manualshive.com logo in svg

Kvik SH060, Assembly Instructions Manual, Page: 51 / 82

Share
Download
Kvik SH060 Assembly Instructions Manual Download Page 51

Option 2

If you wish to deploy the Cisco Prime Network Registrar virtual appliance instance in a way that is more in
accordance with the usual practice for OpenStack instance deployment, you can configure the Cisco Prime
Network Registrar OpenStack instance to not allow root logins with a password, and require an

SSH

key-pair

to login. If you also wish to allow a password based login for a user other than root with root permissions,
instructions on how to configure are listed below.

When you launch an OpenStack instance from WebUI, to prevent root password login you will have to perform
specific configuration in the Configuration section of the Launch instance dialog. You will need to provide
a Customization Script -- which is analogous to User Data in other systems. You will need to configure a
script (provided below) which will make the OpenStack instance disable the root password based login. After
you deploy an instance configured with this Customization script, the only way to gain the access to the Linux
operating system on the instance is to login via

ssh

using the

ssh key pair

associated with the instance at the

time of launch.

For example, you might login with: "ssh -i keypairname.pem [email protected]". If you did not associate a key
pair with the instance, or have lost access to the key pair, you will not be able to login to the instance. There
is no default root password when the instance is created in this way, and the root password login is disabled.

To configure option 2, enter the following in the "Customization Script" text box:

#cloud-boothook

#!/bin/bash

if [ ! -f /etc/cloud/cloud.cfg.orig ]; then

cp /etc/cloud/cloud.cfg /etc/cloud/cloud.cfg.orig

cp /etc/cloud/cloud.cfg.norootpasswd /etc/cloud/cloud.cfg

fi

If you choose option 2 and once you gained access to the instance using the

ssh key pair

, if you would

like to login with a password as well, you can create a new Linux user using the

useradd

command and

make that user a member of the group wheel. You must also give that user a secure password using the

passwd

command. Then you can always login with

ssh

or to the console as that user and have root

privileges.

To create a user to allow password login, use the following command:

useradd safeuser -g wheel

passwd safeuser

Then, if you need root access, login as

safeuser

and use the following command:

sudo su

enter the password for

safeuser

, and you will become a root user.

Note

If the IP addresses that are associated with the available interfaces are fixed addresses (i.e., they are only
accessible to other instances in OpenStack), then you will need to associate a floating address with Cisco
Prime Network Registrar instance. This floating address must then be accessible to the clients of the DHCP
or DNS service to be provided by the Cisco Prime Network Registrar instance. You will have to configure
the DHCP server provided by Cisco Prime Network Registrar to return the IP address of the floating address
as its server-id, instead of the fixed IP address that Cisco Prime Network Registrar can detect that is associated
with the interface built into the instance. In order to configure DHCP for this situation, you will need to be in
expert mode, and configure the DHCP Policy attribute "dhcp-server-identifier-address" with the floating

Cisco Prime Network Registrar 9.1 Installation Guide    

45

Cisco Prime Network Registrar Virtual Appliance

Deploying the Regional Cluster or Local Cluster on OpenStack

Summary of Contents for SH060

Page 1: ... 1 Installation Guide First Published 2017 12 21 Last Modified 2017 12 21 Americas Headquarters Cisco Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 ...

Page 2: ... IMPLIED INCLUDING WITHOUT LIMITATION THOSE OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING USAGE OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE T...

Page 3: ...Scenarios 4 One Machine DHCP Configuration 5 Two Machine DHCP Configuration 5 DNS Only Scenarios 5 One Machine DNS Configuration 5 Two Machine DNS Configuration 5 Three Machine DNS Configuration 5 C H A P T E R 3 Installation Requirements 7 System Requirements 7 Recommendations 9 Installation Modes 9 License Files 9 C H A P T E R 4 Preparing for the Installation 13 Installation Checklist 13 Before...

Page 4: ... Starting Cisco Prime Network Registrar 31 Starting and Stopping Servers 32 Starting and Stopping Servers on Windows 33 Starting and Stopping Servers on Linux 33 Starting or Stopping Servers using the Local Web UI 34 Starting and Stopping Servers using the Regional Web UI 34 C H A P T E R 7 Uninstalling Cisco Prime Network Registrar 37 Uninstalling on Windows 37 Uninstalling on Linux 38 Running Pe...

