blocked because of /alu/Kernel/data/.loginDB.lock file.
Task
Complete the following steps to unlock the login to the 1350 OMS.
...................................................................................................................................................................................................

...................................................................................................................................................................................................
2 Log in to the system as root user.

...................................................................................................................................................................................................
3 Enter the following two commands to delete (rm) the loginDB.lock file and to create an
empty file:
rm /alu/Kernel/data/.loginDB.lock
echo > /alu/Kernel/data/.loginDB
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 12-15
Troubleshooting Add Nodes to the 1350 OMS Kerberos System Configuration
....................................................................................................................................................................................................................................
Add Nodes to the 1350 OMS Kerberos System Configuration

When to use
Use this task to add nodes to the 1350 OMS Kerberos system configuration.
Related information
Kerberos configuration is listed in the following file:
opt/krb5/krb.conf
Before you begin

Task
...................................................................................................................................................................................................

...................................................................................................................................................................................................
2 Log in into the system as root user.

...................................................................................................................................................................................................
3 Enter the following command:

/alcatel/Kernel/bin/SecureSetup.pl -resetKRB
Enter the following command for each node that you have to add:
/alcatel/Kernel/etc/HostDeclarer.pl -add <HOSTNAME>
Enter the following command:
/alcatel/Kernel/etc/ReapplyKerberosConf.pl
...................................................................................................................................................................................................
4 HP-UX input:
Verify if the node is added in the /opt/krb5/krb.conf file.
Linux input:
Verify if the node is added in the /etc/krb5.conf file.
For example: On a presentation server, the HP-UX /opt/krb5/krb.conf file or the Linux
/etc/krb5.conf file must include at least the presentation node and the master node.
The Kerberos log files are the following:
• /var/log/krb5kdc.log
• /var/log/kadmin.log
• /var/log/krb5lib.log
....................................................................................................................................................................................................................................
12-16 1350 OMS
Troubleshooting Add Nodes to the 1350 OMS Kerberos System Configuration
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
5 HP-UX input:
Enter the following command to stop Kerberos services:
/sbin/init.d/krbsrv stop
Linux input:
Enter the following command to stop Kerberos services:
service krrb5kdc stop
Note: Ignore any warning messages.
...................................................................................................................................................................................................
6 HP-UX input:
Enter the following command to start Kerberos services:
/sbin/init.d/krbsrv start
Linux input:
Enter the following command to start Kerberos services:
service krrb5kdc start
If necessary, enter the following command to check the process:
ps -ef | grep kdcd
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 12-17
....................................................................................................................................................................................................................................
Overview
Purpose
This section collects problems that can arise during the system installation phase and
system customization phase.
Contents
Troubleshoot 1350 OMS System License Problems 12-19

Remove the WDM Component from the 1350 OMS 12-21
....................................................................................................................................................................................................................................
12-18 1350 OMS
Troubleshooting Troubleshoot 1350 OMS System License Problems
....................................................................................................................................................................................................................................
Troubleshoot 1350 OMS System License Problems

When to use
Use this task to troubleshoot 1350 OMS system license problems.
Related information
Before you begin

Task
Complete the following steps to troubleshoot 1350 OMS system license problems.
...................................................................................................................................................................................................
1 To determine if any problems exist with the product license, access and read the contents
of the following log file:
/usr/Systems/Global_Instance_9.6.0_Master/maintenance/log/pmc2.log
...................................................................................................................................................................................................
2 Upgrade the Go-Global and Kerberos licenses.

Connect to the tlvhho server:
http://tlvhho.vim.tlt.alcatel.it
Follow this path:
Validation > Tools > License server
The page shows the list of the license servers. In order to upgrade your machine, enter the
following information:
• HOSTNAME (or the IP address)
• USERNAME
• PASSWORD
Select either ALL FILES, LICENCE FILE, or HOSTS FILE and click the Upgrade button.
Result: An example of the PMC log file follows:
<date/time stamp> ipb062 Global/PMC2: Requested Action [ startup_

sys ] through Command Line
<date/time stamp> ipb062 Global/PMC2: IMSERVER LICENSE: ERROR 1350_8_
CPU_HA_PLTFM#7.1 in 1350_1_CPU#7.1,1350_1_CPU_NR6_UPG#7.1,1350_1_
CPU_MNT#7.1,1350_2_CPU#7.1,1350_2_CPU_NR6_UPG#7.1,1 350_2_CPU_
MNT#7.1,1350_4_CPU#7.1,1350_4_CPU_NR6_UPG#7.1,1350_4_CPU_MNT#7.1,
1350_6_CPU#7.1, 1350_6_CPU_NR6_UPG#7.1,1350_6_CPU_MNT#7.1,1350_8_
CPU#7.1,1350_8_CPU_NR6_UPG#7.1,1350_8_CPU_MNT#7.1
....................................................................................................................................................................................................................................
1350 OMS 12-19
Troubleshooting Troubleshoot 1350 OMS System License Problems
....................................................................................................................................................................................................................................
,1350_4_CPU_HA_NR6_UPG#7.1,1350_4_CPU_HA_PLTFM#7.1,1350_6_CPU_HA_NR6_
UPG#7.1,1350_6_CPU_HA_PLTFM# 7.1,1350_8_CPU_HA_NR6_UPG#7.1,1350_8_
CPU_HA_PLTFM#7.1
<date/time stamp> ipb062 Global/PMC2: IMSERVER System status change:
STOP --> WORKING
<date/time stamp> ipb062 Global/PMC2: IM LICENSE RESULT: command =
START system
- Execution denied and Force system shutdown
CAUSE: license library error
<date/time stamp> ipb062 Global/PMC2: IMSERVER System status change:
WORKING --> STOP
...................................................................................................................................................................................................
3 Enter the ping command to check the license server connection.

...................................................................................................................................................................................................
4 Determine if GO-Global uses a port that is different from Poseidon (27000).

...................................................................................................................................................................................................
5 Check the Poseidon license server upgrade and eventually restart. See Poseidon License
server restart.
...................................................................................................................................................................................................
6 Upgrade the Go-Global licence. See the GoGlobal Upgrade.

...................................................................................................................................................................................................
7 Restart the Kerberos application. Stop and start Kerberos services. See “Add Nodes to the
1350 OMS Kerberos System Configuration” (p. 12-16) section.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
12-20 1350 OMS
Troubleshooting Remove the WDM Component from the 1350 OMS
....................................................................................................................................................................................................................................
Remove the WDM Component from the 1350 OMS

When to use
Use this task to remove the WDM component from the 1350 OMS.
Note: This work around can be used if the Remove.sh -product WDM official patch is
not available.
Related information
Before you begin

Task
Use this task to remove the WDM component from the 1350 OMS if the Remove.sh
-product WDM official patch is not available.
...................................................................................................................................................................................................
1 Open a terminal window on the system and login as root user.

...................................................................................................................................................................................................
2 Shut down the WDM application.

...................................................................................................................................................................................................
3 Verify that the platform_startup_daemon is not running by entering the following

command lines:
ps -ef|grep platform_startup_daemon|grep WDM
<NMS_INSTANCE_DIR>/WDM_PLATFORM/script/lt_stop_daemons .
Example:
/usr/Systems/WDM_3_9.6.0_Master/WDM_PLATFORM/script/lt_stop_
daemons
...................................................................................................................................................................................................
4 Enter the following command lines to run the RemoveWDM application:

<NMS_INSTANCE_DIR>/WDM_PLATFORM/install/RemoveWDM
Example:
. /usr/Systems/WDM_3_9.6.0_Master/WDM_PLATFORM/install/RemoveWDM
...................................................................................................................................................................................................
5 Enter the following command lines to remove the NMS and NMA directories:
rm -rf /alu/1350OMS9.6/NMS/WDM
rm -rf /alu/1350OMS9.6/NMA/SONET_GUISERVER
....................................................................................................................................................................................................................................
1350 OMS 12-21
Troubleshooting Remove the WDM Component from the 1350 OMS
....................................................................................................................................................................................................................................
rm -rf /alu/1350OMS9.6/NMA/WDM_APPL
rm -rf /alu/1350OMS9.6/NMA/WDM_DB
rm -rf /alu/1350OMS9.6/NMA/WDM_GUISERVER
rm -rf /alu/1350OMS9.6/NMA/WDM_GWS
rm -rf /alu/1350OMS9.6/NMA/WDM_ORBIX
rm -rf /alu/1350OMS9.6/NMA/WDM_PLATFORM
rm -rf /alu/1350OMS9.6/NMA/WDM_REMOTE_EOMS
rm -rf /alcatel/NMS/WDM
rm -rf /alcatel/NMA/SONET_GUISERVER
rm -rf /alcatel/NMA/WDM_APPL
rm -rf /alcatel/NMA/WDM_DB
rm -rf /alcatel/NMA/WDM_GUISERVER
rm -rf /alcatel/NMA/WDM_GWS
rm -rf /alcatel/NMA/WDM_ORBIX
rm -rf /alcatel/NMA/WDM_PLATFORM
rm -rf /alcatel/NMA/WDM_REMOTE_EOMS
...................................................................................................................................................................................................
6 Enter the following command line to run sw_target_adjuster:

/alcatel/INSTALLER/etc/sw_target_adjuster
...................................................................................................................................................................................................
7 Enter the following command line to remove the Info.cfg file:

rm -f /usr/Systems/WDM*Master/Kernel/conf/Info.cfg
...................................................................................................................................................................................................
8 Enter the following command line to remove WDM_DB directory:

rm -fr /usr/Systems/WDM_?/WDM_DB
E...................................................................................................................................................................................................
N D O F S T E P S
Important Notes
After the WDM application has been removed, continue to do the following:
• Perform a new WDM installation, custom, and system configuration.
• For an upgrade to the same WDM load, reload the same WDM using the following
commands:
cd /alu/Install_Wizard
./Install.sh -force WDM
• In the system configuration phase, the MIB value of ORACLE_DB should be set
always to NEW. The load-to-load upgrade operation is not supported.
....................................................................................................................................................................................................................................
12-22 1350 OMS
Troubleshooting Troubleshoot Product Installation Failures (no space/file
Product Installation busy)
....................................................................................................................................................................................................................................
Product Installation
Troubleshoot Product Installation Failures (no space/file busy)

When to use
Use this task if the installation of the 1350 OMS fails.
Related information
Before you begin

Task
Complete the following steps if the installation of the 1350 OMS fails.
...................................................................................................................................................................................................

...................................................................................................................................................................................................
2 Log in into the system as the root user.

...................................................................................................................................................................................................
3 If the problem that was encountered during installation was no space available, you will
need to extend the file system or the swap area.
To extend the file system, go to step Step 4.
To extend the swap area, go to step Step 5.
If you received the message
Access denied for remote hosts or local hosts during installation, go to
step Step 6.
...................................................................................................................................................................................................
4 If the problem encountered during installation was no space available, use the following
steps to extend a file system:
Enter the bdf command to get information about file system sizes.
To extend a file system, enter the following command line:
/SCINSTALL/bin/scextendfs <Filesystem name> <free disk space>
....................................................................................................................................................................................................................................
1350 OMS 12-23
....................................................................................................................................................................................................................................
Where:
• <filesystem name> is the name of the file system to be extended.
• <free disk space> is the total amount of disk space (in Megabytes) that will have
to be available after the scextendfs execution.
If the <filesystem name> does not exist, the command will create it.
According to the installation on the machine, keep following files controlled:
• The core file in the maintenance/core directory.
• The GEM server trace files under the EML instance directory.
• The DB log (Mirror Area) under the EML instance directory:
/usr/Systems/<INSTANCE>>/MirrorArea/axadmin/arch/<hostname>-bin.*
Delete the .arc files if necessary.
• The DB log (Mirror Area) under the SDH instance directory:
/usr/Systems/<INSTANCE>/MirrorArea/SDH_1-9.6.0/snml/arch
Example:
/usr/Systems/SDH_1_9.6.0_Master/MirrorArea/SDH_1-9.6.0/snml/arch
• The DB log (Mirror Area) under the PKT instance directory:
/usr/Systems/<INSTANCE>/MirrorArea/PKT_1-9.6.0/bmm/arch
Example:
/usr/Systems/PKT_1_9.6.0_Master/MirrorArea/PKT_1-9.6.0/bmml
Note: After you extend the file system, remember to force the packages installation
with the -force parameter. For example:
Install <SDH/EML/PKT/...> -force
...................................................................................................................................................................................................
5 If the problem encountered during installation was no space available, use the following
steps to extend a swap area:
Enter the swapinfo -t command to get information about the swap area.
To extend the swap area, enter the following command:
scextendfs SWAP xxxx
Execute a ps -ef | grep xxxx to have the PID of the process that block the copy and
stop the process using the command kill -9.
....................................................................................................................................................................................................................................
12-24 1350 OMS
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
6 If you are installing a component from a local depot (and not the standard product
component repository) and you receive an
Access denied for remote hosts or local hosts message, verify the
security files that are authorizing access by remote hosts and users on local host.
For example, in the /.rhosts file, the line 151.98.28.227 root should be present.
This line allows the root user to execute any command on the 151.98.28.227 host.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 12-25
Troubleshooting Configure and Test the Centralized User DB in a Distributed
Product Installation Environment
....................................................................................................................................................................................................................................
Configure and Test the Centralized User DB in a Distributed

Environment
When to use
Use this task to configure and test the Centralized User-DB in a distributed environment.
With this task, only one machine belongs to the TMN configuration
(masters/presentations) that is running the User-DB. All other machines will authenticate
and perform user account management on this database.
Related information
Before you begin

Carefully read the “1350OMS_Setup_Options.cfg” (p. 12-27) and “Radius service
configuration details” (p. 12-29) sections that are provided for this task. In addition,
examine the “Option file 1: Radius with Distributed LDAP” (p. 12-30), “Option file 2:
Centralized LDAP” (p. 12-32), and “Option file 3: Radius with Centralized LDAP ”
(p. 12-33) sections before proceeding.
The configuration must be done on every server or Virtual Machine that belongs to the
1350 OMS hardware configuration.
Task
Complete the following steps to configure and test the Centralized User-DB in a
distributed environment.
...................................................................................................................................................................................................
1 Set up the Centralized User-DB on top of 1350 OMS 9.6.

On each machine that belongs to the TMN configuration, create an option file called
1350OMS_Setup_Options.cfg with the content that is shown in the “Option file 1:
Radius with Distributed LDAP” (p. 12-30), “Option file 2: Centralized LDAP” (p. 12-32),
or “Option file 3: Radius with Centralized LDAP ” (p. 12-33) sections and store it on the
system.
The Centralized User-DB feature is automatically configured if the 1350OMS_Setu-
p_Options.cfg file is stored in /usr/local/data directory.
Note: If the directory does not exist, log in as the root user and create it using the
following command:
mkdir -p /usr/local/data/
Then, run the Install_Wizard command to install/upgrade the software. Refer to
Installation/Upgrade Guide.
....................................................................................................................................................................................................................................
12-26 1350 OMS
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
2 To test the feature, configure the following:

