Cisco Prime Network Installation Guide, 3.10
Next Steps
Downloads: This chapterpdf (PDF - 204.0KB) The complete bookPDF (PDF - 1.58MB) | Feedback

Next Steps

Table Of Contents

Next Steps

Getting a Valid Prime Network License

Verifying Backup Schedule Was Created

Prime Network Data Backup

Embedded Database Backup

Backing Up Systems with External Database

Enabling the Network Discovery Feature

Setting Up Standalone Integration Layer (SIL) for Prime Network

Enabling Standalone Integration Layer Services

Disabling Standalone Integration Layer Services

Managing FTP for Standalone Integration Layer Server

FTP Configuration With Replication

Clearing the FTP Configuration for the Standalone Integration Layer Server

(Optional) Changing the Default Ports Used by the Standalone Integration Layer

Changing the NIO and SSL Ports

Changing the MTOSI Web Services Port

Changing the 3GPP Web Services Port

Changing the RMI Registry and RMI Server Ports

Required Configuration for Managing UCS Devices (Linux Only)


Next Steps


This chapter includes the tasks that are performed after Prime Network is completely installed including the client application. This chapter includes information on activating license after 120 days of evaluation version, configuring Prime Network so that it can be used with Multi-Technology Operations Systems Interface (MTOSI) northbound interfaces and 3GPP and configuring Prime Network to import bulk VNEs using the network discovery feature.

Getting a Valid Prime Network License

You must activate a valid Prime Network license within 120 days of installation. Until you activate the license, you will be running an evaluation version of Prime Network, with full functionality. After 120 days, this evaluation version will expire and if Prime Network is closed, it will not restart.

Prime Network software must be registered via Cisco.com in order to obtain a license file (*.lic). The license file will be sent to you by e-mail and must be installed on the Prime Network gateway server.

The license file is bound to the server credentials that are provided during license generation. The license file will only be usable on that server only and cannot be ported from one server to another.

For any licensing issues, please contact your Cisco account representative or send an e-mail to ask-ana-licensing@cisco.com for assistance. For further details about licensing, see "Prime Network Licensing" in the Prime Network Administrator Guide, 3.10.

To obtain the license file:


Step 1 Go to the licensing web page at http://www.cisco.com/go/license and enter your Cisco.com user credentials to start the Product License Registration process. If you are not a registered Cisco.com user, create an account and log in.

Step 2 Locate the Product Authorization Key (PAK number) that appears at the bottom of the Software License Claim Certificate you received with your Prime Network package.

The PAK number is a unique, automatically generated identification key that represents the specific software and hardware covered by the license. A PAK number has the following format: 1703J1CEB52.

Step 3 Click Submit after entering the PAK number.

Step 4 Enter the following information in the online form:

PAK number

Cisco Prime Network Gateway server name

(You can use the hostname UNIX command to obtain the server name)

Cisco Prime Network Gateway server hostid

(You can use the hostid UNIX command to obtain the hosted. For systems running Linux on UCS, use the primary MAC address instead of the hostid)

Operator email address


Note If the server is using Fully Quailed Name (or FQN), user need to enter the whole name with the complete domain.


Step 5 After filling in the requested information submit the request.

Your license file and user information will be sent to the e-mail address you specified. If you do not receive an e-mail within an hour, contact your Cisco account representative or send an e-mail to ask-ana-licensing@cisco.com for assistance.


Note Do not edit the contents of the .lic file in any way. The contents of the file are signed and must remain intact.


Step 6 Copy the license key to the $FLEXNET_HOME/licenses directory in the Prime Network gateway server.


Note License files are cumulative and can be all copied on the same place. In addition, because the license is enforced on the Gateway machine, there is no need to copy the license on unit machines.


Step 7 Apply the new license to the FlexNet license manager:

liccontrol reread

 
   

Step 8 Apply the license to the Prime Network Gateway process by restarting the AVM 11:

networkctl -avm 11 restart

 
   

Step 9 The license is now applied and active.