Page 5: ...g the Virtual Appliance to Automatically Power Up 49 Managing the Cisco Prime Network Registrar Virtual Appliance 50 A P P E N D I X A Performing a Silent Installation 51 Performing a Silent Installation 51 A P P E N D I X B Lab Evaluation Installations 57 Lab Evaluation Installations 57 Installing Cisco Prime Network Registrar in a Lab 58 Testing the Lab Installation 58 Uninstalling in a Lab Envi...

Page 6: ...ring Network Access on CentOS 7 3 Using nmcli 67 A P P E N D I X G Changing the IP Address using nmcli 71 Changing the IP Address Using nmcli 71 Cisco Prime Network Registrar 9 1 Installation Guide vi Contents ...

Page 7: ...ls about commands available through the command line interface CLI see the Cisco Prime Network Registrar 9 1 CLI Reference Guide About Cisco Prime Network Registrar Cisco Prime Network Registrar is a network server suite that automates managing enterprise IP addresses It provides a stable infrastructure that increases address assignment reliability and efficiency It includes see Dynamic Host Confi...

Page 8: ...al administrator can perform the following operations Manage licenses for Cisco Prime Network Registrar An installation must have at least one regional cluster for license management purposes Push and pull configuration data to and from the local DNS and DHCP servers Obtain DHCP utilization and IP lease history data from the local clusters Figure 1 Cisco Prime Network Registrar User Interfaces and...

Page 9: ...DHCP Only Scenarios page 4 DNS Only Scenarios page 5 Mixed DHCP and DNS Scenarios You can set up Cisco Prime Network Registrar for a mixed DHCP and DNS configuration with different numbers of machines One Machine Mixed Configuration Configure both DHCP and Auth DNS servers on a single machine initially enabling the servers as primaries and enabling the TFTP server and SNMP traps Then configure at ...

Page 10: ...main the DHCP backup Configure one machine as DHCP failover and Auth DNS High Availability HA main servers the second machine as DHCP failover and Auth DNS HA backup servers and the third machine as a Auth DNS secondary server Configure one machine as a DHCP server the second machine as the Auth DNS server and the third machine as a Caching DNS with the Auth DNS as the Forwarder Configure one mach...

Page 11: ...Machine DNS Configuration Initially configure DNS as an Auth primary Auth secondary or caching server Two Machine DNS Configuration Configure the first machine as an Auth DNS primary and the second machine as a secondary or the first machine as a main primary and the second machine as a backup primary Configure the first machine as an Auth DNS and the second machine as Caching DNS Three Machine DN...

Page 12: ...Cisco Prime Network Registrar 9 1 Installation Guide 6 Configuration Options Three Machine DNS Configuration ...

Page 13: ...ating systems as described in the server minimum requirements table below Cisco Prime Network Registrar is supported on 64 bit operating systems Cisco Prime Network Registrar supports running in VMWARE ESXi 5 5 or later environment For the 64 bit Linux kit Cisco Prime Network Registrar applications are 64 bit executable programs and require the 64 bit operating system and applications Java JRE JDK...

Page 14: ...ry6 1 Cisco Prime Network Registrar 9 1 is supported on 64 bit operating systems We highly recommend customers move to a 64 bit operating system 2 Cisco Prime Network Registrar 9 1 supports Red Hat Enterprise Linux ES 6 5 running standalone or on VMWare ESX Server 5 5 or later on Cisco Unified Computing System CUCS and other hardware supported by VMWare 3 Cisco Prime Network Registrar 9 1 supports...

Page 15: ...lowed for production Note Installation Modes The modes of installation that exist for the local and regional clusters are new installations and upgrades from a previous version These installations or upgrades are performed by using operating system specific software installation mechanisms Windows InstallShield setup program Linux install_cnr script that uses Red Hat Package Manager License Files ...

Page 16: ...erver When you install the local cluster it registers with regional to obtain its license When you install the regional you are prompted to provide the license file You can store the license file in any location provided the location and file are accessible during the installation The utilization of licenses are calculated by obtaining statistics from all the local clusters in the Cisco Prime Netw...

