CiscoWorks Common Services 2.2
Interacting with CiscoWorks Desktop
Download this chapter
Interacting with CiscoWorks DesktopInteracting with CiscoWorks Desktop
give_us_feedback

Table Of Contents

Interacting with the CiscoWorks Desktop

Invoking the CiscoWorks Desktop

Invoking CiscoWorks Desktop in Normal Mode (HTTP)

Invoking CiscoWorks Desktop in SSL Enabled Mode (HTTPS)

Logging In

Using the Desktop

Buttons

Navigation Tree

Message Window

Applications Window

Creating Shortcuts

Using Online Help

Changing the Web Server Port Numbers


Interacting with the CiscoWorks Desktop

The CiscoWorks desktop is the interface for the CiscoWorks network management applications. The desktop is a graphical user interface (GUI) that runs on a web browser. The CiscoWorks desktop provides a set of features to help you interact with the application effectively:

Invoking the CiscoWorks Desktop

Logging In

Using the Desktop

Creating Shortcuts

Using Online Help

Changing the Web Server Port Numbers

Note When you invoke the CiscoWorks network management application, CiscoWorks checks whether the required Java Plug-in (Java Plug-in version 1.3.1) is present on the client system. If you do not have the plug-in installed, CiscoWorks prompts you to install the plug-in. For more information, see the "Installing the Java Plug-in" section on page 3-7.

Invoking the CiscoWorks Desktop

The current version of CiscoWorks uses the Java Secure Socket Extension (JSSE) 1.0.2 with the Java Plug-in 1.3.1 in SSL enabled mode. Java Plug-in is optional. This is required only for applications like CiscoView and Resource Manager Essentials (Essentials).

CiscoWorks requires JSSE 1.0.2 to be installed as a Java Plug-in add-on on the client system. This helps CiscoWorks to invoke SSL Initializer (a plug-in-enabled applet). The SSL Initalizer detects whether the server is in:

Normal mode (Hypertext Transfer Protocol—HTTP)

Secure mode (Hypertext Transfer Protocol Secure—HTTPS).

Invoking CiscoWorks Desktop in Normal Mode (HTTP)

To invoke CiscoWorks in the normal mode (HTTP), enter the URL for your CiscoWorks server in your web browser: 

http://server_name:port_number

where server name is the name of the CiscoWorks Server and port number is the TCP port used by the CiscoWorks Server in the normal mode.

Note If you enter, http://server_name:port_number/login.html in your browser, the CiscoWorks Server will not launch. Also do not bookmark the CiscoWorks URL with the login.html.

In normal mode (HTTP), the default TCP port for CiscoWorks Server is 1741.

On Windows, the CiscoWorks Server always uses the default port numbers in secure and normal modes.

On Solaris, if the default TCP ports (1741 and 1742) are used by other applications, you can select a different port each for secure and normal modes during CiscoWorks Server installation. For more information, see Installation and Setup Guide for CiscoWorks Common Services on Solaris.

CiscoWorks displays the Login Manager. You can proceed by logging into CiscoWorks. For more information, see "Logging In" section.

Invoking CiscoWorks Desktop in SSL Enabled Mode (HTTPS)

To invoke CiscoWorks in the SSL enabled mode (HTTPS):

Step 1 Enter the URL for your CiscoWorks server in your browser. 

https://server_name:port_number

where server name is the name of the CiscoWorks Server and port number is the TCP port used by the CiscoWorks Server, when SSL is enabled (secure mode).

Note If you enter, http://server_name:port_number/login.html in your web browser, the CiscoWorks Server will not launch. Also, do not bookmark the CiscoWorks URL with the login.html.

When SSL is enabled (HTTPS), the default TCP port for CiscoWorks Server is 1742.

On Windows, CiscoWorks Server always uses the default port numbers in secure and normal modes.

On Solaris, if the default TCP ports (1741 and 1742) are used by other applications, you can select a different port each for secure and normal modes during CiscoWorks Server installation. For more information, see Installation and Setup Guide for CiscoWorks Common Services on Solaris.

If you use Microsoft Internet Explorer to invoke CiscoWorks, the browser displays a Security Alert window, indicating that you are about to view web pages over a secure connection.

a. Click OK in the Security Alert window.

The Security Alert window displays the security certificate alert.

b. Click Yes in the Security Alert window.

CiscoWorks displays the SSLInitialization applet window and prompts you to grant permission for the SSLInitializer applet to run.

If you use Netscape Navigator to invoke CiscoWorks, the browser displays the New Site Certificate wizard.

