Using the VQE Channel Provisioning Tool
This chapter describes how to use Cisco VQE Channel Provisioning Tool (VCPT). Table 3-1 lists the tasks you perform with the VCPT. When you use VCPT for the first time, the required tasks are performed in the order shown in the table.
Logging into VCPT
Before logging into the VCPT, you need a valid UNIX username and password on the Cisco CDE110 hosting the VCPT. The username does not have to belong to any special group. Creation of the username is the responsibility of the Cisco CDE110 system administrator.
The VCPT supports two web browsers: Microsoft Internet Explorer version 6.0 or later, and Mozilla Firefox version 2.0 or later. The VCPT uses secure HTTPS. The minimum screen resolution required for VCPT is 1024 x 768 pixels.
To log in to a VCPT, follow these steps:
Step 1 Point your web browser to the Cisco CDE110 that hosts the VCPT using an IP address or fully qualified domain name:
https://fully_qualified_domain_name
The VQE login dialog box is displayed.
Step 2 Enter a UNIX username and password.
Step 3 Click OK.
If the username and password are valid, the VCPT main window is displayed.
If you log in to the VCPT when another person is using the same VCPT, the message shown in Figure 3-1 is displayed and your access to the VCPT is a read-only view. To get read-write access, wait and try to open a VCPT session at a later time when no one else is using the tool.
Figure 3-1 Read-only View Message
With certain versions of Microsoft Internet Explorer 6, if you close a read-write session and try to open it again immediately, you get a read-only view. In this case, wait a minute and open another session to get read-write access.
When you are finished using the VCPT, click the Logout button on the right side of the banner so that another user can get read-write access to the tool.
VCPT sessions are timed out after 25 minutes of inactivity. If VCPT detects a network failure or server failure, the session is timed out after one minute.
Working with VCPT Configuration Files
The VCPT channel, server, and association provisioning information is stored in a persistent local database on the Cisco CDE110 server. When the Cisco CDE110 or the VCPT is restarted, channel, server, and association data are read from the local database. The VCPT configuration file can be saved at any time and should be saved frequently to store your work.
Caution
If a VCPT session times out because of inactivity or because of a server or network failure, unsaved data is lost. Therefore, you should save the VCPT configuration file frequently.
File management tasks for the VCPT are the responsibility of the VCPT user. The directories that the VCPT uses for its data files are as follows:
•VCPT configuration files are stored in the /etc/opt/vcpt/data directory.
•SDP-formatted files that the VCPT creates for each valid VCPT configuration are stored in the /etc/opt/vcpt/data/sdp directory.
If the /etc/opt/vcpt/data or /etc/opt/vcpt/data/sdp directory is deleted accidentally and does not exist at startup, VCPT fails to initialize. The missing directory must be recreated. For information on the remedy procedure, see the "VCPT Fails to Initialize" section.
Caution
The VCPT configuration files must be backed up in a safe location that is not on the local Cisco CDE110 disk. If a server or software failure occurs, the latest VCPT configuration file must be retrievable from the backup location.
When the user completes channel and server configuration, and initiates the VCPT send operation, the VCPT sends the channel information in Session Description Protocol (SDP) format to the set of VQE-Ss and VCDSs. As an alternative to the VCDS, the channel information may be sent in SDP format to one or more user-specified remote servers using a password-less secure copy (SCP) mechanism.
Figure 3-2 shows the buttons that you use for working with VCPT configuration files and for sending channel information.
Figure 3-2 VCPT Configuration File Operations
The following sections explain the configuration file and channel information operations:
•Performing Configuration-File Operations
•Sending or Pushing Channel Information to Servers
•Sending Channel Information to a Subset of Servers
Performing Configuration-File Operations
The VCPT configuration file buttons used for non-push operations are:
•New Config—Clears the current configuration (if any) so that you can start a new one. The new configuration is not saved until you click Store, specify a file name, and click OK.
•Import—Clears the current configuration (if any), and imports a configuration from a file that you specify that is located on the VQE Tools server. The configuration file is in either XML (Extensible Markup Language) or CSV (text-based, comma-separated values) format.
•Open Configuration—Allows you to choose an existing configuration file from the pull-down menu and open it. If needed, you should save the current configuration file before opening another one because any unsaved data in the current configuration file is lost.
•Store—Saves the current configuration file on the Cisco CDE110 that hosts VCPT.
