Cisco Active Network Abstraction Installation Guide, 3.6.2
Installing a Gateway
Download this chapter
Installing a GatewayInstalling a Gateway
Download the complete book
Cisco Active Network Abstraction Installation Guide 3.6 Service Pack 2 - PDF of Entire BookCisco Active Network Abstraction Installation Guide 3.6 Service Pack 2 - PDF of Entire Book (PDF - 3 MB)
give_us_feedback

Table Of Contents

Installing a Gateway

Before You Begin

Gateway Installation Overview

Installing the Gateway Server System

Using a Remote Database for Gateway Server Installation

Launching the Gateway

Verifying the Gateway Processes

Installing the Cisco ANA Manage

Post-Installation

Fixing Missing VLAN Information for Catalyst Devices

Environment Variables

Aliases

Users

Verifying the Gateway Installation

SQL Plus Configuration

Cisco ANA Version Information

Drools Rules Configuration

Web Server and Webstart Configuration

Graph Mechanism Configuration

Cisco ANA Configuration Files

What's Next?


Installing a Gateway

This chapter provides details about installing a single gateway for the first time.

NoteFor instructions how to install Service Packs 1 and 2 on top of an existing Cisco ANA 3.6 installation, please see Chapter 7, "Installing the Service Packs".

When you are upgrading Cisco ANA, the installation is slightly different than when you are installing Cisco ANA for the first time. For instructions how to upgrade Cisco ANA, please see Chapter 10, "Upgrading Cisco ANA".

For information about redundancy or multiple installations of the gateway, please consult the Cisco Project Manager or Cisco Account Team.

This chapter includes the following sections:

Before You Begin

Gateway Installation Overview

Post-Installation

Verifying the Gateway Installation

Before You Begin

Note Important: If you are installing Cisco ANA on a machine on which a previous version of the application is installed, you must delete all the files from /tmp which belong to user sheer, before installation.

To locate the list of files, run the following commands: 

cd /tmp

ls -l | grep sheer

Then, to delete each file in the list, run this command: 

rm <file_name>

Before starting the installation, please verify the following:

The installation DVD is available (see Installation DVD, page 2-6).

The server machines that are going to be installed comply with the minimum system requirements as specified in Chapter 2, "Installation Pre-requisites".

The customer-supplied Oracle 9i Enterprise Edition Release 9.2.0.8 or Oracle 10g Enterprise Edition Release 10.2.0.3 with partitioning option must be installed on the gateway server before starting the Cisco ANA installation. For more information, see Chapter 4, "Oracle Server Installation".

Gateway Installation Overview

The gateway installation workflow that follows describes the steps required in the order in which they should be performed.

Figure 5-1 Gateway Installation Workflow

Step 1 Install the gateway server system (specific system installation for the gateway). For instructions, see Installing the Gateway Server System.

Step 2 Launch the gateway (see Launching the Gateway).

Step 3 Verify the gateway installation (see Verifying the Gateway Processes).

Step 4 Install the Cisco ANA Management Tool (see Installing the Cisco ANA Manage).

Note Only a user with root privileges on the Unix box can perform the gateway installation.

Installing the Gateway Server System

During this procedure you will install tools that are required for the gateway functionality. These tools include the Apache Web Server and Third Party Tools, Java™ v1.4.2_13-b06 and Active Perl v5.8.3.

Note The server installation script checks for existing packages, and removes them in a pre-installation phase.

To install the gateway server system:

Step 1 Verify DVD is in the DVD drive.

Step 2 Open a Telnet/SSH session to the gateway machine and log into the machine as "root" user.

Step 3 Check the system prerequisites such as required disk space. For more information, see Hardware and Software Requirements.

Step 4 Backup and remove the old version of the gateway (if an older version already exists).

Step 5 Change the directory to the following CD directory, by entering: 

cd /cdrom/cdrom0/Server

Step 6 Install the gateway server system, by entering: 

perl install.pl -encaped

Note The gateway will install itself to the default directory /export/home/sheer 4.
If you wish to change the installation directory, add the -dir [desired directory] switch at the end of the perl install.pl -encaped command.
For example: perl install.pl -encaped -dir /opt/sheer

The installation of the gateway starts. The installation procedure is automatic and requires no user input.