Page 17: ... be converted to PNR by installing the PNR license Local cluster licenses will be converted automatically at the next compliance check or can be manually updated by resynchronizing the local cluster For a given market segment license only the counts from corresponding market segment license will apply For example if the PNR count license is applied when the PNR SG base license is active the Right ...

Page 18: ...ss NETREG ENT To know the list of features supported by Prime IP Express NETREG ENT licenses see IP Express Installation Guide Cisco Prime Network Registrar 9 1 Installation Guide 12 Installation Requirements License Files ...

Page 19: ... installation or upgrade ensure that you are prepared by reviewing this checklist Table 2 Installation Checklist Checkoff Task Does my operating system meet the minimum requirements to support Cisco Prime Network Registrar 9 1 See the System Requirements on page 7 section Does my hardware meet the minimum requirements See the System Requirements on page 7 section If necessary have I excluded Cisco...

Page 20: ...ing system and that your environment meets all other current system requirements see System Requirements on page 7 To upgrade the operating system 1 Use the currently installed Cisco Prime Network Registrar release to complete any configuration changes in progress so that the existing database is consistent before you perform the upgrade 2 Back up your database The installation program tries to de...

Page 21: ...at conflicts with the Microsoft protocol server by using the Stop function in one of the user interfaces Change the Microsoft servers from a Startup Type of Automatic to Manual or Disabled If you want to disable a protocol server and prevent the Cisco Prime Network Registrar server from starting automatically after a system reboot use the server dns cdns dhcp tftp disable start on reboot command i...

Page 22: ...ion is not set properly it displays a warning message advising corrective action Caution Modifying ACLs in Windows Installations The Cisco Prime Network Registrar installation program for Windows does not try to modify ACLs to restrict access to the installed files and directories If you want to restrict access to these files and directories use the native Microsoft utilities cacls and icacls to m...

Page 23: ...ations including any antivirus software From CPNR 9 1 Linux and Windows installer provide an option to prompt for web service port by default same as the web UI port This will be prompted only if web services feature is enabled For a new installation default value of the web service port will be same as the default value for web UI port or the newly input web UI port For subsequent installations t...

Page 24: ... Certificate Authority CA when you request a certificate create the keystore file as in the previous substep then execute this command keytool certreq keyalg RSA alias tomcat file certreq cer keystore k file Submit the resulting certreq cer file to the CA Once you receive the certificate from the CA first download the Chain Certificate from the CA then import the Chain Certificate and your new Cer...

Page 25: ...were downloaded electronically Step 5 Specify whether you want to install Cisco Prime Network Registrar in the local or regional cluster mode see About Cisco Prime Network Registrar on page 1 Since a regional server is required for license management install the regional server first so that you can register the local to the regional If you face any problem with synchronizing the regional cluster ...

Page 26: ...ion directory from the previous release Note Windows default locations Do not specify the Program Files x86 or Program Files or ProgramData for the location of the Cisco Prime Network Registrar data logs and temporary files If you do this the behavior of Cisco Prime Network Registrar may be unpredictable because of Windows security Caution Local cluster Program files 64 bit OS C Program Files x86 ...

Page 27: ... Note Include a network time service in your configuration to avoid time differences between the local and regional clusters This method ensures that the aggregated data at the regional server appears consistently The maximum allowable time drift between the regional and local clusters is five minutes If the time skew exceeds five minutes then the installation process will not be able to correctly...

Page 28: ... the connection type rerun the installer and then make a different choice at this step If you choose HTTPS or HTTP and HTTPS click Next and continue with Step 17 If you choose the default HTTP connection click Next and go to Step 18 Step 17 If you enabled HTTPS web UI connectivity you are prompted for the location of the necessary keystore and keystore files For the keystore location specify the f...

Page 29: ...co Prime Network Registrar Local Server Agent or Cisco Prime Network Registrar Regional Server Agent is running after rebooting the system when the installation has completed successfully Linux Use the install path usrbin cnr_status command to verify status See Starting and Stopping Servers on page 32 If the upgrade fails you can revert to the earlier Cisco Prime Network Registrar version For deta...

Page 30: ...S Upgrade Considerations Before upgrading from a pre 8 2 to 8 2 or post 8 2 version Staged edits will be lost after the upgrade All the staged edits must be synced to DNS before upgrading RR upgrades are sourced from a valid AUTHZONE db If that database is corrupt missing or incomplete the resulting upgrade will miss some or all RRs The most common situation is upgrading from a shadow backup or da...