•Store As—Saves the current file under a new file name that you specify.
•Export—Exports the current configuration to a file in the format you specify. The format is either XML or CSV.
•Delete—Deletes the current configuration file and clears the configuration.
When the current VCPT configuration is changed but the changes have not been saved, an asterisk is displayed beside the configuration filename (for example, bellini.xml*).
Names for VCPT Configuration Files
The name for a VCPT configuration file can be up to 60 characters long and use lowercase a to z, uppercase A to Z, numeric characters 0 to 9, and the underscore (_), hyphen (-), and period (.) characters. No spaces are allowed in the name.
Importing a Configuration
To create a VQE channel configuration in the VCPT without manually entering the data, you can import the required information from an external file. The file can be located in any directory on the VQE Tools server as long as the file has the correct permissions. However, the file must be in a valid format. For information on VCPT configuration file formats, see "VCPT Configuration Files."
To import a configuration, do the following:
Step 1 Click Import.
Step 2 The Import dialog box, shown in Figure 3-3, is displayed.
Figure 3-3 Import dialog
Step 3 Enter the full path name and extension (xml or csv) of the configuration file, and click OK.
The VCPT clears the current configuration (if any) and displays the contents of the imported file. If the file is in XML format, the VCPT validates the file against the XML schema, vcpt_doc.xsd, prior to importing.
Exporting a Configuration
A VQE channel configuration can be exported to an external file you specify. The file can be in any directory on the VQE Tools server as long as the file has the correct permissions. Currently only two formats are supported by the VCPT; XML and CSV format. For information on the VCPT configuration file formats, see "VCPT Configuration Files."
To export a VCPT configuration, do the following:
Step 1 Click Export.
The Export dialog box, shown in Figure 3-4, is displayed.
Figure 3-4 Export dialog
Step 2 Enter a full path, file name and file extension (xml or csv), and click OK.
The VCPT exports the VCPT configuration to this file.
Sending or Pushing Channel Information to Servers
The VCPT buttons used to send or push channel information to VQE-Ss , VCDSs, or remote servers are the Send and Force Update buttons.
Send Button
Use the Send button to send channel information in the current configuration file to the VQE-Ss, VCDSs, or remote servers that have been defined.
Note Use the Send button for "normal" configuration file changes where the changes modify the base file that was most recently pushed to the servers.
Note Using the Send button causes temporary disruption to Unicast Retransmission services for modified channels while the VQE-S cache used for packet retransmission on the modified channels is flushed.
The channel information to send is based on the channel associations that have been defined for the VQE-Ss, VCDSs, or remote servers. When channel information is sent to a set of servers, VCPT saves the current configuration file. The send operation does not succeed if any channel has misconfiguration issues. When channel information is sent to servers, the VCPT displays the following:
•Status line next to the configuration file name is updated (for example, Last update was sent to 1 out of 2 servers at: 5/11/2007 14:47:20
).
•Status message is displayed: either "Send Complete" or, if the send operation fails, the message text shown in Figure 3-5.
•On the Servers tab, the Status of Last Send column is updated with information on the send operation. For a description of the status values that can appear in this column, see the "Viewing or Updating Server Information" section.
You can get more details on a send failure by examining the VCPT log file, which is located in /usr/share/tomcat5/logs/vcpt.log.
Figure 3-5 Status Message for Failed Send Operation
Force Update Button
Note Using the Force Update button causes temporary disruption to Unicast Retransmission and Rapid Channel Change (RCC) services for all channels while the VQE-S cache used for packet retransmission is flushed.
For the following types of configuration file changes, use the Force Update button to send the channel information to the VQE-Ss and VCDSs.
•Configuration file changes where you are reverting to an old version of the configuration file (older that the most recently pushed configuration file)
•Configuration file changes where the changes modify some file other than the base file that was most recently pushed to the servers
•Configuration file changes when you are not certain whether the file used was the base file that was most recently pushed to the servers
If configuration information is sent to the servers and the changes to channel information are not present on the servers after the send, you can use the Force Update button to force the channel information changes to be accomplished on the servers.
Sending Channel Information to a Subset of Servers
To send a channel information file to a subset of servers, follow these steps:
Step 1 Open an existing VCPT configuration file that has the needed server, channel, and association information.
Step 2 Click Save As to save the VCPT configuration file using a new file name.
