Cisco Emergency Responder Administration Guide 7.1(1)
Configuring the Cisco Unified Operating System for Cisco Emergency Responder 7.1
Downloads: This chapterpdf (PDF - 583.0KB) The complete bookPDF (PDF - 13.67MB) | Feedback

Configuring the Cisco Unified Operating System for Cisco Emergency Responder 7.1

Table Of Contents

Configuring the Cisco Unified Operating System for Cisco Emergency Responder 7.1

Logging in to Cisco Unified Communications Operating System Administration

Recovering Administrator and Security Passwords

Displaying Cisco Unified OS Information

Viewing ServerGroup Information

Viewing Hardware Status

Viewing Network Status

Viewing Installed Software

Viewing System Status

Viewing IP Preferences

Displaying and Modifying Cisco Unified OS Settings

Configuring Ethernet Settings

Changing the IP address on a CER Server

Changing the IP address on a Cisco ER Publisher Server

Changing the IP address on a Cisco ER Subscriber Server

Changing the IP address on Both a Cisco ER Publisher and a Subscriber Server

Configuring NTP Servers

Configuring SMTP Settings

Configuring Time Settings

Restarting, Shutting Down, or Switching Software Versions

Managing Security

Set Internet Explorer Security Options

Managing Certificates and Certificate Trust Lists

Displaying Certificates

Downloading a Certificate or CTL

Deleting and Regenerating a Certificate

Uploading a Certificate or Certificate Trust List

Using Third Party CA Certificates

Monitoring Certificate Expiration Dates

IPSEC Management

Displaying or Changing an Existing IPSec Policy

Setting Up a New IPSec Policy

Managing Existing IPSec Policies

Performing Software Upgrades

Upgrading and Installing Software

Obtaining the Upgrade File

Installing and Upgrading Software From a Local Source

Installing and Upgrading Software From a Remote Source

Stalled Upgrades

Reverting to a Previous Version

Reverting the Publisher Server to a Previous Version

Reverting a Subscriber Server to a Previous Version

Customized Logon Message

Using Cisco Unified OS Services

Using the Ping Utility

Setting Up Remote Support


Configuring the Cisco Unified Operating System for Cisco Emergency Responder 7.1


The following topics describe how to configure and use the Cisco Unified Communications Operating System, which is bundled with Cisco Emergency Responder (Cisco ER)  7.1:

Logging in to Cisco Unified Communications Operating System Administration

Recovering Administrator and Security Passwords

Displaying and Modifying Cisco Unified OS Settings

Changing the IP address on a CER Server

Restarting, Shutting Down, or Switching Software Versions

Managing Security

Performing Software Upgrades

Using Cisco Unified OS Services

Logging in to Cisco Unified Communications Operating System Administration

To access Cisco Unified Communications Operating System Administration and log in, follow this procedure.


Note Do not use the browser controls (for example, the Back button) while you are using Cisco Unified Communications Operating System Administration.


Procedure


Step 1 Log in to Cisco ER.

Step 2 From the Navigation menu in the upper, right corner of the Cisco ER Administration page, choose Cisco Unified OS Administration and click Go.

The Cisco Unified Communications Operating System Administration Logon window appears.


Note You can also access Cisco Unified Communications Operating System Administration directly by entering the following URL:
http://server-name/cmplatform


Step 3 Enter your Administrator username and password.


Note The Administrator username and password get established during installation or created by using the command line interface.


Step 4 Click Submit.

The Cisco Unified Communications Operating System Administration window appears.


Recovering Administrator and Security Passwords

If you lose the administrator password or security password, use the following procedure to reset these passwords.

To perform the password recovery process, you must be connected to the system through the system console, that is, you must have a keyboard and monitor connected to the server. You cannot recover a password when connected to the system through a secure shell session.


Caution The security password on all servers in the server group must match. Change the security password on all machines, or the servers will not communicate with one another.


Caution You must reset each server in a server group after you change its security password. Failure to reboot the servers causes system service problems and problems with the Cisco ER Administration page on the subscriber server.


Note During this procedure, you must remove and then insert a valid CD or DVD in the disk drive to prove that you have physical access to the system.


Procedure


Step 1 Log in to the system with the following username and password:

Username: pwrecovery

Password: pwreset

The Welcome to platform password reset window displays.

Step 2 Press any key to continue.

Step 3 If you have a CD or DVD in the disk drive, remove it now.

Step 4 Press any key to continue.

The system tests to ensure that you have removed the CD or DVD from the disk drive.

Step 5 Insert a valid CD or DVD into the disk drive.


Note For this test, you must use a data CD, not a music CD.


The system tests to ensure that you have inserted the disk.

Step 6 After the system verifies that you have inserted the disk, you get prompted to enter one of the following options to continue:

Enter a to reset the administrator password.

Enter s to reset the security password.

