Cisco DCNM Installation and Licensing Guide, Release 5.x
Configuring Cisco DCNM-LAN Servers
Downloads: This chapterpdf (PDF - 151.0KB) The complete bookPDF (PDF - 3.69MB) | Feedback

Configuring Cisco DCNM-LAN Servers

Table Of Contents

Configuring Cisco DCNM-LAN Servers

Configuring Secure Client Communications

Information About Secure Client Communications

Encrypted Client-Server Communications

Firewall Support for Client-Server Communications

Configuring Secure Client Communications

Enabling Encrypted Client-Server Communications

Disabling Encrypted Client-Server Communications

Specifying a Secondary Server Bind Port

Configuring SMTP Servers

Information About SMTP Servers

Configuring for SMTP Servers

Additional References

Related Documents

Standards

Feature History for Configuring Cisco DCNM-LAN Servers


Configuring Cisco DCNM-LAN Servers


This chapter describes how to configure Cisco Data Center Network Manager for LAN (DCNM-LAN) servers.

This chapter includes the following sections:

Configuring Secure Client Communications

Configuring SMTP Servers

Additional References

Feature History for Configuring Cisco DCNM-LAN Servers

Configuring Secure Client Communications

This section describes how to configure Cisco Data Center Network Manager for LAN (DCNM-LAN) for secure client-server communications.

This section includes the following topics:

Information About Secure Client Communications

Configuring Secure Client Communications

Information About Secure Client Communications

This section includes the following topics:

Encrypted Client-Server Communications

Firewall Support for Client-Server Communications

Encrypted Client-Server Communications

By default, communication between the Cisco DCNM-LAN client and server is unencrypted; however, you can enable secure client-server communications, which uses Transport Layer Security (TLS), a protocol based on the Secure Sockets Layer (SSL) 3.0 protocol. In particular, communications between the Cisco DCNM-LAN client and the EJB port on the Cisco DCNM-LAN server are encrypted when you enable secure client communications.

Enabling secure client communications does not affect how users download, install, and log into the Cisco DCNM-LAN client.

Firewall Support for Client-Server Communications

Cisco DCNM-LAN supports client-server connections across gateway devices such as a firewall; however, you must configure any gateway devices to allow the connections that the client must open to the Cisco DCNM-LAN server. The ports on the Cisco DCNM-LAN server that gateway devices must permit traffic to reach are listed in Table 7-1.

By default, the secondary server bind port is assigned a random port number when the Cisco DCNM-LAN server starts. To support client-server communications across a gateway device, you must configure the Cisco DCNM-LAN server to use a specific port for the secondary server bind service.

Configuring Secure Client Communications

This section includes the following topics:

Enabling Encrypted Client-Server Communications

Disabling Encrypted Client-Server Communications

Specifying a Secondary Server Bind Port

Enabling Encrypted Client-Server Communications

You can enable TLS to encrypt client-server communications.

If your Cisco DCNM-LAN deployment is a clustered-server deployment, you must perform this procedure on each server in the cluster.

DETAILED STEPS


Step 1 Stop the Cisco DCNM-LAN server. If you are enabling secure client communications on a server cluster, use the stop-dcnm-cluster script. For single-server deployments, do one of the following:

Microsoft Windows—Choose Start > All Programs > Cisco DCNM Server > Stop DCNM Server.

RHEL—Use the Stop_DCNM_Server script.

For more information about stopping Cisco DCNM-LAN, see the Cisco DCNM Fundamentals Guide, Release 5.x.

Step 2 In a text editor, open the jboss-service.xml file that is at the following location:

INSTALL_DIR\dcm\jboss-4.2.2.GA\server\dcnm\deploy\ejb3.deployer\META-INF\jboss-service.xml

where INSTALL_DIR is the Cisco DCNM installation directory. On Microsoft Windows, the default installation directory is C:\Program Files\Cisco Systems. On RHEL systems, the default installation directory is /usr/local/cisco.

Step 3 Find the following section in the file. Verify that the section you find matches the following lines exactly.

<!--mbean code="org.jboss.remoting.transport.Connector" 
name="jboss.remoting:type=Connector,transport=SslEjb3Connector,handler=ejb3">
  <depends>jboss.aop:service=AspectDeployer</depends>
  <attribute 
name="InvokerLocator">sslsocket://${jboss.bind.address}:${cisco.dcnm.remoting.sslejbport:3
843}</attribute>
  <attribute name="Configuration">
    <handlers>
      <handler 
subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
    </handlers>
  </attribute>
</mbean-->
 
   

The section is commented out using the standard XML comment markers, <!-- and -->.