Page 31: ...e to complete any configuration changes in progress so that the existing database is consistent before you perform the upgrade Step 3 Stop the Cisco Prime Network Registrar server agent and backup the current system or at least the Cisco Network Registrar Program Files Network Registrar directories and contents To stop the Cisco Prime Network Registrar Local Regional server agent If local RHEL Cen...

Page 32: ...isco Prime Network Registrar using the procedure described in the Uninstalling Cisco Prime Network Registrar on page 37 Step 3 Other than the contents of the specified archive directory delete any remaining files and directories in the Cisco Prime Network Registrar installation paths Step 4 Reinstall the original version of Cisco Prime Network Registrar Ensure that you follow the reinstallation pr...

Page 33: ...o the tar executable and cnr_data_archive tar file reflect the value of the archive directory that you specified during installation opt nwreg2 local sav regional sav tar xf opt nwreg2 local sav regional sav cnr_data_archive tar There is also a cnr_file_archive tar which contains the installed files and generally this should not be recovered over a re installation Note Step 8 Start the Cisco Prime...

Page 34: ...p 7 Click the Register button to register with the regional server Moving a Regional Cluster to a New Machine License management is done from the regional cluster when Cisco Prime Network Registrar is installed The regional server is installed first and all licenses are loaded in the regional server When the local cluster is installed it registers with the regional server to obtain its license Whe...

Page 35: ... server Note Step 5 Start the Cisco Prime Network Registrar web UI or CLI For more information see Starting Cisco Prime Network Registrar on page 31 Step 6 Log in as superuser to the CLI for the new regional cluster Step 7 To list the local clusters nrcmd R cluster listnames Step 8 To synchronize the data as well as the license information nrcmd R cluster name of local cluster sync Troubleshooting...

Page 36: ...g Local Cluster Licensing Issues If your regional cluster and local cluster are located in isolated networks are separated by a firewall or the time skew between the regional and local clusters is more than five minutes then the local cluster may be unable to register with the regional server The firewall may block the return connection used to validate the local cluster admin credentials that are...

Page 37: ...cess the web UI open the web browser and use the HTTP nonsecure login or HTTPS secure login website http hostname http port https hostname https port where The hostname is the actual name of the target host The http port and the https ports are the default HTTP or HTTPS port that are specified during installation See the installation procedure Installing and Upgrading Cisco Prime Network Registrar...

Page 38: ...owse to navigate to the license file CLI Enter an absolute or relative path for the license filename as follows nrcmd license create filename Step 3 Enter the username and the password that was created during the installation procedure Starting and Stopping Servers In Windows you can stop and start the Cisco Prime Network Registrar server agent from the Services feature of the Windows Control Pane...

Page 39: ... is not possible to login as nradmin opt nwreg2 local bin cnr_service start opt nwreg2 local bin cnr_service stop Note To start and stop servers on Linux Step 1 Log in as superuser Step 2 Start the server agent by running the nwreglocal or nwregregion script with the start argument etc init d nwreglocal start for the RHEL CentOS 6 x local cluster systemctl start nwreglocal for the RHEL CentOS 7 x ...

Page 40: ...Start Server button to start the server Click the Stop Server button stop the server Step 3 To reload the server click the Restart Server button Starting and Stopping Servers using the Regional Web UI To start or stop servers in the regional Web UI Step 1 From Operate menu choose Manage Servers to open the Manage Servers page Step 2 To start or stop the BYOD or SNMP servers select the server in th...

Page 41: ...ad the BYOD server click the Restart Server button You can only stop and start the SNMP server Reload is not possible for SNMP servers Note Cisco Prime Network Registrar 9 1 Installation Guide 35 Next Steps Starting and Stopping Servers using the Regional Web UI ...

Page 42: ...Cisco Prime Network Registrar 9 1 Installation Guide 36 Next Steps Starting and Stopping Servers using the Regional Web UI ...

Page 43: ...ninstalling on Linux page 38 Running Performance Monitoring Software on Windows page 38 Uninstalling on Windows To uninstall Cisco Prime Network Registrar on Windows Step 1 Choose the Add Remove Program function from the Windows control panel Or Choose Uninstall Network Registrar 9 1 from the Windows Start menu The uninstallation program removes the server and user interface components but does no...