Enter q to quit.

Step 7 Enter a new password of the type that you chose.

Step 8 Reenter the new password.

The password must contain at least 6 characters. The system checks the new password for strength. If the password does not pass the strength check, you get prompted to enter a new password.

Step 9 After the system verifies the strength of the new password, the password gets reset, and you get prompted to press any key to exit the password reset utility.


Displaying Cisco Unified OS Information

Using the Cisco Unified OS Administration web pages, you can view the status of the operating system, platform hardware, or the network. The following topics describe how to display this information.

Viewing ServerGroup Information

Viewing Hardware Status

Viewing Network Status

Viewing Installed Software

Viewing System Status

Viewing ServerGroup Information

To view cluster information, follow these steps:

Procedure


Step 1 From the main Cisco Unified OS Administration web page, select Show > ServerGroup.

The ServerGroup page appears.

Step 2 For descriptions of the fields on the ServerGroup page, see Table C-1 on page C-2.


Viewing Hardware Status

To view the hardware status, follow these steps:

Procedure


Step 1 From the main Cisco Unified OS Administration web page, select Show > Hardware.

The Hardware Status page appears.

Step 2 For descriptions of the fields on the Hardware Status page, see Table C-2 on page C-2.


Viewing Network Status

The network status information that appears depends on whether Network Fault Tolerance is enabled. When Network Fault Tolerance is enabled, Ethernet port 1 automatically takes over network communications if Ethernet port 0 fails. If Network Fault Tolerance is enabled, network status information appears for the network ports Ethernet 0, Ethernet 1, and Bond 0. If Network Fault Tolerance is not enabled, status information appears only for Ethernet 0.

To view the network status, follow these steps:

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Show > Network.

The Network Settings page appears.

Step 2 See Table C-3 on page C-3 for descriptions of the fields on the Network Settings page.


Viewing Installed Software

To view the software versions and installed software options, follow these steps:

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Show > Software.

The Software Packages page appears.

Step 2 For a description of the fields on the Software Packages page, see Table C-4 on page C-4.


Viewing System Status

To view the system status, follow these steps:

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Show > System.

The System Status page appears.

Step 2 See Table C-5 on page C-4 for descriptions of the fields on the System Status page.


Viewing IP Preferences

To view IP Preferences, follow these steps:

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Show > IP Preference.

The IP Preferences page appears.

Step 2 To find all records in the database, ensure the dialog box is empty; go to Step 3.

To filter or search records

From the first drop-down list box, select a search parameter.

From the second drop-down list box, select a search pattern.

Specify the appropriate search text, if applicable.


Note To add additional search criteria, click the + button. When you add criteria, the system searches for a record that matches all criteria that you specify. To remove criteria, click the - button to remove the last added criterion or click the Clear Filter button to remove all added search criteria.


Step 3 Click Find.

All matching records display. You can change the number of items that display on each page by choosing a different value from the Rows per Page drop-down list box.


Displaying and Modifying Cisco Unified OS Settings

Use the Settings options to display and modify IP settings, host settings, and Network Time Protocol (NTP) settings. These topics describe how to display and modify Cisco Unified OS settings:

Configuring Ethernet Settings

Changing the IP address on a CER Server

Configuring NTP Servers

Configuring SMTP Settings

Configuring Time Settings

Restarting, Shutting Down, or Switching Software Versions

Configuring Ethernet Settings

The Ethernet Settings options allow you to view and change Dynamic Host Configuration Protocol (DHCP), port, and gateway information.

The Ethernet Configuration page allows you to enable or disable DHCP, to specify the Ethernet port's IP address and subnet mask, and to specify the IP address for the network gateway.


Note All Ethernet settings apply only to Eth0. You cannot configure any settings for Eth1. The Maximum Transmission Unit (MTU) on Eth0 defaults to 1500.


To view or change the Ethernet settings, follow these steps:

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Settings > IP > Ethernet.

The Ethernet Configuration page appears.

Step 2 To modify the Ethernet settings, enter the new values in the appropriate fields. For a description of the fields on the Ethernet Configuration page, see Table C-7 on page C-6.


Note If you enable DHCP, then the Port Information and Gateway Information settings are disabled and cannot be changed.


Step 3 To preserve your changes, click Save.


Changing the IP address on a CER Server

You can change the IP address of either the Cisco ER publisher, Cisco ER subscriber, or both the Cisco ER publisher and subscriber.

This section provides information on how to change the IP address on a Cisco ER server:

Changing the IP address on a Cisco ER Publisher Server

Changing the IP address on a Cisco ER Subscriber Server

Changing the IP address on Both a Cisco ER Publisher and a Subscriber Server

Changing the IP address on a Cisco ER Publisher Server

To change the IP address of a Cisco ER publisher after installation, follow these steps:


Note Update the IP address information on your DNS server before you begin changing the IP address on the server.