Step 10 Enter the following status command to verify that the license is loaded:

status

The output should include the following:

- Checking if license server is up and running [LOADED]

 
   

Verifying Backup Schedule Was Created

The Prime Network backup and restore process includes:

Prime Network data backup of the registry data, encryption keys, and reports using the operating system cron mechanism.

Prime Network database backup of only embedded database. For external database, refer Oracle documentation.

Prime Network performs backups on a regular schedule. The schedule and data that is backed up depends on whether you have a system with an embedded database or an external database.

Prime Network performs backups on a regular schedule for both Prime Network data and the embedded database.


Note In both cases, you should back up to tape on a daily basis.


Prime Network Data Backup

The data backup only saves the Prime Network data which includes its registry data, encryption keys, and reports using the operating system cron mechanism.

By default, Prime Network do 5 backups for a system installed with an external database, and 16 backups for a system installed with an embedded database. Backup run every 12 hours at 4am and 4pm. Table 11-1 lists the directories that are backed up Prime Network. By default the data is saved in NETWORKHOME/backup (NETWORKHOME is the installation directory). You can change this location by editing the registry. For information on changing the backup schedule or location, or performing a manual backup, see the Cisco Prime Network 3.10 Administrator Guide.

Table 11-1 Directories Backed Up by Prime Network 

Type of Data
Location
Description

Registry information

NETWORKHOME/Main/registry

Prime Network registry, which includes changes made since the installation (new soft properties, Command Builder commands, alarm customizations, and so forth)

General information

NETWORKHOME/Main/.encKey

SSH encryption key files

NETWORKHOME/Main/to_backup

Other user-specified data

NETWORKHOME/Main/reportfw/rptdocument

Prime Network reports1

1 Some report data is stored in the database, so you must back up both the database and the Prime Network data to capture all report information.


Embedded Database Backup

Backups are normally enabled during installation, but if you did not enable them, use the procedure below to enable the backup. You must enable this mechanism if you want to perform a backup of the embedded database, regardless of whether the backup is manual or automatic. You can verify whether it is already enabled by checking for recent backups in the backup directory that was specified during the installation.

Embedded database is backed up according to the profile selected at installation:

1-50 actionable events per second —Full backup is performed every Saturday at 1:00 a.m.; and incremental backups are performed every Sunday-Friday at 1:00 a.m.

51-250 actionable events per second —Full backup is performed every Tuesday and Saturday at 1:00 a.m.

By default, Prime Network saves embedded database backups taken in last eight days. For this reason you must back up the database's backup and archive directories to tape on a daily basis.

For information on changing the backup schedule or performing a manual backup, see the Cisco Prime Network 3.10 Administrator Guide.

Enabling Backups for an Embedded Database

The following procedure enables the backup mechanism for an embedded database. You must enable the mechanism if you want to perform manual or automatic backups. This procedure requires both Oracle and Prime Network to be restarted.

To enable the backup mechanism for an embedded database:


Step 1 If you did not specify a backup location at installation time, do the following:

a. Create the folders for the backup files and the archive logs.

b. Verify that the OS database user (oracle, by default) has write permission for the folders, or run the following command as the operating system root user:

chown -R os-db-user:oinstall  path

Step 2 Log into the gateway as pn user (where pn user is the operating system account for the Prime Network application, created when Prime Network is installed; for example, pn310).Change the directory to the Main/scripts/embedded_db directory:

# cd $ANAHOME/Main/scripts/embedded_db 

Step 3 Start the backup.

# emdbctl --enable_backup
 
   
Following prompts appear:

Table 11-2 Backup Prompts

Prompt for..
Enter..
Notes

Destination for backup files

Path to the directory containing the backup files.

Enter the target destination folder (path-to-backup-dir) you created in Step 1.

Destination for archive files

Path to the directory containing the archive logs.

 

Select Prime Network database profile

The number corresponding to the estimated profile.

