Cisco Info Center VPN Policy Manager Installation and User Guide, 3.1
Installing Cisco Info Center VPN Policy Manager
Download this chapter
Installing Cisco Info Center VPN Policy ManagerInstalling Cisco Info Center VPN Policy Manager
Download the complete book
Cisco Info Center VPN Policy Manager Installation and Configuration Guide, 3.1 (PDF version)Cisco Info Center VPN Policy Manager Installation and Configuration Guide, 3.1 (PDF version) (PDF - 2 MB)
give_us_feedback

Table Of Contents

Installing Cisco Info Center VPN Policy Manager

Installation Architecture

Preliminary Steps

Installing Cisco IP Solution Center

Installing Cisco ISC 3.2

Special ISC Configuration for ISC 3.2

Obtaining a License for the Cisco ISC Application Programming Interface

Installing ISC 3.2 Patches

Installing Solaris 7 Patches for Policy Manager

Adding Provider Edge Device Entries to the /etc/hosts File (Optional)

Installing Cisco Info Center 3.6

Adding Required Info Mediators

Updating or Installing the Webtop Component (Optional)

Installing Cisco Info Center VPN Policy Manager

Downloading the Policy Manager Support Pack

Installing the Policy Manager Component

Updating Existing Cisco Info Center Components

Starting the cic_update Utility

Updating the Info Server Component

Updating Info Mediator Components

Updating Info Desktop Components

Installing Customized Event Views for VPN Policy Manager

Running nco_config to Specify the Path to an Internet Browser (Optional)

Configuring Failover for Cisco Info Center VPN Policy Manager

Licensing Cisco Info Center VPN Policy Manager

Indicating the Location of the License Server

Obtaining License Keys

Obtaining License Keys for Cisco Info Center VPN Policy Manager Components

Obtaining License Keys for Info Mediator Components

Obtaining License Keys for Webtop 1.2

Procedure for Obtaining License Keys

Starting Cisco Info Center VPN Policy Manager

Stopping Cisco Info Center VPN Policy Manager


Installing Cisco Info Center VPN Policy Manager

This chapter describes installation of Cisco Info Center VPN Policy Manager 3.1 This chapter contains the following sections:

Installation Architecture

Preliminary Steps

Installing Cisco Info Center 3.6

Adding Required Info Mediators

Updating or Installing the Webtop Component (Optional)

Installing Cisco Info Center VPN Policy Manager

Updating Existing Cisco Info Center Components

Configuring Failover for Cisco Info Center VPN Policy Manager

Licensing Cisco Info Center VPN Policy Manager

Stopping Cisco Info Center VPN Policy Manager

Stopping Cisco Info Center VPN Policy Manager

Installing Cisco Info Center VPN Policy Manager in a multi-system configuration consists of the steps shown in Table 3-1:

Table 3-1 Installation Steps for Cisco Info Center VPN Policy Manager 

Step
Description

Step 1 : Perform Preliminary Installation Steps

Perform the preliminary installation steps described in the "Preliminary Steps" section.

Step 2 : Install Cisco Info Center 3.6

If Cisco Info Center 3.6 is not already installed, install it in a multi-system architecture.

For a description of recommended architectures, see the "Installation Architecture" section

For links to the Cisco Info Center 3.6 installation documentation, see the "Installing Cisco Info Center 3.6" section.

Step 3 : Add Required Info Mediators

Cisco Info Center VPN Policy Manager uses three Info Mediators to process events relating to MPLS networks—The MTTrapd Info Mediator, the Syslog Info Mediator and the Tibco Info Mediator.

If these Info Mediators are not configured in your current Cisco Info Center installation, run the nco_config configuration utility to add them to your installation and configure them.

See the "Adding Required Info Mediators" section for detailed information.

Step 4 : (Optional) Install Webtop 1.2

If you want to use the Webtop application to view Cisco Info Center VPN Policy Manager events, you must either upgrade an existing Webtop 1.1 installation to Webtop 1.2 or install Webtop 1.2.

For detailed instructions, see the "Updating or Installing the Webtop Component (Optional)" section

Step 5 : Install Cisco Info Center VPN Policy Manager

Run the cic_update utility to install the VPN Policy Manager components on a separate host from the Cisco Info Server component.

See the "Installing Cisco Info Center VPN Policy Manager" section for detailed instructions.

Step 6 : Update Existing Cisco Info Center 3.6 components.

Run the cic_update utility to update any Cisco Info Center 3.6 component that is installed.

You must update all installed Info Server, Info Mediator, and Info Desktop components that you want to use with the VPN Policy Manager product.

For information on updating existing Cisco Info Center components, see the "Updating Existing Cisco Info Center Components" section

Step 7 : (Optional) Configure Failover

You can set up Info Server failover, Impact Server failover, or both.

For a list of steps for configuring failover, see the "Configuring Failover for Cisco Info Center VPN Policy Manager" section.