1. Change the IP address on the Cisco ER publisher by using one of the following options:

In Cisco Unified Operating System Administration, enter the new IP address in Settings > IP > Ethernet. See the "Ethernet Configuration" section on page C-6.

On the command-line interface (CLI), configure the new IP address with the set network ip command. See the "set network ip" section on page F-17.

2. Reboot the Cisco ER publisher.

3. When the Cisco ER publisher is fully operational, login to Cisco Unified Operating System Administration on the Cisco ER Subscriber.

4. Choose Settings > IP > Publisher. Cisco Unified Operating System Administration displays the old IP address of the Publisher. Enter the new IP address of the publisher in the Edit box and click Save.

5. Reboot the Cisco ER subscriber immediately, so that the Cisco ER publisher maintains communication with the Cisco ER subscriber.

6. Verify that the replication using the utils dbreplication status CLI command as described in the "utils dbreplication status" section on page F-45. The value on each server should equal two.

7. Verify that the CTI ports are registered on the Cisco ER publisher server. If the CTI ports are not registered, you must recreate the CTI ports by deleting the ports and adding them back in again. See the"Creating the Required CTI Ports" section on page 4-8.

Changing the IP address on a Cisco ER Subscriber Server

To change the IP address of a Cisco ER subscriber after installation, follow these steps:


Note Update the IP address information on your DNS server before you begin changing the IP address on the server.


1. Change the IP address on the Cisco ER subscriber by using one of the following options:

In Cisco Unified Operating System Administration, enter the new IP address in Settings > IP > Ethernet. See the "Ethernet Configuration" section on page C-6.

On the command-line interface (CLI), configure the new IP address with the set network ip command. See the "set network ip" section on page F-17.

2. Reboot the Cisco ER subscriber.

3. Once the Cisco ER subscriber is fully operational, reboot the Cisco ER publisher.

4. Verify that the replication using the utils dbreplication status CLI command as described in the "utils dbreplication status" section on page F-45. The value on each server should equal two.

Changing the IP address on Both a Cisco ER Publisher and a Subscriber Server

If you are planning to change the IP address of both the publisher and subscriber, you must change the IP addresses on the servers sequentially, starting with the subscriber first.


Caution Do not begin to change the IP address of the publisher server until you have completed the task of changing the IP address on the subscriber.

To change the IP address of a Cisco ER publisher and a Cisco ER subscriber, follow these steps:

1. For information on how to change the IP address of the Cisco ER publisher server, see the "Changing the IP address on a Cisco ER Publisher Server" section

2. For information on how to change the IP address of the Cisco ER subscriber server, see the "Changing the IP address on a Cisco ER Subscriber Server" section.

Configuring NTP Servers

Ensure that external NTP server is stratum 9 or higher (1-9). To add, delete, or modify an external NTP server, follow these steps:


Note You can only configure the NTP server settings on the Publisher.


Procedure


Step 1 From the Cisco Unified OS Administration web page, select Settings > NTP Servers.

The NTP Server List page appears. For details on the NTP Server List page, see the "NTP Server List" section on page C-7.

Step 2 You can add, delete, or modify an NTP server:

To delete an NTP server, check the checkbox in front of the appropriate server and click Delete Selected.

To add an NTP server, click Add. The NTP Server Configuration page appears. Enter the hostname or IP address, and then click Save.

To modify an NTP server, click the IP address. The NTP Server Configuration page appears. Modify the hostname or IP address, and then click Save.


Note Any change you make to the NTP servers can take up to five minutes to complete. Whenever you make any change to the NTP servers, you must refresh the page to display the correct status.


Step 3 To refresh the NTP Server Settings page and display the correct status, choose Settings > NTP Servers.


Note After deleting, modifying, or adding NTP server, you must restart all both the Publisher and Subscriber for the changes to take affect.



Configuring SMTP Settings

The SMTP Settings window allows you to view or set the SMTP hostname and indicates whether the SMTP host is active.

To configure the SMTP host settings, follow these steps:


Tip If you want the system to send you e-mail, you must configure an SMTP host.


Procedure


Step 1 From the Cisco Unified OS Administration web page, select Settings > SMTP.

The SMTP Settings page appears. For details on the SMTP Settings page, see the "SMTP Settings" section on page C-9.

Step 2 Enter the hostname or IP address of the SMTP host.

Step 3 Click Save.


Configuring Time Settings

To manually configure the time, follow these steps:


Note Before you can manually configure the server time, you must delete any NTP servers that you have configured. See the "Configuring NTP Servers" section for information about deleting NTP servers.


Procedure


Step 1 From the Cisco Unified OS Administration web page, select Settings > Time. The Time Settings page appears. For details on the Time Settings page, see the "Time Settings" section on page C-9.

Step 2 Enter the date and time for the system.

Step 3 Click Save.