Step 4 Uncomment the section as follows:

a. From the first line of the section, remove the following three characters from before mbean:

!--
 
   

The changed line should read as follows:

<mbean code="org.jboss.remoting.transport.Connector" 
name="jboss.remoting:type=Connector,transport=SslEjb3Connector,handler=ejb3">
 
   

b. From the last line of the section, remove the following two characters after mbean:

--
 
   

The changed line should read as follows:

</mbean>
 
   

Step 5 Save and close the jboss-service.xml file.

Step 6 In a text editor, open the jboss-service.xml file that is at the following location:

INSTALL_DIR\dcm\jboss-4.2.2.GA\server\dcnm\conf\jboss-service.xml


Note This is a different jboss-service.xml file than you opened in Step 2.


Step 7 Find the following section in the file.

cisco.dcnm.remoting.transport=socket
cisco.dcnm.remoting.port=3873
cisco.dcnm.remoting.ejbport=3873
cisco.dcnm.remoting.sslejbport=3843
cisco.dcnm.remoting.client.invokerDestructionDelay=0
 
   

The port numbers at the end of the last three lines may vary from this example, depending upon whether the default port numbers were changed during Cisco DCNM-LAN server installation.

Step 8 Change the cisco.dcnm.remoting.transport value to sslsocket. The changed line should read as follows:

cisco.dcnm.remoting.transport=sslsocket
 
   

Step 9 Change the cisco.dcnm.remoting.port value to match the value specified for cisco.dcnm.remoting.sslejbport. For example, if the Cisco DCNM-LAN server is configured to use the default SSL port, the cisco.dcnm.remoting.sslejbport value is 3843 and the changed line would read as follows:

cisco.dcnm.remoting.port=3843
 
   

Step 10 Change the cisco.dcnm.remoting.client.invokerDestructionDelay value to 30000. The changed line should read as follows:

cisco.dcnm.remoting.client.invokerDestructionDelay=30000
 
   

Step 11 Save and close the jboss-service.xml file.

Step 12 Do one of the following:

If your Cisco DCNM-LAN deployment is a clustered-server deployment, repeat this procedure on each server in the cluster and then start the servers, beginning with the master server first. Allow at least one minute between starting each server.

If your deployment is a single-server deployment, start the Cisco DCNM-LAN server.

For more information about starting a single Cisco DCNM-LAN or a cluster of Cisco DCNM-LAN servers, see the Cisco DCNM Fundamentals Guide, Release 5.x.


Disabling Encrypted Client-Server Communications

You can disable secure client communications.

If your Cisco DCNM-LAN deployment is a clustered-server deployment, you must perform the following steps on each server in the cluster.

DETAILED STEPS


Step 1 Stop the Cisco DCNM-LAN server. If you are disabling secure client communications on a server cluster, use the stop-dcnm-cluster script. For single-server deployments, do one of the following:

Microsoft Windows—Choose Start > All Programs > Cisco DCNM Server > Stop DCNM Server.

RHEL—Use the Stop_DCNM_Server script.

For more information about stopping Cisco DCNM-LAN, see the Cisco DCNM Fundamentals Guide, Release 5.x.

Step 2 In a text editor, open the jboss-service.xml file that is at the following location:

INSTALL_DIR\dcm\jboss-4.2.2.GA\server\dcnm\deploy\ejb3.deployer\META-INF\jboss-service.xml

where INSTALL_DIR is the Cisco DCNM installation directory. On Microsoft Windows, the default installation directory is C:\Program Files\Cisco Systems. On RHEL systems, the default installation directory is /usr/local/cisco.

Step 3 Find the following section in the file. Verify that the section you find matches the following lines exactly.

<mbean code="org.jboss.remoting.transport.Connector" 
name="jboss.remoting:type=Connector,transport=SslEjb3Connector,handler=ejb3">
  <depends>jboss.aop:service=AspectDeployer</depends>
  <attribute 
name="InvokerLocator">sslsocket://${jboss.bind.address}:${cisco.dcnm.remoting.sslejbport:3
843}</attribute>
  <attribute name="Configuration">
    <handlers>
      <handler 
subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
    </handlers>
  </attribute>
</mbean>
 
   

The section is commented out using the standard XML comment markers.