Step 2 Complete the steps required by the New Site Certificate wizard, and click Finish.

Note In the New Site Certificate wizard you can accept the certificate for the current session or accept it till the certificate expires. To avoid going through the New Site Certificate wizard every time you invoke CiscoWorks, you may accept the certificate till it expires.

Step 3 Click Continue in the Security Information window.

If applications which use the Java Plug-in, for example CiscoView and Essentials, is installed in SSL enabled mode, CiscoWorks displays the SSLInitialization window and prompts you to grant permission for the SSLInitializer applet to run.

The browser now switches to normal mode (HTTP), as the SSL initialization required for the Java Plug-in is required to be completed before secure (HTTPS) connections are established.

After SSLInitialization is completed, the browser switches back to the secure (HTTPS) mode. The browser displays security alert messages to indicate that you are switching to normal mode (HTTP).

Step 4 Click one of the following buttons:

Grant This Session: Grant permission for the applet to run only for the current session. If you select this option, you will be prompted to grant permission when you invoke CiscoWorks every time.

Deny: Deny permission for the applet to run. If you select this option, CiscoWorks does not get invoked, and you are required to close all your browser sessions and restart the browser before you invoke CiscoWorks again.

Grant always: Grant permission for the applet to run whenever you invoke CiscoWorks. If you select this option, you will not be prompted to grant permission when you invoke CiscoWorks next time.

More Info: View the details of the applet security certificate.

On invoking CiscoWorks for the first time, after granting permission for the applet to run, CiscoWorks does the following:

Downloads and installs the JSSE jar files on your system

Updates the java.policy file on your system

Prompts you to close the browser and restart the browser and CiscoWorks session.

Step 5 Close all browser sessions, restart the browser and invoke CiscoWorks again (Steps 1 through 3).

CiscoWorks downloads and verifies the CiscoWorks Server security certificate and prompts you to grant permission to run the applet.

Note If the certificate date is invalid, CiscoWorks does not display the prompt. Instead it displays a dialog box to indicate that the server certificate is invalid. You can click Continue in this dialog box, and still proceed with invoking CiscoWorks.

Step 6 Click one of the following buttons:

Grant This Session: Grant permission for the applet to run only for the current session. If you select this option, you will be prompted to grant permission when you invoke CiscoWorks every time.

Deny: Deny permission for the applet to run. If you select this option, CiscoWorks does not get invoked, and you are required to close all your browser sessions and restart the browser before you invoke CiscoWorks again.

Grant always: Grant permission for the applet to run whenever you invoke CiscoWorks. If you select this option, you will not be prompted to grant permission when you invoke CiscoWorks next time.

When you click Grant This Session or Grant Always, CiscoWorks displays the Login Manager. You can proceed by logging into CiscoWorks. For more information, see the "Logging In" section.

Logging In

If you have installed CiscoWorks Server and is logging in for the first time, use the reserved admin user name and password. To log in:

Step 1 Enter admin in the Name field and the password for admin in the Password field of the Login Manager.

Note The CiscoWorks Server administrator can set the passwords to admin and guest users during installation. Contact the CiscoWorks Server administrator if you do not know the password for admin.

Step 2 Click Connect or press Enter.

You are now logged into CiscoWorks Server.

Step 3 You can change the admin password through Server Configuration > Setup > Security >  Modify My Profile.

For more information, see Online Help.

Login sessions time out after 2 hours of inactivity. If the session is not used for two hours, you will be prompted to login again.

Using the Desktop

The desktop is the primary user interface and the launch point for all tasks. After you log into CiscoWorks, the desktop displays the Logout and Help buttons, navigation tree, the message window, and the applications window.

Buttons

Two buttons are available above the navigation tree:

Logout—Returns the browser to the Login Manager dialog box.

Help—Displays the online help in a separate browser window.

Navigation Tree

The navigation tree consists of several drawers. Each drawer contains a group of folders, which in turn contain groups of associated or similar tasks, tools, reports, or other options.

The contents of the navigation tree varies based on which applications or suites you have installed, and your user role. However, certain drawers and features are common to all applications and suites (see Table 2-1).

Table 2-1 Common Navigation Tree Items 

Drawer
Description

Home

Includes links to additional resources on Cisco Connection Online (CCO) and a folder for storing frequently accessed tasks

Server Configuration

Includes applications and tools for setting up, administering, and diagnosing the CiscoWorks Server

VPN/Security Management Solution

Includes applications and tools for configuration management and administration services for MCs.

Note This drawer is available only if Management Center (MC) applications are installed on the CiscoWorks Server.