Restarting, Shutting Down, or Switching Software Versions

You can use this option both when you are upgrading to a newer software version or when you need to fall back to an earlier software version.

To restart, shutdown, or switch Cisco ER software versions, follow these steps:


Caution This procedure causes the system to restart and become temporarily out of service.

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Settings > Version. The Version Settings page appears. For details on the Version Settings page, see the "Version Settings" section on page C-10.

Step 2 To restart the version running on the active partition, click Restart.

If you click Restart, the system restarts on the current partition without switching versions.

Step 3 To shut down the system, click Shutdown.

If you click Shutdown, the system halts all processes and shuts down.


Note The hardware does not power down automatically.



Caution If you press the power button on the server, the system will immediately shut down.

Step 4 To shut down the system that is running on the active disk partition and then automatically restart the system using the software version on the inactive partition, click Switch Versions.

If you click Switch Version, the system restarts, and the partition that is currently inactive becomes active.


Note The Switch Version button only appears if there is software installed on the inactive partition.



Note You can use this option when you are upgrading to a newer software version or when you need to fall back to an earlier software version.



Managing Security

These topics describe how to perform security and IPSec management tasks:

Set Internet Explorer Security Options

Managing Certificates and Certificate Trust Lists

IPSEC Management

Set Internet Explorer Security Options

To ensure that your Internet Explorer security settings are configured correctly so that you can download certificates from the server, follow these steps:

Procedure


Step 1 Start Internet Explorer.

Step 2 Navigate to Tools > Internet Options.

Step 3 Click the Advanced tab.

Step 4 Scroll down to the Security section on the Advanced tab.

Step 5 If necessary, clear the Do not save encrypted pages to disk checkbox.

Step 6 Click OK.


Managing Certificates and Certificate Trust Lists

The following topics describe the functions you can perform using the Certificate Management menu options:

Displaying Certificates

Downloading a Certificate or CTL

Deleting and Regenerating a Certificate

Uploading a Certificate or Certificate Trust List

Using Third Party CA Certificates

Monitoring Certificate Expiration Dates

Displaying Certificates

To display existing certificates, follow these steps:

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Security > Certificate Management.

The Certificate List page appears. For details on the Certificate List page, see the "Certificate List" section on page C-11.

Step 2 Use the Find controls to filter the certificate list.

Step 3 To view details of a certificate or trust store, click the file name.

The Certificate Configuration page displays information about the certificate.

Step 4 To return to the Certificate List page, select Back To Find/List in the Related Links list, then click Go.


Downloading a Certificate or CTL

To download a certificate or CTL from Cisco ER to your local system, follow these steps:

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Security > Certificate Management.

The Certificate List page appears. Click the file name of the certificate or CTL.

Step 2 Use the Find controls to filter the certificate list.

Step 3 Click the file name of the certificate or CTL.

The Certificate Configuration page appears.

Step 4 Click Download.

Step 5 In the File Download dialog box, click Save.


Deleting and Regenerating a Certificate

These sections describe deleting and regenerating a certificate:

Deleting a Certificate

Regenerating a Certificate

Deleting a Certificate

To delete a trusted certificate, follow these steps:


Caution Deleting a certificate can affect your system operations. Any existing CSR for the certificate you choose from the Certificate list gets deleted from the system, and you must generate a new CSR. For more information, see the "Generating a Certificate Signing Request" procedure.

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Security > Certificate Management.

The Certificate List page appears.

Step 2 Use the Find controls to filter the certificate list.

Step 3 Click the file name of the certificate or CTL.

The Certificate Configuration page appears.

Step 4 Click Delete.


Regenerating a Certificate

To regenerate a certificate, follow these steps:


Caution Regenerating a certificate can affect your system operations.

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Security > Certificate Management.

The Certificate List page appears.

Step 2 Click Generate New.

The Generate Certificate dialog box opens.

Step 3 Choose a certificate name from the Certificate Name list. For a description of the certificate names that display, see Table 8-1.

Step 4 Click Generate New.


Table 8-1 Certificate Names and Descriptions

Name
Description

tomcat

This self-signed root certificate gets generated during installation for the HTTPS server.

ipsec

This self-signed root certificate gets generated during installation for IPSec connections with MGCP and H.323 gateways.


Uploading a Certificate or Certificate Trust List


Caution Uploading a new certificate or certificate trust list (CTL) file can affect your system operations. After you upload a new tomcat certificate or certificate trust list, you must restart the Cisco Tomcat service by entering the CLI command utils service restart Cisco Tomcat.


Note The system does not distribute trust certificates to other cluster servers automatically. If you need to have the same certificate on more than one server, you must upload the certificate to each server individually.


These sections describe how upload a CA root certificate, application certificate, or CTL file to the server:

Upload a Certificate

Upload a Trusted Certificate

Upload a Certificate

To upload a CA root certificate, application certificate, or CTL file to the server, follow these steps:

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Security > Certificate Management.