Page 44: ...elete the database and log files that are associated with Cisco Prime Network Registrar as mentioned in the instructions at the end of the uninstall_cnr script execution When Cisco Prime Network Registrar is installed as nradmin the uninstall process will reset the ownership of all the remaining files back to the superuser root Note Running Performance Monitoring Software on Windows On Windows sys...

Page 45: ...and in this guide when the OVA is discussed the discussion applies to all three kits unless otherwise noted Each of these kits were created to require limited resources 1 virtual CPU 8 GB main memory 6 GB swap partition and a 7 5 GB system partition with 5 4 GB available free The total disk storage required is 14 GB You will almost certainly want to increase the size of the system disk and giving ...

Page 46: ...eing deployed The questions that are unique to the installation of this particular virtual appliance are listed below You must decide on answers to these questions before you deploy the virtual appliance A virtual machine name for the deployed virtual appliance A root password for the underlying Linux CentOS operating system An IPv4 address for the virtual appliance A DNS name associated with the ...

Page 47: ...regional virtual appliance Download the virtual appliance of your choice Every Cisco Prime Network Registrar local cluster installation must connect to a Cisco Prime Network Registrar regional cluster in order to receive the necessary license information required to operate Thus before you install a Cisco Prime Network Registrar local virtual appliance you must identify the IP address of the regio...

Page 48: ... drop down list Click Next The Ready to Complete window appears Step 8 Click Finish to begin deployment of the OVF Template Booting and Configuring Cisco Prime Network Registrar Virtual Appliance To boot and then configure the Cisco Prime Network Registrar virtual appliance You must set the memory and CPUs based on the requirements prior to clicking the power on Once you start the VM you cannot ch...

Page 49: ...license information To install Cisco Prime Network Registrar on a KVM Hypervisor extract the distribution tar archive cpnr_9_1_local kvm tar bz2 or cpnr_9_1_regional kvm tar bz2 using the following command root tar xvjf cpnr_9_1_local kvm tar bz2 If you are unpacking both the local and the regional KVM kits you must untar them in separate directories to avoid filename conflicts The extraction take...

Page 50: ...ssociated with interfaces that it can detect when it is started If the interface available to Cisco Prime Network Registrar has an IP address allocated to it from a provider network i e it is accessible to the clients that need the DHCP or DNS capabilities provided by Cisco Prime Network Registrar then you can configure Cisco Prime Network Registrar normally You have two options when creating an O...

Page 51: ...cp etc cloud cloud cfg etc cloud cloud cfg orig cp etc cloud cloud cfg norootpasswd etc cloud cloud cfg fi If you choose option 2 and once you gained access to the instance using the ssh key pair if you would like to login with a password as well you can create a new Linux user using the useradd command and make that user a member of the group wheel You must also give that user a secure password u...

Page 52: ...luster s configuration for the local cluster needs to have its IP address updated to be that of the floating address and not the fixed address which is what it will have from the initial registration When allocating a local cluster you should consider allocating 4 or even 8 VCPUs and at least 12 GB of RAM with more for large systems Local clusters will absolutely need more than the 7 GB free space...

Page 53: ...cnr machine being upgraded usrbin sftp 10 10 10 12 Connecting to 10 10 10 12 Warning Permanently added 10 10 10 12 RSA to the list of known hosts root 10 10 10 12 s password sftp cd opt nwreg2 local usrbin sftp get cnr_prepareforupgrade Fetching opt nwreg2 local usrbin cnr_prepareforupgrade to cnr_prepareforupgrade opt nwreg2 local usrbin cnr_prepareforupgrad 100 3265 3 2KB s 00 00 Step 4 Execute ...

Page 54: ...truct you to upgrade the Cisco Prime Network Registrar database to match the database version of the Cisco Prime Network Registrar application that resides on the new virtual machine Note Step 1 Press return on the console to complete the boot process Step 2 Log in as root and run the displayed command After boot completion you should see your existing configuration running with the new version of...

Page 55: ...Cisco Prime Network Registrar on the virtual appliance the same way that you would use it to manage any remote installation of Cisco Prime Network Registrar This requires installing Cisco Prime Network Registrar typically only the client only installation on the other system Configuring the Virtual Appliance to Automatically Power Up You can configure the ESXi hypervisor to automatically power up ...