Step 3 On the Servers tab, adjust the servers list by deleting the VQE-Ss, VCDSs, and remote servers that are not wanted.
Step 4 Click Store to save the VCPT configuration file.
Step 5 Click Send to send the channel information file to the adjusted list of VQE-Ss, VCDSs, and remote servers.
Provisioning VQE Channels
In the Cisco VCPT, use the Channels tab to add a new channel, clone an existing channel, delete an existing channel, and get detailed information on an existing channel. The number of channels supported by single VQE-S is determined by the ingest capacity of the CDE110 server. For VQE-S performance information, see "VQE Server Performance and Scaling Limits"
When you click the Channels tab, VCPT displays summary information on all channels that have been created. An incomplete channel is displayed in red. The Reduced Size RTCP Reports Enabled column show in Figure 3-6 is available starting with Cisco VQE Release 3.5.5.
Figure 3-6 Channels Summary
From the Channels tab, you can do the following:
•Click Incomplete Channels or Valid Channels to display only the corresponding subsets of channels.
•Click a column heading to reorder the channels in the list. For example, clicking Feedback Target orders the entries by feedback target: the combination of IP address and RTCP port number.
•Double-click any item in a channel's row to display the full details for the channel in a new window. You can update the channel information.
•Click Add to display a dialog box so that you can create a new channel.
•Click a channel to select it and then use one of the following buttons:
–Details—Displays a dialog box with detailed information on an existing channel and allows you to update the information.
–Clone—Displays a dialog box with appropriate cloned information from an existing channel so that you can use the information to create a new channel.
–Delete—Deletes an existing channel.
On the Channels summary, the Error Repair Options column indicates the types of repair that have been configured for the channel. Table 3-2 shows the Error Repair Options column.
Table 3-2 Error Repair Options
|
|
None |
No Error Repair. |
Unicast Retransmission Only |
VQE-S provides selective retransmission of dropped IPTV packets to repair errors. |
1-D FEC Only |
VQE-C provides 1-dimension FEC. |
2-D FEC Only |
VQE-C provides 2-dimension FEC. |
1-D FEC Hybrid |
Unicast retransmission and 1-dimension FEC are provided. |
2-D FEC Hybrid |
Unicast retransmission and 2-dimension FEC are provided. |
The sections that follow provide more information on the tasks that can be performed from the Channels tab.
Adding a Channel
In the VCPT channel definition, each channel is associated with a unique feedback target (FBT) IP address. The feedback target address is a unique IP anycast address that VQE-S configures on its host Cisco CDE110 based on the channel information that is sent to it by the VCPT. An anycast address is a unicast address that is assigned to multiple interfaces. With the appropriate routing topology, packets addressed to an anycast address are delivered to a single interface (in this case, the nearest VQE-S's CDE110 interface that is identified by the address). The use of anycast addresses to identify feedback targets is useful for VQE-S redundancy.
Note When channels are configured with VCPT, it is required that you specify a unique feedback target (FBT) address for each channel. The router that is directly attached to the VQE-S host must have a static route configured for the FBT address so that the router can reach the target.
For information on configuring the FBT IP addresses on the router that is attached to the CDE110 hosting VQE-S, see the "Enabling OSPF Routing for VQE-S Traffic or VQE-S Services Traffic" section.
To add a channel, follow these steps:
Step 1 On the Channels tab, click Add.
The New Channel dialog box, shown in Figure 3-7, is displayed.
Figure 3-7 New Channel Dialog Box
Step 2 Fill in the information for the new channel. Table 3-3 has information on the fields that you need to complete.