• One machine that is a pure presentation (for example, an EML client and an SDH
client)
• One machine that is a pure master (for example, an EML master)
• One machine that is a master for an application, but also includes clients of other
applications (for example, an SDH master plus and EML client)
Note: Each machine can be chosen to host the Centralized User-DB, even if it makes
sense to have it on one master.
...................................................................................................................................................................................................
3 From the configuration that you have created, complete the following basic tests:
1. As administrator, connect to each machine belonging to the TMN configuration.
2. Create a few new users. When creating the new users, include profile assignments.
3. For each newly created user, log in to each machine and verify that the profile
assignment menus that you enabled for the particular user are available. Base the
verification on the same content that is in the Distributed Configuration. Problems
related to profile content are not impacted by this feature.
4. Backup/Restore the users.
Other tests can be extended to have an exhaustive coverage of the features; but, the tests
that are provided in this step cover the tests that are not done in a security environment
(profile administration).
E...................................................................................................................................................................................................
N D O F S T E P S
1350OMS_Setup_Options.cfg
In the 1350OMS_Setup_Options.cfg file for centralized LDAP, data can be inserted to
have a spare LDAP, which can be used if the main LDAP is faulty.
Note: If your system supports the 1350 OMS HA application, the centralized LDAP
database must be mandatory on the server or Virtual Machine on which SDH/NPR is
running. In the 1350OMS_Setup_Options.cfg configuration file, the following
parameters must contain the data of the HA DRC of SDH/NPR.
• USER_LDAP_SPARE_HOST
• USER_LDAP_SPARE_SOCKET_PORT
• USER_LDAP_SPARE_SSL_PORT
....................................................................................................................................................................................................................................
1350 OMS 12-27
....................................................................................................................................................................................................................................
Three examples of 1350OMS_Setup_Options.cfg option file are provided for the
following configurations:
• Radius with distributed LDAP configuration, which is illustrated in “Option file 1:
Radius with Distributed LDAP” (p. 12-30).
• Centralized LDAP configuration, which is illustrated in “Option file 2: Centralized
LDAP” (p. 12-32).
• Radius with centralized LDAP configuration, which is illustrated in “Option file 3:
Radius with Centralized LDAP ” (p. 12-33).
For Radius configurations, refer to “Radius service configuration details” (p. 12-29) for
additional details.
The parameters that you must specify values for are the following:
• USER_LDAP_SERVER_HOST is the IP address of the machine that acts/runs the
Centralized User-DB.
• USER_LDAP_SPARE_HOST is the IP address of the machine that can be used if the
LDAP server becomes faulty.
• USER_LDAP_SERVER_SOCKET_PORT is the LDAP socket port used by the LDAP that
is acting as the Centralized User-DB.
• USER_LDAP_SERVER_SSL_PORT is the LDAP SSL socket port that is used by the
LDAP that is acting as the Centralized User-DB
• USER_LDAP_SPARE_SOCKET_PORT is the LDAP socket port that is used by the spare
LDAP if the LDAP server becomes faulty.
• USER_LDAP_SPARE_SSL_PORT is the IDAP SSL socket port that is used by the spare
LDAP if the LDAP server becomes faulty.
If you do not know which port numbers to use, use the port numbers that other
applications are currently not using on the server. Check the /etc/services file for the full
list of port numbers that are currently in use. If you want to assign port numbers before
you install the machine, we recommend that you use the following ports because they are
typically free of IANA port number assignments:
• USER_LDAP_SERVER_SOCKET_PORT: 4492, in any case, the port number must be
less than 5000 because the port number with greater values are used by the 1350
OMS system applications.
• USER_LDAP_SERVER_SSL_PORT: 4993
Note: A template of the 1350OMS_Setup_Options.cfg option file is available as:
/alu/Install_Wizard/etc/UserDBOptions.cfg.template
This template must be customized with the specific host and port values.
Important! The templates that are provided in “Option file 1: Radius with Distributed
LDAP” (p. 12-30) and “Option file 3: Radius with Centralized LDAP ” (p. 12-33) can
be used, but the appropriate values must be made for the following parameters:
• PRI_RADIUS_SERVER_IP_ADDRESS
• PRI_RADIUS_SERVER_SECRET
....................................................................................................................................................................................................................................
12-28 1350 OMS
....................................................................................................................................................................................................................................
• SEC_RADIUS_SERVER_IP_ADDRESS
• SEC_RADIUS_SERVER_SECRET
Radius service configuration details

Radius is a server for remote user authentication and accounting. The configuration of
Radius service is typically done on the server side of the configuration. The client side of
the configuration, which is the Alcatel-Lucent network device side of the configuration,
has some configurable parameters that have to be aligned to the server side for successful
interworking. Refer to Table 12-2, “Common and Device Specific Configurable
Parameters” (p. 12-30) for details; and to configure the 1350 OMS to use Radius services,
use the/usr/local/data/1350OMS_Setup_Options.cfg file.
The role-to-profile mapping is currently constrained to be fixed. The authorization rights
are defined only on the client side. The following table provides a high-level view of this
static mapping. Refer to Table 12-1, “Mapping of the Server Role String to the 1350
OMS Profile” (p. 12-29) for details.
Table 12-1 Mapping of the Server Role String to the 1350 OMS Profile
Server Role String 1350 OMS Profile

No Mapping Local Users: Defined locally
administrator Administrator: All functions are allowed, including operators
and security management. In particular, the NML Assignment
(which provides the ability to manage resources that are usually
assigned to NML control using the Access Control
Administration, or ACA, tool that is available in SMF) is
ignored.
unrestricted_read_write Constructor: Can manage all NE functions in the network and
can perform basic administrative actions.
Note: The Constructor profile does not have any access to user
management and other system administration functions.
restricted_read_write Operator: Can managed limited NE functions; that is, can
provision service, but cannot create NEs or the physical
topology.
Note: In regard to Constructor profile, the Operator profile does
not have the ability to create NEs, configure boards, or stop/start
supervision functions.
read_only Viewer: Can only look at (view) network data from the
application.
....................................................................................................................................................................................................................................
1350 OMS 12-29
....................................................................................................................................................................................................................................
The following table lists the common and device-specific parameters that are required for
the proper client-server interworking.
Table 12-2 Common and Device Specific Configurable Parameters
Parameter Value Side Configuration Instructions

RADIUS Default: 15s Client Fixed on the client side. This
Transition parameter can be changed via
Timeout Kernel Customization
workaround.
Maximum 2 Client Fixed on the client side. This
number of parameter can be changed via
Retries per ERS Kernel Customization
Server workaround.
Authentication PRI_RADIUS_SERVER_IP_ Client This parameter can be changed
Server 1 ADDRESS via Kernel Customization.
Authentication SEC_RADIUS_SERVER_IP_ Client This parameter can be changed
Server 2 ADDRESS via Kernel Customization.
Type of Access Local/External Client This parameter can be changed
via Kernel Customization.
VSAVendor ID 637 Server Fixed on the client side.
VSAAttrid 200 Server Fixed on the client side.
Important! To configure the 1350 OMS to use Radius services, the /usr/local/data/1350OMS_
Setup_Options.cfg file must be used.
Option file 1: Radius with Distributed LDAP
SECTION: INDEX
# CONFIGURATION FOR RADIUS INTEGRATION:

# -------------------------------------
GLOBAL_SERVICE: PRI_RADIUS_SERVER_IP_ADDRESS
GLOBAL_SERVICE: PRI_RADIUS_SERVER_SECRET
GLOBAL_SERVICE: SEC_RADIUS_SERVER_IP_ADDRESS
GLOBAL_SERVICE: SEC_RADIUS_SERVER_SECRET
GLOBAL_SERVICE: RADIUS_VENDOR_ID
GLOBAL_SERVICE: RADIUS_ROLE_VSA_ID
GLOBAL_SERVICE: RADIUS_DEFAULT_USER_ROLE
GLOBAL_SOCKET: RADIUS_RADIUS_ACC_PORT
GLOBAL_SOCKET: RADIUS_RADIUS_AUTH_PORT
SECTION_END:
....................................................................................................................................................................................................................................
12-30 1350 OMS
....................................................................................................................................................................................................................................
# --------------------------------------------------------------------------
# CONFIGURATION FOR RADIUS INTEGRATION
# --------------------------------------------------------------------------
SECTION: PRI_RADIUS_SERVER_IP_ADDRESS
SERVICE_VALUE: 151.98.45.36
KEYWORD_NAME: PRI_RADIUS_SERVER_IP_ADDRESS
SECTION_END:
SECTION: PRI_RADIUS_SERVER_SECRET
SERVICE_VALUE: testing123
KEYWORD_NAME: PRI_RADIUS_SERVER_SECRET
SECTION_END:
SECTION: SEC_RADIUS_SERVER_IP_ADDRESS
KEYWORD_NAME: SEC_RADIUS_SERVER_IP_ADDRESS
SECTION_END:
SECTION: SEC_RADIUS_SERVER_SECRET
KEYWORD_NAME: SEC_RADIUS_SERVER_SECRET
SECTION_END:
SECTION: RADIUS_VENDOR_ID
SERVICE_VALUE: 0627
KEYWORD_NAME: RADIUS_VENDOR_ID
SECTION_END:
SECTION: RADIUS_ROLE_VSA_ID
SERVICE_VALUE: 200
KEYWORD_NAME: RADIUS_ROLE_VSA_ID
SECTION_END:
SECTION: RADIUS_DEFAULT_USER_ROLE
SERVICE_VALUE: read_only
KEYWORD_NAME: RADIUS_DEFAULT_USER_ROLE
SECTION_END:
SECTION: RADIUS_RADIUS_ACC_PORT
SERVICE_NUMBER: 1813
SERVICE_NAME: radacc
KEYWORD_NAME: RADIUS_RADIUS_ACC_PORT
SECTION_END:
SECTION: RADIUS_RADIUS_AUTH_PORT
SERVICE_NAME: radauth
KEYWORD_NAME: RADIUS_RADIUS_AUTH_PORT
SECTION_END:
....................................................................................................................................................................................................................................
1350 OMS 12-31
....................................................................................................................................................................................................................................
Option file 2: Centralized LDAP
SECTION: INDEX
# CONFIGURATION FOR LDAP CENTRALIZATION:

# --------------------------------------
GLOBAL_SERVICE: USER_LDAP_SERVER_HOST
GLOBAL_SERVICE: USER_LDAP_SPARE_HOST
GLOBAL_SERVICE: USER_LDAP_DOMAIN_SUFFIX
GLOBAL_SERVICE: USER_LDAP_DOMAIN_ADMINGROUP
GLOBAL_SERVICE: USER_LDAP_DOMAIN_ROOTDN
GLOBAL_SERVICE: USER_LDAP_DOMAIN_ROOTPW
GLOBAL_SOCKET: USER_LDAP_SERVER_SOCKET_PORT
GLOBAL_SOCKET: USER_LDAP_SERVER_SSL_PORT
GLOBAL_SOCKET: USER_LDAP_SPARE_SOCKET_PORT
GLOBAL_SOCKET: USER_LDAP_SPARE_SSL_PORT
SECTION_END:
# ------------------------------------------------------------------------------
# CONFIGURATION FOR LDAP CENTRALIZATION
# ------------------------------------------------------------------------------
SECTION: USER_LDAP_SERVER_HOST
KEYWORD_NAME: USER_LDAP_SERVER_HOST
SECTION_END:
SECTION: USER_LDAP_SPARE_HOST
KEYWORD_NAME: USER_LDAP_SPARE_HOST
SECTION_END:
SECTION: USER_LDAP_DOMAIN_SUFFIX
SERVICE_VALUE: dc=alcatel,dc=com
KEYWORD_NAME: USER_LDAP_DOMAIN_SUFFIX
SECTION_END:
SECTION: USER_LDAP_DOMAIN_ADMINGROUP
SERVICE_VALUE: AdminGroup
KEYWORD_NAME: USER_LDAP_DOMAIN_ADMINGROUP
SECTION_END:
SECTION: USER_LDAP_DOMAIN_ROOTDN
SERVICE_VALUE: LdapMgr
KEYWORD_NAME: USER_LDAP_DOMAIN_ROOTDN
SECTION_END:
SECTION: USER_LDAP_DOMAIN_ROOTPW
SERVICE_VALUE: mGr*LDAP
KEYWORD_NAME: USER_LDAP_DOMAIN_ROOTPW
....................................................................................................................................................................................................................................
12-32 1350 OMS
....................................................................................................................................................................................................................................
SECTION_END:
SECTION: USER_LDAP_SERVER_SOCKET_PORT
SERVICE_NAME: ldapoms
KEYWORD_NAME: USER_LDAP_SERVER_SOCKET_PORT
SECTION_END:
SECTION: USER_LDAP_SERVER_SSL_PORT
SERVICE_NAME: ldaptls
KEYWORD_NAME: USER_LDAP_SERVER_SSL_PORT
SECTION_END:
SECTION: USER_LDAP_SPARE_SOCKET_PORT
SERVICE_NAME: spareldap
KEYWORD_NAME: USER_LDAP_SPARE_SOCKET_PORT
SECTION_END:
SECTION: USER_LDAP_SPARE_SSL_PORT
SERVICE_NAME: spareldaptls
KEYWORD_NAME: USER_LDAP_SPARE_SSL_PORT
SECTION_END:
Option file 3: Radius with Centralized LDAP
SECTION: INDEX
# CONFIGURATION FOR LDAP CENTRALIZATION:

# --------------------------------------
GLOBAL_SERVICE: USER_LDAP_SERVER_HOST
GLOBAL_SERVICE: USER_LDAP_SPARE_HOST
GLOBAL_SERVICE: USER_LDAP_DOMAIN_SUFFIX
GLOBAL_SERVICE: USER_LDAP_DOMAIN_ADMINGROUP
GLOBAL_SERVICE: USER_LDAP_DOMAIN_ROOTDN
GLOBAL_SERVICE: USER_LDAP_DOMAIN_ROOTPW
GLOBAL_SOCKET: USER_LDAP_SERVER_SOCKET_PORT
GLOBAL_SOCKET: USER_LDAP_SERVER_SSL_PORT
GLOBAL_SOCKET: USER_LDAP_SPARE_SOCKET_PORT
GLOBAL_SOCKET: USER_LDAP_SPARE_SSL_PORT
# CONFIGURATION FOR RADIUS INTEGRATION:

# -------------------------------------
GLOBAL_SERVICE: PRI_RADIUS_SERVER_IP_ADDRESS
GLOBAL_SERVICE: PRI_RADIUS_SERVER_SECRET
GLOBAL_SERVICE: SEC_RADIUS_SERVER_IP_ADDRESS
GLOBAL_SERVICE: SEC_RADIUS_SERVER_SECRET
....................................................................................................................................................................................................................................
1350 OMS 12-33
....................................................................................................................................................................................................................................
GLOBAL_SERVICE: RADIUS_VENDOR_ID
GLOBAL_SERVICE: RADIUS_ROLE_VSA_ID
GLOBAL_SERVICE: RADIUS_DEFAULT_USER_ROLE
GLOBAL_SOCKET: RADIUS_RADIUS_ACC_PORT
GLOBAL_SOCKET: RADIUS_RADIUS_AUTH_PORT
SECTION_END:
# ------------------------------------------------------------------------------
# CONFIGURATION FOR LDAP CENTRALIZATION
# ------------------------------------------------------------------------------
SECTION: USER_LDAP_SERVER_HOST
KEYWORD_NAME: USER_LDAP_SERVER_HOST
SECTION_END:
SECTION: USER_LDAP_SPARE_HOST
KEYWORD_NAME: USER_LDAP_SPARE_HOST
SECTION_END:
SECTION: USER_LDAP_DOMAIN_SUFFIX
SERVICE_VALUE: dc=alcatel,dc=com
KEYWORD_NAME: USER_LDAP_DOMAIN_SUFFIX
SECTION_END:
SECTION: USER_LDAP_DOMAIN_ADMINGROUP
SERVICE_VALUE: AdminGroup
KEYWORD_NAME: USER_LDAP_DOMAIN_ADMINGROUP
SECTION_END:
SECTION: USER_LDAP_DOMAIN_ROOTDN
SERVICE_VALUE: LdapMgr
KEYWORD_NAME: USER_LDAP_DOMAIN_ROOTDN
SECTION_END:
SECTION: USER_LDAP_DOMAIN_ROOTPW
SERVICE_VALUE: mGr*LDAP
KEYWORD_NAME: USER_LDAP_DOMAIN_ROOTPW
SECTION_END:
SECTION: USER_LDAP_SERVER_SOCKET_PORT
SERVICE_NAME: ldapoms
KEYWORD_NAME: USER_LDAP_SERVER_SOCKET_PORT
SECTION_END:
SECTION: USER_LDAP_SERVER_SSL_PORT
SERVICE_NAME: ldaptls
....................................................................................................................................................................................................................................
12-34 1350 OMS
....................................................................................................................................................................................................................................
KEYWORD_NAME: USER_LDAP_SERVER_SSL_PORT
SECTION_END:
SECTION: USER_LDAP_SPARE_SOCKET_PORT
SERVICE_NAME: spareldap
KEYWORD_NAME: USER_LDAP_SPARE_SOCKET_PORT
SECTION_END:
SECTION: USER_LDAP_SPARE_SSL_PORT
SERVICE_NAME: spareldaptls
KEYWORD_NAME: USER_LDAP_SPARE_SSL_PORT
SECTION_END:
# --------------------------------------------------------------------------
# CONFIGURATION FOR RADIUS INTEGRATION
# --------------------------------------------------------------------------
SECTION: PRI_RADIUS_SERVER_IP_ADDRESS
KEYWORD_NAME: PRI_RADIUS_SERVER_IP_ADDRESS
SECTION_END:
SECTION: PRI_RADIUS_SERVER_SECRET
KEYWORD_NAME: PRI_RADIUS_SERVER_SECRET
SECTION_END:
SECTION: SEC_RADIUS_SERVER_IP_ADDRESS
KEYWORD_NAME: SEC_RADIUS_SERVER_IP_ADDRESS
SECTION_END:
SECTION: SEC_RADIUS_SERVER_SECRET
KEYWORD_NAME: SEC_RADIUS_SERVER_SECRET
SECTION_END:
SECTION: RADIUS_VENDOR_ID
SERVICE_VALUE: 0627
KEYWORD_NAME: RADIUS_VENDOR_ID
SECTION_END:
SECTION: RADIUS_ROLE_VSA_ID
SERVICE_VALUE: 200
KEYWORD_NAME: RADIUS_ROLE_VSA_ID
SECTION_END:
SECTION: RADIUS_DEFAULT_USER_ROLE
SERVICE_VALUE: read_only
KEYWORD_NAME: RADIUS_DEFAULT_USER_ROLE
SECTION_END:
....................................................................................................................................................................................................................................
1350 OMS 12-35
....................................................................................................................................................................................................................................
SECTION: RADIUS_RADIUS_ACC_PORT
SERVICE_NAME: radacc
KEYWORD_NAME: RADIUS_RADIUS_ACC_PORT
SECTION_END:
SECTION: RADIUS_RADIUS_AUTH_PORT
SERVICE_NAME: radauth
KEYWORD_NAME: RADIUS_RADIUS_AUTH_PORT
SECTION_END:
....................................................................................................................................................................................................................................
12-36 1350 OMS
....................................................................................................................................................................................................................................
Overview
Purpose
This section contains procedures that are useful for 1350 OMS product customizations.
Contents
Customize a 1350 OMS Component while Other Components Are Running 12-38
Perform a Manual Customization/De-customization (without using the Install 12-40
Wizard)
Perform a Fast Customization of the MS-GUI Package 12-42
Customizing WDM to Exclude the Remote eOMS 12-44
....................................................................................................................................................................................................................................
1350 OMS 12-37
Troubleshooting Customize a 1350 OMS Component while Other Components
Product Customization Are Running
....................................................................................................................................................................................................................................
Customize a 1350 OMS Component while Other Components

Are Running
When to use
Use this task to customize a 1350 OMS component while other components are running.
Related information
Before you begin

Task
...................................................................................................................................................................................................
1 To stop processes via the Web Desktop, use the PMC.