Page 56: ...he Linux system which is included on the virtual appliance is stripped down to a considerable degree and thus does not include things that are not required to run or manage the Cisco Prime Network Registrar application such as a window system manager and its associated GUI user interface However all the tools necessary to support and manage the Cisco Prime Network Registrar application are include...

Page 57: ... installation or upgrade use these commands to create a separate response file Windows setup exe r Complete the installation or upgrade steps as you normally would This command installs or upgrades Cisco Prime Network Registrar according to the parameters that you specified If Cisco Prime Network Registrar is already installed setup exe uninstalls the existing version and if Cisco Prime Network Re...

Page 58: ...eruser name value should be CNR_ADMIN unset CNR_ADMIN Non root user To install Cisco Prime Network Registrar as non root user value must be NRADMIN y NRADMIN Superuser password To skip configuring the superuser password value should be CNR_PASSWORD unset CNR_PASSWORD CCM mode set to local or regional CNR_CCM_MODE Reserved for GSS installation Introduced in Cisco Prime Network Registrar 7 0 always ...

Page 59: ...lly qualified installation path for the product files contains bin classes cnrwebui conf docs examples extensions lib misc schema tomcat and usrbin subdirectories ROOTDIR Must be set to y for a full installation with protocol servers to assure the installation or upgrade is completed it also results in the Cisco Prime Network Registrar product being started after the install upgrade For a client o...

Page 60: ...ORT Set to y or n to enable or disable the BYOD services Enabling BYOD service option is available only in Windows and Linux CNR_BYOD_ENABLE Step 2 Use these commands to invoke the silent installation or upgrade for each instance Windows setup exe s f1path response file The silent installation fails if you do not specify the f1 argument with a fully qualified path to the response file unless the r...

Page 61: ...the silent uninstallation this command is noninteractive except during an error uninstall_cnr Cisco Prime Network Registrar 9 1 Installation Guide 55 Performing a Silent Installation Performing a Silent Installation ...

Page 62: ...Cisco Prime Network Registrar 9 1 Installation Guide 56 Performing a Silent Installation Performing a Silent Installation ...

Page 63: ... on a single Linux machine to support smaller test configurations for evaluation purposes You cannot install both the local and the regional cluster on a single Windows machine Note Installing the regional and local cluster on a single machine is intended only for lab evaluations and should not be chosen for production environments The aggregated regional cluster databases are expected to be too l...

Page 64: ...nnections and 8443 for HTTPS secure connections Step 2 Add DNS zones and DHCP scopes templates client classes or virtual private networks VPNs as a test to pull data to the regional cluster Step 3 Start and log into the web UI for the regional cluster using the URL appropriate to the port number By default the regional port numbers are 8090 for HTTP connections and 8453 for HTTPS secure connection...

Page 65: ...tions Installing on Linux page 59 Installing on Windows page 60 Testing Your Installation page 60 Compatibility Considerations page 60 Installing on Linux To install the Cisco Prime Network Registrar SDK on a Linux platform Step 1 Extract the contents of the distribution tar file a Create the SDK directory mkdir cnr sdk b Change to the directory that you just created and extract the tar file conte...

Page 66: ... Compatibility Considerations For Java SDK client code developed with an earlier version of the SDK you can simply recompile most code with the latest JAR file to connect to an upgraded server But in cases where the client code for versions before 7 1 directly manipulates reservation lists in scopes or prefixes changes are required These changes are required because the embedded reservation lists ...

Page 67: ...r these methods are now deprecated because the edit functionality is replaced and extended by the general addObject modifyObject removeObject addObjectList modifyObjectList and removeObjectList methods Cisco Prime Network Registrar 9 1 Installation Guide 61 Installing the Cisco Prime Network Registrar SDK Compatibility Considerations ...

Page 68: ...Cisco Prime Network Registrar 9 1 Installation Guide 62 Installing the Cisco Prime Network Registrar SDK Compatibility Considerations ...

Page 69: ...n the web UI To adjust the ciphers Step 1 Open the server xml file in the install path tomcat conf folder in your Cisco Prime Network Registrar installation folder Step 2 Add a ciphers statement to the HTTPS connector statement and list down the allowed ciphers as described in the following example The values for port keystoreFile and keystorePass must match the values that you have configured in ...