Step 4 Use the standard XML comment markers to comment out the section, as follows:

a. To the first line of the section, add the following three characters before mbean:

!--
 
   

The changed line should read as follows:

<!--mbean code="org.jboss.remoting.transport.Connector" 
name="jboss.remoting:type=Connector,transport=SslEjb3Connector,handler=ejb3">
 
   

b. To the last line of the section, add the following two characters after mbean:

--
 
   

The changed line should read as follows:

</mbean-->
 
   

Step 5 Save and close the jboss-service.xml file.

Step 6 In a text editor, open the jboss-service.xml file that is at the following location:

INSTALL_DIR\dcm\jboss-4.2.2.GA\server\dcnm\conf\jboss-service.xml


Note This is a different jboss-service.xml file than you opened in Step 2.


Step 7 Find the following section in the file.

cisco.dcnm.remoting.transport=sslsocket
cisco.dcnm.remoting.port=3843
cisco.dcnm.remoting.ejbport=3873
cisco.dcnm.remoting.sslejbport=3843
cisco.dcnm.remoting.client.invokerDestructionDelay=30000
 
   

The port numbers at the end of the last three lines may vary from this example, depending upon whether the default port numbers were changed during Cisco DCNM-LAN server installation.

Step 8 Change the cisco.dcnm.remoting.transport value to socket. The changed line should read as follows:

cisco.dcnm.remoting.transport=socket
 
   

Step 9 Change the cisco.dcnm.remoting.port value to match the value specified for cisco.dcnm.remoting.ejbport. For example, if the Cisco DCNM-LAN server is configured to use the default EJB port, the cisco.dcnm.remoting.ejbport value is 3873 and the changed line would read as follows:

cisco.dcnm.remoting.port=3873
 
   

Step 10 Change the cisco.dcnm.remoting.client.invokerDestructionDelay value to 0. The changed line should read as follows:

cisco.dcnm.remoting.client.invokerDestructionDelay=0
 
   

Step 11 Save and close the jboss-service.xml file.

Step 12 Do one of the following:

If your Cisco DCNM-LAN deployment is a clustered-server deployment, repeat this procedure on each server in the cluster and then start the servers, beginning with the master server first. Allow at least one minute between starting each server.

If your deployment is a single-server deployment, start the Cisco DCNM-LAN server.

For more information about starting a single Cisco DCNM-LAN or a cluster of Cisco DCNM-LAN servers, see the Cisco DCNM Fundamentals Guide, Release 5.x.


Specifying a Secondary Server Bind Port

You can configure a Cisco DCNM-LAN server to use a specific secondary server bind port.

If your Cisco DCNM-LAN deployment is a clustered-server deployment, you must perform this procedure on each server in the cluster.

DETAILED STEPS


Step 1 Stop the Cisco DCNM-LAN server. If you are enabling secure client communications on a server cluster, use the stop-dcnm-cluster script. For single-server deployments, do one of the following:

Microsoft Windows—Choose Start > All Programs > Cisco DCNM Server > Stop DCNM Server.

RHEL—Use the Stop_DCNM_Server script.

For more information about stopping Cisco DCNM-LAN, see the Cisco DCNM Fundamentals Guide, Release 5.x.

Step 2 In a text editor, open the remoting-bisocket-service.xml file that is at the following location:

INSTALL_DIR\dcm\jboss-4.2.2.GA\server\dcnm\deploy\jboss-messaging.sar\
remoting-bisocket-service.xml

where INSTALL_DIR is the Cisco DCNM installation directory. On Microsoft Windows, the default installation directory is C:\Program Files\Cisco Systems. On RHEL systems, the default installation directory is /usr/local/cisco.

Step 3 Find the following section in the file. Verify that the section you find includes the secondaryBindPort line.

<!-- Use these parameters to specify values for binding and connecting control connections 
to work with your firewall/NAT configuration
<attribute name="secondaryBindPort">xyz</attribute>
<attribute name="secondaryConnectPort">abc</attribute>
-->
 
   

By default, the section is commented out using the standard XML comment markers, <!-- and -->.

If you have previously specified a secondary server bind port, the section is not commented out.