The Certificate List page appears.

Step 2 Click Upload Certificate.

The Upload Certificate dialog box opens.

Step 3 Select the certificate name from the Certificate Name list.

Step 4 If you are uploading an application certificate that was issued by a third party CA, enter the name of the CA root certificate in the Root Certificate text box. If you are uploading a CA root certificate, leave this text box empty.

Step 5 Select the file to upload by doing one of the following steps:

In the Upload File text box, enter the path to the file.

Click the Browse button and navigate to the file; then, click Open.

Step 6 To upload the file to the server, click the Upload File button.


Upload a Trusted Certificate

To upload a trusted certificate, follow these steps:

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Security > Certificate Management.

The Certificate List page appears.

Step 2 Click Upload CTL.

The Upload Certificate Trust List dialog box opens.

Step 3 Select the certificate name from the Certificate Name list.

Step 4 If you are uploading an application certificate that was issued by a third party CA, enter the name of the CA root certificate in the Root Certificate text box. If you are uploading a CA root certificate, leave this text box empty.

Step 5 Select the file to upload by doing one of the following steps:

In the Upload File text box, enter the path to the file.

Click the Browse button and navigate to the file; then, click Open.

Step 6 To upload the file to the server, click the Upload File button.


Using Third Party CA Certificates

Cisco Unified OS supports certificates that a third party Certificate Authority (CA) issues with PKCS # 10 Certificate Signing Request (CSR). The following table provides an overview of this process, with references to additional documentation:

 
Task
For More Information

Step 1 

Generate a CSR on the server.

See the "Generating a Certificate Signing Request" section.

Step 2 

Download the CSR to your PC.

See the "Downloading a Certificate or CTL" section.

Step 3 

Use the CSR to obtain an application certificate from a CA.

Get information about obtaining application certificates from your CA. See "Obtaining Third-Party CA Certificates" section for additional notes.

Step 4 

Obtain the CA root certificate.

Get information about obtaining a root certificate from your CA. See "Obtaining Third-Party CA Certificates" section for additional notes.

Step 5 

Upload the CA root certificate to the server.

See the "Uploading a Certificate or Certificate Trust List" section.

Step 6 

Upload the application certificate to the server.

See the "Uploading a Certificate or Certificate Trust List" section.

Step 7 

Restart the services that are affected by the new certificate.

For all certificate types, restart the corresponding service (for example, restart the Tomcat service if you updated the Tomcat certificate). In addition, if you updated the certificate for CAPF or Cisco Unified CM, restart the TFTP service.

For information about restarting services, see the "Using the Control Center" section on page 7-1.

Generating a Certificate Signing Request

To generate a Certificate Signing Request (CSR), follow these steps:

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Security > Certificate Management.

The Certificate List page appears.

Step 2 Click Generate CSR.

The Generate Certificate Signing Request dialog box opens.

Step 3 Select the certificate name from the Certificate Name list.

To download a Certificate Signing Request, follow these steps:

Step 4 Click Generate CSR.


Download a Certificate Signing Request

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Security > Certificate Management.

The Certificate List page appears.

Step 2 Click Download CSR.

The Download Certificate Signing Request dialog box opens.

Step 3 Select the certificate name from the Certificate Name list.

Step 4 Click Download CSR.

Step 5 In the File Download dialog box, click Save.


Obtaining Third-Party CA Certificates

To use an application certificate that a third party CA issues, you must obtain from the CA both the signed application certificate and the CA root certificate. Get information about obtaining these certificates from your CA. The process varies among CAs.

CAPF and Cisco ER CSRs include extensions that you must include in your request for an application certificate from the CA. If your CA does not support the ExtensionRequest mechanism, you must enable the X.509 extensions that are listed on the final page of the CSR generation process.

Cisco Unified OS generates certificates in DER and PEM encoding formats and generates CSRs in PEM encoding format. It accepts certificates in DER and DER encoding formats.

Monitoring Certificate Expiration Dates

The system can automatically send you an e-mail when a certificate is close to its expiration date.

To view and configure the Certificate Expiration Monitor, follow these steps:


Note In order to update information on the Certificate Expiration Monitor page, the Cisco Certificate Expiry Monitor service must be running.


Procedure


Step 1 From the Cisco Unified OS Administration web page, select Security > Certificate Monitor.

The Certificate Monitor page appears.

Step 2 Enter the required configuration information. See Table C-21 on page C-15 for a description of the Certificate Monitor Expiration fields.

Step 3 To save your changes, click Save.


IPSEC Management

These topics describe how to manage IPSec:

Displaying or Changing an Existing IPSec Policy

Setting Up a New IPSec Policy


Note IPSec does not get automatically set up between servers in the server group during installation.