Note This process may take a while. For a further explanation about the Cisco ANA environment created during installation see Appendix A, "Folders Created in Cisco ANA".

Step 7 After installation, please run the following command: 

usermod -G <oracle_group> sheer

To get the Oracle Group, run the following command: 

id <oracle-user>

For example: 

root@sh-nv210-223 [~]# id oracle

uid=104(oracle) gid=101(dba)

root@sh-nv210-223 [~]# usermod -G dba sheer

Note If you are using a remote database for server installation, there is no local Oracle installation on the gateway machine and hence no 'oracle' user. Only after installing the Oracle Client on the gateway server will the user 'oracle' exist on this machine.

Step 8 When the installation is complete, open a Telnet/SSH session to the gateway machine and log into the machine with username sheer and password sheer.

Step 9 On the first login, the system will advise you to change the default password. This is highly recommended. To change the default user password, enter: 

passwd

Step 10 Continue installing the gateway server system, by entering: 

sheer-conf.pl

Note Please be aware of the following preconditions for executing the sheer-conf.pl script:

The database and listener must be up before executing the sheer-conf.pl script.

If you want to install the database on a server other than the gateway server, you must install an Oracle Client on the gateway server (the same version as the one you run on your Oracle server). You can download the Oracle Client installation from the Oracle Corporation web site at http://www.oracle.com.

The Cisco ANA application uses Oracle 9.2.0.8.0 JDBC driver as the default JDBC driver to communicate with the Oracle database. If you installed a different database version, such as for Oracle 10g, you must remove the default JDBC driver, and download the appropriate JDBC driver to ~/Third_Party/db.

Step 11 Select set machine as gateway. Use the down arrow key to select a machine as the gateway, press Enter.

Figure 5-2 Select Set Machine as Gateway

Step 12 If you are prompted to select a scheme to be installed, and you are unsure which one to use, select PRODUCT.jar. Use the down arrow key to select the scheme, then press Enter.

Figure 5-3 Select PRODUCT.jar Scheme

Step 13 The Cisco ANA configuration utility will configure the system by running the following procedures:

a. Time server configuration tool—Configures the XNTP daemon to act as a time server for all units. The tool will prompt you for the root password. 

- Checking package main installation status                               [OK]

- Setup is updating the configuration directories, this might take a while

- Setting up time server, Enter root password:

- Done setting up the time server.

b. Password initiator tool—Asks you to set all Cisco ANA system built-in account passwords.

You will be prompted to:

Enter the Unix password for Cisco ANA usernames.

Enter the following password information: 

+ ANA is being installed with 4 built-in user which can be used

  for logging into the system from ANA's client/interfaces.

  Setup will now request the user to enter the required passwords:

  - Enter the system root password:

  - Enter the system root password again for verification:

  - Enter the system bosenable password:

  - Enter the system bosenable password again for verification:

  - Enter the system bosconfig password:

  - Enter the system bosconfig password again for verification:

  - Enter the system bosusermngr password:

  - Enter the system bosusermngr password again for verification:


+ ANA is being installed with a web based monitoring tool.

  Setup will now request the user to enter a username/password

  which will be used for accessing the web based monitoring tool:

  - Enter the web monitoring tool username: root

  - Enter the web monitoring tool password:

  - Enter the web monitoring tool password again for verification:

c. You will be prompted whether to use the defaults for the workflow scheme: 

- Use defaults for WorkFlow Scheme ? (Y,N) [default Y]

+ Setup will now try to connect to this machine's database,

If you enter Y, then all the Cisco ANA database definitions will be applied to the DWE scheme.

If you enter N, you will be asked a series of questions similar to the ones asked when configuring Cisco ANA's database. An example of this is displayed here: 

Provide the following database parameters:

- Would you like to use a remote database? (y or n) [default n]

Note Important: If you enter "y" in order for the gateway to use a remote database, then the subsequent parameters may be different. For more information, please see Using a Remote Database for Gateway Server Installation. 

