Cisco Network Registrar User's Guide, 6.3
2 - User Interfaces
Downloads: This chapterpdf (PDF - 180.0KB) The complete bookPDF (PDF - 18.75MB) | Feedback

Network Registrar User Interfaces

Table Of Contents

Network Registrar User Interfaces

Introduction to the Web-Based User Interfaces

Supported Web Browsers

Access Security

Logging In to the Web UIs

Changing Passwords

Navigating

Waiting for Page Resolution Before Proceeding

Committing Changes

Role and Attribute Visibility Settings

Displaying and Modifying Attributes

Modifying Attributes

Displaying Attribute Help

Attribute Visibility

Help Pages

Logging Out

Local Cluster Web UI

Regional Cluster Web UI

Command Line Interface

Central Configuration Management Server


Network Registrar User Interfaces


Cisco Network Registrar provides a regional and a local Web-based user interface (Web UI) and a regional and local command line interface (CLI) to manage the DNS, DHCP, TFTP, and Central Configuration Management (CCM) servers:

Web UI for the regional cluster to access local cluster servers

Web UI for the local clusters

CLI for the local clusters

CCM servers that provide the infrastructure to support these interfaces

This chapter describes the Network Registrar user interfaces and the services that the CCM servers provide. Read this chapter before starting to configure the Network Registrar servers so that you become familiar with each user interface's capabilities.

Introduction to the Web-Based User Interfaces

The Web UI provides granular access to configuration data through user roles and constraints. The Web UI granularity is described in the following section.

Supported Web Browsers

The minimum Web browsers supported in Network Registrar are Internet Explorer 5.5 and Netscape 6.2.

Access Security

At Network Registrar installation, you can choose to configure HTTPS to support secure client access to the web UIs. You must specify the HTTPS port number and provide the keystore at that time. With HTTPS security in effect, the web UI Login page indicates that the "Page is SSL Secure."


Note Do not use a dollar sign ($) symbol as part of a keystore password.


Logging In to the Web UIs

You can log in to the Network Registrar local or regional cluster Web UIs either by HTTPS secure or HTTP nonsecure login. After installing Network Registrar, open one of the supported Web browsers and specify the login location URL in the browser's address or netsite field. Login is convenient and provides some memory features to increase login speed.

You can log in using a nonsecure login in two ways:

On Windows, from the Start menu, choose Start > Programs > Network Registrar 6.3 > Network Registrar 6.2 {local | regional} Web UI, which opens the local or regional cluster Web UI from your default Web browser.

Open the Web browser and go to the website. For example, if default ports were used during the installation, the URLs would be http://hostname:8080 for the local cluster Web UI, and http://hostname:8090 for the regional cluster Web UI.

This opens the Login page. With a conventional login, the page indicates "Page is not secure" (see Figure 2-1); with an SSL-secured login, the page indicates "Page is SSL Secure."


Note To prepare for an HTTPS-secured login, see the Cisco CNS Network Registrar Installation Guide.


Figure 2-1 Login Page for Local and Regional Clusters

Enter the initial username admin and password changeme. The password is case sensitive. (Change this password as soon as you can; see the "Managing Passwords" section on page 4-6). Depending on how your browser is set up, you might be able to abbreviate the account name or choose it from a drop-down list. If the password is stored from a previous login, it might be entered automatically.

To log in, click Login. If this is the first login after installing Network Registrar, an Add Product License page appears first (see Figure 2-2 for the regional cluster page; the local cluster page is essentially the same). Your license key is printed on the installation CD. Enter it, then click Add License. If the license key is valid, you immediately enter the Web UI application pages.

Figure 2-2 Add Product License Page for Regional Cluster

For an example, see the "Add the Address Space and Router Licenses" section on page 4-25.

To reenter a previously active session, click Reuse current session. (This option is only available if you did not remove the cookie for it in the Web browser.)


Note If you log back in to a previously active session without clicking Reuse current session, you may have two active sessions open, which can cause erratic failures. For example, if your active session was the first one after an installation, when you enter the license key, you are prompted for it again indefinitely. To avoid this, click Reuse current session, or close and reopen the browser to initiate a new session.