To stop processes via the shell, use following commands:
/alu/Kernel/etc/pmc2im EML 1-9.6.0 shutdown_sys
/alu/Kernel/etc/pmc2im SDH 1-9.6.0 shutdown_sys
/alu/Kernel/etc/pmc2im PKT 1-9.6.0 shutdown_sys
/alu/Kernel/etc/pmc2im EOMS 1-9.6.0 shutdown_sys
To verify that no applications are active, enter the following commands :
ps - ef | grep axadmin for EML
ps -ef | grep snml for SDH
ps -ef | grep bmml for PKT
ps -ef | grep oms for EOMS
...................................................................................................................................................................................................
2 Enter the following commands to check for an instance of EML:

alu/Kernel/etc/pmc2im EML 1-9.6.0 check
echo $?
0 --> RUN
1 --> WRONG
2 --> STOP
4 --> CHANGE in progress
...................................................................................................................................................................................................
3 Enter the following commands to de-custom the application:

/alu/Kernel/script/Decustom EML 1-9.6.0
/alu/Kernel/script/Decustom SDH 1-9.6.0
/alu/Kernel/script/Decustom PKT 1-9.6.0
/alu/Kernel/script/Decustom EOMS 1-9.6.0
...................................................................................................................................................................................................
4 Enter the following command to de-custom the Kernel application:

....................................................................................................................................................................................................................................
12-38 1350 OMS
Troubleshooting Customize a 1350 OMS Component while Other Components
Product Customization Are Running
....................................................................................................................................................................................................................................
/alu/Kernel/script/KernelDecustomize
...................................................................................................................................................................................................
5 Enter the following commands to clean instances directories:

rm -Rf /usr/Systems/EML_1*
rm -Rf /usr/Systems/SDH_1*
rm -Rf /usr/Systems/PKT_1*
rm -Rf /usr/Systems/EOMS_1*
rm -Rf /usr/Systems/Global*
...................................................................................................................................................................................................
6 Enter the following commands to restore /etc/services

diff /etc/services /alu/Kernel/data/services.base
cp /alu/Kernel/data/services.base /etc/services
...................................................................................................................................................................................................
7 Enter the following commands to run a re-installation using Install Wizard:

cd /alu/Install_Wizard/
./Install -Upgrade_All < -fast >
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 12-39
Troubleshooting Perform a Manual Customization/De-customization (without
Product Customization using the Install Wizard)
....................................................................................................................................................................................................................................
Perform a Manual Customization/De-customization (without

using the Install Wizard)
When to use
Use this task to perform a manual customization/de-customization (without using the
Install Wizard).
Related information
Before you begin

Task
Complete the following steps to perform a manual customization/de-customization
(without using the Install Wizard).
...................................................................................................................................................................................................
1 Enter the following command to customize a component:

/alu/<NR>/Kernel/script/Custom -prd <SYSTEM>-ver <VERSION> -inst
<INSTANCE> -role <ROLE> -name <NAME> -mhost <MASTER HOST NAME> -
mtype <KERNEL TYPE> -drv <DRIVER VERSION> -nointeractive -lang
<LANGUAGE>
Example:
To customize EML_1-9.6.0, running on host ipb228:
/alu/Kernel/script/Custom -prd EML -ver 9.6.0 -inst 1 -role
Master -name EML_1 -mhost ipb228 -mtype OS-KERNEL -drv 3.0 -
nointeractive -lang en_US
...................................................................................................................................................................................................
2 Enter the following command to de-customize a component:

/alu/>NR>/Kernel/script/Decustom <SYSTEM> <INSTANCE-VERSION>
Example:
For NPR 1-9.6.0 running on host ipb227:
:/alu/Kernel/script/Decustom NPR 1-9.6.0
In addition, enter the following command to clean the file system:
rm -Rf NPR_1 NPR_1-9.6.0 NPR_1_9.6.0_Master
Ignore messages that are similar to the following:
: rm: directory maintenance not removed.

....................................................................................................................................................................................................................................
12-40 1350 OMS
Troubleshooting Perform a Manual Customization/De-customization (without
Product Customization using the Install Wizard)
....................................................................................................................................................................................................................................
Cannot remove current directory or a mount point
rm: directory NPR_1_9.6.0_Master not removed.
Cannot remove current directory or a mount point.
To verify if the de-customization has been executed with success, verify that the
NMS-SYSTEM is not present in /alcatel/Kernel/data/TOC.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 12-41
Troubleshooting Perform a Fast Customization of the MS-GUI Package
....................................................................................................................................................................................................................................
Perform a Fast Customization of the MS-GUI Package

When to use
Use this task to perform a fast customization of the MS-GUI package.
Important! To save time, use this task when a new MS-GUI version or patch has to be
installed, customized, and configured on a 1350 OMS system to avoid doing a full 1350
OMS re-customization and re-configuration.
Related information
Before you begin

Task
Complete the following steps to perform a fast customization of the MS-GUI package.
...................................................................................................................................................................................................
1 Log in to the server as the root user.

...................................................................................................................................................................................................
2 Download the MSGUI software packages from the depot directory /alu/DEPOT.
...................................................................................................................................................................................................
3 Enter the following commands to install the new MS-GUI package.

Example:
For 1350 OMS 9.6:
alu/1350OMS9.6.0/INSTALLER/Install 1350OMS `hostname` /
file=/alu/DEPOT/1350OMS_MSGUI_INT_<version>_ALL.tar.gz
interactive=no
/alu/1350OMS9.6.0/INSTALLER/Install 1350OMS `hostname` /
file=/alu/DEPOT/1350OMS_MSGUI_INT_<version>.tar.gz interactive=no
...................................................................................................................................................................................................
4 Enter the following command line to customize and configure the MS-GUI:
cd /alu/Install_Wizard/etc/1350_ConfigMSGUI.sh
...................................................................................................................................................................................................
5 When the customization and configuration phase is finished, enter the following
command line on the master machine to re-enable the navigation to the EML external
application:
/alu/Kernel/bin/CustomNavigations.pl -sys EML -inst 1-9.6.0 -
isys EML -iinst 1-9.6.0
....................................................................................................................................................................................................................................
12-42 1350 OMS
Troubleshooting Perform a Fast Customization of the MS-GUI Package
....................................................................................................................................................................................................................................
Note: In this example, the EML instance is 1.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
1350 OMS 12-43
Troubleshooting Customizing WDM to Exclude the Remote eOMS
....................................................................................................................................................................................................................................
Customizing WDM to Exclude the Remote eOMS

When to use
Use this task to customize WDM so it excludes the remote eOMS.
Related information
Before you begin

Task
Complete the following step to customize WDM so it excludes the remote eOMS.
...................................................................................................................................................................................................
1 In the Customization form, select the following parameter options:

CUST_TYPE : PARTIAL
REMOTE EOMS : NO
Result: By specifying these parameters, WDM is customized so the remote EOMS is
excluded from the WDM customization and from the system config subsystem list.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
12-44 1350 OMS
Troubleshooting PMC2 Process Monitoring
....................................................................................................................................................................................................................................
PMC2 Process Monitoring

The processes of a product cannot be displayed on client PMC GUI.
Verify the system date of the client PC. The problem arises if the client system date and
time differs for more than five minutes from the master system date and time.
Use the Control Panel -> Date and time to change the client system date and time.
Do not change the Master data and time.
Error while creating connection with pmc gui server

The problem can be solved using a work around restarting the pmc2 gui server :
pmcgs.jar (as reported on the message warning attached)
For example, if its PID is 5270:
root 5270 1 0 Feb 26 ? 9:34 /opt/java1.5/jre/bin/PA_RISC2.0/java -

cp :./pmcgs.jar:/alu/1350OMS9.6/Kernel/lib/lib_java/krb5
Execute the following command:
# kill -9 5270
Verify that the process is in listen (new PID = 21488):
# /alu/Kernel/bin/lsof -P| grep TCP | grep 21488 java 21488 root 70u
IPv4 0x92554200 0t0 TCP *:5007 (LISTEN) !
PMC GUI becomes empty

If the PMC becomes empty, the tree displayed disappears and it does not respond to
commands.
To delete the application, open the Task Manager application using
<ctrl>+<Alt>+<Delete> and terminate the task by selecting it from the list.
VIEW permission denied for system services or product

If the VIEW permission is denied, the two possible causes are the following:
• The user has tried to open the Process Monitor GUI too quickly and the system could
be still managing the security configuration structures. Retry to open the Process
Monitor GUI after a few seconds.
• If the problem still occurs, some ldap database structure could be damaged. If the
problem is related to the Global Instance, a work around could be to rebuild the
Global Instance ldap database.
Otherwise, if the problem is related to a specific process instance (e.g. EML_1,
SDH_1, PKT_1, ....), a work around would be to rebuild the process ldap database.
....................................................................................................................................................................................................................................
1350 OMS 12-45
....................................................................................................................................................................................................................................
If the problem is related to more than one system, rebuild the entire ldap database.
A product Process Monitor cannot be displayed (double semaphores)

The pmc2im product cannot be stopped because a duplicate semaphore is in the file
/alu/Kernel/data/Semaphores.cfg. This problem has been fixed in delivery 1350 OMS
90075 and beyond. To work around the problem, do the following:
...................................................................................................................................................................................................
1 Edit the /alu/Kernel/data/Semaphores.cfg file to change the duplicated value with a

new one.
Example:
PMC2_EOMS_1-9.6.0: 7187
In this case, the product and the instance involved are EOMS_1. (PR_IS in the text.)
...................................................................................................................................................................................................
2 Make the following corrections in the /usr/Systems/<PR_IS>/Kernel/data/INDEX file:

Change:
PMC2_SEM_KEY:<old value>
To:
PMC2_SEM_KEY:<new value>
For example, in the /usr/Systems/EOMS_1/Kernel/data/INDEX file:
PMC2_SEM_KEY: 7187
...................................................................................................................................................................................................
3 Make the following corrections in the /usr/Systems/<PR_IS>/PMC2/script/pmc2im file:

Change:
export MNGAGE_SEM_KEY=<old value>
To:
export MNGAGE_SEM_KEY=<new value>
For example, in the /usr/Systems/EOMS_1/PMC2/script/pmc2im file:
export MNGAGE_SEM_KEY=7187
...................................................................................................................................................................................................
4 Enter the following commands to restart the pmc2im product:

StopPmc2Im
StartPmc2Im
...................................................................................................................................................................................................
5 Make the following corrections in the /usr/Systems/<PS_IS>//Kernel/data/semaphores

file:
....................................................................................................................................................................................................................................
12-46 1350 OMS
....................................................................................................................................................................................................................................
Change:
PMC2_<PR_IS>:<old value>
To:
PMC2_<PR_IS>:<new value>
....................................................................................................................................................................................................................................
1350 OMS 12-47
Troubleshooting SAS, UDM, LDAP
....................................................................................................................................................................................................................................
SAS, UDM, LDAP

Clean (or rebuild) the LDAP database
The procedure /alu/Install_Wizard/etc/ResetDB.sh cleans the LDAP database. It can be
used before a system configuration. The procedure /alu/Install_Wizard/etc/ResetDB.sh
-p is used to rebuild the LDAP database. It can be used with or without the product
running. The status of services do not affect the procedure.
...................................................................................................................................................................................................
1 To clean and repopulate ONLY the Global Instance database, enter the following
commands as the root user:
cd /usr/Systems/Global_Instance/LDAP
./script/Stop_LDAP_Service
rm -f data/db/*
/usr/sbin/slapadd -f conf/slapd.conf -l data/ldap_entry.ldif
find . -name /*.imported | /usr/local/bin/perl -ne 'chomp;$t=$_;s/
imported/import/;rename($t,$_)'
cp -p conf/DB_CONFIG data/db/
./script/Start_LDAP_Service
cd ../SEC/repository
find . -name /*.fad.imported | /usr/local/bin/perl -ne 'chomp;$t=$_;
s/fad.imported/fad/;rename($t,$_)'
cd ../integration/script
/configSEC.pl Global Instance version
...................................................................................................................................................................................................
2 To clean and repopulate ONLY a product Instance database, enter the following
commands as the root user:
If EML_1 is the current EML instance, NMS_USER is axadmin (password is 1353sh); if
SDH_1 is the current SDH instance, NMS_USER is snml (password is system1); if
PKT_1 is the current PKT instance, NMS_USER is bmml (password is system1); if
WDM_1 is the current WDM instance, NMS_USER is wdm (password is lucent!123); if
EOMS_1 is the current EOMS instance, NMS_USER is oms (password is lucent!123).
cd /usr/Systems/<current instance>/LDAP
./script/Stop_LDAP_Service
rm -f data/db/*
/usr/sbin/slapadd -f conf/slapd.conf -l data/ldap_entry.ldif
cp -p conf/DB_CONFIG data/db/
./script/Start_LDAP_Service
cd ../SEC/repository
find . -name /*.fad.imported | /usr/local/bin/perl -ne 'chomp;$t=$_;
s/fad.imported/fad/;rename($t,$_)'
....................................................................................................................................................................................................................................
12-48 1350 OMS
....................................................................................................................................................................................................................................
su <NMS_USER>
cd ../integration/script
./configSEC.pl <system> <instance with version>
exit
Export the LDAP database

The LDAP database is stored as backup with the operator data type, so perform an
operator backup for any OS instance, to have a copy of all existing LDAP databases.
To restore a corrupted LDAP database, perform an operator restore, if a backup was
previously done. For this reason, we strongly recommended to perform an operator
backup, when the OS instances are working well.
To transfer the LDAP database to a safer place, enter the following command to get the
entire tree content of the following directory. Enter the following command for each
EML, SDH, PTK, and EOMS instance.
/usr/Systems/<instance>/BackupArea/.Operator
For example, using the EML instance:
/usr/Systems/EML_1_9.6.0_Master/BackupArea/.Operator
A LDAP database manual backup without using SMF backup tool can be done by
entering the following commands as the root user:
# cd /usr/Systems/EML_1_9.6.0_Master/LDAP/data/export/
# rm ExportedLDAPDB.ldif.gz ExportedUserDB.ldif.gz
# /usr/Systems/EML_1_9.6.0_Master/LDAP/script/ExportImportLdapDb.pl
export EML_1_9.6.0 notinteract
The lastest LDAP backup files are the following
/usr/Systems/EML_1_9.6.0_Master/LDAP/data/export/ExportedLDAPDB.ldif.gz
/usr/Systems/EML_1_9.6.0_Master/LDAP/data/export/ExportedUserDB.ldif.gz
Add a user defined in the LDAP to the AdminGroup group

Use the following steps to add a user defined in LDAP to the AdminGroup group:
...................................................................................................................................................................................................
1 Create the file to be imported (import.ldif), with the list of users to add to the
AdminGroup:
dn:cn=AdminGroup,dc=alcatel,dc=com
objectClass: groupOfNames
member: cn=alcatel
member: cn=admin
[add other users if needed]
cn: AdminGroup
....................................................................................................................................................................................................................................
1350 OMS 12-49
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
2 Enter the following command to edit the content of AdminGroup:
/usr/bin/ldapmodify -D cn=LdapMgr,dc=alcatel,dc=com -p <LDAP_SERVER_