Page 70: ...ion ciphers that this socket is allowed to use By default the web UI uses the default ciphers for the Java Virtual Machine JVM These contain the weak export grade ciphers in the list of available ciphers This results in the web UI supporting weak cipher session keys The ciphers are specified using the Java Secure Socket Extension JSSE cipher naming convention Note Step 3 Restart Cisco Prime Networ...

Page 71: ...Hat 7 https access redhat com documentation en US Red_Hat_Enterprise_Linux 7 pdf Security_Guide Red_ Hat_Enterprise_Linux 7 Security_Guide en US pdf Windows Server 2012 https technet microsoft com en us security jj720323 aspx NSA hardening guide collection https www nsa gov ia mitigation_guidance security_configuration_guides operating_systems shtml The above links reference external websites and ...

Page 72: ...Cisco Prime Network Registrar 9 1 Installation Guide 66 Hardening Guidelines Hardening Guidelines ...

Page 73: ...s that are of general usefulness The nmcli d command lists all available network interfaces devices The nmcli c command lists all available configurations Use the above two commands frequently as you are learning to use nmcli Follow the steps below to configure an IP address for an interface on your virtual appliance Typically these commands are typed directly into the console of the virtual appli...

Page 74: ...to be deleted Note Step 3 Create the configuration and associate it with the interface device in one command This command only creates the configuration and associates it with the interface it does not apply it to the interface nmcli con add type ethernet con name config ifname interface ip4 ip netmaskwidth gw4 gateway where config is the name of the configuration which can be anything including t...

Page 75: ...nt to use and domain is the domain name ending with com org and so on It is important to include the domain name along with the com org or whatever ending is appropriate since this is used as the default for DNS lookups Example hostnamectl set hostname my server gooddomain com Step 8 After you configure the networking you must restart CPNR in order for the interfaces to be properly discovered by C...

Page 76: ...Cisco Prime Network Registrar 9 1 Installation Guide 70 Configuring Network Access on CentOS 7 3 Using nmcli Configuring Network Access on CentOS 7 3 Using nmcli ...

Page 77: ... device for which you wish to change the IP address Step 2 Configure the connection with the new IP address nmcli con mod connection ip4 new ip address Step 3 Apply the changed connection to the interface to which it is associated this will actually change the IP address nmcli con up connection Step 4 After changing the IP address of any system running CPNR like the virtual appliance you need to r...

Page 78: ...Cisco Prime Network Registrar 9 1 Installation Guide 72 Changing the IP Address using nmcli Changing the IP Address Using nmcli ...

Page 79: ...tall script 30 DHCP servers 2 disk space requirements 8 DNS servers 2 E error logging 16 38 G gtar 19 gtar utility 19 gzip 19 gzip utility 19 H HTTP connection 22 HTTPS connection 22 I install_cnr utility 19 54 install_cnr_log file 29 installation 1 9 13 17 18 19 20 21 22 23 29 51 57 CD 18 checklist 13 cluster mode 19 connection type 22 directory 20 Java directory 22 JAVA_HOME setting 18 JRE JDK r...

Page 80: ...nts 8 superuser root accounts 17 uninstall_cnr 38 uninstallation 38 variable declaration file 52 Local directory 20 local mode 19 Local sav directory 21 log files 29 logging 16 38 server events 16 38 startups 16 38 Windows 16 M market segement specific 11 N Network Registrar 1 about 1 noninteractive 51 nwreglocal and nwregregion 33 34 nwreglocal utility 33 34 nwregregion utility 33 34 O operating ...

Page 81: ...2 database status 21 Java directory 22 JAVA_HOME setting 18 upgrade continued JRE JDK requirements 17 lab evaluation 57 network distribution 18 overview 1 processing messages 23 secure login 18 silent 51 system privileges 17 types 21 Web UI port 22 V viewing server logs 16 38 virtual appliance 40 41 42 43 44 46 booting and configuring 42 deploying 41 43 44 installing and configuring 40 managing 46...

Page 82: ...Cisco Prime Network Registrar 9 1 Installation Guide IN 4 Index ...

Reviews:

No comments