Changing Passwords

Whenever you edit a password on a Web UI page, it appears as a string of eight asterisks (********). The actual password value is never sent to the Web browser. So, if you change the password, the field is automatically cleared. You must enter the new password value completely, exactly as you want it set.

For details on changing administrator passwords at the local and regional cluster, see the "Managing Passwords" section on page 4-6.

Navigating

The Web UI provides a hierarchy of pages based on the functionality you desire and the thread you are following as part of your administration tasks. The page hierarchy prevents you from getting lost easily.


Caution Do not use the Back button of the browser. Always use the Primary or Secondary Navigation bar, or the Cancel button on the page to return to a previous page. Using the Back button can cause erratic failures.

An additional single sign-on feature is now available to connect between the regional and local cluster Web UIs. Many of the regional cluster Web UI pages include the Go Local icon (), which you can click to connect to the local cluster associated with the icon. If you have single sign-on privileges to the local cluster, the connection takes you to the related local server management page (or a related page for failover pair configurations). If you do not have these privileges, the connection takes you to the login page for the local cluster. To return to the regional cluster, local cluster pages have the Go Regional icon () at the top right corner of the page.

Waiting for Page Resolution Before Proceeding

Operations performed in the Web UI, such as resynchronizing or replicating data from server clusters, are synchronous operations that do not return control to the browser until the operation is completed. These operations display confirmation messages in blue text when they are completed. Also, both the Netscape and IE browsers display a wait cursor while the operation is in progress. Unfortunately, the browsers do not prevent you from moving the mouse over another control icon and clicking it.


Tip Wait for each operation in the Web UI to finish before you begin a new operation. If the browser becomes impaired, close the browser, reopen it, then log in again.


Committing Changes

You do not actually commit the page entries you make until you click Add... or Modify... on the page. You can delete items by clicking the Delete icon (). To prevent unwanted deletions, a Confirm Delete page appears in many cases so that you have a chance to confirm or cancel the deletion.

Role and Attribute Visibility Settings

The Main Menu page shows the administrative roles assigned to the logged-in administrator. It also presents a choice of which visibility you want the configuration attributes to be in the Web UI:

To view the roles for the administrator, expand the area of the page by clicking the plus sign (+) next to the Show Roles for User heading. The roles appear in S-expression format. For example, a host administrator might show this role:

name=boston-hostadmin-role, role=host-admin, unconstrained=false, read-only=false, 
zones={boston.example.com.}, use-any-range=false, use-any-zone=false, 
use-any-owner=false, edit-owners=false, access-secondary-zones=false, 
access-reverse-zones=false 

This means that this particular host administrator is constrained to the boston.example.com zone, has read-write privileges to that zone, cannot administer just any address ranges in it, cannot use just any owner or edit owners, and cannot access secondary zones or reverse zones. (For details on how to set up these administrator roles, see the "Create the Administrators" section on page 4-14.)


Note Superuser privileges override any roles displayed for a superuser administrator.


To set the attribute visibility settings for this user session only, expand the area of the page by clicking the plus sign (+) next to the Session Attribute Visibility Setting heading. You can then choose Normal or Expert from the drop-down list:

Normal attribute visibility is appropriate under most conditions and is the default setting.

Expert attribute visibility exposes a set of attributes that are relevant for fine-tuning or troubleshooting the configuration. In most cases, you would accept the default values for these reserved attributes and not change them without guidance from the Cisco Technical Assistance Center (TAC). These reserved attributes are each marked with a Warning icon () on the configuration pages.

Displaying and Modifying Attributes

Many of the Web UI pages, such as those for servers, zones, and scopes, include attribute settings that correspond to those you can set using the CLI. (When the Web UI attribute name differs from the CLI name equivalent, the CLI name appears as a secondary attribute name.) The attributes are categorized into groups by their function, with the more prominent attributes listed first and the ones less often used for configuration at the bottom of the page.