Step 8 : Obtain and Install Licenses

To run Cisco Info Center VPN Policy Manager, you must obtain and install licenses for the Policy Manager components and any new Cisco Info Center 3.6 components that you will install.

If you will use the Webtop 1.2 application to monitor VPN Policy Manager events, you must obtain and install licenses for the Webtop 1.2 components.

For information on implementing licensing, see the "Licensing Cisco Info Center VPN Policy Manager" section


Installation Architecture

This chapter describes installation of Cisco Info Center VPN Policy Manager 3,1 in a typical multi-system configuration scenario. In this scenario:

The Cisco Info Center 3.6 core components are installed on a separate, standalone host

The Cisco Info Center VPN Policy Manager components are installed on another, standalone host and configured to communicate with the Cisco Info Server component and with the Cisco IP Solution Center (ISC) 3.2 product

Note The ISC 3.2 installation must have the latest patches to the release installed.

The MTTrapd Info Mediator, Syslog Info Mediator, and, optionally, the Tibco Info Mediator and the Process Control component are installed on a separate host.

Existing Cisco Info Center 3.6 components are upgraded to function correctly in the Cisco Info Center VPN Policy Manager 3.1 environment

Figure 3-1 shows a typical configuration scenario:

Figure 3-1 Typical Configuration for Cisco Info Center VPN Policy Manager in a Multi-System Architecture

Preliminary Steps

Before installing Cisco Info Center VPN Policy Manager 3.1, complete the following steps:

1. Install and configure Cisco IP Solution Center release 3.2

Note that you must perform a special configuration step to enable ISC 3.2 to work with Cisco Info Center VPN Policy Manager 3.1. For information on this special configuration, see the

2. Install the latest patch release for ISC 3.2

3. Obtain a license for the MPLS VPN component of the Cisco IP Solution Center Application Programming Interface (API)

4. If required, install Solaris patches on the Policy Manager host

5. If you are not using DNS on the host, enter the hostnames of any Provider Edge (PE) devices and ISC installations that you will monitor in the /etc/hosts file.

Installing Cisco IP Solution Center

Before you install the Policy Manager component, make sure that you have an active installation of Cisco IP Solution Center 3.2 on your network.

Installing Cisco ISC 3.2

For detailed installation and configuration information, refer to the following ISC 3.2 documents:

Release Notes for Cisco IP Solution Center, 3.2 at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/isc/3_2 /relnotes

Cisco IP Solution Center Installation Guide, 3.2 at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/isc/3_2/install

Cisco IP Solution Center System Error Messages, 3.2 at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/isc/3_2/mess

For information on additional ISC 3.2 documents, refer to the Documentation Guide for Cisco IP Solution Center, 3.2 at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/isc/3_2/docguide/index.htm

Special ISC Configuration for ISC 3.2

To enable ISC 3.2 to work with Cisco Info Center VPN Policy Manager 3.1, you must set the backward compatible record number feature in the vpnsc.properties file. Complete these steps to set this property.

Step 1 Edit the vpnsc.properties file.

Make sure that the line for the nbi.BackwardCompatible.RecordNumber property reads follows:

nbi.BackwardCompatible.RecordNumber=true

Step 2 Save your changes to the vpnsc.properties file.

For detailed information on ISC 3.2 configuration , refer to the Cisco IP Solution Center Installation Guide, 3.2 at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/isc/3_2/install

Step 3 Restart the ISC database.

Step 4 Initialize the ISC database.

Obtaining a License for the Cisco ISC Application Programming Interface

To run Cisco Info Center VPN Policy Manager 3.1, you must obtain a license for the MPLS VPN component of the ISC 3.2 Application Programming Interface (API).

If you order part number ISC3.X-MPLS-API when you order the ISC product, you receive licenses for the API package.

If you did not order this part number, contact your Cisco sales representative.

Installing ISC 3.2 Patches

In order for Cisco Info Center VPN Policy Manager 3.1 to work correctly with ISC 3.2, the ISC 3.2 installation must be running the latest ISC patch.

To obtain ISC patches, go to the following URL on CCO:

http://www.cisco.com/pcgi-bin/tablebuild.pl/isc

For information on installing these patches, refer to the README file distributed with the ISC patch.

Installing Solaris 7 Patches for Policy Manager

If you are installing Policy Manager on a host running Solaris 7, then before you start installation of the Policy Manager components, determine whether your system has the required Solaris patches installed. If any of the required Solaris 7 patches are not installed, install them before you start the Policy Manager installation.

Tar files containing the Solaris 7 patches are provided on the Cisco Info Center 3.6 installation media in the following directory:

/patches/solaris2/5.7 directory.

Note Some of the patches listed below may not be necessary if you have later patches installed that supersede them. Consult the README file for each patch or run the patchadd utility to install the patches and examine the output to determine whether a required patch is covered by an already installed patch.

Note It is recommended to install Cisco Info Center VPN Policy Manager on a host running Solaris 8.