Management Connection

Includes applications for adding external links to CiscoWorks, and a collection of links to commonly used tools on Cisco.com

Device Manager

Includes applications used for device management, such as CiscoView

Note This drawer is available only when CiscoWorks Common Services 2.2 (including CiscoView) is installed.


When using the navigation tree, the following conventions apply:

To open drawers and folders, click on their names.

The drawer you select determines the folders you see. When one drawer is opened, all others are closed although they retain their current state.

Use the mouse or the up and down arrow keys to move among the open folders. Your cursor must be inside the navigation tree frame to use the arrow keys.

Press Enter or single-click the mouse to open or close a folder.

Message Window

This is a web-based "Tips-of-the-day" window that displays product upgrade information, product tips, and other support information. CiscoWorks Server automatically updates messages every 24 hours from Cisco.com.

The contents of this frame are generated dynamically and can be customized. For instructions on customizing the contents of this window, from the Main help window select Server Configuration > Desktop > Editing the Message Window Contents.

Applications Window

The right frame of the CiscoWorks desktop contains interfaces for various applications. Some applications display information and dialog boxes in the applications window; other applications might display this information in a separate browser window.

Creating Shortcuts

You can use the My Shortcuts option to place frequently used tasks in your shortcut folder.

To create a shortcut, drag any item in the navigation tree to the Home drawer. To access these shortcuts, select Home > My Shortcuts. These tasks remain in the My Shortcuts folder across login sessions. You can also delete shortcuts using the Delete Shortcut option.

Using Online Help

Each CiscoWorks application includes online help that provides procedural and conceptual information to assist you in using CiscoWorks.

Online help also contains:

a search engine—keyword search of the help topics,

an index—looking up typical network tasks, and

a glossary—defines CiscoWorks terms.

You can access online help in one of these ways:

Click the Help button above the navigation tree to open a window that displays help contents. From this window, you can access help for all the CiscoWorks applications.

Note If an option in the navigation tree is selected, the help for that option appears. To access help for all CiscoWorks applications after an option has been selected, click Main.

Click an option in the navigation tree, then click the Help button. The help for that option appears in a second browser window.

Click Help in the lower right corner of a task dialog box. The context-sensitive help for the dialog box appears.

Changing the Web Server Port Numbers

The change port number utility allows you to change the web server port numbers. You must execute separate commands for both Windows and Solaris.

On Solaris:

You can change the web server port numbers for CiscoWorks and Common Services Webservers. You can also change both the HTTP and HTTPS port numbers.

To change the port numbers you must login as CiscoWorks Server administrator, and run the following command at the prompt: 

/opt/CSCOpx/objects/web/bin/changeport

If you execute this command without any command line parameter, CiscoWorks displays: 

*** CiscoWorks Webserver port change utility ***

Usage: changeport <port number> [-s] [-f] [-c]

where

<port number>—The new port number that should be used

-s—Changes the SSL port instead of the default HTTP port

-f—Forces port change even if Daemon Manager detection FAILS.

Note Do not use this option by default. Use it only when CiscoWorks instructs you to.

-c—Change SSL or http ports for Common Services Web Server
instead of the default CiscoWorks Web Server. This option can be
used in combination with the -s and -f options.

For example, you can enter:

changeport 1744—Changes the CiscoWorks web server HTTP port to use 1744

changeport 1755 -s -c—Changes the Common Services web server SSL port to use 1755.

The restrictions that apply to the specified port number are:

Port numbers less than 1025 are not allowed except 80 (HTTP) and 443 (HTTPS). Also port 80 is not allowed for SSL port and port 443 is not allowed for HTTP port.

The specified port should not be used by any other service or daemon. The utility checks for active listening ports and ports listed in /etc/services. If any conflict is found it rejects the specified port.

The port number must be a numeric value in the range 1026 - 65000. Values outside this range and non-numeric values are not allowed.

If port 80 or 443 is specified for any of the webservers, then that webserver process will be started as root. This is because ports lower than 1026 are allowed to be used only by root in Solaris.

However, as per Apache behavior, only the main webserver process runs as root, and all the child processes will run as casuser:casusers. Only the child processes serve the external requests.

The main process which runs as root monitors the child processes and do not accept any HTTP requests. Owing to this, Apache ensures that a root process is not exposed to the external world and thus ensures security.

If you do not want CiscoWorks processes to run as root, then do not use the ports 80 and 443. You can use 1755 instead.

When you execute the utility with the appropriate options, it displays messages on the tasks it performs.

This utility lists out all the files that are being updated. Before updating, the utility will back up all the affected files in /opt/CSCOpx/conf/backup and creates appropriate unique sub-directories.