Displaying or Changing an Existing IPSec Policy

To display or change an existing IPSec policy, follow these steps:


Note Because any changes that you make to an IPSec policy during a system upgrade will get lost, do not modify or create IPSec policies during an upgrade.



Caution IPSec, especially with encryption, will affect the performance of you system.

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Security > IPSEC Configuration.

The IPSEC Policy Configuration page appears.


Caution Any changes that you make to the existing IPSec policies can impact your normal system operations.

Step 2 Click the Display Detail link. The Association Details page appears. For an explanation of the fields in this page, see Table C-23 on page C-16.


Setting Up a New IPSec Policy

To set up a new IPSec policy and association, follow these steps:


Note Because any changes you make to an IPSec policy during a system upgrade will get lost, do not modify or create IPSec policies during an upgrade.



Caution IPSec, especially with encryption, will affect the performance of you system.

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Security > IPSEC Configuration.

The IPSEC Policy List page appears.

Step 2 Click Add New.

The IPSEC Policy Configuration page appears.

Step 3 Click Next.

The Setup IPSEC Policy and Association page appears.

Step 4 Enter the appropriate information on the IPSEC Policy Configuration page. For a description of the fields on this page, see Table C-23 on page C-16.

Step 5 To set up the new IPSec policy, click Save.


Managing Existing IPSec Policies

To display, enable or disable, or delete an existing IPSec policy, follow this procedure:


Note Because any changes that you make to an IPSec policy during a system upgrade will get lost, do not modify or create IPSec policies during an upgrade.



Caution IPSec, especially with encryption, will affect the performance of your system.


Caution Any changes that you make to the existing IPSec policies can impact your normal system operations.

Procedure


Step 1 Navigate to Security > IPSEC Configuration.


Note To access the Security menu items, you must log in to Cisco Unified Communications Operating System Administration again by using your Administrator password.


The IPSEC Policy List window displays.

Step 2 To display, enable, or disable a policy, follow these steps:

a. Click the policy name.

The IPSEC Policy Configuration window displays.

b. To enable or disable the policy, use the Enable Policy checkbox.

c. Click Save.

Step 3 To delete one or more policies, follow these steps:

a. Select the checkbox next to the policies that you want to delete.

You can click Select All to select all policies or Clear All to clear all the checkboxes.

b. Click Delete Selected.


Performing Software Upgrades

This topic describes how to perform software upgrades:

Upgrading and Installing Software

Upgrading and Installing Software

Youcan install upgrade software on your server while the system continues to operate. Two partitions exist on your system: an active, bootable partition and an inactive, bootable partition. The system boots up and operates entirely on the partition that is marked as the active partition.

When you install upgrade software, you install the software on the inactive partition. The system continues to function normally while you are installing the software. When you are ready, you activate the inactive partition and reboot the system with the new upgrade software. The current active partition will then get identified as the inactive partition when the system restarts. The current software remains in the inactive partition until the next upgrade. Your configuration information migrates automatically to the upgraded version in the active partition.

The Software Upgrade pages enable you to upgrade Cisco ER software from either a local or a remote source.

The software upgrade process also enables you to back out of an upgrade if problems occur. You install the software for the upgrade on the system's inactive partition and perform a restart to switch the system to the newer version of the software. During this process, the upgraded software becomes the active partition, and your current software becomes the inactive partition. Your configuration information migrates automatically to the upgraded version in the active partition.

If for any reason you decide to back out of the upgrade, you can restart the system to the inactive partition that contains the older version of the software. However, any configuration changes that you made since upgrading the software will be lost.


Note When upgrading from Cisco ER 7.1 to a later version, the Publisher must be upgraded first, followed by the Subscriber.


Obtaining the Upgrade File

Before you begin the upgrade process, you must obtain the appropriate upgrade file from Cisco.com. For more information, see the "Installation and Upgrade" section of the applicable Cisco ER Release Notes.


Note Do not rename the patch file before you install it because the system will not recognize it as a valid file.



Note Do not unzip or untar the file. If you do, the system may not be able to read the upgrade files.


You can access the upgrade file during the installation process from either a local DVD or from a remote FTP or SFTP server. Be aware that directory names and filenames that you enter to access the upgrade file are case-sensitive.

Installing and Upgrading Software From a Local Source

You can install software from a DVD that is located in the local disc drive and then start the upgrade process.


Note Be sure to back up your system data before starting the software upgrade process. For more information, see the "Configuring the Cisco Emergency Responder 7.1 Disaster Recovery System" chapter.


To install or upgrade software from a DVD, follow these steps:

Procedure


Step 1 Download the appropriate upgrade file from Cisco.com.

Step 2 Create the DVD by using the .iso file to burn a DVD. The .iso file contains the complete image of the original DVD disk. Just copying the .iso file to the DVD will not work. You must use your burner software to extract the files that are contained in the image and burn them on the DVD. This creates an exact replica of the DVD disk.