- Enter the Oracle home directory (for e.g. /export/home/oracle/Ora920/) 
/export/home/oracle/Ora920

- Enter root password in order to add user sheer to oracle group:

- Enter the Oracle sid: MCDB

- Enter the Oracle admin username: system

- Enter the Oracle admin password:

- Enter the password for the scheme sheer:

- Enter the location of the data files: /export/home/oracle/Ora920/oradata

- Enter the Oracle Listener port: 1521

------------------------------------------------

- Oracle home directory: /export/home/oracle/Ora920

- DB address: 127.0.0.1

- Oracle SID: MCDB

- Oracle User: sheer

- Oracle Port: 1521

- Oracle Password: **********

- DataFiles location: /export/home/oracle/Ora920/oradata


- DB address: 127.0.0.1

- Is this information correct? (y or n) [default y]

Note An example of the warning message that may be displayed if the incorrect version of Oracle is installed is shown below:
WARNING: Cisco ANA requires Oracle version 9.2.0.8 while the given Oracle version is 9.2.0.5.0. Using the current version is not recommended as it may cause functionality/performance issues and will void the support for this product.Would you like to continue the installation using the current Oracle version anyway? (Y,N)[default N]

d. Supply the database parameters.

e. Database configuration tool—Prompts you for Oracle information. In order to attach the system to a local or remote database you will need to supply the database configuration utility with the following information:

Oracle home directory location

Oracle SID

Oracle Administrator username

The admin password of Oracle

Schema password

Where you would like to save the data files.

Oracle listener port

f. You will be asked if all the parameters have been entered correctly.

g. You will be prompted to enter the Unix root password for adding user sheer to the Oracle group.

An example of this is displayed here: 

+ Setup will now try to connect to this machine's database,

  Provide the following database parameters:

  - Enter the Oracle home directory (for e.g. /export/home/oracle/Ora920/) 
/export/home/oracle/Ora920

  - Enter the Oracle sid: MCDB

  - Enter the Oracle admin username: system

  - Enter the Oracle admin password:

  - Enter the password for the scheme sheer:

  - Enter the location of the data files: /export/home/oracle/Ora920/oradata

  - Enter the Oracle Listener port: 1521

    ------------------------------------------------

  - Oracle home directory: /export/home/oracle/Ora920

  - DB address: 127.0.0.1

  - Oracle SID: MCDB

  - Oracle User: sheer

  - Oracle Port: 1521

  - Oracle Password: **********

  - DataFiles location: /export/home/oracle/Ora920/oradata


  - Is this information correct? (y or n) [default y]

  - User sheer exist, updating password

  - Password changed successfully, scheme exist.

  - scheme sheer exist, loading plugins

  - updating avm11.xml

  - Enter root password in order to add user sheer to oracle group:

If the Sheer scheme does not exist, the database configuration utility will prompt you for:

Oracle admin username: system

Oracle admin password:

Password for scheme sheer:

Figure 5-4 Password for Scheme Sheer

For information on configuring the gateway for high availability, refer to the Cisco Active Network Abstraction High Availability User Guide.

Using a Remote Database for Gateway Server Installation

If you want the gateway to use a remote database for server installation, some of the parameters you must enter differ to those that are required when using the gateway server.

The following provides an example of the database parameters required for remote database installation: 

Provide the following database parameters:

Would you like to use a remote database? (y or n) [default n] y

Please enter Oracle IP address [default 10.52.22.20] 10.56.56.94

- Enter the SQLPlus home directory (for e.g. /export/home/oracle/Ora920/)

/export/home/oracle/oracle/product/10.2.0/client_2

- Enter root password in order to add user sheer to oracle group:

- Enter the Oracle sid: MCDB

- Enter the Oracle admin username: system

- Enter the Oracle admin password:

- Enter the password for the scheme sheer:

- Enter the location of the data files: /export/home/oracle/Ora920/oradata

- Enter the Oracle Listener port: 1521

- Enter root password in order to create tnsnames file:

Password:

- Enter again root password in order to change owner of tnsnames file:

Password:

creating tnsnames.ora file for remote DB connectivity

------------------------------------------------

- Oracle home directory: /export/home/oracle/oracle/product/10.2.0/client_2

- DB address: 10.56.56.94

- Oracle SID: MCDB

- Oracle User: sheer

- Oracle Port: 1521

- Oracle Password: **********

- DB address: 10.56.56.94

- Is this information correct? (y or n) [default y]

- User sheer exist, updating password

- Password changed successfully, scheme exist.

- User dwe exist, updating password

- Password changed successfully, scheme exist.