SOCKET_PORT> -h <LDAP_SERVER_HOST> -w “mGr*LDAP” -f import.ldif -
x -v
....................................................................................................................................................................................................................................
12-50 1350 OMS
Troubleshooting Web Desktop Administration
....................................................................................................................................................................................................................................
Web Desktop Administration

Java Web Start console
How to display the Java Web Start Console
1. For the Windows operating system, launch the javaws shell by entering the following
command:
javaws
2. For HP-UX Operating System, log on as the alcatel user and launch the javaws
shell by entering the following command:
/opt/java1.5/bin/javaws
How to set the javaws traces to display the Java Web Start Console (both Windows
and HP-UX)
1. Open the Edit menu.
2. Click on Preferences.
3. On the Java Control Panel click on Advanced.
On the debugging node, select the following:
• Enable Tracing
• Enable Logging
4. On the Java Console node, select Show Console.
Java Web Start Console logs
• Windows Operating System:
C:/Documents and Settings/<user>/Application Data/Sun/Java/Deployment/log
• HP-UX Operating System:
/users/alcatel/.java/deployment/log
Problem with Authentication Services

If a problem is due to LDAP database corruption, do the following:
• The procedure /alu/Install_Wizard/etc/ResetDB.sh cleans the LDAP database. It can
be used before a system configuration.
• The procedure /alu/Install_Wizard/etc/ResetDB.sh -p rebuilds the LDAP database.
It can be used with or without the product running. The status of services do not affect
the procedure.
User inactivity portal closure

To prevent the LSM portal closure due to user inactivity on Web Desktop, modify one of
the following properties of LSM on the Master station:
Edit the file /usr/Systems/Global_Instance/WebDesktop/SSO_LSM/config/param.cfg
modifying one of the following parameters:
....................................................................................................................................................................................................................................
1350 OMS 12-51
....................................................................................................................................................................................................................................
# disable or enable the user inactivity check
USE_INACTIVITY False or True
# Inactivity duration in minutes
INACTIVITY_DURATION number
# Inactivity duration during login phase in minutes
INACTIVITY_LOGIN_DURATION number
Common login problems to start the Web Desktop

The following sections provide several reasons why a new Web Desktop instance cannot
start.
Dirty process on client
If a dirty process exists on the client, the Web Desktop login dialog is not displayed.
Check on the client PC to determine if an old java instance, perl instance, or cmd instance
is running and terminate (kill) them.
The user forgot a password
Important! Do not use this procedure to remove the user password.
The user, logged as alcatel user, can always change the alcatel password by entering the
following command lines:
cd /usr/Systems/Global_Instance_9.6.0_Master/SEC/script/
./run_usergui.pl
(login integrator / password integrator)
The User Account management window is displayed:
....................................................................................................................................................................................................................................
12-52 1350 OMS
....................................................................................................................................................................................................................................
Select the user alcatel in the tree on the left panel and click on the Set Password
button on the bottom of the window. Enter and confirm the new password in the popup
window and confirm it with the Change button.
Execute the following command line to find the PID for SAS process.
ps -ef|grep DSAS|grep -v grep
Execute the following command:
kill -9 PID
Where: PID is the pid of the SAS process that was previously found.
UDM problems
If you receive the following message under other windows and you do not acknowledge
this message, the Web Portal cannot be displayed:
UDM manager is not responding, user preference can not be loaded.
....................................................................................................................................................................................................................................
1350 OMS 12-53
....................................................................................................................................................................................................................................
Note: Sometimes the UDM server does not respond even if it is running correctly.
Many times, you can remove the UDM problem by scratching the UDM persistency
files; but, be aware that this operation will remove all user settings:
/usr/Systems/Global_Instance/WACOMO/udm/udmrt/script/Stop_UDM_
Service
cd /usr/Systems/Global_Instance/WACOMO/udm/data/persistency/
rm -rf *
/usr/Systems/Global_Instance/WACOMO/udm/udmrt/script/Start_
UDM_Service
The UDM should now be able to get user connections.
Process blocked on a port
Enter the following command to determine which process uses a port (for example.
ssoLsmPort):
lsof | grep TCP | grep ssoLsmPort
If sockets are blocked on LISTEN:
lsof | grep TCP | grep ssoLsmPort | grep LISTEN | while read uno
pid due;
do kill -9 $pid; done
If blocked on a port (for example: ssoLsmPort):
lsof | grep TCP | grep ssoLsmPort | while read uno pid due; do
kill -9 $pid; done
Also see “Application does not start (needs an already used port)” (p. 12-69).
User <user name> not authenticated
If the following message is displayed:
User alcatel not authenticaed. Please retry.
The problem is due to one of the following
• The password is not correct. Please verify it.
• The LDAP database is corrupt. See “SAS, UDM, LDAP” (p. 12-48) to clean/rebuild
the database.
SSO Password Policy

Password settings can be changed using the following configuration file:
/alu/NMC/SSO//SSO/servers/sas/config/sec/pwdpolicy.properties
The instance is on the following:
/usr/Systems/Global_Instance/SSO/sas/config/sec/pwdpolicy.properties
The Web Portal must be able to access these settings, so configure the following in the
SSO param.cfg file:
....................................................................................................................................................................................................................................
12-54 1350 OMS
....................................................................................................................................................................................................................................
/alu/NMC/SSO_INT//templates/osktemplate/servers/sas/config/param.cfg
The instance is on the following:
/usr/Systems/Global_Instance/SSO/sas/config/param.cfg
Make the following change:
Change:
DEFAULT_PASSWORD_POLICY "cn=defaultPwdPolicy"
To:
DEFAULT_PASSWORD_POLICY "file:pwdpolicy.properties"
If you modify the instance files, you must activate the modifications using the following
procedure::
• Exit from all open Web Portals.
• Stop and restart the SAS process using following commands:
/usr/Systems/Global_Instance/SSO/sas/script/Stop_SAS_Service
/usr/Systems/Global_Instance/SSO/sas/script/Start_SAS_Service
The pwdpolicy.properties file, with the default content, follows:
# ----------------------#
# DefaultPasswordPolicy #
# ----------------------#
# The following parameters are used to define a password policy.
# This one can then be populated into LDAP using policy.pl
# tool and references by DEFAULT_PASSWORD_POLICY parameters.
# However, this file can be also directly referenced by
# DEFAULT_PASSWORD_POLICY to be used as default password policy by
SAS.
# IMPORTANT NOTICE:
# In case this file is directly referenced, it is found in
# the order specified in the classpath parameter
# of the java command. The default order where this file should be
found
# (as defined in the classpath used in the start_sas.pl script) is:
# 1) in /sas/config
# 2) in /data/server
# 3) in /sas/template/config
#
# Therefore, if you are using SEC, you should just check that /data/
server/.properties
# points to the correct SEC Server file or LDAP entry (this insures
that the exact same
# policy is used for SEC and for AWP Change Password feature).
# Otherwise you can just copy this file into /sas/config
# and modify it according to your requirements.
# DefaultPasswordPolicy parameters:
# ----------#
# MinLength #
# ----------#
....................................................................................................................................................................................................................................
1350 OMS 12-55
....................................................................................................................................................................................................................................
# minimum number of mandatory charaters in the password
# The value can be specified either using the historical SEC
parameter
# or the new password policy parameter built from the LDAP schema.
# If both are specified, only the historical SEC paramater will be
# taken into account.
# Hardcoded value is 8
#com.alcatel.almap.sec.defaultPasswordPolicy.MinLength =8
almapPwdPolicy.almapPwdMinLength=8
# ----------#
# MinDigits #
# ----------#
# number of digits mandatory in the password
parameter
#com.alcatel.almap.sec.defaultPasswordPolicy.MinDigits=1
almapPwdPolicy.almapPwdMinDigit=1
# -----------#
# MinLetters #
# -----------#
# number of letters (uppercase or lowercase) mandatory in the
password
parameter
# The paramater almapPwdPolicy.almapPwdMinLetter can also be used
#com.alcatel.almap.sec.defaultPasswordPolicy.MinLetters=4
almapPwdPolicy.almapPwdMinLetter=4
# ------------#
# MinSpecials #
# ------------#
# number of special characters mandatory in the password
parameter
# The special characters list is specified in parameter
# almapPwdPolicy.almapPwdSpecialCharList.
#com.alcatel.almap.sec.defaultPasswordPolicy.MinSpecials=2
almapPwdPolicy.almapPwdMinSpecial=2
# ------------------------#
# almapPwdSpecialCharList #
# ------------------------#
# list of characters that should be considered as special
# when enforcing a minimum number of special characters policy (see
....................................................................................................................................................................................................................................
12-56 1350 OMS
....................................................................................................................................................................................................................................
# almapPwdMinSpecial)
# WARNING : for specific / and " character, do not forget to preceed
it by a /
# Hardcoded value is `~!@#$%
&*()_+-={}|[]/:";'<>?,./
almapPwdPolicy.almapPwdSpecialCharList=`~!@#$%
&*()_+-={}|[]//:/";'<>?,./
# ---------------#
# MinUppperCases #
# ---------------#
# number of letters in upper case mandatory in the password
parameter
#com.alcatel.almap.sec.defaultPasswordPolicy.MinUppperCases=1
almapPwdPolicy.almapPwdMinUpperCase=1
# --------------#
# MinLowerCases #
# --------------#
# number of letters in lower case mandatory in the password
parameter
#com.alcatel.almap.sec.defaultPasswordPolicy.MinLowerCases=1
almapPwdPolicy.almapPwdMinLowerCase=1
# --------------------------#
# almapPwdNbConsecutiveChar #
# --------------------------#
# maximum number of consecutive characters that can
# be used in a password. If value is set to 0,
# no restriction will apply.
almapPwdPolicy.almapPwdNbConsecutiveChar=2
# -------------------------#
# almapPwdNoUidCombination #
# -------------------------#
# indicates if the password can or cannot be a case-independent
# re-arrangement of the letters composing the user id (e.g. if the
user id is
# "hantz", the password can or cannot be "ZaNth".
# Hardcoded value is false
almapPwdPolicy.almapPwdNoUidCombination=false
# ----------------------#
# almapPwdMayContainUid #
# ----------------------#
# indicates if the password can or cannot contain
# (case-independently) the user id (e.g. if the user id is
....................................................................................................................................................................................................................................
1350 OMS 12-57
....................................................................................................................................................................................................................................
# "hantz", the password can or cannot be "pwdHAnTZ01".
# Hardcoded value is true
almapPwdPolicy.almapPwdMayContainUid=true
# ------------------#
# almapPwdInHistory #
# ------------------#
# maximum number of used passwords stored in the password
# history. If value is 0, used password are not stored
# and may be reused.
almapPwdPolicy.almapPwdInHistory=5
# ---------------#
# almapPwdMinAge #
# ---------------#
# Number of seconds that must elapse since the previous
modification
# before the password can be changed again
# Hardcoded value is 86400 seconds (1 day)
almapPwdPolicy.almapPwdMinAge=86400
# ---------------#
# almapPwdMaxAge #
# ---------------#
# number of seconds after which a modified password will expire.
# If the value is set to 0, the password does not expire.
# the value must be greater than or equal to the value of
almapPwdMinAge
# Hardcoded value is 7776000 seconds (90 days)
almapPwdPolicy.almapPwdMaxAge=7776000
# ----------------------#
# almapPwdExpireWarning #
# ----------------------#
# number of seconds which is the period before a password is due to
expire.
# During this period (expirationDate - almapPwdExpireWarning), the
user
# will be notified at login that his password will expire soon and
that
# he should change it. Note that the value must be less than
almapPwdMaxAge.
# If the value is 0, then no warning will be issued before the
password
# expires.
# Hardcoded value is 2592000 (30 days)
almapPwdPolicy.almapPwdExpireWarning=2592000
# -----------------------------#
# almapPwdExpirationGraceDelay #
# -----------------------------#
# number of seconds after a password expiration during which the
user will
# still be allowed to login but will be forced to change his
password.
# After password expiration + grace delay (grace delay can be 0),
# the account is automatically locked,
# Hardcoded value is 1296000 (15 days)
....................................................................................................................................................................................................................................
12-58 1350 OMS
....................................................................................................................................................................................................................................
almapPwdPolicy.almapPwdExpirationGraceDelay=1296000
# -------------------#
# almapPwdMaxFailure #
# -------------------#
# number of consecutive failed authentication attempts after which
the
# authentication is locked.
almapPwdPolicy.almapPwdMaxFailure=5
# -----------------------------#
# almapPwdFailureCountInterval #
# -----------------------------#
# Amount of time in seconds after which the authentication failure
attempt
# number is reset, even though no successful authentication
occurred.
# If the value is set to 0, the failure attempt number is only reset
by
# a successful authentication.
# Hardcoded value is 300 (5 minutes)
almapPwdPolicy.almapPwdFailureCountInterval=300
# ------------------------#
# almapPwdLockoutDuration #
# ------------------------#
# Amount of time in seconds during which the password cannot be use
to
authenticate.
# If the value is set to 0, a reset of the administrator is
requested.
# Hardcoded value is 300 (5 minutes)
almapPwdPolicy.almapPwdLockoutDuration=300
# ------------------------#
# almapPwdMaxUnusedPeriod #
# ------------------------#
# Maximum amount of time in seconds after which, if no session has
been
opened,
# the password will be automatically locked.
almapPwdPolicy.almapPwdMaxUnusedPeriod=0
# ------------------#
# almapPwdAttribute #
# ------------------#
# the name of the attribute used as a password.
# Hardcoded value is userPassword
almapPwdPolicy.almapPwdAttribute=userpassword
# -------------------#
# almapPwdEncryption #
# -------------------#
# Indicates if the password should be encrypted or not before
# storing it into the LDAP directory
# Hardcoded value is true
almapPwdPolicy.almapPwdEncryption=true
# -----------------------#
....................................................................................................................................................................................................................................
1350 OMS 12-59
....................................................................................................................................................................................................................................
# almapPwdMinDifferences #
# -----------------------#
# number of Differents in a number of character positions in the
password from
the last one
#almapPwdPolicy.almapPwdMinDifferences=2
almapPwdPolicy.almapPwdMinDifferences=2
....................................................................................................................................................................................................................................
12-60 1350 OMS
Troubleshooting Cannot Connect to the Authentication Server
....................................................................................................................................................................................................................................
Cannot Connect to the Authentication Server

Procedure
The inability to connect to the Authentication Server occurs when trying to open a Web
Desktop session.
When you cannot connect to the Authentication Server, note the following possible
reasons:
• The SAS, LDAP, or Security server application is not running.
If the server is not running:
– The SAS server application is not running. Enter the following command to verify
that the server application is running:
ps -ef | grep SAS
– LDAP server applications are not running. Enter the following command to verify
that the server application is running:
ps -ef | grep slapd.
An slapd for each product and one for the global instance should be running.
– Security Server applications are not running Enter the following command to
verify that the server application is running:
ps -ef | grep SecServer.
A Security Server for each product should be running.
• Any hook application cannot be started.
See the following trace file:
/usr/Systems/Global_Instance/maintenance/trace/sas.hooks.trace.
The /usr/Systems/Global_Instance/SSO/sas/config/hooks/StartSession.cfg file
defines the list of hook applications that must be started in order to start a session. The
start session will be blocked for the commands that are not launched in the
background mode.
• No space is available.
Space might not be available for the following file system and some processes cannot
write their trace/log files and are aborting.
/usr/Systems/<product>/maintenace
/usr/Systems/Global_Instance_9.6.0_Master
Determine the percentage of free space, which must be at least 95%, with the
following command:
bdf | grep System.
• nspd has been restarted.
....................................................................................................................................................................................................................................
1350 OMS 12-61
Troubleshooting Cannot Connect to the Authentication Server
....................................................................................................................................................................................................................................
The system could have restarted the nspd application and SAS cannot reconnect it:
– Use the command rm nspd.core to delete the core in
/usr/Systems/Global_Instance/maintenance/core/nspd.
– Enter the following commands to restart the SAS:
/usr/Systems/Global_Instance_9.6.0_Master/SSO/sas/script/
Stop_SAS_Service
/usr/Systems/Global_Instance_9.6.0_Master/SSO/sas/script/
Start_SAS_Service
• host not reachable (using the hostname) :
If you cannot reach a host using its hostname, but you can reach the host using its IP
address, you must add the corresponding host-ip_addresss in the hosts file of the
Personal Computer. The file is located in the following directory:
%windir%/system32/drivers/etc/hosts
Example:
C:/Windows/System32/drivers/etc/hosts
• Kerberos services are down.
Check Kerberos services using the following command:
ps -ef | grep kdcd
Stop and restart Kerberos services. See the Kerberos configuration section
....................................................................................................................................................................................................................................
12-62 1350 OMS
Troubleshooting Work Arounds for the MS-GUI
....................................................................................................................................................................................................................................
Work Arounds for the MS-GUI