If your host is running Solaris 2.7, make sure that the following patches are installed:

106980-05

107078-10

107078-01

107636-01

Adding Provider Edge Device Entries to the /etc/hosts File (Optional)

If you do not have the Domain Name System (DNS) configured and running on the host where you will run Policy Manager, then you must edit the /etc/hosts file and add the hostnames of any Provider Edge (PE) devices or ISC installations that the Policy Manager component will monitor.

Installing Cisco Info Center 3.6

Installing Cisco Info Center VPN Policy Manager requires an existing installation of Cisco Info Center 3.6.

If you do not already have an existing installation of Cisco Info Center 3.6, refer to the Cisco Info Center Installation Guide, 3.6 for detailed installation instructions:

For an overview of installation requirements and considerations, refer to Chapter 2 of the Cisco Info Center Installation and Configuration Guide, "Overview of Installation and Configuration" at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/info_ctr/3_6/install/inst_ovw.htm

For instructions on installing Cisco Info Center in a multi-system configuration, refer to Chapter 3 of the Cisco Info Center Installation and Configuration Guide, "Installing and Configuring the Multi-System Architecture" at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/info_ctr/3_6/install/multi.htm

For instructions on installing Cisco Info Center in a single system configuration, refer to Chapter 4 of the Cisco Info Center Installation and Configuration Guide, "Installing and Configuring the Single-System Architecture" at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/info_ctr/3_6/install/single.htm

The Cisco Info Center Installation and Configuration Guide, 3.6 is located at the following location on Cisco Connection Online (CCO):

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/info_ctr/3_6/install/index.htm

The location on cisco.com is the following URL:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps996/products_installation_and_configuration_guide_book09186a00801751f1.html

Adding Required Info Mediators

If your existing Cisco Info Center 3.6 installation does not have all of the required Info Mediators for Cisco Info Center VPN Policy Manager 3.1 installed, then you must complete the following steps:

Run the nco_config configuration utility to configure the required Info Mediators

Obtain and install licenses for any required Info Mediators that you add to your configuration.

To use the full functionality of Cisco Info Center VPN Policy Manager, you should have the following Info Mediators configured:

MTTrapd Info Mediator

Syslog Info Mediator

Tibco Info Mediator

Note Make sure that you install the Tibco Info Mediator on the same network where Cisco ISC is installed.

Complete these steps to configure additional Info Mediators for use with Cisco Info Center VPN Policy Manager.

Step 1 Enter the following commands.

setenv OMNIHOME /opt/Omnibus

cd /opt/Omnibus/install

./nco_config

The configuration utility starts,.

A prompt similar to the following appears: 

###############################################################

               Cisco Info Center Configuration Menu

###############################################################


           1.  Configure Mediators


           2.  Help 


           3.  Quit 


           4.  Start Configuration

Note This menu contains additional selections if additional Cisco Info Center components are installed.

Step 2 Enter the number next to Configure Mediators to select the Mediators component.

Step 3 Enter the number next to Start Configuration) to start configuration.

The script displays the selected option and prompts you for confirmation. 

You have selected the following:


Configure Mediators


Do you want to continue (y/n)? [y]:

Step 4 Press Return.

Step 5 Answer any prompts that appear as required.

The Device Configuration Menu appears: 

************************************

Device configuration menu

************************************

 1.   MWFM

 2.   CW2K (include DFM and VHM)

 3.   CTM

 4.   CWM

 5.   CEMF

 6.   NNM

 7.   CNS-NOTE using SNMP

 8.   CNS-NOTE using TIBCO

 9.   Syslog

 10.  SNMP Generic Traps 

 11.  CNS-PE using TIBCO

 12.  Cisco Element Manager (NEI)


1-12. Toggle Component

S. Select All Components

U. Unselect All

I. Setup and Install Components

H. Help

Q. Quit

Option:

Step 6 Enter the numbers that correspond to the combination of devices or software applications you want to configure.

The following selections select the Info Mediators used with Cisco Info Center VPN Policy Manager:

9. Syslog—Select this option to configure the Syslog Info Mediator

10. SNMP Generic Traps—Select this option to configure the MTTrapd Info Mediator.

11. CNS_PE using TIBCO (optional)—Select this option if you want to configure the Tibco Info Mediator.

Step 7 Enter i to start Info Mediator configuration.

The selected Info Mediators are configured.

If you selected option 11 (CNS-PE using TIBCO), the following prompt appears: 

Enter the subject, CNS-PE notifier is configured for

Step 8 If this message appears, enter the following:

cisco.vpnsc

The configuration utility installs and sets up the specified Info Mediator component.

The following messages appear: 

Info Mediator Tibco Configured


Press <Return> when ready

a. Press Return.

The configuration script copies the required rules file modifications to your system.

Updating or Installing the Webtop Component (Optional)

You can use either the Info Desktop component or Webtop clients to view events from Cisco Info Center VPN Policy Manager.

