Content Filtering Applications Installation and Administration


Content Filtering Applications Installation and Administration
This chapter provides information and procedures to install and configure different components for Content Filtering service support and management.
This chapter includes the following topics:
l
l
l
l
l
l
l
l
Before You Begin
Prior to performing the installation procedure, this section previews each step to ensure that you are ready to successfully complete the installation.
1
The first thing that you need to do is to ensure that the system hardware has been provisioned properly for your application. This includes:
l
l
l
2
To use these components different licenses are required from your vendor. To obtain these licenses, contact your local representative.
3
This step is required to configure how the PostgreSQL database engine processes, stores, and retrieves information contained in the various databases stored using the UNIX file subsystem. Failure to configure these settings may cause data loss and will minimally cause errors in the operation. For information on setting the database environment strings, refer to the Setting the PostgreSQL Database System Environment Configurations section.
4
CF Component installation files are distributed as a single compressed file. After the file is obtained, it must be copied to the server and unpacked. It is recommended that you copy the file to a temporary directory on the server.
5
*IMPORTANT: For URL Blacklisting functionality, only the WEM and CF-CDP components need to be installed. For Category-based Content Filtering functionality, the WEM, CF-CCI, and CF-CDP with RE components must be installed.
Setting the PostgreSQL Database System Environment Configurations
Prior to installing the CF software components onto the different server hardware, there are numerous system environment configuration settings that should be configured. While PostgreSQL will be installed during the GUI-based installation procedure, these settings must be configured manually.
Add following values to the system file in the /etc directory and restart the system before continuing with the installation of the CF application components.
set msgsys:msginfo_msgmnb=65536
set msgsys:msginfo_msgtql=1024
set shmsys:shminfo_shmmax=0x2000000
set shmsys:shminfo_shmmin=1
set shmsys:shminfo_shmmni=256
set shmsys:shminfo_shmseg=256
set semsys:seminfo_semmap=256
set semsys:seminfo_semmni=512
set semsys:seminfo_semmns=512
set semsys:seminfo_semmsl=32
*IMPORTANT: After adding the above values to the system file in the /etc directory, restart the system before installation of CF components.
Unpacking the CF Component Application Installation Files
CF application installation files are distributed as a single compressed file with a “.tar.gz” extension. After copying the installation file to the server, use the following procedure to unpack the file.
To unpack the CF Component Application installation files:
1
mkdir CFAPPS_directory
mv cf-apps_x.x.xx.tar.gz CFAPPS_directory
2
Change to the directory in which the cf-apps_x.x.xx.tar.gz file is placed.
3
gunzip cf-apps_x.x.xx.tar.gz
x.x.xx is the version of the CF Component Application installation file. Unzipping this file creates the cf-apps_x.x.xx.tar file from cf-apps_x.x.xx.tar.gz.
4
Un-tar the cf-apps_x.x.xx.tar file by entering the following command:
tar -xvf cf-apps_x.x.xx.tar
Decompressing the installation file results in the following files:
l
cdp_SunOS_x_x_xx.tar: A compressed file containing all of the application files required for CDP, Report Engine, and Database Deliver application.
l
cci_x_x_xx.tar: A compressed file containing all of the application files required for CF Customer Care Interface application installation.
Follow the given sequence for CF component installation:
1
2
3
Installing CF-CDP Server in GUI Mode
This section describes the procedure to install Central Decision Point (CF-CDP) server application in GUI mode. The procedure described here assumes that you have already verified the minimum system requirements as specified in the Before You Begin section of this chapter and that the CF-CDP application installation tar file is in your user directory on the server.
The CF-CDP components can be installed in one of the following modes:
l
l
l
l
Console: This mode is available to users who do not have an X-Windows client available for remote network connectivity to the CDP server via Telnet or SSH.
l
Silent: This mode is used only if the CF-CDP is already installed on the machine. For silent-based mode, user needs to update the installvariables.properties file in the Uninstall_CDP directory while executing “inst” script in silent mode.
To install the CF-CDP application through the GUI-based interface:
1
Go to the directory where cdp_x.x.xx.tar file is located and un-tar it by entering the following command:
tar -xvf cdp_SunOS_x_x_xx.tar
Decompressing the installation file results in the following files:
l
CDP_Installer.bin: The CDP installation binary file.
l
uninst: A script to uninstall CF-CDP application.
l
README: A text file containing information pertaining to the release.
l
inst: A script to install the CF-CDP server.
The usage format for the CF-CDP installation and uninstallation scripts is as follows:
./inst [ -ui | -console | -silent ] | [ -help]
./uninst [ -ui | -console | -silent ] | [ -help]
The following table denotes the different keywords/options used with this command:
 
2
Go to CDP_Install_dir/cdp folder and initiate the installation procedure by entering the following command:
./inst
or
./inst -ui
The CDP Introduction dialog box is displayed.
CDP Installer Dialog Box
3
 
This dialog or script asks user to add variable values in ‘/etc/system’ file and restart the system.
n
/users/cdp
IP_address
Enter a host name or IP address for a Simple Mail Transfer Protocol (SMTP) server, if needed, in the field provided.
Configure the email address of the individual to be notified in the field provided. Email notifications are sent to this individual when the system can not communicate with a process. The email address should be in the form username@domain.
Enable Alarm Forwarding
Enter the port number over which PostgreSQL communication will occur with the CDP. The valid range is from 1 through 65535.
To ensure proper operation and data integrity, the PostrgreSQL database instances installed with this installation should only be used by the application.
NOTE: This configuration panel appears only when Custom installation mode is selected.
local_base_directory/data
Select Yes to enable or No to disable the archiving of CF-EDR files.
After you have provided the required inputs, the installation process starts and you receive a message indicating that CDP application installation starts on the basis of user inputs.
*WARNING: Please ensure that you have enough disk space for the installation of CDP application. If sufficient space is not available in the installation directory, cancel the installation process and free-up the disk space to proceed with the installation.
4
During the CF-CDP installation, the CDP Server Startup dialog box appears prompting the user with an option to start all the servers after installation.
CDP Server Startup Dialog Box
After all components have started, the Install Complete dialog box appears indicating that the installation was successful.
 