Table 3-3 VQE Channel Details
|
|
Channel Name |
String having 1 to 40 alphanumeric characters. |
Feedback Target IP |
Unique anycast IP address on the VQE-Ss that provide services for this channel. Using the Feedback Target IP address that is sent to it by the VCPT in the channel information, the VQE-S automatically configures the specified address on one of its Cisco CDE110 interfaces. |
Channel Features |
Enable RTCP |
RTCP must be enabled to use Error Repair (Unicast Retransmission), RCC, Video-Quality Monitoring (RTCP Exporter and RTCP Extended Reports), or to have VQE-S display video-monitoring statistics. If Enable RTCP is not checked, the Enable Error Repair, Enable RCC, and Enable RTCP Extended Reports check boxes are grayed out. |
Enable Error Repair |
Check to enable Error Repair (Unicast Retransmission). You also need to complete the Unicast Retransmission Stream fields. |
Enable Rapid Channel Change |
Check to enable RCC. |
Enable Extended RTCP Reports |
Check to enable RTCP Extended Reports. |
Enable Reduced Size RTCP |
Check to enable sending RTCP NACK compound packets to the VQE-S without Receiver Reports (RRs). This option is available in Cisco VQE Release 3.5.5 and later releases. |
Enable FEC 1 Stream |
Check to enable 1-dimension FEC. You also need to complete the FEC 1 Stream fields. |
Enable FEC 2 Stream |
Check to enable 2-dimension FEC. You also need to complete the FEC 2 Stream fields. |
Original Stream |
Multicast IP |
Multicast IP address for the original source stream of the channel. The first octet must be within the range of a valid multicast address. The multicast address must be unique for each channel. |
RTP Port |
RTP port number of the original source stream of the channel. |
RTCP Port |
The RTCP port number of the original source stream of the channel. By default, RTCP Port is the (RTP/UDP) port number plus one. |
Source IP |
IP address of the original source stream of the channel. Note A channel may be defined with a Source IP address of 0.0.0.0 for the Original Stream. When the channel Source IP address is 0.0.0.0 for the Original Stream, the SDP entry for this channel does not include the source-filter line in the original stream section that would be used to perform a Source Specific Multicast (SSM) join. In this case, the VQE-S and VQE-C does not perform a SSM join. |
Bit Rate |
Bit rate of the original source stream of the channel in kilobits per second. This parameter defines how many packets the VQE-S accepts and sends for this multicast stream. Note The specified bit rate should be equal to the primary stream bandwidth but should not include bandwidth used for FEC. |
Unicast Retransmission Stream |
Source IP |
IP address of the Unicast Retransmission stream. The IP address must be the same as is defined for Feedback Target IP. |
RTP Port |
RTP port number of the unicast retransmission stream. By default, RTP Port is a valid port number. |
RTCP Port |
RTCP port number of the unicast retransmission stream. By default, RTCP Port is a valid port number. |
FEC 1 Stream and FEC 2 Stream |
Source IP |
IP address of the source stream of the channel. By default, this is the IP address of the Source IP specified for the Original Stream. Note A channel may be defined with a Source IP address of 0.0.0.0 for the FEC Stream. When the channel Source IP address is 0.0.0.0 for the FEC Stream, the SDP entry for this channel does not include the source-filter line in the FEC section that would be used to perform a SSM1 join. In this case, the VQE-S and VQE-C does not perform a SSM join. |
Multicast IP |
IP address of the multicast stream of the channel. By default, this is the IP address of the Multicast IP specified for the Original Stream. |
RTP Port |
RTP port number of the FEC stream. The port number specified cannot be the same as the port number used for the RTP or RTCP port for the Original Stream. |
Rules When Adding a Channel. The following rules apply when adding a channel:
•Feedback Target IP address must be unique for each channel.
•For the Original Stream, the Multicast IP address must be unique for each channel. That is, the address cannot be used by another channel as its Original Stream Multicast IP address.
•For the Original Stream, the Source IP address must not be equal to the Feedback Target IP address.
•FEC 1 Stream and FEC 2 Stream RTP port numbers cannot be the same as the port numbers used for the Original Stream RTP or RTCP ports.
•In any given stream, the RTP port number must not be equal to the RTCP port number.
•Configuring a FEC 1 Stream or a FEC 2 Stream provides 1-dimension FEC for the channel.
•Configuring a FEC 1 Stream and a FEC 2 Stream provides 2-dimension FEC for the channel.
•If you enter invalid data, the field name is displayed in red. You must correct the invalid data before creating or updating the channel.
•If you enter incomplete data, you can create or update the channel, but it is marked incomplete.
•Channel configuration file with an incomplete channel definition cannot be sent to VQE-Ss, remote servers, or VCDSs.
Port Usage Recommendations. When the STUN Server is enabled on a VQE-S (the default and recommended mode), one set of four unique port numbers can be used for all channels for the following:
•Original Source RTP Port
•Original Source RTCP Port
•Unicast Retransmission Stream RTP Port
•Unicast Retransmission Stream RTCP Port
Note If the STUN Server is not enabled, each channel must be configured with unique port numbers for the each of the preceding items. The STUN server is not enabled only when no set-top boxes (STBs) being serviced by VQE-S are behind NAT devices.