Select from 1-7 based on the actionable events per second.



Backing Up Systems with External Database

For systems with an external DB, backups are automatically scheduled, but only the Prime Network data is saved. Refer to your Oracle documentation for instructions on how to schedule regular backups for the database.

The backup only saves the Prime Network data which includes its registry data, encryption keys, and reports using the operating system cron mechanism.

Data is saved to NETWORKHOME/backup. By default, Prime Network saves five backups. Backups run every 12 hours at 4am and 4pm. For information on changing the backup schedule or location, or performing a manual backup, see the Cisco Prime Network 3.10 Administrator Guide.

Enabling the Network Discovery Feature

The network discovery tool allows administrator and configurator users to automatically discover the devices that exist in the network, and then to create a virtual Network Element (VNE) for each discovered device to be managed with Prime Network. Use of the network discovery tool significantly speeds up the process of importing your devices into Prime Network so that they can be managed.

For more information on the network discovery feature, see Cisco Prime Network 3.10 Administrator Guide.

You must perform the following steps after Prime Network installation or after an upgrade for the Network Discovery feature to work in Prime Network 3.10.


Note Use network discovery web interface on Mozilla Firefox. It is not supported on Internet Explorer.



Step 1 Log into the Prime Network gateway machine OS shell as the Prime Network user.

Step 2 Change the user to be the super user.

su root
 
   

Step 3 Enter the super user password.

enter root password: XXXX

 
   

Step 4 Navigate to the local/scripts folder under the Prime Network user home directory, which by default is /export/home/pn user.

cd $ANAHOME/pn user/local/scripts

 
   

Step 5 Change to tcsh shell.

tcsh

 
   

Step 6 Execute the setFpingPermissions script.

./setFpingPermissions.tcsh

 
   

The setFpingPermissions script is executed to ensure successful functioning of the network discovery tool and sets some permissions to the Fping utility. You will get a Fping permissions set successfully message if the utility is successfully executed. If you do not receive this message, please contact your Cisco account representative for assistance.


Setting Up Standalone Integration Layer (SIL) for Prime Network

You can configure Prime Network to use it with Multi-Technology Operations Systems Interface (MTOSI) northbound interfaces and 3GPP. To do this, you must install a standalone integration layer along with the MTOSI and 3GPP bundles.

The Standalone Integration Layer (SIL) server allows Prime Network to expose MTOSI APIs over Simple Object Access Protocol (SOAP). The integration layer will expose MTOSI interfaces for enabling clients to register and receive notifications of interest.

For information on interfaces exposed by the integration layer for the MTOSI, refer to the Prime OSS Integration Guide for MTOSI and 3GPP, 1.0.

Before You Begin:

Make sure Prime Network is installed. Complete the Prime Network installation using the procedures in Installing the Cisco Prime Network.

Verify that the ports required by SIL are not used by any other applications. (See the Standalone Integration Layer Ports.).


Note To change the default ports used by SIL, see the section (Optional) Changing the Default Ports Used by the Standalone Integration Layer.


Verify that the system has at least 4 GB of RAM available. Enter the top command to verify that the required memory is available.

Verify that the JAVA_HOME environment variable points to the JDK installed by Prime Network.


Note If JAVA_HOME environment variable points to 32 bit JRE, edit the karaf file to use 2 GB memory. Do the following to change the memory size in the karaf file: $SIL_HOME/esb/bin/karaf and change "-Xmx4G" to "-Xmx2G".


This section explains how to install standalone integration layer for Prime Network after installing Prime Network.


Step 1 Insert "Disk1: New Install" in the DVD drive.

Step 2 Mount the inserted DVD using mount command and change directory to the mount location.