Restart the common server for MS-GUI
When to use: Use this command if the SDH/PKT search and action menu are not
displayed or are partially displayed. This problem is related to a partial SEC
sychronization problem (explained in a pop-up message) after an installation upgrade.
This command could be useful if the MSGUI does not start.
On master machine, enter the following command line
ps -ef | grep -i comsvr_Global | grep -v grep | awk '{print $2}'
| xargs -i kill -9 {}
EML Show Alarm/Show Equipment from MS-GUI

Complete the following steps to disable the security so users can view Alarm/Equipment
from MS-GUI:
...................................................................................................................................................................................................
1 Edit line 145 of the/usr/Systems/Global_Instance/WebDesktop/MSGUI/start.pl file by

replacing:
debug
With:
user.
...................................................................................................................................................................................................
2 Edit line 145 of the /usr/Systems/Global_Instance/WebDesktop/MSGUI/msgui.wsd

file by replacing:
<BINDMESS>MSGUI_Global_Instance-810</BINDMESS>
With:
<BINDMESS></BINDMESS>
Edit line 61 in the same file by replacing
<STARTMESSAGE>post NGGUI start,: </:STARTMESSAGE> with
<STARTMESSAGE></:STARTMESSAGE>
...................................................................................................................................................................................................
3 Enter the following command to restart the common server of the Global Instance:
ps -ef | grep -i comsvr_Global | grep -v grep | awk '{print $2}'
| xargs -i kill -9 {}
...................................................................................................................................................................................................
4 Delete the following file:

/usr/Systems/Global_Instance/WebDesktop/MSGUI_RESOURCES/FADMapping.xml
....................................................................................................................................................................................................................................
1350 OMS 12-63
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
5 On the client machine, use ftp to manually retrieve the IntraSystemsNavigations.cfg file
from the /usr/Systems/EML_1/Kernel/data directory to the C:/tmp/runtimeDir/<host
ip address>/EML_1-9.6.0/Kernel/data client directory.
...................................................................................................................................................................................................
6 As the root user, run the following script

...................................................................................................................................................................................................
7 And, remember to run the following command:

/alu/Kernel/script/UpdateNetworkConnections.pl -nointeract
EML show equipment from MS-GUI (IntraSystemNavigation)

In some 1350 OMS deliveries, to navigate to EML USM., do the following:
• Verify on client if the directory EML_1-9.6.0/Kernel/data exists.
If the directory is exists, use ftp to retrieve the file IntraSystemsNavigations.cfg
from the directory /usr/Systems/EML_1/Kernel/data to C:/tmp/runtimeDir/<host
ip address>/EML_1-9.6.0/Kernel/data
• Execute on the master server the following command line:
Use the following command to introduce the KERNEL_DISPATCHER_<EML Instance>
instead of KERNEL_DISPATCHER.
Occasionally (for example after an MSGUI fast customization) to re-enable navigation to
the EML external application, enter the following command on the server:
Example (the instance of EML is 1):
Recover menu items that are hidden/not sensitive

If menu items are hidden, for example EML, SDH, WDM, or PKT items are not
displayed on the Search menu, the reason can be one of the following:
1. The synchronization between SEC services and the common server is not correct.
Restart the common server using following command:
ps -ef | grep -i comsvr_Global | grep -v grep | awk '{print
$2}' | xargs -i kill -9 {}
Stop and restart the MSGUI.
2. If the previous action does not solve the problem, check the following file:
....................................................................................................................................................................................................................................
12-64 1350 OMS
....................................................................................................................................................................................................................................
/usr/Systems/Global_Instance/COMMONSVR/conf/jacapi.properties
In the following line:
# list of the used sec servers, format=[ServerId/StandardNS/serverHost:serverPort,
serverId/StandardNS/serverHost:serverPort, ..]
com.alcatel.almap.sec.jacapi7.servers=1/PKT_1-9.6.0/151.98.179.80:5124,
2/WDM_1-9.6.0/151.98.179.80:5090,3/SDH_1-9.6.0/151.98.179.80:5055,4/EML_1-
9.6.0/151.98.179.80:5135
Insert the following:
SecServer_
Example:
# list of the used sec servers, format=[ServerId/StandardNS/serverHost:serverPort,
serverId/StandardNS/serverHost:serverPort, ..]
com.alcatel.almap.sec.jacapi7.servers=1/SecServer_PKT_1-
9.6.0/151.98.179.80:5124,2/SecServer_WDM_1-9.6.0/151.98.179.80:5090,
3/SecServer_SDH_1-9.6.0/151.98.179.80:5055,4/SecServer_EML_1-
9.6.0/151.98.179.80:5135
Restart the common server using the following command:
ps -ef | grep -i comsvr_Global | grep -v grep | awk '{print
$2}' | xargs -i kill -9 {}
Stop and restart the MSGUI.
3. If the previous action does not solve the problem, a bad customization of the product
(e.g. EML) could exist. Stop the server for the product (see How to restart the
services) and re-customize the product.
If the items are present but not sensitive, the GUI server that is related to the system is not
correctly connected. See “Server is not correctly connected in the MS-GUI” (p. 12-65).
Only as an extreme work around, comment the content of the FADMapping.xml file:
/usr/Systems/Global_Instance-9.6.0/MSGUI/resources/FADMapping.xml
And restart the MS-GUI.
Server is not correctly connected in the MS-GUI

If the server is not correctly connected in the MS-GUI, look in the menu files, button
properties:
• If PKT is not connected, restart PktGuiServer on the master (or presentation )
machine. Find the PID with the following command:
ps -ef | grep -i PktGui
Kill -9 PID
• If MAP is not connected, restart TopoGuiServer on the master (or presentation )
....................................................................................................................................................................................................................................
1350 OMS 12-65
....................................................................................................................................................................................................................................
ps -ef | grep -i Topo
Kill -9 PID
• If TDM is not connected, restart TdmGuiServer on the master (or presentation )
ps -ef | grep -i TdmGui
Kill -9 PID
• If TM is not connected, restart PnmGs on the master (or presentation ) machine. Find
the PID with the following command:
ps -ef | grep -i Pnm_GS
Kill -9 PID
• If WDM is not connected, restart the WDM GUI server on the master (or presentation
) machine.
The WDM GUI server can be restarted using the following procedure:
Login as wdm user.
Enter the following command lines:
/usr/Systems/WDM_1/guiServer/wdm/script/wdm_stop.sh
/usr/Systems/WDM_1/guiServer/wdm/script/wdm_start.sh
/usr/Systems/WDM_1/guiServer/sonet/script/sonet_stop.sh
/usr/Systems/WDM_1/guiServer/sonet/script/sonet_start.sh
....................................................................................................................................................................................................................................
12-66 1350 OMS
Troubleshooting Work Arounds for Database Management
....................................................................................................................................................................................................................................
Work Arounds for Database Management

EML Database Corruption
Complete the following steps if the EML database is corrupt:
1. Stop the EML system.
2. Execute following commands:
rm /usr/Systems/<INSTANCE>/databases/dbaxadmin/data/MYSQL/
<hostname>-relay-bin.index
rm /usr/Systems/<INSTANCE>/MirrorArea/<INSTANCE>/axadmin/arch/
<hostname>-bin.*
3. After execution, restart the EML.
Rebuild TMF Server Database

Complete the following steps to rebuild the TMF server database.
If the TMF server application cannot start, enter the following commands to rebuild the
GEM database:
1. If the TMF server application cannot start, enter the following commands to rebuild
the GEM database:
cd /usr/Systems/EML_1_9.6.0_Master/MYSQL/script
./db_delete.pl GEMDB
./db_create_empty.pl GEMDB
2. Start MySQL and stop the AppServer process. (The EMLIM group normally has
index 100).
cd /usr/Systems/EML_1_9.6.0_Master/EMLIMGEM3/script
./initDB
3. When the NMA package is installed, create the GEM database.
Note: This step is mandatory for the first installation of this NMA_9.6.0.04 load,
because this load delivers a separate MySQL instance. The step may be skipped for
the future loads if you want to retain the old GEM database.
4. Enter the following commands:
cd /usr/Systems/EML_<ID>/NMAMYSQL
script/configure_mysql
cd /usr/Systems/EML_/EMLIMGEM3/script
./initDB
Stop and Start SDH Database

To connect the Oracle database, enter the following commands to stop and start it
....................................................................................................................................................................................................................................
1350 OMS 12-67
Troubleshooting Work Arounds for Database Management
....................................................................................................................................................................................................................................
su - snml
. /snml1/.snmlrc
/usr/Systems/SDH_1/ORACLE/databases/dbnml/etc/stop_db immediate
/usr/Systems/SDH_1/ORACLE/databases/dbnml/etc/start_db
Note: To determine if there is enough disk space, execute the following command:
su - snml
. /snml1/.snmlrc
sqlplus sys/manager as sysdba
If the space is reduced, enter the following command to remove archive files
usr/Systems/SDH_1_9.6.0_Master/MirrorArea/SDH_1-9.6.0/snml/arch:
rm *.arch
eOMS Database Setup

When the system is installed on a scratch machine and, after EOMS system configuration,
the procedure reports some errors about the connection to the Oracle Database. We
suggest that you enter the following commands:
/opt/lucent/oms/oms_setup
/opt/lucent/cache/cache_setup
/opt/lucent/platform/bin/lt_add_controller -install
/opt/lucent/platform/bin/lt_add_controller -type NMA -name EML_1_NMA
....................................................................................................................................................................................................................................
12-68 1350 OMS
Troubleshooting General Work Arounds for Application Problems
....................................................................................................................................................................................................................................
General Work Arounds for Application Problems

Application does not start (needs an already used port)
If an application does not start and if you look at its trace file in the
/usr/System/<Instance>/maintenenace/trace directory and you determine that another
application is already using the port, and that port is the busy port and that application is
that application that keeps the port in use, then use the kill command to terminate that
application.
For example, if AS_CUR_IM in EOMS did not start, use the
grep -i ascurim /etc/services | grep -i eoms command to display the port
information, which will be similar to the following output:
ascurim_corba_socket_EOMS_1-9.6.0 5087/tcp
# Added by OS-Kernel (Relocatable Service) <date/time stamp>
ASCURIM__1_EOMS_1-9.6.0 5175/tcp
ASCURIM__2_EOMS_1-9.6.0 5176/tcp
Use the command netstat -an | grep 5175 to display the state of the port. Output
similar to the following is displayed:
tcp 0 0 151.98.28.62.56107 151.98.28.62.5175

ESTABLISHED
tcp 0 0 151.98.28.62.5175 151.98.28.62.56107
ESTABLISHED
tcp 0 0 *.5175 *.* LISTEN
tcp 0 0 151.98.28.62.60309 151.98.28.62.5175
ESTABLISHED
tcp 0 0 151.98.28.62.5175 151.98.28.62.60309 ESTABLISHED
Use the command /alu/Kernel/bin/lsof -P | grep TCP | grep 5175, which
is the PID of the application that keeps port 5175 in use. Output similar to the following is
displayed:
pnmim 16482 axadmin 18u IPv4 0xe00000016e7ff200 0t0 TCP ipb062:60309->

ipb062:5175 (ESTABLISHED)
epimd 20440 root 3u IPv4 0xe00000016e4acac0 0t0 TCP *:5175
(LISTEN)
epimd 20440 root 11u IPv4 0xe0000001700fc580 0t0 TCP ipb062:5175->
epimd 20440 root 12u IPv4 0xe00000017143eac0 0t0 TCP ipb062:5175->
fmcurusms 26910 root 13u IPv4 0xe000000171582740 0t0 TCP ipb062:56107->
Enter the command:
ps -ef | grep 20440 root 20440 1 0 Feb 23 ? 1:54 epim_cmis_
SDH_1-9.6.0_
Enter the following command to unblock the port and to start AS_CUR_IM of EOMS:
....................................................................................................................................................................................................................................
1350 OMS 12-69
Troubleshooting General Work Arounds for Application Problems
....................................................................................................................................................................................................................................
kill -9 20440
Oracle monitor application is down but there are active oracle processes
If the oracle_monitor_process is down, but the command
ps -u axadmin | grep oracle returns an existing process, we suggest that you, as
the axadmin user on EML master server, manually shutdown the current Oracle instance.
Note: oracle is also the password that you have to enter.
cd /usr/Systems/EML_*Master/eml/EMLIMSNA/script/
. set_sna_env
sqlplus /nolog
SQL*Plus: Release <release number> - Production on <date/time stamp>
Copyright (c) 1982, 2006, Oracle. All Rights Reserved
SQL> connect as sysdba;
Enter user-name: oracle
Enter password: Connected.
SQL> shutdown abort;
....................................................................................................................................................................................................................................
12-70 1350 OMS
Troubleshooting Work Arounds for File System Management
....................................................................................................................................................................................................................................
Work Arounds for File System Management

EML File System Full
If the EML file system is full, the problem could be related to the mirror area.
If the MySql database is installed, complete the following steps. In the example given, the
EML instance is 1:
1. Verify that MySQL is NOT running; then, stop the EML instance.
2. Enter the following command lines:
cd /usr/Systems/EML_1_9.6.0_Master/MirrorArea/EML_1-9.6.0/
axadmin/arch
rm ipb021-bin.*
touch ipb021-bin.index
In the previous step, you could have saved space, but the command would be the
following:
/usr/Systems/EML_1_9.6.0_Master/MirrorArea/EML_1-9.6.0/ORACLE/
arch
In general, the command is the following:
/usr/Systems/EML_1_9.6.0_Master/MirroeArea/<EML-INST>/ORACLE/arch
SDH File System is Full

If the SDH file system is full, the problem could be related to the Mirror Area.
Complete the following steps:
1. Verify that the MySQL is not running; then, stop SDH instance:
cd /usr/Systems/SDH_1_9.6.0_Master/MirrorArea/SDH_1-9.6.0/
snml/arch
rm *.arc
PKT File System Full

If the PKT file system is full, the problem could be related to the Mirror Area.
1. Verify that the MySQL is not running; then, stop PKT instance:
cd /usr/Systems/PKT_1_9.6.0_Master/MirrorArea/bmml/arch
rm *.arc
....................................................................................................................................................................................................................................
1350 OMS 12-71
Troubleshooting Work Arounds for File System Management
....................................................................................................................................................................................................................................
To completely clean PKT tables, complete the following steps
1. Stop all PKT applications, except Oracle Database.
2. Connect to the system using the su -bmmml command.
3. Launch the following script:
/usr/Systems/PKT_1/databases/dbbmml/admin/create/
CleanTables.sh
4. Restart the PKT application.
Oracle file system full

If /opt/Oracle reaches 100%, a bug in Oracle occurs.
1. Change directories to the following directory:
/opt/oracle/10.2.0/dbs
2. Use the following command to remove an archive file that has the format
archarch_1_99_658066611.arc:
rm archarch_*.arc
....................................................................................................................................................................................................................................
12-72 1350 OMS
Troubleshooting Abbreviations
....................................................................................................................................................................................................................................
Logging
Description
The NMA includes two basic sets of logs, each of which can be modified while the server
is up-and-running:
• Debug/Trace logs, which trace the NMA server actions.
• TL1 logs, which trace the TL1 sent to and received from the NE messages.
Trace/Debug logs
Trace logs are located in the maintenance/gemtrace directory. The basic log files are the
following:
• gemServer_ems.trace
• gemServer_ems.error
• tmfserver.trace
• tmfserver.error
• jboss_gemServer_ems.log
When logs reach a maximum size, a new log file is created and the old logs are
renumbered. The logs contain the following:
• gemServer_ems.trace and gemServer_ems.error
These logs contain tracing for NMA logged from NMA code. If NMA catches an error
and logs it, it will be in these files. At the default INFO level, this log contains major
events such as starting/completing domain alignment and TL1 commands and their
time to completion (TL1 responses are not logged here).
• tmfserver.trace and tmfserver.error
These logs contain tracing for the TMF server.
• jboss_gemServer_ems.log
This file contains log records from JBoss itself, which includes error messages from
exceptions that are thrown by NMA, but are not caught by NMA (caught by JBoss) .
Additionally, a jboss_gemServer.stdout file captures the standard output of the Java
process. Generally, this file is not used, but thread dumps are written to this file.
These log files are based on a log4j logging package from the Apache group
(http://logging.apache.org). The log4j-defined server-configuration file that controls
logging for the TMF server is the following:
TMF/data/log4j.tmfServer.xml
This file, which can be modified, is located in the following directory:
EMLIMGEM3/jboss/server/ems/conf/log4j.xml
....................................................................................................................................................................................................................................
1350 OMS 12-73
Troubleshooting Logging
....................................................................................................................................................................................................................................
The logging system is based on a hierarchy of named loggers, the base of which is
com.alcatel.gem.trace.
Two additional loggers are the following:
– com.alcatel.gem.trace.tl1pc
– com.alcatel.gem.trace.exsnmp
Jboss logging is also based on the same log4j package and detailed logging of JBoss
is also possible. A sample file (Log4J.xml) gives examples for turning on more
detailed JBoss logging, shows how to write to new files, and shows how to set the log
level to specific values for various named loggers.
TL1 logs
TL1 logs are also implemented using log4j, but are not controlled by a typical log4j
configuration file because the logger names are the NE names are therefore dynamic.
Configuration of these files is through the typical configuration used by end users.
TL1 logs are at a low level and they are unprocessed other than basic TL1 parsing. The
content of the TL1 log is basically what comes from the NE−the exact text of the TL1
command, responses, events, and acknowledgements. RTRV-PM commands/responses
are filtered out by defaul, which is controlled by a configuration value.
The TL1 log also shows entries when a session is opened, closed, and fails. TL1
command failure is also logged. One TL1 log file is set for each NE that rolls based on
time (not size) and thus can get large.
The following file:
EMLIMGEM3/jboss/server/ems/deploy/properties-service.xml
contains configuration parameters to control the TL1 logs. Most parameters are well
documented in the XML comments in this file. Changes to TL1 logging do not take affect
until supervision is stopped and restarted. The server does not have to be restarted.
Two additional parameters are available:
• tl1comm.neLogMaxDaysKept determines the number of days of TL1 logs that are
kept. The default is 7. The value can range from [1, 14].
• If tl1comm.includeInLogPM is true, RTRV-PM-* commands and responses are
included in the TL1 logs.
TL1 I/O logs

