Cisco CNS Network Registrar Users's Guide Web Interface, 6.0
Introduction to the Web-based User Interface
Downloads: This chapterpdf (PDF - 224.0KB) The complete bookPDF (PDF - 2.69MB) | Feedback

Introduction to the Web-Based User Interface

Table Of Contents

Introduction to the Web-Based User Interface

Features

Concurrent Access

Data Flow, Data Stores (MCD and CCM), and Change Sets

Interaction With Legacy User Interfaces (CLI and Windows-based GUI)

Protocol Servers (DHCP, DNS, and TFTP)

Clusters and Backup Clusters

Supported Web Browsers

Security Through Encryption Keys

Logging in

Main Menu Page

Administrative Elements

Role and Attribute Visibility Settings

Navigating Through the Web UI

Committing Changes

Displaying and Modifying Attributes

Attribute Visibility

Modifying Attributes

Displaying Attribute Help

Common Icons

Error Messages and Pages

Help Pages

Logging out


Introduction to the Web-Based User Interface


The Cisco CNS Network Registrar Web-based user interface (Web UI) provides access to the configuration and state information in the Network Registrar protocol servers over the Web. From your Web browser, you can manage any number of DNS, DHCP, and TFTP servers. The Web UI also provides multiple user access, a new feature in Network Registrar.

Table 1-1 Introducing Web UI Topics

If you want to learn about...
See...

Features of the Web UI

"Features" section

Logging in

"Logging in" section

Main application page

"Main Menu Page" section

Navigating through the application

"Navigating Through the Web UI" section

Committing and deleting changes

"Committing Changes" section

Common icons and functions

"Common Icons" section

Error messages

"Error Messages and Pages" section

Getting help

"Help Pages" section

Logging out

"Logging out" section


Features

The Network Registrar Web UI provides these features:

Multiuser, concurrent access—Users can control local site DNS, DHCP, and TFTP protocol servers and server objects from multiple Web UIs concurrently.

Granular administration—Users can be set up to manage specific zones and hosts, and can be granted limited or full access to the user interfaces. The Web UI includes pages to define administrators and assign roles with access constraints.

Browser access—Users can log on to and navigate through generally available Web browsers (Internet Explorer 5.5 and Netscape 6.2 or later), based on an Apache Tomcat Web server and Java technology.

Secure login option—Users can log on through Secure Socket Layer (SSL) connections.

Transaction logging—Database transactions are automatically logged.

Zone distribution—Provides consistent DNS configurations between master and slave servers without duplicate data entry.

DHCP failover pair configuration—Maintains failover servers without duplicate data entry.

Transaction signatures (TSIG) security—Enables dynamic DNS updates through TSIG security and access control lists.

Concurrent Access

Network Registrar lets you centrally manage a large number of distributed DNS, DHCP, and TFTP servers in an organization. However, you can now do so on a distributed basis with concurrent access from administrators on the cluster. This is a departure from previous versions of Network Registrar.

Data Flow, Data Stores (MCD and CCM), and Change Sets

The Web UI is a combination of the legacy Network Registrar databases (MCD) and the additional Central Configuration Management database (CCM). The main purpose of the Web UI infrastructure is to store and propagate data both from the user (or external system) to the protocol servers, and from the servers back to the user (or external system). The other significant function is to directly control server behavior rather than indirectly through configuration changes. The CCM data model is authoritatively managed by the CCM server and is centralized. The Network Registrar data is authoritatively managed by each Network Registrar cluster and is thus distributed.

The MCD and CCM server is a single process containing both the MCD and CCM server.

The change set concept is used throughout the data flows. It is the fundamental unit of change to a data store. It is used in sending incremental changes to a replicating server, and it provides an audit log for changes to the data store. Change sets consist of lists of change entries that are groups of one or more changes to a single network object.

Interaction With Legacy User Interfaces (CLI and Windows-based GUI)

The legacy Network Registrar user interfaces, the CLI (nrcmd process) and the Windows-based GUI, coexist with the Web UI. You can use these interfaces interactively with the Web UI.

Protocol Servers (DHCP, DNS, and TFTP)

Network Registrar continues to provide DHCP, DNS, and TFTP protocol servers that you can manage. The difference is that there is now concurrent user access to these servers.