Step 4 If the section is commented out, uncomment the secondaryBindPort line, as follows:

a. At the end of the second line of the section, add the following three characters from after configuration:

-->
 
   

The changed line should read as follows:

to work with your firewall/NAT configuration-->
 
   

b. At the beginning of the fourth line of the section, add the following four characters:

<!--
 
   

The changed line should read as follows:

<!-- <attribute name="secondaryConnectPort">abc</attribute>
 
   

After you uncomment the section, it should read as follows:

<!-- Use these parameters to specify values for binding and connecting control connections 
to work with your firewall/NAT configuration-->
<attribute name="secondaryBindPort">xyz</attribute>
<!--<attribute name="secondaryConnectPort">abc</attribute>
-->
 
   

Step 5 In the secondaryConnectPort line, specify a port number between the opening and closing attribute elements. For example, if you want to specify port 47900, the secondaryBindPort line should read as follows:

<attribute name="secondaryBindPort">47900</attribute>
 
   

Step 6 Save and close the remoting-bisocket-service.xml file.

Step 7 Do one of the following:

If your Cisco DCNM-LAN deployment is a clustered-server deployment, repeat this procedure on each server in the cluster and then start the servers, beginning with the master server first. Allow at least one minute between starting each server.

If your deployment is a single-server deployment, start the Cisco DCNM-LAN server.

For more information about starting a single Cisco DCNM-LAN or a cluster of Cisco DCNM-LAN servers, see the Cisco DCNM Fundamentals Guide, Release 5.x.


Configuring SMTP Servers

This section describes how to configure Cisco Data Center Network Manager for LAN (DCNM-LAN) servers to use SMTP servers.

This section includes the following topics:

Information About SMTP Servers

Configuring for SMTP Servers

Information About SMTP Servers

The Cisco DCNM-LAN client supports a feature where you can specify rising or falling threshold rules for sample variables in collected statistical data. When one of these thresholds has been crossed, you can specify that an e-mail alert be sent. The Cisco DCNM-LAN server can be configured to send e-mail to an SMTP server.

Configuring for SMTP Servers

Cisco DCNM-LAN servers are configured to use SMTP servers by setting a property value.

DETAILED STEPS


Step 1 Stop the Cisco DCNM-LAN server. If you are enabling SMTP communications on a server cluster, use the stop-dcnm-cluster script. For single-server deployments, do one of the following:

Microsoft Windows—Choose Start > All Programs > Cisco DCNM Server > Stop DCNM Server.

RHEL—Use the Stop_DCNM_Server script.

For more information about stopping Cisco DCNM-LAN, see the Cisco DCNM Fundamentals Guide, Release 5.x.

Step 2 In a text editor, open the mail-service.xml file at the following location:

INSTALL_DIR\dcm\jboss-4.2.2.GA\server\dcnm\deploy\mail-service.xml

where INSTALL_DIR is the Cisco DCNM installation directory. On Microsoft Windows, the default installation directory is C:\Program Files\Cisco Systems. On RHEL systems, the default installation directory is /usr/local/cisco.

Step 3 Find the mail.smtp.host property value and modify it to specify the SMTP gateway server.

For example:

<!-- Specify the SMTP gateway server -->
<property name="mail.smtp.host" value="smtp.nosuchhost.nosuchdomain.com"/
 
   

Step 4 Save and close the mail-service.xml file.

Step 5 Do one of the following:

If your Cisco DCNM-LAN deployment is a clustered-server deployment, repeat this procedure on each server in the cluster and then start the servers, beginning with the master server first. Allow at least one minute between starting each server.

If your deployment is a single-server deployment, start the Cisco DCNM-LAN server.

For more information about starting a single Cisco DCNM-LAN or a cluster of Cisco DCNM-LAN servers, see the Cisco DCNM Fundamentals Guide, Release 5.x.


Additional References

For additional information related to secure client communications, see the following sections:

Related Documents

Standards

Related Documents

Related Topic
Document Title

The process of deploying Cisco DCNM-LAN in your organization

Chapter 7 "Deploying Cisco DCNM-LAN"


Standards

Standards
Title

SSL 3.0

The SSL Protocol, Version 3.0 (http://tools.ietf.org/html/draft-ietf-tls-ssl-version3-00)

TLS 1.2

The Transport Layer Security (TLS) Protocol, Version 1.2 (http://tools.ietf.org/html/rfc5246)


Feature History for Configuring Cisco DCNM-LAN Servers

Table 12-1 lists the release history for this feature.

Table 12-1 Feature History for Secure Client Communications 

Feature Name
Releases
Feature Information

Secure client communications

5.0(2)

This feature was introduced.

Configuration for SMTP

5.1

This feature was introduced.