TL1 parsing engines also support an additional log, which is named using random
numbers, that is intended to debug I/O problems with an NE. This logging occurs even
before TL1 parsing, and thus can be used to debug scenarios in which an NE is sending
invalid characters or TL1. This log file does not roll; meaning, it can continue to grow
and it is not easy to use and should only be used when really needed.
The configuration file EMLIMGEM3/jboss/server/ems/deploy/properties-service.xml
can also contain these values.
....................................................................................................................................................................................................................................
12-74 1350 OMS
Troubleshooting Logging
....................................................................................................................................................................................................................................
The following configuration parameters control this logging:
• neIOLogPath controls which directory these I/O logs are created in. The directory
must already exist.
• neIOLogFlag controls the logging. Possible values are in, out, or both. Any other
value implies the feature is off. The in value logs all input from the NE. The out value
logs all output to the NE, and both logs both input and output.
Possible values are the following
– in logs all input to the NE
– out logs all output from the NE.
– both logs both input and output to the NE.
– Any other value besides in, out, or both implies that the feature is off.
When turned on, at supervision time, a file named tl1io_xxxxx.debug is be created that
contains all characters sent over this socket based on the configuration. If multiple NEs
are sharing the same socket (GNE with RNEs), all characters are logged to the same file.
This is a character-by-character log and has no knowledge of TL1 of the NEs involved.
This file also never rolls. Everything from socket open to close is logged into the same
file and the file is never removed. It must be manually removed. Changes to this
configuration require stopping/starting supervision. Use this log only to debug cases
where the NE generates illegal TL1 that the normal parsing rejects and thus is not seen in
the normal TL1 logs. Do not leave this logging on for long time because you will run out
of disk space.
....................................................................................................................................................................................................................................
1350 OMS 12-75
Troubleshooting Configuration
....................................................................................................................................................................................................................................
Configuration
Description
The NMA/JBoss combination includes a large number of configuration files to control,
but NMA only adds a few of its own. One is designated for parameters that the end user
can modify. Others should be determined at installation time and not changed.
User configurable file

The file EMLIMGEM3/jboss/server/ems/deploy/properties-service.xml contains
configuration values intended for the end user. The general rule is that changes that are
made here are reflected as soon as possible For example, changes to TL1 time-outs will
be used after only a few seconds. Changes to logging require the starting/stopping of
supervision.
The administrator must be familiar with the behavior of the system in case the values in
this file are missing or invalid.
As an example, assume a numerical parameter has a range of [10, 20] and a default of 15.
If the user configures a value of 1, 10 will be used. If the user configures a value of 37, 20
will be used. If the user configures a value of “foo” the system will use 15 (the default).
Most available parameters that can be used in this file are well documented. There are a
couple of exceptions (PM and the TL1 I/O logs previously defined).
Non-user configurable file

In addition to the user-configurable
EMLIMGEM3/jboss/server/ems/deploy/properties-service.xml file, another
configuration file, the file EMLIMGEM3/jboss/server/ems/deploy/gemcfg-
service.xml, contains parameters that should not be used by a user and could leave the
system unstable if configured incorrectly. There are some important values here that are
discussed below.
• eclipse.PostRIGenerationCmd specifies where to write RI information. If not
configured, no RI information will be output.
• eclipse.RIOutputDir specifies the command to run after RI information is generated.
If not configured, no command is run. Note that this is independent of the generation.
It is possible to generate the file and not run the command.
• ne.supervisionLimit specifies the maximum number of NEs that can be supervised at
one time. There is no limit on the number of NEs that can be declared. This value is
DES encrypted using the class com.alcatel.gem.des.Mangle.
The following jython script can generate a new value that limits supervision to 100
NEs:
– from com.alcatel.gem.des import Mangle
– print Mangle.mangle (‘100’)
....................................................................................................................................................................................................................................
12-76 1350 OMS
....................................................................................................................................................................................................................................
The output value can be used directly.
• jboss-mysql.force.innodb forces JBoss to create tables of the type InnoDB, which
should only be used with MySQL.
Other Configuration
Other configuration values are usually based on built in JBoss values. These can generally
be found in two places.
• Files in the EMLIMGEM3/jboss/server/ems/deploy are scanned by Jboss and are
loaded when possible. Avoid saving backup files and other files in this directory.
JBoss will scan them and try to deploy them. Saving a jar file in this directory is a
sure way to cause problems. Contained directories may also cause problems, but it
depends on the directory and the rules for loading the contents of the contained
directory. For example, anything in the jms directory will be treated just like files in
the deploy directory. Files in the gem.ear directory are not reloaded if the
gem.ear/META-INF/application.xml file (or the jboss-app.xml file) are not also
modified (touched). It is safer to simply not keep backup copies in this directory.
• Files in the EMLIMGEM3/jboss/server/ems/conf directory are loaded by JBoss on
startup only. The log4j.xml file is the only exception. Documentation on most of these
files (and some in the deploy directory) can be found at the JBoss web site
(http://labs.jboss.com/jbossas/docs/index.html).
....................................................................................................................................................................................................................................
1350 OMS 12-77
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
12-78 1350 OMS
13 GSP and MP Configuration
13
Overview
Purpose
information and the associated tasks that pertain to the Guardian Service Processor (GSP)
and the Management Processor (MP).
Contents
GSP and MP Overview 13-2

Configure the GSP 13-3
Verify Access to the GSP LAN Console 13-11
Access to the GSP Console 13-13
Configure the MP 13-15
...................................................................................................................................................................................................................................
1350 OMS 13-1
GSP and MP Configuration GSP and MP Overview
....................................................................................................................................................................................................................................
GSP and MP Overview

Two types of configurations
The HP9000 Servers are configured with either of the following:
• Guardian Service Processor (GSP)
• Management Processor (MP)
Note: The service processor in HP® servers is sometimes called the HP® Guardian
Service Processor (GSP) or the HP® Management Processor (MP). The service
processor is a service and console subsystem on the HP9000 Servers.
Functional requirements
To use the system console, the administrator must use a local VT100 terminal or a PC
with a VT100 terminal emulator.
The GSP can be configured so the system console can be used through a LAN
connection. In addition, GSP rev B provides web console functionality.
If a PC with the VT100 terminal emulator is in use, the administrator must have an
RS-232, 9-24 pin male/male cable adapter.
....................................................................................................................................................................................................................................
13-2 1350 OMS
GSP and MP Configuration Configure the GSP
....................................................................................................................................................................................................................................
Configure the GSP

When to use
Use this task to configure the Guardian Service Processor (GSP).
Related information
• “GSP and MP Overview” (p. 13-2)
Before you begin

This task consists of the following tasks:
• “Task 1: Access the GSP” (p. 13-3)
• “Task 2: Configure the GSP LAN Console” (p. 13-4)
• “Task 3: Configure the Administrator Profile” (p. 13-6)
• “Task 4: Configure the LAN Access” (p. 13-9)
To configure the GSP LAN console, you must have the following information available:
• An IP address for the GSP
• A hostname for GSP
• The subnet mask
• The IP address of the gateway
• Username for GSP administrator (optional)
• Password for GSP administrator (optional)
The output samples that are provided in this task are samples from GSP rev A. GSP rev B
might have output that differs.
Task 1: Access the GSP

Complete the following steps to configure the Guardian Service Processor (GSP).
...................................................................................................................................................................................................
1 Connect a terminal or a PC to the console serial port.

...................................................................................................................................................................................................
2 Press the Control + b keys to enter the GSP:

<CRTL>+b
Leaving Console Mode-you may lose write access. When Console Mode
returns,
type
Ecf to get console write access
....................................................................................................................................................................................................................................
1350 OMS 13-3
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
3 Press the Enter key:

[Enter]
[Read only - use

Ecf for console write access.]
...................................................................................................................................................................................................
4 If the GSP prompt is not displayed, enter the following:

<Ctrl>+E
c f
Result: The GSP>prompt is displayed.
E...................................................................................................................................................................................................
N D O F S T E P S
Task 2: Configure the GSP LAN Console

Complete the following steps to configure the GSP LAN console.
...................................................................................................................................................................................................
1 At the GSP> prompt, enter the following command to modify LAN connections:
lc [Enter]
Result: The GSP outputs a display that is similar to the following:
This command allows you to modify the LAN configuration.

Current configuration:
MAC Address : 0x00306e0860d4
IP Address : 127.0.0.1
GSP Host Name: uninitialized
Subnet Mask : 255.255.255.0
Gateway : 127.0.0.1
...................................................................................................................................................................................................
2 At the following prompt, enter Y to modify the LAN configuration:

Do you want to modify the LAN configuration? (Y/[N]) Y
Result: The GSP outputs a display that is similar to the following that shows the
current IP address and prompts you for a modification decision:
Current IP Address: 127.0.0.1

Do you want to modify it? (Y/[N])
...................................................................................................................................................................................................
3 At the following prompt, enter Y to modify the current IP address that is displayed:
....................................................................................................................................................................................................................................
13-4 1350 OMS
....................................................................................................................................................................................................................................
Do you want to modify it? (Y/[N]) Y [Enter]
...................................................................................................................................................................................................
4 At the following prompt, enter the current IP address of the GSP LAN:
Enter new IP Address: <GSP LAN IP Address> [Enter]
New IP Address: <GSP LAN IP Address>
...................................................................................................................................................................................................
5 At the following prompt, confirm the current IP address of the GSP LAN if it is correct:
New IP Address: <GSP LAN IP Address>
Confirm? (Y/[N]) Y [Enter]
* IP Address will be updated.
In a series of prompts, the GSP prompts you for modifications to the hostname, subnet
mask, and gateway.
...................................................................................................................................................................................................
6 At the following prompts, enter the appropriate information regarding the GSP host name:
Current GSP Host Name: uninitialized
Enter new GSP Host Name: <hostname> [Enter]
-> GSP Host Name will be updated.
The GSP now prompts for the current subnet mask.
...................................................................................................................................................................................................
7 At the following prompts, enter the appropriate information regarding the subnet mask:
Current Subnet Mask: 255.255.255.0
Enter new Subnet Mask: <subnet mask> [Enter]
-> Subnet Mask will be updated.
The GSP now prompts for the current gateway.
...................................................................................................................................................................................................
8 At the following prompts, enter the appropriate information regarding the gateway:
Current Gateway: 127.0.0.1
Do you want to modify it? (Y/[N]) (Default will be IP Address Y
....................................................................................................................................................................................................................................
1350 OMS 13-5
....................................................................................................................................................................................................................................
Enter new Gateway: <gateway IP address> [Enter]
New Gateway: <gateway IP address>
Result: The GSP outputs a display that is similar to the following and the GSP
prompt reappears:
-> Gateway will be updated.

-> Settings have been updated.
GSP>
E...................................................................................................................................................................................................
N D O F S T E P S
Task 3: Configure the Administrator Profile

Complete the following steps to configure the administrator profile:
...................................................................................................................................................................................................
1 At the GSP> prompt, enter the following command to modify the security options so you
can configure the administrator profile:
so [Enter]
This command allow you to modify the security options and access control.
GSP wide parameters are:
. Login Timeout: 1 minutes.
. Number of Password Faults allowed: 3
. Flow Control Timeout: 5 minutes.
...................................................................................................................................................................................................
2 At the following prompt, enter n so the GSP wide parameters are not modified:
Do you want to modify the GSP wide parameters? (Y/[N]) n
Result: The GSP outputs a display that is similar to the following about the first user
profile. Note all the fields are empty:
User number 1 parameters are:

. User's Name:
. User's Login:
. Organization's Name:
. Dial-back configuration: Disabled
. Access Level: Operator
. Mode: Single
. User's state: Disabled
...................................................................................................................................................................................................
3 At the following prompt, enter y so you can modify the user number 1 parameters:
....................................................................................................................................................................................................................................
13-6 1350 OMS
....................................................................................................................................................................................................................................
Do you want to modify the user number 1 parameters? (Y/[N]/Q to
quit) y
Result: The GSP outputs a series of prompts about the current and new user name.
...................................................................................................................................................................................................
4 At the following prompts, enter the required information for the current and new user
name:
Current User's Name [Enter]
Enter new User's Name root [Enter]
New User's Name root [Enter]
Result: The GSP outputs a message similar to the following about current and new
user name.
-> User's Name will be updated.
The GSP now prompts you for organizational name changes.
...................................................................................................................................................................................................
5 At the following prompt, enter n so you do not modify the organization name:
Current Organization's Name:
Do you want to modify it? (Y/[N]) N
Result: The GSP outputs a series of prompts about the user name for the login.
...................................................................................................................................................................................................
6 At the following prompts, enter the required information for the user name for the login.
Logging in as root is not mandatory.
Enter new Login root [Enter]
Enter new Login for confirmation root [Enter]
Result: The GSP outputs a message similar to the following about the current and
new user name.
-> Login will be updated.
The GSP now prompts you for password changes.
...................................................................................................................................................................................................
7 At the following prompts, enter the required information for the password, which is not
displayed:
Do you want to modify the current password? (Y/[N]) Y
Enter new Password <type new password here> [Enter]
Enter new Password for confirmation
<re-type new password here> [Enter]
....................................................................................................................................................................................................................................
1350 OMS 13-7
....................................................................................................................................................................................................................................
Result: The GSP outputs a message similar to the following about the password.
-> Password will be updated.
The GSP now prompts you for dial-back options.
...................................................................................................................................................................................................
8 At the following prompt, enter n so you do not modify the dial-back options:
Current Dial-back configuration: Disabled
Do you want to modify it? (Y/[N]) N
Result: The GSP outputs a series of prompts about the access level.
...................................................................................................................................................................................................
9 At the following prompts, enter the required information for the access level:
Current Access Level: Operator
Do you want to modify it? (Y/[N]) Y
Enter new Access Level (Operator / Administrator) A [Enter]
New Access Level: Administrator
Confirm? (Y/[N]): Y [Enter]
Result: The GSP outputs a message similar to the following about the access level.
-> Access level will be updated.
The GSP now prompts you for mode options.
...................................................................................................................................................................................................
10 At the following prompts, enter the required information for the mode:
Current Mode: Single
Enter new Mode (Single / Multiple): M [Enter]
New Mode: Multiple
Result: The GSP outputs a message similar to the following about the mode.
-> Mode will be updated.
The GSP now prompts you for user state options.
...................................................................................................................................................................................................
11 At the following prompts, enter the required information for the current user state:
Current User's state: Disabled
Enter new User's state (Enabled / Disabled): E [Enter]
New User's state: Enabled
....................................................................................................................................................................................................................................
13-8 1350 OMS
....................................................................................................................................................................................................................................
Result: The GSP outputs a message similar to the following about the user.
-> User's will be updated.
The GSP now outputs a display similar to the following for the second user profile:
User number 2 parameters are:

. User's Name:
. User's Login:
. Organization's Name:
. Dial-back configuration: Disabled
. Access Level: Operator
. Mode: Single
. User's state: Disabled
...................................................................................................................................................................................................
12 At the following prompt, enter q to quit the prompting sequence so the second user
profile is not modified:
Do you want to modify the user number 2 parameters? (Y/[N]/Q to
quit) q
Result: The GSP outputs a message similar to the following:
-> Settings have been updated.