If you choose to use the Webtop component, you must either upgrade your existing Webtop component to Webtop 1.2 or install Webtop 1.2. To do this, you download the cic-webtop-1.2-ga.tar from the Cisco Info Center software download area and run the install_webtop script that is provided in the tar file.

Complete these steps to upgrade or install the Webtop component.

Step 1 Copy the cic-webtop-1.2-ga.tar file from the software download site to a directory on the target host.

The software download site for Cisco Info Center is available at the following URL:

http://www.cisco.com/pcgi-bin/tablebuild.pl/cic

Step 2 Issue the following command to untar the distribution tar file.

tar -xvf cic-webtop-1.2-ga.tar

The system untars the file.

Step 3 If Webtop 1.1 is installed, make sure that it is not running.

Step 4 Issue the following command to start the Webtop installation script:

./install_webtop

The installation script displays messages regarding the required Java Runtime Environment and installation of the Netcool/Webtop Administration Application Programming Interface (WAAPI), as well as a reminder that a FLEXlm-based license is required for Webtop.

If a previous installation of Webtop is detected, the following messages appear: 

An old Webtop installation is found, it will be backed up in /opt/Omnibus/Webtop.BAK.


Press <Return> when ready...

If no previous installation of Webtop is detected, the following messages appear: 

No previous Webtop installation is found. 

A new installation of Webtop 1.2 will continue.

Step 5 Press Return.

The following prompts appears: 

The installation directory, /opt/Omnibus/Webtop, does not exist.

Do you want to create it? [yes]

Step 6 Press Return.

The installation script installs the CICweb package and the Sun Java Runtime Environment. (JRE)

You are prompted to read through the license agreement.

Step 7 Press Return.

Step 8 Read the license agreement.

You are prompted to accept the license agreement: 

Do you agree to the above license terms? [yes or no]

Step 9 Enter y to accept the license agreement.

The installation script installs the JRE and the Webtop Access Application Programming Interface (WAAPI).

If you have a previous Webtop 1.1 installation, you are prompted to migrate the existing Webtop configuration to the Webtop 1.2 installation.

Step 10 Do one of the following:

If you want to migrate your existing Webtop 1.1 configuration to the Webtop 1.2 installation, enter y.

If you do not want to migrate the existing configuration, enter n.

If you enter y to indicate that you want to migrate the existing configuration information, the following message appears: 

The old server.init configuration will be used as the default value in the following 
prompts.

You are prompted for configuration information about the Info Server (Object Server) that Webtop will communicate with. Answer the prompts as indicated in Table 3-2

Table 3-2 Webtop 1.2 Configuration Prompts

Prompt
Response

Please enter the name of the default ObjectServer [INFOSERVER]

Do one of the following:

To accept the default name for the Info Server (Object Server), INFOSERVER, press Return.

To specify another Info Server name, enter the Info Server name.

Please enter the host name of the ObjectServer [xxx.xxx.xxx.xxx]

Do one of the following.

To accept the default host name for the Info Server (Object Server), press Return to accept the hostname or IP address displayed in the prompt.

To specify another host name, enter the hostname or IP address for the host that is running the Info Server.

Please enter the number of the ObjectServer port [4100]

Do one of the following:

To accept the default port number for the Info Server (Object Server), (port 4100), press Return.

To specify a different port number, enter the port number.

Please enter the name of the ObjectServer user [InfoAdmin]

Do one of the following:

To accept the default username for the Info Server (Object Server) user (InfoAdmin), press Return.

To specify another username, enter the username.

Please enter the ObjectServer password for InfoAdmin [InfoAdmin]

Do one of the following:

To accept the default password for the Info Server (Object Server) user (InfoAdmin), press Return.

To specify another password, enter the password.


The script displays a prompt asking whether there is a failover Info Server for the Info Server specified earlier: 

Do you have failover ObjectServer(s) for INFOSERVER? (yes/no)  [no]

Step 11 Do one of the following:

If there are no failover Info Servers, press Return.

If there is one or more failover Info Server, enter y for "yes."

If you enter y to indicate that there are failover Info Server(s), you are prompted for information about the failover Info Server. Answer the prompts as indicated in Table 3-3.

Table 3-3 Webtop Installation Prompts for the Failover Info Server

Prompt
Response

Please enter the host name of the failover INFOSERVER [xxx.xxx.xxx.xxx]

Do one of the following.

To accept the default host name for the failover Info Server (Object Server), press Return to accept the hostname or IP address displayed in the prompt.

To specify another host name, enter the hostname or IP address for the host that is running the Info Server.

Please enter the number of the failover INFOSERVER port [4100]

Do one of the following:

To accept the default port number for the failover Info Server (Object Server), (port 4100), press Return.

To specify a different port number, enter the port number.

Please enter the name of the failover INFOSERVER user [InfoAdmin]

Do one of the following:

To accept the default username for the failover Info Server (Object Server) user (InfoAdmin), press Return.