Step 3 When you have specified all required values, click Create to create the new channel, or click Cancel to exit the dialog box without creating the new channel.
Viewing or Updating Channel Information
To view or update channel information, follow these steps:
Step 1 On the Channels tab, click the channel you want to view or update.
Step 2 Click Details.
The Details dialog box, shown in Figure 3-8, is displayed. The Reduced Size RTCP Reports Enabled column show in Figure 3-8 is available starting with Cisco VQE Release 3.5.5.
Figure 3-8 Details Dialog Box
Step 3 If needed, change or add channel information.
Step 4 Do one of the following:
•Click Update to update the channel information.
•Click Cancel to close the dialog box without updating the channel information.
Cloning a Channel
To clone a channel, follow these steps:
Step 1 On the Channels tab, click the channel you want to clone.
Step 2 Click Clone.
The Clone dialog box is displayed. Only appropriate information from the existing channel is cloned.
Step 3 Verify that the cloned values are what you require. Where needed, change the values and add channel information.
Step 4 Do one of the following:
•Click Create to create the new channel.
•Click Cancel to close the dialog box without creating the new channel.
Deleting a Channel
To delete a channel, follow these steps:
Step 1 On the Channels tab, click the channel you want to delete.
Step 2 Click Delete.
A dialog box asking if you want to delete the channel is displayed.
Step 3 Do one of the following:
•Click Delete to delete the channel.
•Click Cancel to close the dialog box without deleting the channel.
Step 4 If you clicked Delete, a confirmation dialog box is displayed. Click OK.
Defining VQE-Ss, VCDSs, or Remote Servers
The Cisco VCPT requires that you provide information on each VQE-S, each VCDS, and each remote server that receives channel configuration information from the VCPT.
If you choose to send channel information to a remote server, you must install a SSH public key in .ssh directory of the authorized user on the remote server. For more information on generating the SSH public key, see the "Setting-up a SSH Certificate on a Remote Server" section.
Note The system integrator must ensure that the generated public key is stored in the authorized_keys file in .ssh directory of the authorized user for channel configuration files to be transferred successfully to the remote server.
In the VCPT, use the Servers tab to add a new server, delete an existing server, and get information on an existing server. When you click the Servers tab, the VCPT displays summary information, shown in Figure 3-9, on all servers that have been created.
Figure 3-9 Servers Summary
From the Servers tab, you can do the following:
•Click a column heading to reorder the servers in the list. For example, clicking Status of Last Send orders the servers by their channel configuration file status.
•Double-click any item in a row representing a server to display the full details for the server in a new window. You can update the server information.
•Click Add to display a dialog box so that you can create a new server.
•Click a channel to select it and then use one of the following buttons:
–Details—Displays a dialog box with detailed information on an existing server and allows you to update the information.
–Delete—Deletes an existing server.
On the Servers tab, the following columns provide useful information on the servers.
•Number of Channels Currently Associated column shows how many channels are currently associated with a server in the current configuration—whether or not that configuration has been saved. If the current channel information in VCPT has not been sent to the server, the Number of Channels Currently Associated can be different from the number shown as "Received" in the Status of Last Send Column.
•Status of Last Send column provides information on the last attempt by VCPT to send channel configuration information to the server. Table 3-4 lists the possible messages. The result is either Success or Failed plus some additional information. The following examples explain some of the additional information that can be provided in the Status of Last Send column:
Success - Received 4 channels: 0 channels deleted; 1 channels restarted; and 0 new
channels created
The preceding Success status indicates the send operation succeeded: A VQE-S received four channel definitions; zero channels were deleted; one channel definition was modified and the channel was restarted; zero new channels were created.
Failed - 0 out of 4 channels failed to validate; 1 channels having the old version;
and 0 channels having the same version but contents being changed
The preceding Failed status indicates the send operation failed: all channel definitions have valid SDP format; one channel definition is an older version of the channel; zero channels have the same version (when compared to the VQE-S or the current version of the VCPT server) but with a changed channel definition.
Note The "channels having the same version but contents being changed" error condition is present only when the SDP definition for the channels has been incorrectly coded by manual modifications or by a channel-provisioning tool other than VCPT.