Clusters and Backup Clusters

A primary cluster is a traditional Network Registrar cluster consisting of a primary DNS, DHCP, or TFTP server or some combination of these. This primary cluster is the main point of administration through the Web UI. Associated with this primary cluster are secondary clusters that contain the secondary DNS server or the backup DHCP server. A secondary DNS cluster is a traditional cluster consisting of a secondary DNS server for the DNS server in the primary cluster. A backup DHCP cluster is a traditional cluster containing the backup failover partner for the DHCP server in the primary cluster.

Supported Web Browsers

The Web browsers supported in Network Registrar are Internet Explorer 5.5 and Netscape 6.2.

Security Through Encryption Keys

The Web UI supports securing dynamic DNS updates using transaction signature (TSIG) encryption keys. This allows DNS and DHCP servers to verify that requests and responses come from an authorized source, when properly configured. Both the DNS and DHCP servers can read and process TSIG data from Network Registrar or other servers.

Logging in

You can log in to the Network Registrar Web UI either by SSL secure or nonsecure login. Once you install Network Registrar, you can open one of the supported Web browsers and specify the login location URL in the browser's address or netsite field. Login is convenient and provides some memory features for making login sessions faster to access.

You can log in using a nonsecure login in two ways:

On Windows 2000, from the Start menu: Start > Programs > Network Registrar 6.0 > Network Registrar 6.0 Web UI, which opens the Web UI from your default Web browser. (The Start menu item is not automatically created for Windows NT systems.)

Open the Web browser and go to this web site:

http://hostname:8080 

The hostname is the name or address of the host. This opens a login page for nonsecure access to the application (see Figure 1-1). You can deactivate this login by commenting out the <Connector> tag servicing port 8080 in the install/tomcat/conf/server.xml file.

Figure 1-1 Login Page

On the Login page, enter your account name and password. The account name is not case-sensitive, but the password is case-sensitive. Depending on how your browser was set up, you might be able to abbreviate the account name and select it from the drop-down list. If the password is stored from a previous login, it might be entered automatically.


Note To prepare for an SSL-secured login, see the Network Registrar Installation Guide.


After entering your account name and password, click Login to log in, or click Cancel to cancel the login. If this is your first login after installing Network Registrar, or if by any chance the product.licenses file was deleted in the conf directory of the product installation directory, an Add License page appears first (see Figure 1-2). Enter the license key exactly as given you, hyphens included, then click Add to add the key or Cancel to cancel adding it.

Figure 1-2 Add License Page

As soon as you log in with a valid license key, the Cisco Network Registrar Main Menu page appears with a menu of administrative tasks.

If you bookmark the login.jsp site and your session is still valid and no cookies were removed, the next time you open the page, you can click Reuse current session to return to your login session. This option is not available if your session is not valid, it timed out in the Web server, your connection was broken, or you removed the cookie in the browser.


Note Your Web UI session depends on enabling per-session cookies on your Web browser. Do not disable per-session cookies, or the browser has no way of knowing about your session. In Microsoft Internet Explorer 5.5, find this option under Tools > Internet Options > Security > Custom to access the Security Settings screen. On this screen, ensure that the stored and per-session cookies have Enable selected. In Netscape 6.2, use Edit > Preferences > Advanced to ensure that cookies are not disabled.


Main Menu Page

The Network Registrar Main Menu page that appears on login contains links to the features available to you based on your assigned administrator role or roles. For the Web UI administrator, who has global Web UI management capabilities, the page would look like what appears in Figure 1-3.

Figure 1-3 Main Menu Page

Administrative Elements

The full list of elements possible on the Main Menu page are:

Administration—Use these pages to manage administrators, groups and roles, encryption keys, access control lists, and protocol servers, and view the datastore change logs.

Zone—Use these pages to manage the lists of forward, reverse, and secondary zones their resource record, and manage zone owners and templates, secondary servers, and zone distributions.

Host—Use these pages to manage hosts and their addresses.

Address Space—Use these pages to view the unified address space tree, and manage address blocks, subnets and static IP ranges, owners, and regions.

DHCP—Use these pages to manage the Network Registrar DHCP server. This includes managing scopes and associated ranges, reservations and leases, policies and associated options, and client and client-class entries.