Step 3 Insert the DVD into the disc drive on the local server that is to be upgraded.

Step 4 From the Cisco Unified OS Administration web page, select Software Upgrades > Install/Upgrade.

The Software Installation/Upgrade page appears.

Step 5 Choose DVD/CD from the Source list.

Step 6 Enter the path to the patch file on the DVD in the Directory field.

If the file is in the root directory, enter a slash (/).

Step 7 To continue the upgrade process, click Next.

Step 8 Choose the upgrade version that you want to install and click Next.

Step 9 On the next page, monitor the progress of the download, which includes the filename and the number of megabytes that are getting transferred.

Step 10 To install the upgrade and automatically reboot to the upgraded partition, choose Reboot to upgraded partition. The system restarts running the upgraded software.

Step 11 To install the upgrade and then manually reboot to the upgraded partition at a later time, do the following steps:

a. Choose Do not reboot after upgrade.

b. Click Next.

The Upgrade Status window displays the Upgrade log.

c. When the installation completes, click Finish.

d. To restart the system and activate the upgrade, choose Settings > Version; then, click Switch Version.

The system restarts running the upgraded software.


Installing and Upgrading Software From a Remote Source

To install software from a network drive or remote server, follow these steps:


Note Be sure to back up your system data before starting the software upgrade process. For more information, see the "Configuring the Cisco Emergency Responder 7.1 Disaster Recovery System" chapter.



Note Do not use the browser controls, such as Refresh/Reload, while accessing Cisco Unified Operating System Administration. Instead, use the navigation controls provided by the interface.


Procedure


Step 1 From the Cisco Unified OS Administration web page, select Software Upgrades > Install/Upgrade.

The Software Installation/Upgrade page appears.

Step 2 Choose Remote Filesystem from the Source list.

Step 3 Enter the path to the patch file on the remote system in the Directory field.

If the upgrade file is located on a Linux or UNIX server, you must enter a forward slash at the beginning of the directory path you want to specify. For example, if the upgrade file is in the patches directory, you must enter /patches.

If the upgrade file is located on a Windows server, remember that you are connecting to an FTP or SFTP server, so use the appropriate syntax, including:

Begin the path with a forward slash (/) and use forward slashes throughout the path.

The path must start from the FTP or SFTP root directory on the server, so you cannot enter a Windows absolute path, which starts with a drive letter (for example, C:).

Step 4 Enter the server name in the Server field.

Step 5 Enter your user name in the User Name field.

Step 6 Enter your password in the User Password field.

Step 7 Select the transfer protocol from the Transfer Protocol field.

Step 8 To continue the upgrade process, click Next.

Step 9 Choose the upgrade version that you want to install and click Next.

Step 10 On the next page, monitor the progress of the download, which includes the filename and the number of megabytes that are getting transferred.

Step 11 When the download completes, verify the checksum value against the checksum for the file you that downloaded that is shown on Cisco.com.


Caution The two checksum values must match to ensure the authenticity and integrity of the upgrade file. If the checksum values do not match, download a fresh version of the file from Cisco.com and try the upgrade again.


Note If you lose your connection with the server or close your browser during the upgrade process, you may see the following message when you try to access the Software Upgrades menu again:

Warning: Another session is installing software, click Assume Control to take over the installation.

If you are sure you want to take over the session, click Assume Control.

If Assume Control does not display, you can also monitor the upgrade with the Real Time Monitoring Tool.


Step 12 To install the upgrade and automatically reboot to the upgraded partition, choose Reboot to upgraded partition. The system restarts and runs the upgraded software.

Step 13 To install the upgrade and then manually reboot to the upgraded partition at a later time, do the following steps:

a. Choose Do not reboot after upgrade.

b. Click Next.

The Upgrade Status window displays the Upgrade log.

c. When the installation completes, click Finish.

d. To restart the system and activate the upgrade, choose Settings > Version; then, click Switch Version.

The system restarts running the upgraded software.


Stalled Upgrades

During the installation of upgrade software, the upgrade may seem to stall. The upgrade log stops displaying new log messages. When the upgrade stalls, you must cancel the upgrade, disable I/O throttling, and restart the upgrade procedure. When you successfully complete the upgrade, you do not need to reenable I/O throttling.

To disable I/O throttling, enter the CLI command utils iothrottle disable.

To display the status of I/O throttling, enter the CLI command utils iothrottle status.

To enable I/O throttling, enter the CLI command utils iothrottle enable. By default, iothrottle remains enabled.

If the system does not respond to the cancellation, you must reboot the server, disable I/O throttling, and restart the upgrade process procedure.

Reverting to a Previous Version

After upgrading, you can revert to the software version that was running before the upgrade, by restarting your system and switching to the software version on the inactive partition by completing the following task:

 
Task
For Additional Information

1.