It also creates one new file index.txt. This text file contains information about the changed port and a list of all the files that are backed up and their actual location in the CiscoWorks directory.

A sample backup may look like the following: 


/opt

   |

   `--/CSCOpx

       |

       `--/conf

         |

         `--/backup

           |

           |--README.txt (Note the purpose of this directory as it is initially empty)

           |

           `--/AAAtpaG03_Ciscobak (Autogenerated unique backup directory).

                     |

                     |--index.txt (The backup file list)

                     |--httpd.conf (Webserver config file)

                     |--md.properties (CiscoWorks config elements)

                     |--mdc_web.xml (Common Services application config file)

                     |--regdaemon.key (Common Services config registry key file)

                     |--regdaemon.xml (Common Services config registry data file)

                     |--rootapps.conf (CiscoWorks daemons using privileged ports)

                     |--services (The system /etc/services file)

                     |--ssl.properties (CiscoWorks config elements for SSL mode)

                     `--vms_web.xml (Common Services application config file)

Note All the above files and the unique directories are stored with read only permission to casuser:casusers. To ensure the security of the backup files, only the CiscoWorks Server administrator has write permissions.

The change port utility displays some messages to the console during execution. These messages contain information about the directory where the backup files are being stored. These messages are also logged to a file called changeport.log

This file is saved to the directory: 

/var/adm/CSCOpx/log/changeport.log

This file contains the date and time stamps to indicate when the log entries were created.

On Windows:

You can change the web server port numbers for the Common Services Webserver. You can also change both the HTTP and HTTPS port numbers.

To change the port numbers you must have administrative privileges. Run the following command at the prompt: 

CSCOpx/lib/web/changeport.exe

If you execute this utility without any command line parameter, CiscoWorks displays the following usage text: 

*** Common Services Webserver port change utility ***

Usage: changeport <port number> [-s] [-f]

where:

<port number>—The new port number that should be used

-s—Change the SSL port instead of the default HTTP port

-f—Force port change even if Daemon Manager detection fails.

Note Do not use this option by default. Use it only when CiscoWorks instructs you to use.

For example, you can enter:

changeport 1744—to change the Common Services web server HTTP port to use 1744

changeport 1755 -s -c—to change the Common Services web server SSL port to use 1755.

The restrictions that apply to the specified port number are:

Port numbers less than 1025 are not allowed except 80 (HTTP) and 443 (HTTPS). Also port 80 is not allowed for HTTPS port and port 443 is not allowed for HTTP port.

The specified port should not be used by any other service or daemon. The utility checks for active listening ports and if any conflict is found the utility rejects the specified port.

Note There is no reliable way to determine whether any other service or application is using a specified port. If the service or application is running and actively listening on a port, it can be easily detected. However, if the service is currently stopped, there is no way that the utility can determine what port it uses. This is because on Windows there is no common port registry equivalent to /etc/services as in UNIX.

The port number must be a numeric value in the range 1026 - 65000. Values outside this range and non-numeric values are not allowed.

When you execute the utility with the appropriate options, it displays messages on the actions it is performing.

It lists out all the files that are being updated. Before updating, the utility will back up all the affected files in CSCOpx\conf\backup and creates appropriate unique sub-directories. It also creates one new file index.txt, which contains information about the changed port and a list of all the files that are backed up and their actual location in the CiscoWorks directory.

A sample backup may look like the following: 


[drive:]

 |

 `--\Program Files

      |

      `--\CSCOpx

           |

           `--\conf

                |

                `--\backup

                   |

                   |--README.txt (Notes the purpose of this dir as it is initially empty)

                   |

                   `--\skc03._Ciscobak (Autogenerated unique backup directory).

                        |

                        |--index.txt      (The backup file list)

                        |--httpd.conf     (Webserver config file)

                        |--md.properties  (CiscoWorks config elements)

                        |--mdc_web.xml    (Common Services application config file)

                        |--regdaemon.key  (Common Services config registry key file)

                        |--regdaemon.xml  (Common Services config registry data file)

                        |--ssl.properties (CiscoWorks config elements for SSL mode)

                        `--vms_web.xml    (Common Services application config file)

Note All the above files and the unique directories are stored with read only permissions. Only the administrator and casuser have write permissions, to ensure the security of the backup files.

The change port utility displays some messages to the console during execution. These messages contain information about the directory where the backup files are being stored. These messages are also logged to a file called changeport.log

This file is saved to the directory: 

NMSROOT\log\changeport.log

This log file contains the date and time stamps to indicate when the log entries were created.