Role and Attribute Visibility Settings

The Main Menu page also shows the administrative roles assigned to the logged-in administrator (see "Basic Administration Scenario"). It also presents a selection of which visibility you want the configuration attributes to be viewable in the Web UI:

To view the roles for the administrator, expand the area of the page by clicking the plus sign (+) next to the "Show Roles for User" heading. The roles appear in S-expression format. For example, a host administrator might show this role:

name=boston-hostadmin-role, role=host-admin, unconstrained=false, read-only=false, 
zones={boston.example.com.}, use-any-range=false, use-any-zone=false, 
use-any-owner=false, edit-owners=false, access-secondary-zones=false, 
access-reverse-zones=false 

This means that this particular host administrator is constrained to the boston.example.com zone, has read-write privileges to that zone, cannot administer just any address ranges in it, cannot use just any owner or edit owners, and cannot access secondary zones or reverse zones. (For details on how to set up these administrator roles, see "Global Administration.")


Note Superuser privileges override any roles displayed for a superuser administrator.


To set the attribute visibility settings for this user session only, expand the area of the page by clicking the plus sign (+) next to the "Session Attribute Visibility Setting" heading. You can then select Normal or Expert from the drop-down list:

Normal attribute visibility is appropriate under most conditions and is the default setting.

Expert attribute visibility exposes a set of attributes that are relevant for fine-tuning or troubleshooting the configuration. In most cases, you would accept the default values for these reserved attributes and not change them without guidance from the Cisco Technical Assistance Center (TAC). If you select Expert, a warning to that effect appears on the page. These reserved attributes are each marked with a warning symbol on the configuration pages.

Navigating Through the Web UI

The Web UI provides a hierarchy of pages based on the functionality you desire and the thread you are following as part of your administration tasks. The page hierarchy is never so deep that you can easily get lost in it. As with all Web applications based on a browser, you can navigate through the Web UI pages using the Back and Forward page navigation features of your browser.

Committing Changes

You do not actually commit the page entries you make until you click an Add... or Modify... button on the page. You can delete items using the trash can () icon. To prevent unwanted deletions, a Confirm Delete page appears in many cases so that you have a chance to confirm or cancel the deletion.

Displaying and Modifying Attributes

Many of the Web UI pages, such as for servers, zones, and scopes, include attribute settings that correspond to those you can set using the CLI (nrcmd program). The attributes on the Web UI pages are conveniently categorized into groups so that their functionality is clearer, with the more prominent attributes listed first and the ones less often used for configuration at the bottom of the page. The attributes are often displayed with generic names along with their CLI name equivalents.

Attribute Visibility

You can select one of two visibility settings of these configuration attributes. Normal mode is for normal conditions and is the default. Expert mode is reserved for troubleshooting conditions under the guidance of the Cisco TAC. In most cases, you do not need to change the default Normal setting. If required, you can change the setting on the Main Menu page (see the "Role and Attribute Visibility Settings" section).

Modifying Attributes

You can modify these configuration attribute values and unset those for optional attributes. In many cases, these attributes have default values, which are listed under the Default column on the page. The explicit value overrides the default one, but the default one is always the fallback. If there is no default value, removing or unsetting the explicit value removes all settings for that attribute.

Displaying Attribute Help

For contextual help for an attribute, click the name of the attribute to open a help window.

Common Icons

Table 1-2 describes the common icons you will find on many of the Web UI pages.

Table 1-2 Common Web UI Icons 

Icon
Function

Refreshes the page or reloads the identified server.

Deletes the item next to the icon.

Provides a list/add page based on the column description for the item in the list.

Provides a report or statistics for the item.

Provides a log file for the item.

Starts the identified server.

Stops the identified server.

Goes to the first page in the list.

Backs up one page in the list.

Moves forward one page in the list.

Goes to the last page in the list.

Searches for the item in the list based on the text string specified in the field.

Notifies you not to change the value of this configuration attribute, unless instructed to do so by the Cisco Technical Assistance Center (TAC) to address a specific network issue.


Error Messages and Pages

Error messages for fields incorrectly entered commonly appear near where the error occurred on a Web UI page. The messages are in red lettering (see Figure 1-4 for an example).

Figure 1-4 Error Messages on Web UI Pages

At times, a full error page might appear for a configuration error. Copy the contents of this page to a file so that you can report it to the Cisco Technical Assistance Center (TAC), if necessary.

Help Pages

The Web UI provides a separate window that displays help text for each page. The Help page identifies the topic and the application page name. In many cases, you can access a summary page for the topic by clicking a Top of Section link at the bottom of the help page. You can navigate through the help pages, which provide many links to related topics. To exit the help window, click the Close Window link at the bottom.

You can also open a separate context-sensitive help window for many configuration attributes by clicking the attribute name. See the "Displaying and Modifying Attributes" section.

Logging out

You can log out of the Web UI by clicking the Logout link at the top right corner of any application page.