Note The following is an example of the warning message that may be displayed if the incorrect version of Oracle is installed:
WARNING: Cisco ANA requires Oracle version 9.2.0.8 while the given Oracle version is 10.2.0.1.0. Using the current version is not recommended as it may cause functionality/performance issues and will void the support for this product. Would you like to continue the installation using the current Oracle version anyway? (Y,N) [default N] Y
Important: If you are using a remote database with Oracle 10g, the installation process may corrupt the tnsnames.ora file. Prior to answering "Y", please check the tnsnames.ora file to verify that the hostname.sid is not missing the "sid". If you find this error, please fix it in the tnsnames.ora file, and then press Y to continue the installation. 

- scheme sheer exist, loading plugins

- creating dwe tables...

- updating avm11.xml

- updating avm66.xml

- Done setting the machine as gateway

Launching the Gateway

After installing the server system and the gateway software you are ready to launch the gateway.

To launch the gateway:

Step 1 Open a Telnet/SSH session to the gateway machine and log into the machine as user "sheer", default password "sheer".

Step 2 Launch the gateway, enter the initialization command: 

mvm.csh

The gateway process is now loading.

Note The gateway loading process may take a while.

Note You can aslo use this procedure to start, stop, and check the status of the system or AVMs.

Verifying the Gateway Processes

This section enables you to verify that the gateway processes are up and running. The gateway server processes are:

AVM 0—Transport switch process

AVM 11—Gateway process

AVM 99—Management process

Webserver daemon—Client connection process

Sheer_secured daemon

To verify the gateway process:

Step 1 Check the status of all processes and daemons, by entering: 

status

The following figure shows an example of the output which lists all the processes:

Figure 5-5 List of all the Processes

Note The message "Checking for AVM100's status" is "[DISABLED]" is an expected condition.

Installing the Cisco ANA Manage

Cisco ANA Manage is the GUI tool used for performing various system administration activities. It provides an interface to perform the following:

Cisco ANA Unit Management—Adding and removing units, and setting up unit redundancy.

Agent Virtual Machines (AVMs) and VNEs Management—Adding and removing AVMs and VNEs for the different units. Starting and stopping VNEs, setting polling information per VNE.

Global Settings Management—Setting up polling groups to be used by the VNEs and defining a service disclaimer (message of the day).

Scope, User and Security Management—Setting up scopes of devices, system users and security levels.

Topology ManagementManaging static and persistent topology links.

For more information about installing the Cisco ANA Manage tool, see Using the Client Installation Wizard, page 8-1.

Note The installation procedure changes the .rhosts file of the Sheer user. For more information, see Appendix B, "Cisco User .rhosts File".

Post-Installation

The installation script automatically creates the "sheer" user and an associated environment. The .cshrc file is the user initialization file where the required environment variables and aliases are defined.

An example of the common .cshrc file of user "sheer" follows: 

# --- tcsh settings

set prompt="%B%n@%m%b [%~]# "

set autolist

set autoexpand

set autocorrect

set history=5000

set savehist=5000

set notify

set complete="enhance"

set savehist

set correct=cmd

set autologout=0

set color

set colorcat


# --- env settings

setenv SHEERHOME ~sheer

setenv PAGER less

setenv JAVA_HOME $SHEERHOME/java

setenv PERL_HOME $SHEERHOME/perl

setenv PERL_VER "5.8.6"

setenv MANPATH 
/usr/local/mrtg-2/man:/usr/local/net-snmp/man/usr/local/man:/usr/local/ActivePerlocal/samb
a/man:/usr/local/ActivePerl-5.6/man:/usr/local/ssl/man

setenv EDITOR vi

setenv LD_LIBRARY_PATH $SHEERHOME/local/lib/gen:$SHEERHOME/Third_Party/lib

setenv SHEERPATH 
.:$SHEERHOME/perl/bin:$SHEERHOME/local/lib/gen:$SHEERHOME/local/bin:$SHEERHOMEain/scripts:
$SHEERHOME/python/bin:$SHEERHOME/Main/setup


setenv PATH 
${SHEERPATH}:/usr/bin:/usr/sbin:/usr/etc:/usr/ucb:/usr/local/bin/:/usr/local/net-sn