User may be disconnected in this process
E...................................................................................................................................................................................................
N D O F S T E P S
Task 4: Configure the LAN Access

Complete the following steps to configure the LAN access.
...................................................................................................................................................................................................
1 At the GSP> prompt, enter the following command to enable LAN access:
el [Enter]
Current LAN port access: Disabled

Do you want to modify this configuration? (Y/[N]) y [Enter]
LAN port access options:
Note for GSP rev A, a display similar to the following is output:
[A] All access enabled

[D] All access disabled
Note for GSP rev B, a display similar to the following is output:
[A] All access enabled - both Telnet and Web

[D] Disable LAN port - prevent Telnet and Web access
....................................................................................................................................................................................................................................
1350 OMS 13-9
....................................................................................................................................................................................................................................
[T] Telnet only enabled
[W] Web only enabled
...................................................................................................................................................................................................
2 At the following prompts, enter A to enable all access:

Please indicate the new mode for the LAN port,
or <CR> to retain current value. Choose one of (...): A [Enter]
Result: The GSP outputs a display that is similar to the following that shows that the
new LAN port settings are enabled:
New LAN port access settings will be: Enabled
...................................................................................................................................................................................................
3 At the following prompt, enter Y to confirm the settings:

Result: The GSP outputs a display that is similar to the following that shows that the
new LAN port settings are enabled:
Current LAN port access: Enabled
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
13-10 1350 OMS
GSP and MP Configuration Verify Access to the GSP LAN Console
....................................................................................................................................................................................................................................
Verify Access to the GSP LAN Console

When to use
Use this task to verify access to the GSP LAN console.
Related information
Before you begin

The behavior of the GSP is dependent on the last connection; therefore, the output
samples that are displayed in this task might differ from your output.
Task
Complete the following steps to verify access to the GSP LAN console.
...................................................................................................................................................................................................
1 Enter the following command to connect to the GSP:

....,sys,root # telnet <GSP IP Address> [Enter]
Result: The GSP displays output that is similar to the following:
Trying...
Connected to .......
Escape character is '
]'.
Local flow control off
Service Processor login: root
Service Processor password:
Hewlett-Packard Guardian Service Processor
9000/800/L1000-36 System Name:
...................................................................................................................................................................................................

9000/800/L1000-36 System Name: [Enter]
[Read only - use Ecf for console write access.]
...................................................................................................................................................................................................
3 At the following prompt, enter the following command:

<Ctrl>+E c f [Enter]
[bumped user - ]
....................................................................................................................................................................................................................................
1350 OMS 13-11
GSP and MP Configuration Verify Access to the GSP LAN Console
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................

[bumped user - ] <Ctrl>+B [Enter]
Leaving Console Mode - you may lose write access. When
Console Mode returns, type Ecf to get console write
access. GSP>
...................................................................................................................................................................................................
5 Enter the following command sequence to close the connection:

<Ctrl>+
And, at the Telnet prompt, enter the following:
close [Enter]
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
13-12 1350 OMS
GSP and MP Configuration Access to the GSP Console
....................................................................................................................................................................................................................................
Access to the GSP Console

When to use
Use this task to access to the GSP console.
Related information
Before you begin

The behavior of the GSP is dependent on the last connection; therefore, the output
samples that are displayed in this task might differ from your output.
Task
Complete the following steps to access the GSP console.
...................................................................................................................................................................................................
1 Complete the steps in the “Task 1: Access the GSP” (p. 13-3) task.
...................................................................................................................................................................................................
2 At the GSP> prompt, enter the following command to get into console mode in the GSP:
co [Enter]
Leaving Guardian Service Processor Command Interface and entering

Console mode. Type Ctrl-B to reactivate the GSP Command Interface.
...................................................................................................................................................................................................

Type Ctrl-B to reactivate the GSP Command Interface. [Enter]
...................................................................................................................................................................................................

<Ctrl>+E c f [Enter]
[bumped user - ]
...................................................................................................................................................................................................
....................................................................................................................................................................................................................................
1350 OMS 13-13
GSP and MP Configuration Access to the GSP Console
....................................................................................................................................................................................................................................
[bumped user - ] [Enter]
GenericSysName [HP Release B.11.31] (see /etc/issue)
Console Login:
...................................................................................................................................................................................................
6 At the following prompt, log in and continue the login process:

Console Login: <user ID> [Enter]
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
13-14 1350 OMS
GSP and MP Configuration Configure the MP
....................................................................................................................................................................................................................................
Configure the MP
When to use
Use this task to configure the Management Processor (MP).
Related information
Before you begin

To configure the MP LAN console, you must have the following information available:
• An IP address for the MP
• A hostname for the MP
• The subnetmask
• The IP address of the gateway
Once you access the MP, you can enter HE to get help on any MP function.
Task
Complete the following steps to configure the Management Processor (MP).
...................................................................................................................................................................................................
1 Connect a terminal or a PC to the console serial RS-232 port.

...................................................................................................................................................................................................
2 Press the Enter to enter the MP:

Enter
Result: The tool requests you to log in.
...................................................................................................................................................................................................
3 At the following prompts, enter the Admin login and password to access the MP:
MP password:
MP login: Admin
MP password: Admin
Result: The tool outputs a welcome screen, followed by a display that is similar to
the following:
MP MAIN MENU:
CO: Consoles
VFP: Virtual Front Panel (partition status)
CM: Command Menu
CL: Console Logs
SL: Show chassis Logs
....................................................................................................................................................................................................................................
1350 OMS 13-15
....................................................................................................................................................................................................................................
HE: Help
X: Exit Connection
Note at any time you can enter HE to get help on any MP function.
...................................................................................................................................................................................................
4 At the MP> prompt, enter the CM command to access the Command Menu:
MP> CM
Result: The tool outputs the MP:CM> prompt and a display that is similar to the
following:
Enter HE to get a list of available commands
...................................................................................................................................................................................................
5 At the MP:CM> prompt, enter the LC command to access the LAN console:
This command modifies the LAN parameters.

Current configuration of MP LAN interface
MAC address : 00:30:6e:38:b2:d0
IP address : 127.0.0.1 (0xef000001)
Hostname : notdefined
Subnet mask : 255.0.0.0 (0xff000000)
Gateway : 0.0.0.0 (0x00000000)
Status : UP and RUNNING
AutoNegotiate : Enabled
Data Rate : 10 Mb/s
Duplex : Half
Error Count : 46e
Last Error : rx FIFO overflow
The tool then prompts you to modify the LAN configuration.
...................................................................................................................................................................................................
6 At the following prompt, enter Y to modify the LAN configuration:

Do you want to modify the configuration for the customer LAN?(Y/
[N]) Y
Result: The tool then prompts you to change the IP address.
...................................................................................................................................................................................................
7 At the following prompts, enter the appropriate information regarding the IP address:
Current IP Address is: 127.0.0.1
Enter new IP Address: <new IP Address> [Enter]
New IP Address will be: ....<new IP Address>
Please confirm (Y/[N]) Y
-> IP Address will be updated.
....................................................................................................................................................................................................................................
13-16 1350 OMS
....................................................................................................................................................................................................................................
Result: The tool now prompts for the network name that is to be assigned to the MP.
...................................................................................................................................................................................................
8 At the following prompts, enter the appropriate information regarding the network name
that is to be assigned to the MP:
Current MP Network Name is: notdefined
Enter new MP Network Name : <new MP Network Name> [Enter]
New MP Network Name will be: ...<new MP Network Name>
-> MP Network Name will be updated.
Result: The tool now prompts for information on the subnet mask.
...................................................................................................................................................................................................
9 At the following prompts, enter the appropriate information regarding the subnet mask:
Current Subnet Mask is: 255.0.0.0
Enter new Subnet Mask : <new Subnet Mask> [Enter]
New Subnet Mask will be: .... <new Subnet Mask>
-> Subnet Mask will be updated.
Result: The tool now prompts for the current IP address that is to be assigned to the
gateway.
...................................................................................................................................................................................................
10 At the following prompts, enter the appropriate information regarding the gateway:
Current Gateway is: 0.0.0.0
Do you want to modify it? (Y/[N])<Default is the IP Address>
Y [Enter]
Enter new Gateway : <new Gateway> [Enter]
New Gateway will be: .... .... <new Gateway>
-> Gateway will be updated.
Result: The tool now displays output similar to the following to indicate that it has
updated all parameters:
-> Parameters have been updated.
....................................................................................................................................................................................................................................
1350 OMS 13-17
....................................................................................................................................................................................................................................
...................................................................................................................................................................................................
11 Use telnet to check the connection from another system. If the connection fails, use the
EL command to determine if access is enabled.
E...................................................................................................................................................................................................
N D O F S T E P S
....................................................................................................................................................................................................................................
13-18 1350 OMS
14 14 System Management
File
for the HP-UX Platform
Overview
Purpose
information that pertains to the File System Management of the 1350 OMS.
Important! The information in this chapter is not applicable to the Red Hat Enterprise
Linux platform.
Contents
File System Management Overview 14-2

File System Management Tools 14-3
...................................................................................................................................................................................................................................
1350 OMS 14-1
File System Management for the HP-UX Platform File System Management Overview
....................................................................................................................................................................................................................................
File System Management Overview

File System Management definition
File System Management for the 1350 OMS includes the process and the tools that are
used to manage the disk storage of files and the partitioning of those disks.
The File System Management for the 1350 OMS is based on disk usage upon demand,
which leaves unused disk space that can be allocated when needed. For example, if a new
co-hosting application requires more disk space, that disk space could and would be made
available.
File System Management functional requirements

The File System Management functional requirements for the 1350 OMS are the
following:
• The disk management is based on the HP® Logical Volume Manager.
• Each disk that is managed is placed in a physical volume group.
• The Disk Mirror/UX software protects the system from the disk failure.
• The Disk Mirror/UX is configured to maintain two copies of data.
• Each new disk that is added to the configuration is checked to determine if two disks
are connected to the same SCSI bus or FC bus and if they are assigned to different
physical volumes.
• Each logical volume must be configured with the mirror option.
....................................................................................................................................................................................................................................
14-2 1350 OMS
File System Management for the HP-UX Platform File System Management Tools
....................................................................................................................................................................................................................................
File System Management Tools

File System Management Tools overview
The 1350 OMS installation and configuration tools automatically perform file system
management tasks, which reduces the labor involved in disk partitioning and improves
the disk space availability level when it is needed.
The administrator merely must select the disks that are to be used and all other functions
are performed automatically. In addition, the tools enable the administrator to
automatically reserve any disk space that would be needed for each piece of software that
must be installed on a machine.
Because disk dimensioning is static and because any reserved space might not be
sufficient to accommodate future data storage, the following tools are provided:
• “scmirrorfs” (p. 14-3)
• “scextendfs” (p. 14-3)
• “scdeletefs” (p. 14-5)
These tools reduce the system down time and allow maintenance activities to be planned.
These tools can be executed on-line, and any changes that they initiate can take effect
whenever the next system reboot occurs.
File System Management Tools and High Availability Cluster caution

The File System Management Tools, which are scmirrorfs, scextendfs, and scdeletefs
cannot be used on volume groups that are configured in a 1350 OMS High Availability
Cluster.
scmirrorfs
The scmirrorfs tool is used to set up the Disk Mirror/UX configuration on a system in
which the mirror configuration has been not done or has been lost (for example, after a
restore from backup). The scmirrorfs tool requires the Disk Mirror/UX software be
installed and the disk configuration to adhere to the functional requirements specified in
“File System Management functional requirements” (p. 14-2).
Refer to the following sections of this document for additional information on scmirrorfs:
• Chapter 7, “Mirror Disks for the HP-UX Platform”
• “Run the scmirrorfs Tool to Set Up the Mirrored Configuration” (p. 5-52)
scextendfs
The scextendfs tool is used to extend or to create a file system during the system
installation phase. The tool automatically computes the amount of disk space requested,
including the space for the mirror configuration, and it issues the request for an additional
new disk configuration when needed.
Formats:
....................................................................................................................................................................................................................................
1350 OMS 14-3
....................................................................................................................................................................................................................................
scextendfs [-l <log file>] [-O] <Mount Point> <Required Space> [<VolGroup>]
scextendfs [-l <log file>] [-O] -f<File>
scextendfs -a <MountPoint>
scextendfs [-i]
scextendfs [-h]
Where:
-l <log file> specifies an output log file that differs from the default log file
(/SCINSTALL/log/scextendfs.log).
-O specifies that disk overhead is to be added. The overhead is computed as 10% of the
amount of space that is already in use in the specified file system, plus the required space.
<MountPoint> specifies the file system that is to be extended through the mount point. If
a file does not exist with this name, the tool creates a new file system and the related
mount point directory.
<ReqSpace> specifies the required space. This value is managed as file system size
during the creation, or the free space that is required when the file system exists. (Note no
action is taken when the existing file system has more free space available that what is
required.)
<VolGroup> specifies the volume group name for the file system. This parameter is
allowed only during the creation of a new file system. If the volume group does not exit,
the tool creates it.
-f <File> specifies the file that was written in the file system list and the relative space
that was required. The syntax is the following:
<MountPoint> <ReqSpace> [<VolGroup>]
This syntax allows a single command to extend or to create an additional file system.
-a specifies that the specified file system can be extended to the remaining volume group
free space.
-i specifies that the current disk configuration should be made visible.
-h specifies that a description of the procedure call should be provided.
Example:
This example illustrates how to extend a file system to have 20% more free space.
1. Use the bdf command to determine the file system size:
...,sys,root # bdf /alcatel/DEPOT

Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol19 2228224 1896458 311075 86% /alcatel/DEPOT
2. Compute 20% of that space from kilobytes to megabytes:
...,sys,root # bc
2228224/100*20
....................................................................................................................................................................................................................................
14-4 1350 OMS
....................................................................................................................................................................................................................................
445640
445640/1024 <kilo to mega byte conversion>
435
<Ctrl d>
3. Extend the file system with the scextendfs tool:
...,sys,root # scextendfs /alcatel/DEPOT 435

__________________________________________________________________
Analyze Mount Point:"/alcatel/DEPOT"
Current size: 2176 MegaByte(s)
Current used: 1853 MegaByte(s)
Current free: 303 MegaByte(s)
Extend Mount Point "/alcatel/DEPOT" to 2336 MByte
__________________________________________________________________
4. Re-enter bdf to check the result:
...,sys,root # bdf /alcatel/DEPOT

Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol19 2392064 1896498 464638 80% /alcatel/DEPOT
scdeletefs
The scdeletefs tool is used to remove a file system that was created with scextendfs.
Important! When scdeletefs removes a file system, that file system cannot be
restored; meaning, the removal of the file system cannot be reversed.
Formats:
scdeletefs [-l <log file>] <Mount Point>
scdeletefs [-l <log file>] -f<File>
scextendfs -g swap
scextendfs [-i]
scextendfs [-h]
Where:
-l <log file> specifies an output log file that differs from the default log file
(/SCINSTALL/log/scextendfs.log).
<MountPoint> specifies the file system that is to be deleted through the mount point.
-g swap specifies to swap the area garbage collection, which removes more used swap
areas. This command is typically used to remove any TMN applications.
-i specifies that the current disk configuration should be made visible.
-h specifies that a description of the procedure call should be provided.
....................................................................................................................................................................................................................................
1350 OMS 14-5
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
14-6 1350 OMS
Appendix A: List of
Abbreviations
Abbreviations
List
Abbreviation Meaning
ACL Access Control List
Alt_boot Alternate Boot Device
ANTP Alcatel-Lucent network time protocol
CDE Common Desktop Environment
cdfs/CDfs Compact-Disk Filesystem
CLI Command Line Interface
CLNP Connectionless Network Protocol
CMISE Common Management Information Service
Element
CNA CMISE Network Adapter
DAT Digital Audio Tape
DLT Digital Linear Tape
DNS Domain Name Service, Domain Name
System, or Domain Name Server
DVD Digital Video Disk/Digital Versatile Disk
DWDM Dense Wavelength Division Multiplexing
EML Element Management Layer
eOMS embedded Optical Management System
ETSI European Telecommunications Standards
Institute
FTP File Transfer Protocol
GID group ID
GENOS generic OS-to-OS
GNE Gateway Network Element
...................................................................................................................................................................................................................................
1350 OMS A-1
List of Abbreviations Abbreviations
....................................................................................................................................................................................................................................
GPS global positioning satellite
GSP HP® Guardian Service Processor
GUI Graphical User Interface
HA High Availability
hfs/HFS Hierarchical File System
HTML HyperText Markup Language
inetd super-server daemon that manages Internet
services
IPR Independent Peripheral Release
IRT Ignite Recovery Tape
ISA Industry Standard Architecture
KDC Key Distribution Log (Kerberos)
lan/LAN Local Area Network
LVM Logical Volume Manager
MP Management Processor
MIB Management Information Base
MPLS Multiple Protocol Label Switching
MW-INT Middleware Interface
MW-OS Middle Ware Operating System
NA Network Adapter
NE Network Element
NIO new input/output (java)
narrow input/output in reference to a bus
NMA Network Management Application
NML Network Management Layer
NMS Network Management System
NTP network time protocol
OI Open Interface
OSI Open Systems Interconnection
PDF Portable Document Format
PKT Packet
PID Process Identifier
Pri_boot Primary Boot Device
PVG Physical Volume Group
rcp remote copy file; UNIX command
....................................................................................................................................................................................................................................
A-2 1350 OMS
....................................................................................................................................................................................................................................
rhost remote host; UNIX command
rlogin remote login; UNIX command
RTC real-time clock
SAN Storage Area Network
scdisk scan disk
scp secure copy; UNIX command
SCSI Small Computer System Interface
SDH Synchronous Digital Hierarchy
SEC Security; as in security database
SMH HP® System Management Homepage
sequential access media a tape device
SML Service Management Layer
SNMP Simple Network Management Protocol
SONET Synchronous Optical Network
SP service pack
ssh/SSH Secure Shell
SWP Software Package (descriptors)
TCP/IP Transmission Control Protocol/Internet
Protocol
TL1 Transaction Language 1
TP termination point
TMN Telecommunications Management Network
TMPLS Transport—Multiple Protocol Label
Switching
TNA TL1 Network Adapter
UID user ID
VA virtual array
vg/volgroup volume group
vgchange volume group change
VPN Virtual Private Network
VT virtual terminal
wan/WAN Wide Area Network
WDM Wavelength Division Multiplexing
XDMCP X Display Manager Control Protocol
XoS XML-over-socket
....................................................................................................................................................................................................................................
1350 OMS A-3
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
A-4 1350 OMS
Index
Numerics Message Logical volume ..., 5-17