To specify another username, enter the username.

Please enter the failover INFOSERVER password for InfoAdmin [InfoAdmin]

Do one of the following:

To accept the default password for the failover Info Server (Object Server) user (InfoAdmin), press Return.

To specify another password, enter the password.


If you indicated that there is a failover Info Server, the script displays a prompt asking whether there is another failover Info Server (Object Server): 

Do you have another failover ObjectServer for INFOSERVER? (yes/no)  [no]

Step 12 Do one of the following:

If there are no additional failover Info Servers, press Return.

If there is one or more additional failover Info Server, enter y.

You are prompted to configure additional Info Servers (Object Servers): 

Do you have another ObjectServer to configure? (yes/no)  [no]

Step 13 Do one of the following

If there are no additional Info Servers that the Webtop server must communicate with, press Return.

If there are additional Info Servers that the Webtop server must communicate with, enter y.

If you enter y to indicate that there are additional Info Servers, you are prompted for configuration information about the Info Server.

Step 14 If you are prompted for configuration information about additional Info Servers, answer the prompts as indicated in Table 3-2.

Step 15 If you are prompted for failover information about additional Info Servers, answer the prompts as indicated in Table 3-3.

You are prompted for the hostname of the host running the FLEXlm license server: 

Please enter the host name of the License Server [hostname]

Step 16 Do one of the following:

If the FLEXlm license server is installed on the local host (the host indicated by hostname), press Return.

If the FLEXlm license server is installed on a remote host, enter the hostname of the host that is running the license server.

You are prompted for the port number for the FLEXlm license server: 

Please enter the number of the License Server port [27000]

Step 17 Do one of the following:

To accept the default port number for the FLEXlm license server (27000) press Return.

If the FLEXlm license server is using another port number, enter that port number.

You are prompted for the HTTP port number for the Webtop server. 

Please enter the port for the Webtop server [8080

Step 18 Do one of the following:

To accept the default HTTP port for the Webtop server (8080) press Return.

To specify another HTTP port number for the Webtop server, enter a the number.

The installation utility completes the configuration for Webtop 1.2.

The following message appears: 

Webtop Configuration successfully updated.

Webtop 1.2 configuration is now complete.

Step 19 After the installation and configuration steps are complete, issue the following command to copy the index.htm file HTML file from your backup installation to the new installation:

cp $OMNIHOME/Webtop.BAK/config/docs/cic/index.html
$OMNIHOME/Webtop/www/webapps/ROOT/cic/index.html

Installing Cisco Info Center VPN Policy Manager

Installing Cisco Info Center VPN Policy Manager 3.1 involves the following steps:

1. Downloading the Policy Manager Support Pack.

2. Installing the Policy Manager component.

In this step, you run the cic_update utility to install the Policy Manager component.

Downloading the Policy Manager Support Pack

The Cisco Info Center VPN Policy Manager 3.1 application is provided as a support pack that can be added to hosts running Cisco Info Center 3.6 components. The support pack consists of two tar files that you install using the cic_update utility, and a failover gateway configuration file.

The Policy Manager support pack is available at the following location on Cisco.com:

http://www.cisco.com/pcgi-bin/tablebuild.pl/cic

The following files are installed using the update utility (cic_update):

PM31_Install.tar—Installs and configures the Policy Manager component.

PM31_CIC_update.tar—Updates an existing Cisco Info Center 3.6 installation with rules, automations, tools, and views used with the Policy Manager application.

The following failover gateway configuration file is provided:

FAIL_GATE.conf

Installing the Policy Manager Component

Complete these steps to run cic_update to install the Policy Manager component.

Step 1 Log in as user root.

Step 2 Make sure that the Cisco ISC 3.2 host that Policy Manager will communicate with is running and can be pinged from the Cisco Info Center VPN Policy Manager host.

Step 3 Make sure that the Info Server component is running.

Step 4 Make sure that the host where you are installing the Policy Manager component has at least the Cisco Info Center 3.6 Process Control component installed.

For information on installing the Process Control component, see the Cisco Info Center Installation and Configuration Guide at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/info_ctr/3_6/install/multi.htm

Step 5 Copy the tar files provided in the Policy Manager Support pack to an appropriate directory on the host.

Step 6 Set the OMNIHOME environment variable. For example, enter:

setenv OMNIHOME /opt/Omnibus

Step 7 Enter the following to start the cic_update script:

$OMNIHOME/bin/cic_update

Several prompts appear asking you to confirm the location of the installation media.

Step 8 Enter the complete path and filename for the PM31_Install.tar update file.

The script checks for the presence of several Solaris patches. If one of the patches checked for is not installed on the host, a message similar to the following appears: 

WARNING: SolarisPatch : 108652-33 is recommended for package CICpmr.


Press <Return> to continue

Step 9 If such a message appears go to the Sun Microsystems support site and obtain the required patch; then install it.