Table 3-4 Status of Last Send Messages
|
|
Success - additional_information |
Send operation succeeded. The additional_information provides details on the send operation. |
Failed - additional_information |
Send operation failed. The additional_information provides details on the reasons for the failure. |
Failed - Network Error |
VCPT did not receive any error message back from the VQE-S, the VCDS, or the remote server. |
Failed - Connection refused |
See the "Channel-Provisioning Server Cannot Send Channel Information to VQE-S: Trusted Provisioning Client Problem" section. |
Failed - Unable to find valid certification path to requested target |
See the "Channel-Provisioning Server Cannot Send Channel Information to VQE-S: SSL Certificates Problems" section. |
Failed - Unable to connect with Server |
See the "Unable to Connect Error When VCPT Tries to Send Channel Information" section. |
Failed - Security Exception |
Exception occurred while VCPT was authenticating the server SSL certificate. |
Failed - Invalid EMS Address |
Incorrect server URL format |
Failed - VCPT Server Error |
Generic internal VCPT coding error has occurred. This may be because of a coding bug or because VCPT failed to read a file. |
Failed - Channel config file is not writable |
Channel configuration file could not be written to disk on the VQE-S, the VCDS or the remote server host. |
Failed - File failed to open |
VQE-S, the VCDS or the remote server could not open the channel configuration file. |
Failed - Tomcat Service Unavailable |
Tomcat application server has failed on the VCPT host. |
Failed - Unable to store the SDP data on VCPT Server |
SDP data could not be generated or saved on the VCPT host. |
Failed - VCPT:AMT IO Exception: Connection Refused |
VCPT was not able to deliver the channel configuration information. One possible cause of the failure is that VQE services were not running on the server to which the information was sent. |
•Status of Last Send Time column shows the date and time of the last successful send operation for this server, or shows "None." None indicates one of the following:
–Server is new and channel information has never been successfully sent to it
–VCPT configuration file that is currently open is from a previous version of VQE
The sections that follow provide more information on the tasks that can be performed from the Servers tab.
Adding a Server
To add a server, follow these steps:
Step 1 On the Servers tab, click Add.
The New Server dialog box, shown in Figure 3-10, is displayed.
Figure 3-10 New Server Dialog Box
Step 2 Fill in the information for the new server. For descriptions of the fields that you need to fill in, see Table 3-5.
Table 3-5 VQE-S and VCDS Information
|
|
Server Details |
Server Name |
String having 1 to 40 alphanumeric characters. |
Management IP |
One of the following: •IP address of an Ethernet interface on the Cisco CDE110 server •IP address of an Ethernet interface on the remote server. |
Role |
One of the following: •VQE-S •VCDS •SCP (Secure Copy Protocol)—If chosen, VCPT pushes configuration data to a specified remote server using password-less SCP. |
Transfer Port |
SCP port number on the remote server. If role type is not SCP, the Transfer Port field is grayed out. |
Username |
Username of the person who has the authority to access the path on the remote server specified in the Remote Path and Filename field. If role type is not SCP, the Username field is grayed out. |
Remote Path and Filename |
Absolute path to the channel configuration file on the remote server and it's filename. If role type is not SCP, the Remote Path and Filename field is grayed out. |
Server Wide Channel Configuration |
Maximum Receivers |
Total number of VQE Clients (VQE-Cs) that are expected to tune in this channel. This value is used by the VQE-S to calculate how often the VQE-S sends an RTCP report to the video source for this channel. |
RTCP Interval |
Defines how often VQE-Cs send an RTCP report. By default, RTCP Interval is 5 seconds. |
Step 3 Do one of the following:
•Click Create to create the new server.
•Click Cancel to close the dialog box without creating the new server.
Viewing or Updating Server Information
To view or update server information, follow these steps:
Step 1 On the Servers tab, click the server you want to view or update.
Step 2 Click Details.
The Details dialog box is displayed.
Step 3 If needed, change the server information.
Step 4 Do one of the following:
•Click Update to update the server information.
•Click Cancel to close the dialog box without changing server information.
Deleting a Server
To delete a server, follow these steps:
Step 1 On the Servers tab, click the server you want to delete.
Step 2 Click Delete.
A dialog box asking if you want to delete the server is displayed.
Step 3 Do one of the following:
•Click Delete to delete the server.