Revert the publisher node.

"Reverting the Publisher Server to a Previous Version" section.

2.

Revert all backup subscriber nodes.

"Reverting a Subscriber Server to a Previous Version" section

Reverting the Publisher Server to a Previous Version

To revert to a previous version on the publisher server, follow these steps:

Procedure


Step 1 Open Cisco Unified Communications Operating System Administration directly by entering the following URL:

https://server-name/cmplatform

where server-name is the host name or IP address of the Cisco ER server.

Step 2 Enter your Administrator username and password.

Step 3 Choose Settings>Version.

The Version Settings window displays.

Step 4 Click the Switch Versions button.

After you verify that you want to restart the system, the system restarts, which might take up to 15 minutes.

Step 5 To verify that the version switch was successful, you can follow these steps:

a. Log into Open Cisco Unified Communications Operating System Administration again.

b. Choose Settings>Version.

The Version Settings window displays.

c. Verify that the correct product version is now running on the active partition.

d. Verify that all activated services are running.

e. Log into Cisco ER by entering the following URL and entering your user name and password:

https://server-name/ccmadmin

f. Verify that you can log in and that your configuration data exists.


Reverting a Subscriber Server to a Previous Version

To revert to a previous version on the subscriber server, follow these steps:

Procedure


Step 1 Open Cisco Unified Communications Operating System Administration directly by entering the following URL:

https://server-name/cmplatform

where server-name is the host name or IP address of the Cisco ER server.

Step 2 Enter your Administrator user name and password.

Step 3 Choose Settings>Version.

The Version Settings window displays.

Step 4 Click the Switch Versions button.

After you verify that you want to restart the system, the system restarts, which might take up to 15 minutes.

Step 5 To verify that the version switch was successful, you can follow these steps:

a. Log into Open Cisco Unified Communications Operating System Administration again.

b. Choose Settings>Version.

The Version Settings window displays.

c. Verify that the correct product version is now running on the active partition.

d. Verify that all activated services are running.


Customized Logon Message

You can upload a text file that contains a customized log-on message that appears in Cisco Unified Communications Operating System Administration, Cisco Unified CM Administration, and the command line interface.

To upload a customized log-on message, follow this procedure:

Procedure


Step 1 From the Cisco Unified Communications Operating System Administration window, navigate to Software Upgrades > Customized Logon Message.

The Customized Logon Message window displays.

Step 2 To choose the text file that you want to upload, click Browse.

Step 3 Click Upload File.


Note You cannot upload a file that is larger than 10KB.


The system displays the customized log-on message.

Step 4 To revert to the default log-on message, click Delete.

Your customized log-on message gets deleted, and the system displays the default log-on message.


Using Cisco Unified OS Services

These topics describe how to use Cisco Unified OS services:

Using the Ping Utility

Setting Up Remote Support

Using the Ping Utility

The Ping Configuration page enables you to send ping requests to test if other systems are reachable over the network.

To ping another system, follow these steps:

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Services > Ping.

The Ping Configuration page appears. For details on the Ping Configuration page, see the "Ping Configuration" section on page C-18.

Step 2 Enter the IP address or network name for the system that you want to ping.

Step 3 Enter the ping interval in seconds.

Step 4 Enter the packet size.

Step 5 Enter the ping count, the number of times that you want to ping the system.


Note When you specify multiple pings, the ping command does not display the ping date and time in real time. Be aware that the ping command displays the data after the number of pings that you specified complete.


Step 6 Choose whether you want to validate IPSec.

Step 7 Click Ping.

The Ping Results text box displays the ping statistics.


Setting Up Remote Support

From the Remote Support page, you can set up a remote account that Cisco support personnel can use to access the Cisco ER system for a specified period of time.

The remote support process works as follows:

1. The customer sets up a remote support account. This account includes a configurable time limit on how long Cisco personnel can access it.

2. When the remote support account is set up, a pass phrase gets generated.

3. The customer calls Cisco support and provides the remote support account name and pass phrase.

4. Cisco support enters the pass phrase into a decoder program that generates a password from the pass phrase.

5. Cisco support logs into the remote support account on the customer system by using the decoded password.

6. When the account time limit expires, Cisco support can no longer access the remote support account.

To set up remote support, follow these steps:

Procedure


Step 1 From the Cisco Unified OS Administration web page, select Services > Remote Support.

The Remote Access Configuration page appears.

Step 2 If no remote support account is configured, click Add.

Step 3 Enter an account name for the remote account and the account life in days.


Note Ensure the account name at least six-characters long and all lowercase, alphabetic characters.


Step 4 Click Save.

The Remote Access Configuration page redisplays. For descriptions of fields on the Remote Access Configuration page, see Table C-27 on page C-20.

Step 5 To access the system by using the generated pass phrase, contact your Cisco personnel.