Step 3 Log in as root user and change to the prime network user (pn user), using the following command:

su - pn user
 
   

Step 4 Create new directory where you would like to install SIL.

mkdir -p $ANAHOME/pnil
 
   

Step 5 Copy the SIL installation tar file from the mounted location to this directory.

cp /mnt/**/sil-esb-1.0.0-tar.gz $ANAHOME/pnil
 
   

Step 6 Change directory to $ANAHOME/pnil where SIL tar file was copied and extract the SIL installation tar:

cd  $ANAHOME/pnil
tar -zxf sil-esb-1.0.0.tar.gz
 
   

Note For Solaris, extract the files using the GNU Tar utility (an archiver tool) available in the bin folder under the Prime Network home directory (that is, NETWORKHOME/local/bin/solaris/tar).


 
   

The directory where the files are extracted is represented by $SIL_HOME.

Step 7 Set the permissions for the ana user to access the files under $SIL_HOME using the following command:

chown -R anauser:ana $SIL_HOME
cd $SIL_HOME/bin
 
   

Step 8 Enter the following command to configure the SIL for Prime Network:

./saDmConfig.sh -type net -user root user -password root password -host pn hostname -dir 
$SIL_HOME -authURL network-authentication-URL
 
   

where:

root user is the root user profile created on Prime Network; usually "root"

root password is the password for root user


Note Make sure the root password does not contain '%' character. If the password contains '%' character, then change the password. For information on how to change root password, see Cisco Prime Network Administrator Guide, 3.10.


$SIL_HOME is the directory where you extracted the ESB .tar file.

network-authentication-URL is the URL used to authenticate Prime Network calls; usually https://localhost:6081/ana/services/username

Step 9 Reset the SIL environment to default settings by removing the $SIL_HOME/data directory that contains files generated by services at runtime. Use the following command:

rm -rf $SIL_HOME/data
 
   

Step 10 Ensure the Karaf process is started using the following commands:

For Linux:

ps -aef | grep karaf

For Solaris

/usr/ucb/ps -auxwww | grep karaf
 
   

Step 11 Start the SIL services. Do the following:

a. Verify that the SIL services are enabled. For instructions to enable SIL services, see Enabling Standalone Integration Layer Services.

b. Execute the start script from the following location:

$SIL_HOME/bin/start
 
   

Note At a later point, if you decide to use Prime Network in suite mode, disable the SIL services. For instructions, see Disabling Standalone Integration Layer Services.


Step 12 Enable FTP on the SIL server for transferring the inventory files from host to an FTP/SFTP server. Each FTP server has a primary and a secondary ftp server setup. Depending on the server type, use one of the following commands:


Note Host refers to the machine where the integration layer is running.


Enable FTP configuration for Global Primary Server

./ftpConfig.sh -ftp enable -host ip address -user root -password root pasword -port 
port number -protocol sftp -hostOption primary -replication disable -mgmtDataType 
global
 
   

Enable FTP configuration for Global Secondary Server

./ftpConfig.sh -ftp enable -host ip address -user root -password root pasword -port 
port number -protocol sftp -hostOption secondary -replication disable -mgmtDataType 
global 
 
   

Enable FTP configuration for IM Primary Server

./ftpConfig.sh -ftp enable -host ip address -user root -password root pasword -port 
port number -protocol sftp -hostOption primary -replication disable -ftpDirectory 
/primaryData -mgmtDataType im 
 
   

Enable FTP configuration for IM SecondaryServer

./ftpConfig.sh -ftp enable -host ip address -user root  -password root pasword -port 
port number -protocol sftp -hostOption secondary -replication disable -ftpDirectory 
/secondaryData -mgmtDataType im 
 
   

For more information on FTP cofiguration, see Managing FTP for Standalone Integration Layer Server.


Enabling Standalone Integration Layer Services

Enable the SIL services using the procedure below:


Step 1 Access the cron job from the following location:

vi $ANAHOME/local/cron/every_3_minutes.cmd 
 
   

Step 2 Make sure the following line in the cron job is not commented.

cd $ANAHOME/local/scripts/integration_layer ; perl il_watchdog.pl 
 
   

The cron is scheduled to run every 3 minutes and job will take care of starting the Standalone Integration Layer service.