The script checks whether any Cisco Info Center 3.6 components are installed and configured.

You are prompted to configure the Policy Manager component. If there are no Cisco Info Center 3.6 components other than the Process Control component installed, the following prompt appears: 

No CIC configuration found .


Do you want to continue with the Policy Manager configuration alone? [y]

If existing Cisco Info Center 3.6 components are detected, the following prompts appear: 

The Policy Manager component has been installed.  You may configure it at this time.

You will need to know the hostname of your ISC 3.1 server in order to proceed.

Would you like to configure Policy Manager now?  (y/n)? [y]

Step 10 Press Return to continue with Policy Manager configuration.

You are prompted to configure Impact server failover: 

Impact allows for a failover configuration so that if one fails, the other takes over. You 
define a logical server that has one server as primary, which runs by default, and the 
other as the backup, which can take over if required. Each server must have its own 
properties file, database, and port. They must have identical nci.dat files which 
configure the servers as primary and backup, as must the clients connected to them.


Will the Impact failover feature be used?  (y/n)? [n]

The Impact failover feature allows you to set up a failover Impact server that is used if the primary Impact server goes down. Impact is an application that processes events sent to the Policy Manager component from the Info Server component and builds enhanced events based on predefined processing policies.

Step 11 Do one of the following:

If you want to set up a failover Impact server, enter y.

If you do not want to use the Impact failover feature, press Return.

You are prompted as to whether you have a failover Info Server: 

Do you have a failover Info Server?  (y/n)? [n]

Step 12 Do one of the following:

If you have a failover Info Server or plan to install one, enter y.

If you are not using Info Server failover, enter press Return.

You are prompted for the name of the ISC host: 

Please enter the name of the ISC host:

Step 13 Enter the name of the ISC host.

The installation script pings the specified host. If the host is not IP reachable, an error message is displayed.

You are prompted as to whether you have a failover ISC installation: 

Is there a failover ISC?  (y/n)? [n]

Step 14 Do one of the following:

If there is a backup ISC installation, enter y.

If there is no backup ISC installation, press Return.

If you enter y, you are prompted for the hostname of the host running the backup ISC installation:

Step 15 If there is a backup ISC installation, enter the hostname of the host running the backup installation.

You are prompted to enter the password and username for the ISC administrative user.

Step 16 Enter the required information when prompted.

The username and password must match the actual username and password configured for the ISC installation.

You are prompted to specify the database software used with the ISC installation: 

Which database is ISC using:

1) Sybase

2) Oracle


Enter:[1]

Step 17 Do one of the following:

To accept the default value (Sybase), press Return.

To specify Oracle, enter 2.

A series of prompts appear requesting information about the Impact server (the VPN Policy Manager component that performs policy-based event correlation and enhancement).

Step 18 Answer the prompts as indicated in the following tables.

If you have chosen to not configure Policy Manager failover, answer the prompts indicated in Table 3-4.

If you have chosen to configure Policy Manager failover, answer the prompts indicated in Table 3-5.

)

Table 3-4 Impact Server Configuration Prompts (No Failover Configured)

Prompt
Response 
Please enter the Impact server name. [NCI]

Do one of the following:

To accept the default Impact server name, (NCI) press Return.

To specify another Impact server name, enter the Impact server name that you would like to use. 

Please enter the Impact server port. [1204]

Do one of the following:

To accept the default Impact server port number (1204), press Return.

To specify another port number for the Impact server, enter the port number. 

Please enter the Info Server host for the 
impact server to connect to. 
[xxx.xxx.xxx.xxx]

Do one of the following:

To accept the default IP address (the IP address of the current host), press Return.

To specify another IP address, enter the IP address of the Info Server to which you want VPN Policy Manager to connect to. 

Please enter the Info Server port for this 
local impact server to connect to. [4100]

Do one of the following:

To accept the default Info Server port for the Impact server to connect to (port 4100), press Return.

To specify a different port number for the Impact server to connect to, enter the port number.


If you have chosen to configure Policy Manager failover, the prompts shown in Table 3-5 appear:

Table 3-5 Impact Server Configuration Prompts (With Policy Manager Failover Configured)

Prompt
Response 
Please enter the primary Impact server 
name. [NCI_P]

Do one of the following:

To accept the default name for the primary Impact server (NCI_P), press Return.

To enter another name for the primary Impact server, enter the new Impact server name. 

Please enter the primary Impact server port 
number. [1204]

Do one of the following:

To accept the default Impact server port number (1204), press Return.

To specify another port number for the Impact server, enter the port number. 

Please enter the failover Impact server 
host name. [NCI_B]

Do one of the following:

To accept the default name for the backup Impact server (NCI_B), press Return.

To enter another name for the backup Impact server, enter the new failover Impact server name. 

Please enter the failover Impact server or 
number. [1205]

Do one of the following:

To accept the default port number for the failover Impact server (1205), press Return.

To specify another port number for the failover Impact server, enter the port number. 