1350 OMS Message Mount Point..., 5-18, 5-18, 5-18
applications, 1-2 Message Volume group name..., 5-17, 5-17
definition, 1-2 Mirror Configurations, 5-20
supported NEs, 1-4 Mirror Configurations disk requirements, 5-20
................................................................................................ Mirror disk configuration rebuild restriction, 5-10
A Access Control Lists (ACLs), 10-53 No automatic reboot from the IRT, 5-15
Added value modules Perform a Tape Check task, 5-23
1350 OMS HA, 1-6 required disk space, 5-10
1350 OMS OI, 1-6 Restore Data from the fbackup Tapes task, 5-45
ANTP, 1-7 Run scbackup for a Local Disk Backup task, 5-24
................................................................................................ Run scdisk_read_check to Read and Check the Disk
task, 5-21
B Backup and recovery
Run the scmirrorfs Tool to Set Up the Mirrored
backup restrictions, 5-10 Configuration task, 5-52
Boot from the IRT for Itanium servers, 5-37 scbackup functional overview, 5-6
Boot from the IRT for PA-RISC servers, 5-34 scbackup-screstore version incompatibility, 5-10
Console messages during reboot from IRT, 5-16 screstore checks and messages, 5-16
console restriction during, 5-10 Scripts that fail during the reboot from the IRT, 5-15
full mirror faults and troubleshooting, 5-11 split operation problems, 5-11
full system recovery phases, 5-13 system crashes, 5-11
full system recovery purpose, 5-13 time-out expiration, 5-11
functional definition, 5-2 tools, 5-3
IRT rebooting errors, 5-15 troubleshoot Current host is different from..., 5-17
IRT recovery, 5-14 Verify the Readability of the fbackup Tape task, 5-33
log files and troubleshooting, 5-11 ................................................................................................
login messages, 5-11
C CHANGE_ENCRYPT_PASSWORD system security
MERGE-DELETE problems, 5-11 parameter, 10-34
Message : The mount point directory, 5-19
....................................................................................................................................................................................................................................
1350 OMS IN-1
Index
....................................................................................................................................................................................................................................
Commands High Availability (HA)
shutdown, 9-2 cautions regarding File System Management, 14-3
swacl, 10-53 HP® printer
................................................................................................ configuration tool, 11-2
D dlylntr (delay between login tries) system security Configure a Printer in the Local Spooler Queue task,
parameter, 10-35 11-3
DNSADD, 4-4 Configure a Printer upon Booting from the Local

System task, 11-9
DNSCHANGE, 4-4
Start the Spooler task, 11-8
DNSREMOVE, 4-4
two supported configurations, 11-2
Domain Name Service (DNS), 4-4, 4-4, 4-4
HP® servers
................................................................................................
restart, 9-2
E ENCRYPT_ARCHIVE system security parameter,
HP-UX platform
10-35
Activate the Kerberos KDC log task., 12-8
................................................................................................
Avoid Java Security Warning, 12-11
F File System Management
Deactivate the Kerberos KDC log task, 12-10
definition, 14-2
................................................................................................
functional requirements, 14-2
I Instances
High Availability cautions and, 14-3
Free System Resources Used by an Application
scdeletefs, 14-5
Instance task, 2-6
scextendsfs, 14-3
Remove the Instance of an Application task, 2-4
scmirrorfs, 14-3
................................................................................................
tools overview, 14-3
J Java Security Warning, 12-11
Files
javaws, 12-51
decompress a compressed file, 9-5
................................................................................................
................................................................................................
K KDC log
G Glossary, xviii
gptm (grace period time) system security parameter,
10-35 Deactivate the Kerberos KDC log task, 12-10
GSP ................................................................................................
Access the GSP Console task, 13-13 L Legacy support, 1-4
Configure the GSP task, 13-3 llog (last log) system security parameter, 10-36
Verify Access to the GSP LAN Console task, 13-11 lntmout (login time out) system security parameter,
10-36
................................................................................................
Logs
H High Availability
security restrictions on, 10-13
Avoid Java Security Warning, 12-11
Deactivate the Kerberos KDC log task, 12-10
....................................................................................................................................................................................................................................
IN-2 1350 OMS
Index
....................................................................................................................................................................................................................................
................................................................................................ Change the Hostname the Current/Local Node task,
4-32
M Management Processor (MP)
Change the IP Address a Remote Node task, 4-23
Configure the MP task, 13-15
Change the IP Address the Current/Local Node task,
MIN_PASSWORD_LENGTH system security 4-26
parameter, 10-36
Change the Subnetwork Mask task, 4-35
Mirror disks
Establish a Group and Initialize Node Name
configuration example, 7-2 Management Persistent Data task, 4-6
configuration methods, 7-2 external nodes, 4-2
Configure the Mirror Disk/UX® task, 7-6 functional restrictions, 4-4
Install Mirror Disk/UX task, 7-4 Import Node Information Between Two Different
purpose, 7-2 Groups, 4-19
rebuild restriction during backup/recovery, 5-10 List the Database Contents of a Group Member Node
task, 4-14
................................................................................................
member nodes, 4-2
N NEs
Merge Nodes in Two Groups into One Group task,
those supported for this release, 1-4 4-21
Network Depot network example, 4-5
Add Software to the Platform Software Depot task, Open Two Groups for Communication task, 4-17
8-7
purpose of, 4-2
applications, 8-2
Remove a Member from a Group task, 4-12
Create the Application Software Depot task, 8-8
Remove a Server from the Current DNS
Edit the .rhosts file to Authorize Access to the Configuration task, 4-42
Application Software Depot task, 8-10
security features, 4-4
Run scbuilddepot to Create the Platform Software
working group, 4-2
Depot, 8-4
Node Name Management tool nullpw (null password) system security parameter, 10-36
................................................................................................
Add a New External Node to the Group task, 4-10
Add a New Node to the Group task, 4-7 P PASSWORD_HISTORY_DEPTH system security
parameter, 10-37
Add a New Server to the Current DNS Configuration
task, 4-38 PASSWORD_MAXDAYS system security parameter,
10-37
Align All Group Member Nodes to a Specified
Member Node task, 4-15 PASSWORD_MINDAYS system security parameter,
10-37
Align One Group Member Node to Another Group
Member Node task, 4-16 PASSWORD_MIN_DIGIT_CHARS system security
parameter, 10-38
basic functions, 4-4
PASSWORD_MIN_SPECIAL_CHARS system security
Change a Server to the Current DNS Configuration parameter, 10-38
task, 4-40
PASSWORD_WARNDAYS system security parameter,
Change the Gateway IP Address and Hostname task,
10-38
4-36
Change the Hostname of a Remote Node task, 4-29
....................................................................................................................................................................................................................................
1350 OMS IN-3
Index
....................................................................................................................................................................................................................................
................................................................................................ log files, 10-23
R rstrpw (restrict trivial passwords) system security log files functional overview, 10-23
parameter, 10-39 MIN_PASSWORD_LENGTH system security
................................................................................................ parameter, 10-36
nullpw (null password) system security parameter,
S Safety information, xv
10-36
scbackup
PASSWORD_HISTORY_DEPTH system security
restore a backup, 6-7 parameter, 10-37
restore from DVD ISO, 6-7 PASSWORD_MAXDAYS system security
syntax, 6-2 parameter, 10-37
PASSWORD_MINDAYS system security parameter,
troubleshooting, 6-12
10-37
with a DVD, 6-2
PASSWORD_MIN_DIGIT_CHARS system security
with a tape, 6-3 parameter, 10-38
with NFS, 6-5 PASSWORD_MIN_SPECIAL_CHARS system
scdeletefs, 14-5 security parameter, 10-38
scextendsfs, 14-3 PASSWORD_WARNDAYS system security

parameter, 10-38
scmirrorfs, 14-3
Prepare to Set Up Security task, 10-42
Security
Remove Security task, 10-50
access to the secure host, 10-12
requirements, 10-2
audit files, 10-27
restrictions on High Availability configurations,
Authorize Access to the Depot Machine task, 10-53 10-13
banner customization, 10-9 rstrpw (restrict trivial passwords) system security
Change a Manufacturer's Default Passwords, 10-46 parameter, 10-39
CHANGE_ENCRYPT_PASSWORD system security administration user, 10-6

security parameter, 10-34 security profile features, 10-11
changing the system security parameters, 10-32 security profile types, 10-11
configuration tool functional overview, 10-2 security user groups, 10-6
dlylntr (delay between login tries) ) system security security.parms file contents, 10-29
parameter, 10-35
Set Up Security with Any Profile task, 10-44
ENCRYPT_ARCHIVE system security parameter,
10-35 SIT (shell inactivity timeout) system security
parameter, 10-39
encryption set up, 10-26
software requirements, 10-2
gptm (grace period time) system security parameter,
10-35 syschpw (system character password) system
security parameter, 10-40
llog (last login) system security parameter, 10-36
sysltpw (system letter password) system security
lntmout (login time out) system security parameter, parameter, 10-40
10-36
syspnpw (system pronounceable password) system
location and access to the system security security parameter, 10-40
parameters, 10-32
....................................................................................................................................................................................................................................
IN-4 1350 OMS
Index
....................................................................................................................................................................................................................................
tmaxlntr (maximum login tries) system security ................................................................................................
parameter, 10-40
U umaxlntr (user maximum login tries) system security
Troubleshoot and Fix /etc/passwd File Problems, parameter, 10-41
10-51
usrpick (user pick) system security parameter, 10-41
types of system security parameters, 10-33
................................................................................................
umaxlntr (user maximum login tries) system security
parameter, 10-41 V Virtual machine
user-allowed commands, 10-13 definition, 2-2
usrpick (user pick) system security parameter, 10-41 naming format, 2-3
Verify and Kill Processes task, 10-48 types of, 2-3
WARN_USERS_LIST system security parameter, ................................................................................................
10-41
W WARN_USERS_LIST system security parameter, 10-41
shutdown command, 9-2
Web Portal, 1-3, 1-4
SIT (shell inactivity timeout) system security parameter,
10-39
swacl command, 10-53
syschpw (system character password) system security
parameter, 10-40
sysltpw (system letter password) system security
parameter, 10-40
syspnpw (system pronounceable password) system
security parameter, 10-40
................................................................................................
T Tasks
Free System Resources Used by an Application

Instance task, 2-6
Remove the Instance of an Application task, 2-4
tmaxlntr (maximum login tries) system security
parameter, 10-40
TMF
rebuild the TMF server database, 12-67
Troubleshooting
cannot contact any KDC for requested realm, 12-4
KDC daemon log file, 12-5
network configuration problems, 12-3
Ping a Node task, 12-6
ticket is ineligible for postdating, 12-4
unable to connect ConnectionManager, 12-5
....................................................................................................................................................................................................................................
1350 OMS IN-5
Index
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
IN-6 1350 OMS

8DG42227LAA - V1 - 1350 OMS Administration Guide Vol 1 - Common Tools and Processes (R9.6)

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

8DG42227LAA - V1 - 1350 OMS Administration Guide Vol 1 - Common Tools and Processes (R9.6)

Enviado por

Direitos autorais:

Formatos disponíveis

Title page

1350 OMS | 9.6

Information product support

About this document

What's new ..................................................................................................................................................................................... xv

Safety information ....................................................................................................................................................................... xv

Intended audience ........................................................................................................................................................................ xv

Conceptual and task content ................................................................................................................................................... xvi

Format of task content .............................................................................................................................................................. xvi

Typographical conventions used for content .................................................................................................................. xvii

Marking conventions used for content .............................................................................................................................. xvii

Technical content ...................................................................................................................................................................... xvii

Treatment of terms .................................................................................................................................................................. xviii

Related documentation .......................................................................................................................................................... xviii

Document formats ....................................................................................................................................................................... xx

On-line help ................................................................................................................................................................................... xx

Ordering information ................................................................................................................................................................. xx

How to comment .......................................................................................................................................................................... xx

1 Product and Administration Overview

Overview ...................................................................................................................................................................................... 1-1

1350 OMS Overview ............................................................................................................................................................... 1-2

ANTP ............................................................................................................................................................................................ 1-7

Common Security and Access .............................................................................................................................................. 1-8

2 Applications and Their Instances and Virtual Machines

Overview ...................................................................................................................................................................................... 2-1

Instance and Virtual Machine Overview .......................................................................................................................... 2-2

Remove an Instance of an Application ............................................................................................................................. 2-4

Free System Resources Used by an Application Instance ......................................................................................... 2-6

Overview ...................................................................................................................................................................................... 3-1

Configuration Preparation ..................................................................................................................................................... 3-2

1350 OMS EML IP Configuration ..................................................................................................................................... 3-4

Static Routing Configurations .............................................................................................................................................. 3-5

Routing Configurations for Client Applications ............................................................................................................ 3-9

Multi-LAN Configurations ................................................................................................................................................. 3-11

4 Node Name Management for the HP-UX Platform

Overview ...................................................................................................................................................................................... 4-1

Node Name Management Tool ............................................................................................................................................ 4-2

Add a New Member to the Group ...................................................................................................................................... 4-7

Add a New External Node to the Group ........................................................................................................................ 4-10

Remove a Member from a Group ..................................................................................................................................... 4-12

List the Database Contents of a Group Member Node ............................................................................................. 4-14

Open Two Groups for Communication .......................................................................................................................... 4-17

Import Node Information Between Two Different Groups ..................................................................................... 4-19

Merge Nodes in Two Groups into One Group ............................................................................................................. 4-21

Change the IP Address of a Remote Node .................................................................................................................... 4-23

Change the IP Address of the Current/Local Node .................................................................................................... 4-26

Change the Hostname of the Current/Local Node ..................................................................................................... 4-32

Change the Subnetwork Mask ........................................................................................................................................... 4-35

Change the Gateway IP Address and Hostname ......................................................................................................... 4-36

Add a Server to the Current DNS Configuration ........................................................................................................ 4-38

Change a Server in the Current DNS Configuration ................................................................................................. 4-40

Remove a Server from the Current DNS Configuration .......................................................................................... 4-42

5 HP-UX Platform System Backup and Restore

Overview ...................................................................................................................................................................................... 5-1

Backup and Restore Overview ............................................................................................................................................. 5-2

scbackup Overview .................................................................................................................................................................. 5-3

Backup Strategies ..................................................................................................................................................................... 5-6

Backup Tape Sets ...................................................................................................................................................................... 5-8

Backup Restrictions and Requirements .......................................................................................................................... 5-10

Troubleshoot a Backup ......................................................................................................................................................... 5-11

Restore and screstore ............................................................................................................................................................ 5-13

Troubleshoot a Restore ......................................................................................................................................................... 5-15

Mirror Configurations ........................................................................................................................................................... 5-20