•Click Cancel to close the server dialog box without deleting the server.
Step 4 If you clicked Delete, a confirmation dialog box is displayed. Click OK.
Defining Channel Associations
After VQE channels and the VQE-Ss, VCDSs, and Remote Servers have been defined, you associate a set of channels with the servers. When the channel information file is sent to the VQE-Ss, VCDSs or Remote Servers, only the channels associated with the server are included in the file.
In the VCPT, use the Association tab, shown in Figure 3-11, to associate servers with channels or copy an existing channel association.
Figure 3-11 Association Tab
The following sections explain how to associate channels with servers:
•Defining Channel Associations for a Server
•Copying Channel Associations from Another Server
Defining Channel Associations for a Server
To define channel associations for a server, follow these steps:
Step 1 From the Select Server pull-down menu, select the server for which you want to define channel associations.
The VCPT displays the IP address and role for the server.
Step 2 Select one or more channels to associate or disassociate with the server by using the arrow buttons. For example:
•The > button moves a single available channel or group of available channels to the Selected group.
•The >> button moves all available channels to the Selected group.
The associations for the channel are updated.
Copying Channel Associations from Another Server
To copy channel associations for a server, follow these steps:
Step 1 From the Select Server pull-down menu, select the server for which you want to define channel associations.
The VCPT displays the IP address and role for the server.
Step 2 From the Copy Association from Server pull-down menu, select the server whose channel associations you want to copy.
Step 3 Click OK.
The associations for the channel are updated.
Setting-up a SSH Certificate on a Remote Server
If you choose to export channel configuration data to a remote provisioning server, a secure shell (SSH) certificate should be generated on the VQE Tools server and it's public key deployed on the remote server to allow VCPT to securely send encrypted channel configuration files to the remote server. The scpkey command is available on the VQE Tools server to assist in generating the SSH public key file. The command also uses a secure copy mechanism to deliver the public key of SSH certificate to the remote server. The system integrator must supply a password for the authorized user when generating the certificates so that VCPT can later send data to the remote server without being prompted to supply a password.
On the VQE Tools server, the scpkey executable is located at /opt/vqes/bin/scpkey. To have the operating system find the scpkey executable, you must set the PATH environment variable to include the location of the /opt/vqes/bin directory, or use the full path to scpkey when executing the command.
Note You must log in as root to execute the scpkey command.
To generate a SSH public key, follow these steps:
Step 1 From the command prompt, issue the following command:
Welcome to the SCP key generation and transfer utility.
Checking for existing SCP key data...
Generating new keys via Linux ssh-keygen tool...
Generating public/private dsa key pair
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
f9:2c:89:5a:bf:22:1c:20:b8:08:05:3c:fc:d1:a9:9f root@system
SCP key generation successfully completed.
The scpkey command creates a new SSH public key. The key file is named id_dsa.pub and is located in /root/.ssh/.
Step 2 The scpkey command prompts you to automatically transfer the file to the remote server or to exit the command and manually copy the public key to the remote server at a later time. If you wish to automatically transfer the SSH public key file to the remote server, do the following:
a. When prompted to transfer the file to the remote server using the secure copy protocol, enter `y' at the prompt below.
Do you wish to SCP transfer the key file to a remote system (y/n)? y
Gathering info for SCP transfer...
b. Enter the IP address of the remote server at the prompt below.
Enter IP address of remote system: 10.22.21.101
c. Enter the username of the person who is authorized to access the channel configuration files on the remote server at the prompt below:
Enter remote system username: dmurp
d. Enter a password for the authorized person at the prompt below:
Enter remote system username password:
e. By default, the SSH public key file is copied to the .ssh/authorized_keys file relative to the authorized users home directory on the remote server. Press Enter to select the default path or enter the absolute path of the SSH key file on the remote server.
By default, key file will be copied to .ssh/authorized_keys file relative to
remote users home directory, however you may specify a different fully
qualified path/filename here if desired.
Enter optional remote path/file (<ENTER> for default file):
Transferring file, no further user input required...
spawn scp /root/.ssh/id_dsa.pub test@10.86.21.101:.ssh/authorized_keys
Step 3 If you wish to manually transfer the SSH public key file to the remote server, copy the file named id_dsa.pub located in /root/.ssh/ on the VQE Tools server to the .ssh/authorized_keys file relative to the authorized users home directory on the remote server.