setenv PERLLIB 
"./:${SHEERHOME}/local/lib/perl/gen:${SHEERHOME}/local/lib/perl/sheer:${SHEERHOMperl/lib/$
{PERL_VER}:${SHEERHOME}/perl/lib/site_perl/${PERL_VER}/sun4-solaris-thread-multi:${SHite_p
erl:${SHEERHOME}/Main"

setenv SHEER_LOGIN_INFO 1

setenv SHEER_COMMUNICATION_METHOD ssync


# --- other settings

limit descriptors 1024


# --- sourcing

if ( -f  $SHEERHOME/.aliases ) then

        source $SHEERHOME/.aliases

endif

if ( -f $SHEERHOME/db/.db ) then

        source $SHEERHOME/db/.db

endif

if ( -f $SHEERHOME/Main/.sheer ) then

        source $SHEERHOME/Main/.sheer

endif

For details on checking the gateway installation, see Verifying the Gateway Installation.

Fixing Missing VLAN Information for Catalyst Devices

After installing the gateway, trunk VLAN information may be missing on Catalyst devices that use the default catalyst product scheme. To overcome this problem, you must run a command that will update the contents of the site.xml in the relevant location.

From the server on which the gateway is installed, do the following:

Step 1 Launch the gateway and verify that the Registry Service is running correctly.

Step 2 Open the terminal window and change the iredtory to <install-path>/Main.

Step 3 Run the following command to update the site.xml: 

./runRegTool.sh -gs 127.0.0.1 set 0.0.0.0 
"site/cisco-catalyst-scheme/com.sheer.metrocentral.coretech.common.investigator.GenericFor
wardingInvestigator/trunk-encapsulations-catalyst/default" 
"cisco-catalyst-repository/trunk-encapsulations-catalyst-snmp"

Step 4 Verify that the site.xml is updated, as follows:

The key trunk-encapsulations-catalyst has default entry of "cisco-catalyst-repository/trunk-encapsulations-catalyst-snmp", under the scheme cisco-catalyst-scheme.

The site.xml contains the following: 

	<key name="cisco-catalyst-scheme"> 
		<key 
name="com.sheer.metrocentral.coretech.common.investigator.GenericForwardingInvestigator"> 
			<key name="trunk-encapsulations-catalyst"> 
				<entry 
name="default">cisco-catalyst-repository/trunk-encapsulations-catalyst-snmp</entry> 
			</key> 
		</key> 
	</key>

Environment Variables

The installation script automatically defines the following environment variables:

Variable Name
Content

SHEER_HOME

/export/home/sheer4

JAVA_HOME

/export/home/sheer4/java

SHEER_COMMUNICATION_METHOD

ssync


Note The SHEER_HOME variable content /export/home/sheer4 will change according to the gateway installation directory. (For details see Installing the Gateway Server System.)

Aliases

The installation script automatically defines the following aliases:

Table Alias
Content 
sheer

Changes the directory to ~sheer/Main 

reg

Changes the directory to ~sheer/Main/registry 

main

Changes the directory to ~sheer/Main 

logs

Changes the directory to ~sheer/Main/logs


Users

The installation script automatically creates a Unix user called "sheer" with a default password "sheer". This user can launch Cisco ANA and perform all required functionality.

Verifying the Gateway Installation

This section describes how to check the installation of the gateway server:

SQL Plus Configuration—Describes how to check that the server is available and properly configured.

Cisco ANA Version Information—Describes how to check the version of Cisco ANA installed on the server.

Drools Rules Configuration—Describes how to check the Drools rules files that are being used.

Web Server and Webstart Configuration—Describes how to check the web server and Cisco ANA Webstart mechanism.

Graph Mechanism Configuration—Describes how to check the graph mechanism.

Cisco ANA Configuration Files—Describes how to check the Cisco ANA configuration files.

What's Next?—Describes the next step after completing the check of the gateway.

SQL Plus Configuration

This step checks that the server is available and properly configured. In addition, it verifies that the database is up and running and has been configured properly.

Step 1 On the server, enter: 

sqlplus USER/PASSWORD

The username is sheer, and the password was setup during installation.

Step 2 Check that the SQL client can connect to the database.

Successful Result

The following prompt appears: 

SQL*Plus: Release 9.2.0.8.0 - Production on Sun Apr 10 09:40:01 2005

Copyright (c) 1982, 2002, Oracle Corporation.  All rights reserved.