Disabling Standalone Integration Layer Services

Use this procedure to disable the SIL services.


Step 1 To ensure that the services of the SIL are stopped permanently, disable the scheduled job in the cron job file. Do the following:

a. Edit the cron job file (every_3_minutes.cmd) by entering the following command:

vi $ANAHOME/local/cron/every_3_minutes.cmd 
 
   

b. Comment the following line in the cron job to disable the scheduled job.

#cd $ANAHOME/local/scripts/integration_layer ; perl il_watchdog.pl
 
   

c. Save the cron job file.

Step 2 Stop the SIL by entering the following command:

$SIL_HOME/bin/stop


Note If the cron job was not disabled (as mentioned in Step 1), it would automatically restart the services as it is scheduled to run every 3 minutes.



Managing FTP for Standalone Integration Layer Server

You can modify the FTP configuration for SIL using the script (ftpConfig.sh) that is available in the SIL installation directory. The default location is $SIL_HOME/bin.

Use the ftpConfig.sh script with the following options to modify the file transfer component:

ftpConfig.sh [ -help | -ftp enable | -ftp disable | -localDir new location |-replication enable | -replication disable | -clearConfig | -display]

Command
Used to..

-help

View the FTP options for standalone integration layer.

-ftp enable

Enable the FTP service. For more details, see in Setting up SIL server for Prime Network section.

-ftp disable

Disable the FTP service.

-localDir new location

Change the location of the storage directory on the local machine ( default is /tmp). This will be used when file transfer is disabled.

-replication enable

Replicate XML files and status file in both primary and secondary ftp servers. Refer to the section FTP Configuration With Replication, to see where the files are stored when the replication is enabled or disabled.

-replication disable

Disable the replication

-clearConfig

Clear the FTP configuration. For more details, see Clearing the FTP Configuration for the Standalone Integration Layer Server

-display im

Display FTP configurations for both primary and secondary servers configured for Inventory Management interface type for 3GPP.

-display im -hostOption primary/secondary

Display FTP configurations for either the primary and secondary servers configured for Inventory Management interface type for 3GPP.

-display global

Display FTP configurations for global primary and secondary servers. Global here indicates across all management interface type for 3GPP.

-display all

Display global FTP configurations


Each FTP server has a primary and a secondary ftp server setup with fail-over option or replication option. In fail-over option files are transferred to the secondary ftp server if the primary is not reachable or copied on to the configured directory on local machine if the secondary is not reachable as well. However, in replication option, files are transferred to both the primary and the secondary ftp servers.

FTP Configuration With Replication

Table 11-3 shows where the files are stored when the replication is enabled/disabled. Tick mark indicates ftp details are configured for the particular FTP server.

Table 11-3 FTP Configuration with Replication Enabled/ Disabled

Primary FTP
Secondary FTP
Replication
Files Stored Under

x

x

Primary

x

Primary

x

x

Secondary

x

Primary

Primary, Secondary


Clearing the FTP Configuration for the Standalone Integration Layer Server

Use one of these command to clear the configuration depending on the server type:

Clear FTP configuration for Global Primary Server

./ftpConfig.sh -clearConfig true -hostOption primary -mgmtDataType global 
 
   

Clear FTP configuration for Global Secondary Server

./ftpConfig.sh -clearConfig true -hostOption secondary -mgmtDataType global 
 
   

Clear FTP configuration for IM Primary Server

./ftpConfig.sh -clearConfig true -hostOption primary -mgmtDataType im 
 
   

Clear FTP configuration for IM SecondaryServer

./ftpConfig.sh -clearConfig true -hostOption secondary -mgmtDataType im 

(Optional) Changing the Default Ports Used by the Standalone Integration Layer

This section explains how to change the default ports listed in Standalone Integration Layer Ports.

Changing the NIO and SSL Ports

By default, the NIO and SSL transport ports are 61616 and 61615.