Please enter the failover impact server 
hostname. [backupremotehost]

This prompt appears if you entered y or pressed Return when the prompt Is this the primary server of the Policy Manager? appeared. Enter the hostname of the host that will run the backup Impact server in the failover configuration. 

Please enter the primary impact server 
hostname. [primaryremotehost]

This prompt appears if you entered n when the prompt Is this the primary server of the Policy Manager? appeared. Enter the hostname of the host that will run the primary Impact server in the failover configuration. 

Please enter the primary Info Server host 
for the Impact server to connect to. 
[currenthostname]

Enter the name of the primary Info Server host for Impact to connect to. 

Please enter the primary Info Server port 
for the Impact server to connect to. [4100]

Do one of the following:

To accept the default port number (4100), press Return.

To specify another port number, enter the port number. 

Please enter the failover Info Server host 
for the Impact server to connect to. 
[currenthostname]

Enter the name of the host that is running the failover Info Server. 

Please enter the failover Info Server port 
for the Impact server to connect to. [4100]

Do one of the following:

To accept the default port number (4100), press Return.

To specify another port number, enter the port number.


One of the following prompts appears: 

Please enter the local InfoServer name. [INFOSERVER] 


Please enter the local InfoServer name. [INFOSERV_P]

Step 19 Do one of the following:

To accept the default Info Server name (INFOSERVER or INFOSERV_P), press Return.

To specify another Info Server name, enter the Info Server name.

Messages similar to the following appear: 

Creating a new database for NCI_P ...

The following prompts appear: 

************************************

*  Server configured successfully  *

************************************


Using IMPACT_HOME=/opt/Omnibus/polmgr

The following prompt appears: 

Which host is the Flex license server running on [localhost]

Step 20 Do one of the following:

If you will use the current host to run the FLEXlm license server (the Licensing component is installed on the current host), press Return.

If the FLEXlm license server is running on another host, enter the name of the host that is running the FLEXlm license server.

The following prompt appears: 

Which port is the license server using? [27000]

Step 21 Do one of the following:

If the FLEXlm license server is using the default port (27000), press Return.

If the FLEXlm license server is using a different port, enter that port number.

Information about setting up licensing appears.

For more information on licensing VPN Policy Manager and the Cisco Info Center core components, refer to "Licensing Cisco Info Center VPN Policy Manager" section.

Updating Existing Cisco Info Center Components

Once you have installed the Policy Manager component, you must update the existing Cisco Info Center components on any hosts where they are installed. You must run the cic_update utility and update the following components:

Info Server

Info Mediator

Info Desktop(s)

The updates for these components are contained in the following files:

PM31_CIC_Update.tar

If you are using the Webtop component, you must also update the Webtop 1.1 version that was provided with Cisco Info Center 3.5 or 3.6 with Webtop 1.2. To update Webtop, you must use the install_webtop script that is provided in the cic-webtop-1.2.tar file, which is included in the distribution for Cisco Info Center VPN Policy Manager.

Starting the cic_update Utility

On each host where an existing Info Server, Info Mediator, or Info Desktop component is installed, complete the following steps to start cic_update and update the existing components.

Step 1 Log in as user root.

Step 2 Make sure that the Cisco ISC 3.2 host that Policy Manager will communicate with is running and can be pinged from the Cisco Info Center VPN Policy Manager host.?????

Step 3 Copy the tar files provided in the Policy Manager Support pack to an appropriate directory on the host.

Step 4 Make sure that the components you are updating are running.

If Cisco Info Center was started using automatic startup, the components should be running.

If you need to start the components, start them using the /etc/init.d nco start command.

Step 5 Set the OMNIHOME environment variable. For example, enter:

setenv OMNIHOME /opt/Omnibus

Step 6 If the Webtop component is running, stop it.

Step 7 Enter the following to start the cic_update script:

$OMNIHOME/bin/cic_update

Several prompts appear asking you to confirm the location of the installation media.

Step 8 Enter the complete path and filename for the PM31_CIC_update.tar update file.

The cic_update utility extracts files from the PM31_CIC_Update.tar file and installs them in the appropriate directories. After the files are installed, the utility prompts you for information about the component(s) that are being upgraded.

The prompts that appear depend on which component you are upgrading.

Step 9 For information on answering the prompts that appear for each component, go to the appropriate section of this chapter:

the "Updating the Info Server Component" section

the "Updating Info Mediator Components" section

the "Updating Info Desktop Components" section

Updating the Info Server Component

You must run the cic_update utility to upgrade all Info Server components that you will use with Cisco Info Center VPN Policy Manager.

For information on starting the cic_update utility, see the "Starting the cic_update Utility" section.

When you upgrade the Info Server component, the prompts listed in Table 3-6 appear. Answer the prompts as indicated in Table 3-6.