Connected to:

Oracle9i Enterprise Edition Release 9.2.0.8.0 - Production

With the Partitioning, OLAP and Oracle Data Mining options

JServer Release 9.2.0.8.0 - Production

SQL>

Failure

A test failure indicates a database error. Contact your local database administrator and repeat the test.

Cisco ANA Version Information

This step checks the version of Cisco ANA installed on the server. In addition, it also checks that the major parts of the Cisco ANA system are properly located and running.

Note This test also checks a few additional characteristics of the installation such as directories, classes and so on.

If there are any files missing or problems with the configuration, this check will fail.

Step 1 On the gateway server, enter: 

status

Step 2 Check that the correct version of Cisco ANA has been installed.

The following is an example of the message that should be displayed. 

---------------------------------------------------------------------

Welcome to sh-nv210-1A5, running Cisco ANA gateway (v3.6.2 (PRODUCT))

---------------------------------------------------------------------

Note For the exact version installed, please use the "status" command only on the gateway. Running the "status" command on the units will not reflect the changes made with the service packs, and will show the 3.6.0 version.

Drools Rules Configuration

This procedure checks that the Drools rules files that are being used have been properly created.

Step 1 On the server, ensure that the following directory exists: 

~/Main/data

Step 2 Check that the directory contains the following files:

post.ilr

pre.ilr

Successful Result

The two Drools rules files exist in the directory.

Failure

Rerun the installation.

Web Server and Webstart Configuration

This procedure checks:

Web server has been properly configured and is running.

Cisco ANA Webstart mechanism has been properly configured.

Step 1 Open a web browser on the PC client connected to the server.

Step 2 Enter the following URL to connect to the gateway URL: 

http://<GW-IP>:1310/webstart/networkvision.jnlp

For example, if the gateway IP address is 172.16.0.0, enter the following URL: 

http://172.16.0.0:1310/webstart/networkvision.jnlp

Successful Result

The networkvision.jnlp file is found.

The web browser locates the file and tries to open or save (download) the file depending on the configuration of the web server.

The Webstart directory and Apache have been properly installed.

Note The jnlp file will return the following error from the webserver. This is an expected error.
An error occurred while launching/running the application.
Category: Launch File Error
The field <jnlp><information><homepage>href has an invalid value: home.html

Failure

Check that the Apache Server is running on the gateway.

Check that the webserver daemon is up and running, enter status on the gateway server.

If the webserver daemon is down, load it by entering startWeb.cmd.

Check that the directory ~/Main/webstart and all its sub-directories and files have execute privileges.

Graph Mechanism Configuration

This procedure checks that the graph mechanism is working correctly:

Step 1 Open a web browser on the PC client connected to the server.

Step 2 The graph mechanism, also known as the diagnostic web page, is enabled by default. You can disable or enable the diagnostic web page. Enter: 

diagnostic_framework.cmd disable

or 

diagnostic_framework.cmd enable

Step 3 Enter the following URL to connect to Cisco ANA Graph: 

https://<GW-IP:1311>/graphs/

Note The username and password for the graphs were configured during installation.

Successful Result

The graphs open properly in the web browser.

Failure

Check the configuration of the web browser.

Cisco ANA Configuration Files

This step checks the following Cisco ANA configuration files:

What AVMs should run.

What units are configured.

Step 1 On the server browse to the following directory: 

~/Main/registry/ConfigurationFiles

Step 2 Check that the directory contains the following two sub-directories:

127.0.0.1

0.0.0.0

Successful Result

The sub-directory 127.0.0.1 exists.

The sub-directory 0.0.0.0 exists.

Failure

Ensure the webserver daemon is up and running, enter status on the gateway server:

Figure 5-6 Command "Status" on the Gateway Server

If the webserver daemon is down, load it by entering startWeb.cmd.

Figure 5-7 Command startWeb.cmd

What's Next?

After the installation of the gateway has been checked, units can be installed. For information about checking the installation of the units see Verifying the Unit Installation, page 6-6.

Note When installing a Service Pack, you must generate unique SSH keys on the gateway that are propagated to all the units in your setup, once it is up and running. For more information, see Generating the SSH Keys, page 7-5.