Modifying Attributes

You can modify these configuration attribute values and unset those for optional attributes. In many cases, these attributes have default values, which are listed under the Default column on the page. The explicit value overrides the default one, but the default one is always the fallback. If there is no default value, unsetting the explicit value removes all values for that attribute.

Displaying Attribute Help

For contextual help for an attribute, click the name of the attribute to open a help window. This help window is a separate browser window and you must close it when finished reading the description.

Attribute Visibility

You can choose one of two visibility settings of these configuration attributes. Normal mode is for normal conditions and is the default. Expert mode is reserved for troubleshooting conditions under the guidance of the Cisco TAC. In most cases, you do not need to change the default Normal setting. If required, you can change the setting on the Main Menu page (see the "Role and Attribute Visibility Settings" section).

Help Pages

The Web UI provides a separate window that displays help text for each page. The Help page identifies the topic and the application page name. In many cases, you can access a summary page for the topic by clicking a Top of Section link at the bottom of the help page. You can navigate through the help pages, which provide many links to related topics. To exit the help window, click the Close Window link at the bottom.

You can also open a separate context-sensitive help window for many configuration attributes by clicking the attribute name. See the "Displaying Attribute Help" section.

Logging Out

You can log out of the Web UI by clicking the Logout link at the top right corner of any application page.

Local Cluster Web UI

The local cluster Web UI provides concurrent access to Network Registrar user and protocol server administration and configuration. It provides granular administration across servers with permissions you can set on a per element or feature basis. Once you log in to the application, the Main Menu page appears (see Figure 2-3). Local cluster administration begins with Chapter 4, "Configuring Local and Regional Administrators."


Note If you change the IP address of your local cluster machine, you must modify the localhost cluster to change the address in the ipaddr field. Avoid setting the value to the loopback address (127.0.0.1); if you do, you must also set the actual IP addresses of main and backup servers for DHCP failover and High-Availability (HA) DNS configurations.


Figure 2-3 Main Menu Page for Local Cluster

Regional Cluster Web UI

The regional cluster Web UI provides concurrent access to regional and central administration tasks. It provides granular administration across servers with permissions you can set on a per element or feature basis. Once you log in to the application, the Main Menu page appears (see Figure 2-4). Regional cluster administration is described in Chapter 5, "Managing the Central Configuration."

Figure 2-4 Main Menu Page for Regional Cluster

Command Line Interface

Using the Network Registrar CLI (the nrcmd program), you can control your local cluster servers' operations. You can set all configurable options, as well as start and stop the servers. The CLI provides for concurrent access, but you should not have more than one CLI session open, because these interfaces require a lock on the databases. See the Network Registrar CLI Reference Guide for details.

The nrcmd program for the CLI is located on:

Windows—In the install-path\bin directory.

Solaris and Linux—In the install-path/usrbin directory.

On a local cluster, once you are in the appropriate directory, use the following command at the prompt:

nrcmd -C localhost -N admin -P changeme -R 

-C is the cluster name, by default localhost.

-L is the local cluster.

-N is the username, initially admin.

-P is the user password, initially changeme.

-R is the regional cluster.


Tip You should change the initial password right away (see the "Managing Passwords" section on page 4-6). For additional command options, see the Network Registrar CLI Reference Guide.


To disconnect from the cluster, use the exit command:

nrcmd> exit 


Tip The CLI operates on a coordinated basis with multiple user logins. If you receive a cluster lock message, determine who has the lock and discuss the issue with them. You can override the lock by using the force-lock command, but not unless you are absolutely sure you would thereby not adversely affect someone else's work.


Central Configuration Management Server

The Central Configuration Management (CCM) servers at the local and regional clusters provide the infrastructure for Network Registrar operation and user interfaces. The Web UIs operate with a combination of the legacy Network Registrar databases (MCD) and the additional CCM databases. The main purpose of the local cluster Web UI infrastructure is to store and propagate data from the user to the protocol servers, and from the servers back to the user.

The change set is the fundamental unit of change to a data store. It is used to send incremental changes to a replicating server, and it provides an audit log for changes to the data store. Change sets consist of lists of change entries that are groups of one or more changes to a single network object. The Web UI provides a view of the change sets for each data store.