Table 3-6 cic_update Prompts for an Info Server and Info Mediator Update

Prompt
Response

Please enter the CIC user [default InfoAdmin]

Enter the Cisco Info Center use name for the Info Server that you are updating:

To specify the default CIC user name (InfoAdmin), press Return.

To specify another CIC user name, enter the user name

Please enter the CIC password [default InfoAdmin]

Enter the Cisco Info Center password:

To specify the default password (InfoAdmin), press Return.

To enter another password, enter the password.

Please enter the name of the InfoServer [default INFOSERVER]

Enter the name of the Cisco Info Server that you are updating:

To accept the default Info Server name (INFOSERVER), press Return.

If the Info Server has a different name, enter that Info Server name.


Updating Info Mediator Components

If you have installed Cisco Info Center 3.6 Info Mediator components on hosts that will communicate with Cisco Info Center VPN Policy Manager 3.1, then you must run the cic_update utility to update the existing Info Mediator components on any remote host that are running the following Info Mediators:

MTTrapd Info Mediator

Syslog Info Mediator

Tibco Info Mediator

For information on starting the cic_update utility, see the "Starting the cic_update Utility" section.

Note If you do not have the MTTrapd Info Mediator, the Syslog Info Mediator, and the Tibco Info Mediator configured in your installation, then you must run the nco_config configuration utility to configure these Info Mediators before you run the cic_update utility to update them. For information on adding configurations for these Info Mediators, see the "Adding Required Info Mediators" section.

You must upgrade all Info Mediator components that you will use with Cisco Info Center VPN Policy Manager. When you upgrade the Info Mediators component, the prompts listed in Table 3-6 for Info Server configuration also appear. Answer the prompts as indicated in the table.

You do not have to restart the Info Mediators. The correct rules processing information should now be added in the installation and the correct events should appear on Info Desktop and Webtop displays attached to the Info Server.

Updating Info Desktop Components

If you are using the Info Desktop component to view event lists and manage the Info Server, then you must complete the following steps:

1. On any host where it is installed, run the cic_update utility to update the Info Desktop component with customized event views for Cisco Info Center VPN Policy Manager

For information on starting the cic_update utility, see the "Starting the cic_update Utility" section.

2. If you will use the Info Desktop to launch the ISC GUI and your current Info Desktop configuration does not specify a path to a supported Internet browser, run the nco_config configuration utility to specify the path to the browser.

Installing Customized Event Views for VPN Policy Manager

Complete these steps to install customized event views for Cisco Info Center VPN Policy Manager.

Step 1 Start the cic_update utility as described in the "Starting the cic_update Utility" section.

When you upgrade the Info Desktop component, the prompts listed in Table 3-6 appear and you are also prompted to run the Desktop Builder utility to install customized event views for Cisco Info Center VPN Policy Manager.

Step 2 Answer the prompts as indicated in Table 3-6.

After you answer the prompts requesting the Info Server information, the following prompt appears: 

Do you want to run the desktop builder now (y or n) [default y]

Step 3 Press Return.

The Desktop Builder Configuration Tool appears, as shown in Figure 3-2 and Figure 3-3.

Figure 3-2 The Desktop Builder Configuration Tool

Figure 3-3 Desktop Builder Configuration Tool (Additional Selections)

The Desktop Builder Configuration Tool allows you to specify which filters and views to install with Cisco Info Center VPN Policy Manager. Based on the selections you make, a separate Desktop is created for each manager. When Desktop users start a Cisco Info Admin Desktop, they will see only the filters and views associated with that Desktop.

Step 4 Select the following .elc entries for the data sources used with Cisco Info Center VPN Policy Manager:

General_Traps.elc—Event view for general SNMP traps from the MTTrapd Info Mediator.

ISC_MPLS.elc—Event view for Multiprotocol Labelling System (MPLS) events from the Cisco ISC product.

Syslog.elc—Event view for syslog events from the Syslog Info Mediator.

Step 5 Select additional .elc files as required to enable event views for additional event sources that you want to monitor.

Step 6 When you are done selecting .elc entries, press the Tab key until Continue is selected.

Step 7 Press Return.

A window appears listing the entries that you have selected.

Step 8 Press the space bar to select Yes and then press Return.

The following message appears: 

Your default desktop has been configured

Update of the Info Desktop component is now complete

Running nco_config to Specify the Path to an Internet Browser (Optional)

If you plan to use the Info Desktop to launch the ISC GUI from the Cisco Info Center Tools menu, then the Info Desktop must be configured with the path to a supported Internet browser.

If your existing Info Desktop configuration already specifies the path to a browser, you do not need to reconfigure it.

If you plan to launch the ISC GUI from the Info Desktop and your existing Info Desktop configuration does not specify the path to a browser, complete these steps:

Step 1 Set the OMNIHOME environment variable to indicate the installation path for Cisco Info Center, for example:

setenv OMNIHOME /opt/Omnibus/

Step 2 Change to the $OMNIHOME/install directory.

cd $OMNIHOME/install

Step 3 Enter the following command to start nco_config: