Guest

Cisco Videoscape Distribution Suite for Internet Streaming

Release Notes for Cisco CDA Visual Quality Experience Application, Release 2.1

 Feedback

Table Of Contents

Release Notes for Cisco CDA Visual Quality Experience Application, Release 2.1

Contents

Introduction

New and Changed Features and Functionality

System Requirements

Limitations and Restrictions

VQE SDP Channel Information Compatibility

Changing the System Time Causes Unicast Retransmission Disruptions

Performing a Date and Time Change with NTP

Performing a Date and Time Change with the Linux date Command

Open Caveats

Resolved Caveats

Important Notes

Upgrading From VQE Release 2.0 to Release 2.1

Backing Up Files Before Upgrading

Making Cable Connections on the Cisco CDE110 That Hosts VQE-S or VCPT

Connecting Cables to the CDE110

Adjusting BIOS Settings and Installing the VQE Software

Migrating VQE Release 2.0 Configuration Files to VQE Release 2.1

Migrating Channel-related Files from VQE Release 2.0 to VQE Release 2.1

Creating VCPT Configuration Files for Release 2.1

Creating VQE-S and VQE-C Channel Configuration Files for Release 2.1

Supporting Software Hardening Guides and VQE

Linux Security Checklist

The 60 Minute Network Security Guide

Notices

OpenSSL/Open SSL Project

License Issues

GNU General Public License Information

Related Documentation

Obtaining Documentation and Submitting a Service Request


Release Notes for Cisco CDA Visual Quality Experience Application, Release 2.1


Revised: August 26, OL-15567-01
CDC Date August 26, 2008

Contents

These release notes contain the following sections:

"Introduction" section

"New and Changed Features and Functionality" section

"System Requirements" section

"Limitations and Restrictions" section

"Open Caveats" section

"Resolved Caveats" section

"Important Notes" section

"Upgrading From VQE Release 2.0 to Release 2.1" section

"Supporting Software Hardening Guides and VQE" section

"Notices" section

"Related Documentation" section

"Obtaining Documentation and Submitting a Service Request" section

Introduction

Cisco CDA Visual Quality Experience Application (VQE), Release 2.1, offers service providers a set of technologies and products associated with the delivery of IPTV video services. VQE is designed to improve the quality of IPTV services and subscribers' viewing experiences. VQE is part of a Cisco end-to-end solution that builds video awareness into the network infrastructure. For Release 2.1, VQE technology is intended for wireline operators who offer managed broadcast (multicast) IPTV services using xDSL.

Cisco Content Delivery Application (CDA) Visual Quality Experience Application, Release 2.1, includes these major software components:

VQE Server (VQE-S)—Software that runs on a Linux-based Cisco Content Delivery Engine 110 (CDE110) appliance located in the intelligent edge of the service-provider's network.

VQE Client (VQE-C)—Software embedded in the subscriber's CPE—typically a set-top box.

These release notes cover VQE Server software and two related software components: VQE Channel Provisioning Tool (VCPT) and VQE Client Channel Configuration Delivery Server (VCDS).

For information on VQE Server, VQE Channel Provisioning Tool, and VQE Client Channel Configuration Delivery Server, see the Cisco CDA Visual Quality Experience Application User Guide, Release 2.1.

For information on VQE Client, see the documentation that is provided in the TAR file containing the VQE Client software.

New and Changed Features and Functionality

The enhancements for VQE Release 2.1 include the following:

Forward Error Correction (FEC) support in VQE-C

NAT enhancements in both VQE-C and VQE-S to support all types of NATs, including symmetric NAT. A STUN Server has been added to VQE-S.

Cisco VQE Startup Configuration Utility for VQE-S and VQE Tools initial configuration

vqereport utility for VQE-S and VQE Tools

Unicast Retransmission rate-limiting enhancements in VQE-S and VQE-C

For changed functionality, the VQE-S and VQE Tools software no longer includes the Quagga routing package (ospfd and zebra daemons).

With the removal of Quagga, VQE-S Release 2.1 does not contain any dynamic routing capability. Loss of the dynamic routing capability does not affect the basic operation of the VQE-S. It does, however, have the following implications:

Static default route(s) must be configured on the VQE-S in order to allow outbound traffic to be routed correctly.

A static route must be installed on the router directly attached to the VQE-S to allow the Feedback Target (FBT) addresses for the channels to be reached.

On the VQE-S host, the Cisco VQE Startup Configuration Utility configures the required static routes when you provide it with the needed information (CDE110 interface names, IP addresses, and so forth). For information on the VQE Startup Configuration Utility and on configuring static routes, see the Cisco CDA Visual Quality Experience Application User Guide, Release 2.1.

System Requirements

VQE Server runs on one Content Delivery Engine 110 (CDE110) appliance. VQE Channel Provisioning Tool and VQE Client Channel Configuration Delivery Server run on a separate CDE110 appliance.

The Cisco CDE110 comes with the required software pre-installed—either VQE Server software or VQE Channel Provisioning Tool and VQE Client Channel Configuration Delivery Server software. In each case, the required Linux, Apache web server, and other software is also pre-installed.

To access the VQE-S Application Monitoring Tool (VQE-S AMT or AMT) or the VQE Channel Provisioning Tool, you need a web browser. For these tools, the following web browsers are supported:

Microsoft Internet Explorer version 6.0 or later

Mozilla Firefox version 2.0 or later

The minimum screen resolution required for VQE-S AMT and VCPT is 1024 x 768 pixels.

To display the Channels Status Summary graph of active, inoperative, and inactive channels in the AMT VQE-S Status window, Adobe Flash Player must be installed on the computer that hosts the browser accessing AMT. Adobe Flash Player is free and can be found at this URL:

http://get.adobe.com/flashplayer/

Limitations and Restrictions

Cisco CDA Visual Quality Experience Application, Release 2.1, technology is intended for wireline operators who offer managed broadcast (multicast) IPTV services using xDSL.

See the following sections for other limitations and restrictions:

"VQE SDP Channel Information Compatibility" section

"Changing the System Time Causes Unicast Retransmission Disruptions" section

VQE SDP Channel Information Compatibility

Cisco VQE channel configuration information in Session Description Protocol (SDP) format is sent to VQE Servers and VQE Clients. VQE-S and VQE-C create channel configuration files from the information received. Table 1 lists the SDP channel configuration compatibility requirements for VQE Release 2.0 and 2.1.

Table 1 SDP Channel Information Compatibility Requirements

VQE Version SDP
VQE-S 2.0
VQE-C 2.0
VQE-S 2.1
VQE-C 2.1

VQE 2.0 SDP

     Yes

     Yes

     Yes *

     Yes *

VQE 2.1 SDP

     No

     No

     Yes

     Yes


* VQE Channel Provisioning Tool (VCPT) opens and automatically converts Release 2.0 SDP to Release 2.1 SDP. In that sense, VQE 2.0 SDP is compatible with VQE-S 2.1 and VQE-C 2.1.


Note Release 2.0 channel configuration files created with VCPT for VQE-S and VQE-C are not usable with the Release 2.1 version of VQE-S and VQE-C.


For information on the migrating channel-related files, see the "Migrating Channel-related Files from VQE Release 2.0 to VQE Release 2.1" section.

Changing the System Time Causes Unicast Retransmission Disruptions

When the system time is changed on a VQE-S server that is actively repairing network errors, all Unicast Retransmissions will stop indefinitely, and output gaps will be seen on the VQE Clients.

When the system time is moved forward, the VQE-S receives requests for Unicast Retransmission but does not send the repairs to the VQE Clients on the set-top boxes.

When the system time is moved backward, all channels go to an inactive state and no Unicast Retransmission operations are performed.

For a VQE-S server that is actively repairing network errors, an explicit system time change (that is, by using the date command) will always result in the failure of Unicast Retransmission operations until corrective action is taken.

Workaround: Any time change performed on the VQE-S system should be done during a maintenance window. The procedures for changing the date and time vary depending on whether Network Time Protocol (NTP) or the Linux date command is used. See one of the following sections:

"Performing a Date and Time Change with NTP" section

"Performing a Date and Time Change with the Linux date Command" section


Note Using the local clock is not the recommended procedure for running with accurate time. Using NTP is recommended to keep the VQE-S services operational.


Performing a Date and Time Change with NTP

When performing a date and time change with NTP, do the following:


Step 1 Log in as root.

Step 2 Stop the ntpd service by issuing the following command:

[root@system]# service ntpd stop 

Step 3 If needed, set the timezone. Issue the tzselect command and follow the prompts:

[root@system]# /usr/bin/tzselect 

Step 4 Set the system date and time to a date and time close to the NTP server date and time by issuing the following command:

date -s "date_time_string"

For example:

[root@system]# date -s "16:55:30 July 7, 2008"

Step 5 Synchronize the clock to the configured NTP servers by issuing the following command:

[root@system]# ntpd -q

If the system clock is off by a lot, the command will take considerable time to return.

Step 6 Start the ntpd service by issuing the following command:

[root@system]# service ntpd start 

Step 7 Synchronize the hardware clock by issuing the following command:

[root@system]# /sbin/hwclock --systohc 

Step 8 Check NTP synchronization

[root@system]# ntpq -p 

Step 9 Reboot the VQE-S server by issuing the following command:

[root@system]# init 6 


Performing a Date and Time Change with the Linux date Command

When performing a time/date change with the Linux date command only, perform the following commands:


Step 1 Log in as root.


Step 2 If needed, set the timezone. Issue the tzselect command and follow the prompts:

[root@system]# /usr/bin/tzselect 

Step 3 Set the system date and time by issuing the following command:

date -s "date_time_string"

For example:

[root@system]# date -s "16:55:30 July 7, 2008"

Step 4 Synchronize the hardware clock by issuing the following command:

[root@system]# /sbin/hwclock --systohc 

Step 5 Reboot the VQE-S server by issuing the following command:

[root@system]# init 6 


Open Caveats

VQE Release 2.1 contains the following open caveats:

CSCsk11985

SNMPSA will not operate without the IMB driver.

On rare occasions after an ISO image installation, SNMPSA (SNMP subagent) may fail to start because an IMB driver is not installed correctly. The following messages are displayed when you run the vqes_init_setup script:

SNMPSA: IMB driver is not started, possibly due to kernel version mismatch.
SNMPSA: SNMPSA will not operate without the IMB driver

Workaround: Reboot the machine after seeing this error.

CSCsj70513

An "Invalid module format" error is thrown on ipmi/imb.ko.

The following errors are shown on the CDE110 system console and saved in first_boot_addon.log file during VQE-S installation first boot phase:

+ /usr/local/ism/driver/imbload start
insmod: error inserting '/usr/local/ism/driver/imb.ko': -1 Invalid module format
/bin/mknod: missing operand after `0'
Try `/bin/mknod --help' for more information.

The error always occurs during the first boot phase of initial VQE-S install. The VQE-S installation patches the Linux kernel during first boot phase, and installs the Intel IPMI driver for the new kernel. The IPMI driver tries to load before the new kernel is loaded and causes the error messages shown on console and in first_boot_addon.log.

Workaround: No work around is required. The system will function correctly since the patched kernel will be used once the installation is complete and system is reloaded.

CSCsj95844

The ifup command produces a core dump of the arping process.

The ifup command used to activate an Ethernet interface executes a system utility named arping to do duplicate address detection on the network. In certain cases, the arping utility may stop unexpectedly while running an interface up or interface down operation. A message indicating that the duplicate address detection check has failed is displayed. However, the interface up operation will continue to run and apply configuration changes as expected. A second message to the console will indicate that arping has segfaulted. A core dump file of the arping process will be found in /var/core.

This failure can occur whenever an interface is started using the /sbin/ifup command and the VQE-S application is running.

Workaround: Retry the interface up operation by first issuing the interface down command /sbin/ifdown ethX. Then issue the interface up command /sbin/ifup ethX again.

CSCsi67816

Manual startup or restart of tomcat5 service daemon fails.

The symptom is that the VQE-S Application Management Tool (AMT) does not work and simple restarts of the tomcat5 service fail to clear the problem. The tomcat 5 service is required for the VQE-S AMT to operate.

In some conditions, an attempt to restart the tomcat5 service fails and leaves tomcat5 in an inoperable state even though the process itself may appear to be running. The root cause of the problem is not known. However, the issue only seems to occur when the tomcat5 service has been started, or restarted, from within a Linux shell environment that has been reached with the su command rather than through a direct login.

Workaround: Perform the following:

1. Login to the VQE-S system directly as root. For example, use the following command:

ssh -l root vqes-system

2. Restart the tomcat5 service with the following command:

service tomcat5 restart

CSCsj53629

On initial CD/DVD installation, error messages are displayed on the system console.

The following error messages come from the CD/DVD drive during initial installation:

hda: packet command error: status=0x51 { DriveReady SeekComplete Error }
hda: packet command error: error=0x54 { AbortedCommand LastFailedSense=0x05 }
ide: failed opcode was: unknown
hda: packet command error: status=0x51 { DriveReady SeekComplete Error }

Workaround: No workaround is needed because these messages do not affect CD/DVD performance. Users can safely ignore them.

CSCs142168

A java exception is thrown at the console when tomcat is restarted.

If tomcat is currently not running and the command to restart tomcat is issued from the console, a java exception is thrown.

Workaround: No workaround is needed. The exception can be safely ignored.

CSCsl75266

In VCPT, a validation error is displayed when all fields have correct data.

When a channel is cloned and all data is updated so that it is unique, VCPT displays a validation error.

Workaround: When the error is displayed, position the cursor in the field that is highlighted as red. The validation error will be removed, and the Create button will be accessible.

CSCs177161

The error provided for a VQE-S misconfiguration is missing details about what is invalid in the configuration file.

When a newline is entered at the end of a string for a variable in the vqes.conf file, the invalid configuration error occurs.

Workaround: Remove the newline and ensure that any modifications to string variables in the vqes.conf file for do not have a newline in the string.

CSCs174806

In the Session Description Protocol (SDP) for a channel lineup, unsupported SDP lines are not ignored. The channel lineup is rejected.

If the following lines are included in the session layer section of the channel configuration:

u=... 
e=... 
p=... 
z=... 
k=... 
r=... 

The k=... line in the media section of the channel configuration file causes the channel lineup to be rejected.

Workaround: Correct the SDP file so that it includes only the SDP defined for the VQE applications.

CSCs165927

Static routes, which were configured in /etc/sysconfig/static-routes-iputil, are missing, and the VQE-S can no longer send repair packets or can no longer reach certain IP destination addresses.

This condition can occur when VQE-S interfaces are manually shutdown by the operator using the Linux ifdown ifname command and then manually brought back up using the Linux ifup ifname command. In cases where all of the next hop routers for a route configured in /etc/sysconfig/static-routes-iputil become unreachable due to interfaces being manually shut down in this manner, the corresponding routes will be removed from the routing table and will not be reinstalled even when one or more of the interfaces are brought back up.

Workaround: Instead of using the ifup ifname command to bring each of the interfaces up individually, bring them all back up at once using the command service network start command. This will bring up all interfaces that were shut down, and will also reinstall all of the routes contained in the file /etc/sysconfig/static-routes-iputil.

CSCsl65623

In a channel lineup where two different channels share the same multicast address (but different ports), one or both of the channels fail to receive data on the VQE-S, or only receive packets intermittently.

Multiple channels with the same multicast address but different RTP ports can be sent to VQE-S and will be accepted. This configuration causes errors within the Multicast Load Balancer, which in turn may cause one or both of the channels to fail to be received on the VQE-S.

Workaround: Change the channel configuration so that each channel uses a unique multicast address.

CSCsl27309

CD drive sense errors are displayed when rebooting the VQE-S.

These errors are displayed only on initial startup when the CD tray is open.

Workaround: This error can be safely ignored during startup. To prevent the errors from occurring, close the CD drive tray before powering on the server.

Resolved Caveats

These caveats have been resolved in VQE Release 2.1.

CSCsj40019

Adding channels causes intermittent Error Repair loss.

When new channel lineups are sent to a VQE Server, temporary loss of Error Repair can occur for several seconds depending on the number of changes in the new channel lineup from the existing one on the VQE-S server.

CSCsk12402

The SDP Parser does not perform syntax checks or checks for mandatory elements.

VQE-S may fail to perform syntax checks and checks for mandatory elements in the SDP data describing a channel. In cases where the syntax of the SDP data is incorrect, or where mandatory elements are missing from the SDP, the parser may incorrectly accept the channel description as valid and attempt to operate on it, with undefined results.

CSCsk19357

VQE-S may generate syslog error messages when no error has occurred.

VQE-S may generate a syslog error message when, in fact, no error has occurred and the system is behaving as expected. The syslog message contains the text CP channel handle not match DP's from upcall event:channel.

CSCsk19624

Cache Manager rejects a channel with too little bandwidth configured.

When a channel is configured with less than approximately 1500Kbps of aggregate bandwidth, the Cache Manager may fail to properly create the channel, causing the channel to remain inoperative. The channel will be shown with a "red" status in the "Channels" summary screen of the VQE-S Application Monitoring Tool and VQE-S will fail to perform error repair for that channel.

Important Notes

For security reasons, the following restrictions apply to VQE.

The root user cannot use Secure Shell (SSH) to log in to a CDE110 that hosts VQE-S or VCPT. Also, the root user cannot log in to VQE-S AMT or VCPT. The vqe user should be used instead. The vqe user is a pre-created Linux user ID and has its password set during CDE110 initial system configuration.

Only users in the wheel group can use the su or sudo commands. By default, the vqe user is in the wheel group.

If you want to add user accounts to the wheel group so that additional users can use su and sudo, log in as root and issue the following command:

usermod -G wheel username

In the preceding, username specifies the user who will be added to the wheel group.

Upgrading From VQE Release 2.0 to Release 2.1

To upgrade from VQE Release 2.0 to Release 2.1 requires that you perform an ISO installation of the VQE Release 2.1 software on the Cisco CDE110 that hosts VQE-S and on the CDE110 that hosts the VQE Tools (VCPT and VCDS).

The software for Cisco VQE Release 2.1, Redhat Linux, Apache web server, and other required facilities is distributed on two CDs. One CD is for VQE-S, and one CD is for VQE Tools.

Read each of the following sections, in the order shown, when performing the upgrade from VQE Release 2.0 to Release 2.1:

1. "Backing Up Files Before Upgrading" section

2. "Making Cable Connections on the Cisco CDE110 That Hosts VQE-S or VCPT" section

3. "Adjusting BIOS Settings and Installing the VQE Software" section

4. "Migrating VQE Release 2.0 Configuration Files to VQE Release 2.1" section

5. "Migrating Channel-related Files from VQE Release 2.0 to VQE Release 2.1" section

Backing Up Files Before Upgrading


Caution The ISO installation procedure used to upgrade from VQE Release 2.0 to Release 2.1 will format the hard disk on the CDE110. Formatting causes all data on the hard disk to be erased.

Before upgrading the software on a CDE110, be sure to backup all needed files to a safe location (for example, on a server separate from the CDE110s being upgraded) if you intend to use that data to configure the upgraded CDE110.

If you want to replicate any user-customized configuration that was used for VQE Release 2.0 on the CDE110 that hosts VQE-S or on the CDE110 that hosts VCPT and VCDS, you must back up the files shown in the following tables.

Table 2 shows the files that must be backed up for the CDE110 that hosts VQE-S.

Table 3 shows the files that must be backed up for the CDE110 that hosts VCPT and VCDS.


Note In addition to the files listed in these tables, there may be backup or alternate files in the /etc/opt/vqes directory or another location. These files must be backed up if you want them available on the upgraded CDE110.

If additional functions are enabled on the CDE110, there may be additional files not listed in these tables that need to be backed up.


Table 2 VQE-S CDE110: Files That Must Be Backed Up  

File
Notes

/etc/hosts

--

/etc/ntp.conf

If additional Network Time Protocol configuration has been enabled, files in other locations may need to be backed up.

/etc/resolv.conf

--

/etc/sysconfig/network

--

/etc/sysconfig/network-scripts/ifcfg-eth#

There are four of these files, where # is the number of the Ethernet interface. For example: ifcfg-eth1

/etc/sysconfig/network-scripts/route-eth#

There are four of these files, where # is the number of the Ethernet interface. For example: route-eth1

/etc/opt/vqes/vqes.conf

VQE-S configuration file

/etc/opt/vqes

There may be additional backup or alternate files in the vqes directory (or another location) that you want available on the upgraded CDE110.

/etc/opt/vqes/vqe_channels.cfg

VQE-S channel configuration file. This Release 2.0 file is for reference only; it is not usable on the upgraded CDE110. See "Migrating Channel-related Files from VQE Release 2.0 to VQE Release 2.1" section.

/etc/opt/vqes/vqes_syslog.conf

VQE-S syslog configuration file

/usr/share/tomcat5/webapps/ems/WEB-INF/vqe.conf

VQE-S AMT configuration file with XML-RPC port numbers for management servers

/usr/share/tomcat5/webapps/ems/WEB-INF/classes/log4j.properties

VQE-S AMT log4j logging configuration file


Table 3 VCPT and VCDS CDE110: Files That Must Be Backed Up

File
Notes

/etc/hosts

--

/etc/ntp.conf

If additional Network Time Protocol configuration has been enabled, files in other locations may need to be backed up.

/etc/resolv.conf

--

/etc/sysconfig/network

--

/etc/sysconfig/network-scripts/ifcfg-eth#

There are four of these files, where # is the number of the Ethernet interface. For example: ifcfg-eth1

/etc/sysconfig/network-scripts/route-eth#

There are four of these files, where # is the number of the Ethernet interface. For example: route-eth1

VCPT configuration files in /etc/opt/vcpt/data

VCPT configuration files are in this directory. Filenames are user-defined and vary.

/etc/opt/vqes

There may be additional backup or alternate files in the vqes directory (or another location) that you want available on the upgraded CDE110.

/etc/opt/vqes/VCDServer.cfg

VCDS configuration file

/etc/opt/vqes/vqec_channels.cfg

VQE-C channel configuration file. This Release 2.0 file is for reference only; it is not usable on the upgraded CDE110. See "Migrating Channel-related Files from VQE Release 2.0 to VQE Release 2.1" section.

/usr/share/tomcat5/webapps/vcpt/WEB-INF/classes/log4j.properties

VCPT log4j logging configuration file


For information on migrating configuration files from VQE Release 2.0 to Release 2.1, see the "Migrating VQE Release 2.0 Configuration Files to VQE Release 2.1" section.

For information on migrating channel-related files from VQE Release 2.0 to Release 2.1, see the "Migrating Channel-related Files from VQE Release 2.0 to VQE Release 2.1" section.

Making Cable Connections on the Cisco CDE110 That Hosts VQE-S or VCPT

Since this is an upgrade of a CDE110 that already hosts VQE-S or VCPT, the cable connections described in this section may already be made.

Connecting Cables to the CDE110

The following cable connections are used on the Cisco CDE110 that hosts VQE-S and on the CDE110 that hosts VCPT:

Depending on whether the host is for VQE-S or VCPT, do one of the following:

On the VQE-S host, use Category 5 UTP cable to connect each of the four Ethernet interfaces on the back of the Cisco CDE110 to Ethernet interfaces on the edge router that is providing multicast streams for each IPTV channel. For optimal VQE-S performance, all four Ethernet interfaces on the Cisco CDE110 should have a direct Layer-3 connection to the edge router.

On the VCPT host, use Category 5 UTP cable to connect at least one of the four Ethernet interfaces on the back of the CDE110 to the same network that the CDE110s that host VQE-S are on. If you use additional Ethernet interfaces for link redundancy, connect Category 5 UTP cables for those interfaces also.

A serial-port connection can be through a terminal server or through a directly connected PC.


Note A serial-port connection to the CDE110 is needed to halt the system during the VQE software installation.


If a terminal server is connected to the CDE110 serial port, the RJ-45 cable from the terminal server is connected to an RJ-45 serial port on the front or back of the Cisco CDE110. Only one serial port can be used because it is one shared serial port.

If a PC is directly connected to the CDE110 serial port, the cable from the PC is connected to an RJ-45 serial port on the front or back of the Cisco CDE110. Only one serial port can be used because it is one shared serial port. The PC end of the cable connected to the CDE110 serial port varies depending on the type of ports supported by the PC.


Note The serial port is used for the system console. A system console is typically used rather than a monitor, keyboard, and mouse directly attached to the Cisco CDE110.


If a monitor, keyboard, and mouse are used, the cables for the devices are connected to the appropriate connectors on the Cisco CDE110.

For the location of connectors on the Cisco CDE110 front and back panels, see the Cisco Content Delivery Engine 110 Hardware Installation Guide.

Adjusting BIOS Settings and Installing the VQE Software

Use the procedure in this section for upgrading from VQE Release 2.0 to Release 2.1.The procedure is used for the CDE110 that hosts VQE-S and for the CDE110 that hosts the VQE Tools.


Note During the software installation, if you want to view readable and extended graphical output for what is occurring, you will have to attach a video monitor to the CDE110 video port. The video monitor is not needed to complete the software installation.


To adjust the BIOS settings and install the VQE software, follow these steps:


Step 1 Start HyperTerminal on the PC connected to the CDE110 serial port. Terminal emulation software must be configured as follows:

Bits per second: 9600

Data bits: 8

Parity: none

Stop bits: 1

Hardware flow control: ON

Step 2 Insert the VQE software CD in the CD/DVD Combo drive. There are two different CDs: one for the CDE110 that hosts VQE-S, and one for the CDE110 that hosts VQE Tools (VCPT and VCDS).

Step 3 If needed, power off the CDE110.

Step 4 Power on the CDE110.

Changing the Boot Sequence to Start from the CD Drive

Step 5 When the system boots and displays "Press <F2> to enter SETUP," press F2 to go into enter BIOS Setup.

Step 6 When the BIOS Setup utility is displayed, use the arrow keys to move to the Boot Options menu (Figure 1).

Figure 1 Boot Options Menu

Step 7 So that the CD/DVD Combo drive is first in the boot order, you need to change the boot sequence to the following:

1. IDE PM: SlimType COMBO SSC-2485

2. #0440 ID01 LUN0 FUJITSU MAY203

3. IBA GE Slot 0600

4. [EFI SHELL]


Note Because the components used in the CDE110 can vary, the name of the CD drive may be different from what is shown in the preceding list.


To change the boot sequence, use the arrow keys to move to the boot option you will change (for example, Boot Option #1) and press Enter. Then use the arrow keys to move to the required boot device and press Enter.

The updated Boot Option is displayed.

Step 8 To save and exit the BIOS Setup, press F10. (As an alternative to pressing F10, use the arrow keys to move to Exit in the BIOS Setup menu and select Save Changes and Exit.)

The Setup Confirmation message "Save Configuration Changes and exit now?" is displayed.

Step 9 Select Yes and press Enter.

The CDE110 restarts.

Loading the VQE Software

The system starts loading the VQE software from the CD.

The output displayed during the software installation varies depending on whether you are viewing a video monitor connected to the CDE110 video connector, or a PC connected to the CDE110 serial port. The output you see may be different from what is shown.

A video monitor connected to the CDE110 video port displays readable and extended output. For example:

Loading device Drivers...
Running anaconda ...
Running pre-install scripts
Retrieving Installation information...
Checking dependencies...
Formatting / file system ...
Transferring install image to hard drive...
Starting install process. This may take several minutes...
Installing Bootloader ...
...
Sending termination signal ...

A PC connected to the CDE110 serial port displays rectangular boxes that scroll across the screen.

The time for the VQE software to load is approximately 10 minutes.


Note During the software installation, some messages indicating errors are displayed. These messages can be safely ignored.


The system ejects the CD and then automatically reboots.

Step 10 Remove the VQE software CD and close the CD/DVD drive tray.

The system starts again and displays many boot messages on the video monitor and through the serial port. The section below takes approximately four to five minutes to complete.

Installing additional VQE-S Packages ...

After the additional packages are installed, the following is displayed on the video monitor:

Installing additional VQE-S packages ...
VQE-S installation finished. Run prelink ...
*****************************************************************************
Installation is successful. Press enter on ttyS1 to halt the system ...
*****************************************************************************

After the additional packages are installed, the following is displayed on the serial port console connection:

Checking VQE-S binary checksums: [  OK  ]
Checking required kernel parameters: [  OK  ]
Checking required file/dir ownership: [  OK  ]
+ ret=0
+ set +x
Removing password for user root.
passwd: Success
*****************************************************************
Installation is successful. Press enter to halt the system ...
*****************************************************************

Step 11 On the serial port console connection, press Enter.

The following output is displayed:

INIT: INIT: Sending processes the TERM signal
Stopping HAL daemon: [  OK  ]
Stopping yum-updatesd: [  OK  ]
Stopping anacron: [  OK  ]
Stopping atd: [  OK  ]
Stopping cups: [  OK  ]
Shutting down console mouse services: [  OK  ]
Stopping sshd: [  OK  ]
... 
Output omitted 
... 
ACPI: PCI interrupt for device 0000:09:00.1 disabled
ACPI: PCI interrupt for device 0000:09:00.0 disabled
ACPI: PCI interrupt for device 0000:06:00.1 disabled
ACPI: PCI interrupt for device 0000:06:00.0 disabled
System halted.

The system is halted but not powered off.

Step 12 Power down the system.

Changing the Boot Sequence to Start from the Hard Drive and Performing First Boot Setup

To complete the software installation, the BIOS settings must be adjusted so that the boot sequence starts with the hard drive.

Step 13 Power on the CDE110.

Step 14 When the system boots and displays "Press <F2> to enter SETUP," press F2 to go into enter BIOS Setup.

Step 15 When the BIOS Setup utility is displayed, use the arrow keys to move to the Boot Options menu (see Figure 1).

Step 16 So that the hard drive is first in the boot order, you need to change the boot sequence to the following:

1. #0440 ID01 LUN0 FUJITSU MAY203

2. IDE PM: SlimType COMBO SSC-2485

3. IBA GE Slot 0600

4. [EFI SHELL]


Note Because the components used in the CDE110 can vary, the name of the CD drive may be different from what is shown in the following list.


To change the boot sequence, use the arrow keys to move to the boot option you will change (for example, Boot Option #1) and press Enter. Then use the arrow keys to move to the required boot device and press Enter.

The updated Boot Option is displayed.

Step 17 To save and exit the BIOS Setup, press F10. (As an alternative to pressing F10, use the arrow keys to move to Exit in the BIOS Setup menu and select Save Changes and Exit.)

The Setup Confirmation message "Save Configuration Changes and exit now?" is displayed.

Step 18 Select Yes and press Enter.

The CDE110 restarts and the first normal boot of the system begins. Only partial output is shown in the following:

Press any key to continue.
Press any key to enter the menu

Booting Red Hat Enterprise Linux Server (2.6.18-8.1.15.el5PAE kdump) in 4 secon
ds...Booting Red Hat Enterprise Linux Server (2.6.18-8.1.15.el5PAE kdump) in 3 secon
ds...
... 
Output omitted
... 
Starting anacron: [  OK  ]
Starting HAL daemon: [  OK  ]
Script started, file is ../log/wizard.log
Backing up factory default configurations ...
Done.

After the system boots normally, the login prompt is displayed.

Step 19 Log in as root and set the root password. The system asks you to enter new password and retype the new password.


Note The only user who can log in at this time is root.


Step 20 The VQE Startup Configuration Utility begins to execute and displays the following:

Script started 
... 
Output omitted
...
Welcome to the Cisco VQE startup configuration utility.  This utility is intended to 
facilitate the initial setup of the VQE system. ...

For information on using the VQE startup configuration utility, see the "Getting Started Using the VQE Startup Configuration Utility" in Chapter 2 of the Cisco CDA Visual Quality Experience Application User Guide, Release 2.1.

For information on migrating VQE Release 2.0 configuration files to VQE Release 2.1, see the next section "Migrating VQE Release 2.0 Configuration Files to VQE Release 2.1" section.

Migrating VQE Release 2.0 Configuration Files to VQE Release 2.1

This section provides some guidance on how to use information in your VQE Release 2.0 configuration files in your VQE Release 2.1 configuration files.


Caution Except where you are changing a Release 2.1 configuration file value to match a Release 2.0 value, do not change or remove any of the default information in the Release 2.1 file.

Do not use a VQE Release 2.0 configuration file in place of a VQE Release 2.1 configuration file. In many cases, new configuration options have been added to the Release 2.1 files. Using a VQE Release 2.0 configuration file for VQE Release 2.1 may produce unpredictable and unwanted results.

In most cases, if you want to use some or all of your VQE Release 2.0 configuration in VQE Release 2.1, you will have to use a text editor to incorporate the Release 2.0 values into the Release 2.1 configuration files. You use the default Release 2.1 configuration file as the base file to start from and modify that file with the selected Release 2.0 values. You carefully examine each Release 2.1 configuration file and make changes only to those items where you want to replicate a Release 2.0 configuration value. When done, save the file in the appropriate directory on the CDE110 appliance.

Table 2 and Table 3 provide lists of VQE files that should have been saved prior to installing the VQE 2.1 software.


Note Channel-related files are migrated differently than other VQE configuration files. For information on handling channel configuration files for VCPT and the channel configuration files used by VQE Server and VQE Client, see the next section, "Migrating Channel-related Files from VQE Release 2.0 to VQE Release 2.1".


Migrating Channel-related Files from VQE Release 2.0 to VQE Release 2.1

VQE can use three types of channel-related configuration files:

One or more VCPT configuration files in /etc/opt/vcpt/data on the CDE110 that hosts VCPT. These are XML files with user-defined filenames.

One VQE-S channel configuration file in /etc/opt/vqes/vqe_channels.cfg on the CDE110 that hosts VQE-S.

One VQE-C channel configuration file in /etc/opt/vqes/vqec_channels.cfg on the CDE110 that hosts VCPT.


Note VQE-C channel configuration files have some compatibility restrictions. For information on these restrictions, see the "VQE SDP Channel Information Compatibility" section.


Creating VCPT Configuration Files for Release 2.1

VCPT Release 2.1 is able to open and use valid VCPT 2.0 configuration files. When VCPT Release 2.1 opens a VCPT 2.0 configuration file, the fields for new Release 2.1 functionality items related to Forward Error Correction (FEC) are blank. When you save the Release 2.0 file, VCPT converts the files to the Release 2.1 format, updating the file so that any changed channel values (including those related to FEC) are saved.

Creating VQE-S and VQE-C Channel Configuration Files for Release 2.1

Release 2.0 channel configuration files for VQE-S and VQE-C are not usable with the Release 2.1 version of VQE-S and VQE-C.

Regardless of the channel-provisioning system that was used for VQE 2.0, the easiest way to create a valid Release 2.1 channel configuration file for VQE-S and VQE-C is to open the channel-provisioning system file and send the channel information to the Release 2.1 VQE Servers and to VQE Client Channel Configuration Delivery Servers (VCDS). For example with VCPT, create a VCPT Release 2.1 configuration file for the channel lineup as described in the previous section "Creating VCPT Configuration Files for Release 2.1" and with that file opened, use VCPT to send the channel information to the VQE Servers and to VCDS.

When VQE-S and VCDS receive the channel information, VQE-S and VCDS use it to create valid Release 2.1 channel configuration files for VQE-S or VQE-C, respectively.

Supporting Software Hardening Guides and VQE

Customers who wish to apply the security recommendations published by SysAdmin, Audit, Network, Security Institute (SANS) or National Security Agency (NSA), as described in the documents referenced in the following sections, should be aware of some issues in using these recommendations that may affect the correct operation of the VQE-S.

The following sections describe the particular areas where customers should exercise care in following the security recommendations in these hardening guides:

Linux Security Checklist

The 60 Minute Network Security Guide

Linux Security Checklist

Document: Linux Security Checklist, Version 2

Document URL:

http://www.sans.org/score/checklists/linuxchecklist.pdf

For the Linux operating system, the following are SANS requirements where it appears that if the user were to follow the specific recommendations of the guide it would likely break behavior that VQE implements.

Page 2, item 2: "System Patches". Customers should obtain all system patches through Cisco support, and not directly from RedHat. Cisco will provide timely patches and notifications to customers to address security concerns that may arise within the components of the linux distribution.

Page 3, item 3: "Disabling Unnecessary Services". All unnecessary services have been disabled on the shipped product. VQE customers should not normally need to disable any of the services that are enabled by default after the product is installed.

Page 3, item 5: "Default Password Policy". The default password settings for the VQE-S are set in /etc/pam.d/system-auth-ac rather than in /etc/login.defs See 'man pam_passwdqc' for more information.

Page 7, item 13: "System Logging". The VQE-S includes a modified version of syslogd, which is customized in order to support certain VQE-S functions. VQE customers must therefore not replace syslog with syslog-ng, as suggested in this item.

Page 11, item 20: "Selinux". Selinux functionality is disabled on the VQE-S in its factory configuration, and it should not be enabled. Enabling the Selinux functions on the VQE-S may have unexpected consequences.

The 60 Minute Network Security Guide

The NSA's The 60 Minute Network Security Guide has guidance relevant to the Apache web server and the VQE Server software.

Document: The 60 Minute Network Security Guide, Version 2.1

Document URL: http://www.nsa.gov/ia/_files/support/I33-011R-2006.pdf

If VQE customers follow instructions in the "Unix Web Servers" section of The 60 Minute Network Security Guide, it will not break the VQE web application system.

The following guidance applies to VQE Server software except for the Apache web server, which was discussed in the preceding paragraph.

Page 10 and 40: "Follow The Concept Of Least Privilege". This section recommends reducing the privileges of common system utilities such as configuration tools and script interpreters. Some of these utilities may be used by the VQE-S software and their permissions should not be modified.

Page 35, item 2: "Services and Port". All unnecessary services have been disabled on the shipped product. VQE customers should not normally need to disable any of the services that are enabled by default after the product is installed.

Page 36, item 2: "Permissions". Some VQE-S services require SUID/SGID permissions. The permissions of these files, along with every other VQE-S related file, should not be modified.

Page 37, "Core Dumps". The VQE-S stores crash related information in the core dump files. By removing the core file, valuable debugging information is discarded. Settings related to the creation and storage of core dumps should not be modified. Additionally, core dumps should only be removed after consultation with your Cisco Technical Support Contact.

Page 39, "Logs". The VQE-S uses a customized version of syslogd in order to log VQE related messages. Using a remote host to log syslog messages from the VQE-S is not supported at this time.

Page 39, "Chroot Environment". The VQE-S application requires a specific level of permissions and should not be set to run in a chroot environment.

Notices

The following notices pertain to this software license.

OpenSSL/Open SSL Project

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

This product includes software written by Tim Hudson (tjh@cryptsoft.com).

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL License:

Copyright © 1998-2007 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License:

Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".

The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)".

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].

GNU General Public License Information

Cisco CDA Visual Quality Experience Application (VQE), Release 2.1, includes Cisco-modified software derived from the following packages that are licensed under version 2 of the GNU General Public License (GPLv2):

irqbalance

logrotate

syslogd

Cisco will make the source code of these modified packages available upon request, in accordance with the terms of the GPLv2 license. Interested parties may obtain the source code by making a written request to:

Cisco Legal Department
300 E. Tasman Drive,
San Jose, California 95134

Please include the product name, version number, date of purchase, and specifics regarding the code you are requesting.

Related Documentation

Refer to the following documents for additional information about Cisco VQE and the Cisco CDE110 appliance:

Cisco CDA Visual Quality Experience Application User Guide, Release 2.1 (OL-14115-02)

http://www.cisco.com/en/US/docs/video/cds/cda/vqe/2_1/user/guide/vqe_guide2_1.html

Cisco Content Delivery Engine 110 Hardware Installation Guide (OL-14114-01)

http://www.cisco.com/en/US/docs/video/cds/cde/cde110/installation/guide/cde110_install.html

Regulatory Compliance and Safety Information for the Cisco Content Delivery Engine 110 (78-18228-01)

http://www.cisco.com/en/US/docs/video/cds/cde/regulatory/compliance/cde110_rcsi.pdf

The entire Content Delivery Systems documentation suite is available on Cisco.com at:

http://www.cisco.com/en/US/products/ps7191/Products_Sub_Category_Home.html

The VQE Client (VQE-C) documentation is included in the VQE-C software TAR file. If you are a registered Cisco.com user, the file can be downloaded from the following location:

http://www.cisco.com/public/sw-center/content-delivery/cda.shtml

Table 4 lists the VQE Client documentation that is provided.

Table 4 VQE Client Documentation

VQE-C Document
Description

VQE-C System Integration Reference

Provides information on VQE-C components, architecture, integration, and APIs. Also includes a VQE-C quick-start guide.

VQE-C System Configuration Guide

Explains certain factors to consider when configuring and deploying VQE-C. Also provides reference information on the VQE-C configuration file parameters.

VQE-C CLI Command Reference

Provides reference information on the VQE-C command-line interface.


Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.