To change the port numbers:


Step 1 Edit the $SIL_HOME/etc/activemq.broker.cfg file and do the following:

Change the nioTransportPort value to a port number that is not in use, such as 61614.

Change the sslTransportPort value to a port number that is not in use, such as 61613.

Step 2 Edit the $SIL_HOME/etc/com.cisco.prime.esb.jms.cfg file and do the following:

Change the prime.connection.port value to the value of nioTransportPort that you had set in Step 1.

Step 3 Save the changes in activemq.broker.cfg and com.cisco.prime.esb.jms.cfg files.

Step 4 Stop the integration layer server by invoking the stop script from $SIL_HOME/bin/stop .

If the cron job was not disabled (as mentioned in Enabling Standalone Integration Layer Services), it would automatically restart the services as it is scheduled to run every 3 minutes.


Changing the MTOSI Web Services Port

By default, the MTOSI web services implementation port is 9110.

To change the port number:


Step 1 Open the $SIL_HOME/etc/com.cisco.prime.esb.mtosi.cfg file and do the following:

Change the mtosiPort value to a port number that is not in use.

Step 2 Save and close the com.cisco.prime.esb.mtosi.cfg file.

Step 3 Stop the integration layer server by invoking the stop script from $SIL_HOME/bin/stop .

If the cron job was not disabled (as mentioned in Enabling Standalone Integration Layer Services), it would automatically restart the services as it is scheduled to run every 3 minutes.


Changing the 3GPP Web Services Port

By default, the 3GPP web services implementation port is 9220. To change the port number:


Step 1 Open the $SIL_HOME/etc/com.cisco.prime.esb.ana.xmlfile.3gpp.cfg file and do the following:

Change the tgppPort value to a port number that is not in use.

Step 2 Save and close the com.cisco.prime.esb.ana.xmlfile.3gpp.cfg file.

Step 3 Stop the integration layer server by invoking the stop script from $SIL_HOME/bin/stop .

If the cron job was not disabled (as mentioned in Enabling Standalone Integration Layer Services), it would automatically restart the services as it is scheduled to run every 3 minutes.


Changing the RMI Registry and RMI Server Ports

By default, the RMI registry service port is 1091 and the RMI server port is 44444. To change the port numbers:


Step 1 Open the $SIL_HOME/org.apache.karaf.management.cfg file and do the following:

Change the rmiRegistryPort value to a port number that is not in use.

Change the rmiServerPort value to a port number that is not in use.

Step 2 Save and close the org.apache.karaf.management.cfg file.

Step 3 Stop the integration layer server by invoking the stop script from $SIL_HOME/bin/stop .

If the cron job was not disabled (as mentioned in Enabling Standalone Integration Layer Services), it would automatically restart the services as it is scheduled to run every 3 minutes.


Required Configuration for Managing UCS Devices (Linux Only)

Prime Network uses the VMware vCenter to obtain information about virtualization inventory and events information for Cisco Unified Computing System (UCS) devices. If you are running Prime Network on Linux: You must perform the additional steps described in the following to receive traps from UCS devices.

The XMP Datacenter component retrieves UCS device events from the VMWare vCenter, normalizes them into the CISCO-EPM-NOTIFICATION-MIB trap format, and forwards them to the Event Collector (AVM 100).

If your installation of Prime Network is running on Linux, you must perform one of the following procedures (depending on your product configuration) so that the XMP Datacenter will send UCS events to the correct location of the Event Collector.

If the Event Collector (AVM 100) is running on:
You must do the following (as Linux root user):

A different server from XMP_DATACENTER

1. Go to NETWORKHOME/Main/XMP_DATACENTER/conf.

2. In the datacenterevent.properties file, set the value of the following property to the IP address of the server running AVM 100:

datacenterevent.destAddress0

The same server as XMP_DATACENTER

iptables -t nat -A OUTPUT -p udp -d localhost --dport 162 -j REDIRECT --to-port 1162