CDP Installation Complete Dialog Box
5
Copy the un-installation script to the cdp_base_directory directory by entering the following command:
cp uninst cdp_base_directory/
6
./serv status
The following is a sample message:
-----------------------------------------------------------
PID     Process                              Status
-----------------------------------------------------------
-        PS Monitor Application Not running
-       Report Engine Server Not running
-       Database Deliver application Not running
-       Central Decision Point Server Not running
7315   Postgres Server Running
-----------------------------------------------------------
All of the parameters configured get stored in configuration files located in /<application_base_directory>/etc directory. For more information on the configuration files, see the Modifying CF Components’ Configuration Files section.
Installing CF-CDP Server in Console Mode
This section describes the procedure to install Central Decision Point (CF-CDP) server application in console mode. The procedure described here assumes that you have already verified the minimum system requirements as specified in the Before You Begin section of this chapter and that the CF-CDP application installation tar file is in your user directory on the server.
The following procedure describes how to install the CF-CDP application in console mode through the installation script.
1
Go to the directory where cdp_x.x.xx.tar file is located and un-tar that by entering the following command:
tar -xvf cdp_SunOS_x_x_xx.tar
Decompressing the installation file results in the following files:
l
CDP_Installer.bin: The CDP installation binary file.
l
uninst: A script to uninstall CF-CDP application.
l
README: A text file containing information pertaining to the release.
l
inst: A script to install the CF-CDP server.
2
Go to CDP_Install_dir/cdp folder and initiate the installation procedure by entering the following command:
./inst -console
A message appears welcoming you to the CF-CDP installation.
3
Follow the on-screen prompts to proceed through the installation script and configure the various parameters as required. Refer to Table 3-1 for descriptions of the configurable parameters within each of the sections of the script.
*WARNING: Please ensure that you have enough disk space for the installation of CDP application. If sufficient space is not available in the installation directory, cancel the installation process and free-up the disk space to proceed with the installation.
After you have completed the installation configuration and all processes have started, you receive a message indicating that the CF-CDP was successfully installed.
4
Copy the uninstallation script to the cdp_base_directory directory by entering the following command:
cp uninst cdp_base_directory/
5
./serv status
The following is a sample message:
-----------------------------------------------------------
PID     Process                              Status
-----------------------------------------------------------
-        PS Monitor Application Not running
-       Report Engine Server Not running
-       Database Deliver application Not running
-       Central Decision Point Server Not running
7315   Postgres Server Running
-----------------------------------------------------------
All of the parameters configured get stored in configuration files located in /<application_base_directory>/etc directory. For more information on the configuration files, see the Modifying CF Components’ Configuration Files section.
 
Installing WEM
For WEM installation and configuration procedure, refer to the Web Element Manager Installation and Administration Guide.
Installing CF Customer Care Interface (CF-CCI)
*IMPORTANT: This section is applicable only for the Category-based Content Filtering solution.
This section describes the procedure to install Customer Care Interface server application. The procedure described here assumes that you have already verified the minimum system requirements as specified in the Before You Begin section of this chapter and that the CCI application installation tar file is in your base directory on the server.
The CF-CCI installation supports the following modes:
l
l
l
l
Silent: This mode is used only if the CF-CCI is already installed on the machine. For silent-based mode, user needs to update the installvariables.properties file in Uninstall_CDP directory while executing 'inst' script in silent mode.
*IMPORTANT: Before the installation of this CF-CCI server application make sure that Central Decision Point (CF-CDP) application is installed and running on CF-CDP server.
The following procedure describes how to install the CF-CCI application through the GUI-based interface.
1
Change to the directory where the cci_x.x.xx.tar file is located and un-tar it by entering the following command:
tar -xvf cci_x_x_xx.tar
Decompressing the installation file results in the following files:
l
CCI_Installer.bin: The CCI installation binary file.
l
README: A text file containing information pertaining to the release.
l
inst: The installation script used to install Customer Care Interface server application.
The usage format for the CF-CCI installation and uninstallation scripts is as follows:
./inst [ -ui | -silent ] | [ -help]
./uninst [ -ui | -silent ] | [ -help]
The following table denotes the different keywords/options used with this command:
 
*IMPORTANT: Before proceeding to CF-CCI installation make sure that JDK5.0 is installed.
2
Change to the base directory /cci and then enter the following command:
./inst
or
./inst -ui
The CCI Introduction dialog box is displayed.
CCI Installer Dialog Box
3
 
This parameter creates a base directory cci_base_directory for CF-CCI installation.
Select the IP address of machine from the displayed list of IP address configured on the machine. Otherwise, enter the IP address in the field provided.
IP_address
Java development Kit (JDK) 5.0 Installation Root Directory
This parameter creates organization unit name cci_user_org_unit for CCI users.
This parameter creates country name cci_user_country for CCI users.
This parameter creates key and certificate files at the specified location as keystore_location/keyfile_name for CCI user with absolute path an.
Enter the validity duration of created certificate for specified user and organization in days. Any value from 1 through 99999 is acceptable.
To ensure proper operation and data integrity, the PostgreSQL database instances installed with the CF Element Manager should only be used by this application.
Start CCI server during installation
After you have provided the inputs, the installation process starts and you receive a message indicating that CCI application installation starts on the basis of user inputs.
*WARNING: Please ensure that you have enough disk space for the installation of CCI application. If sufficient space is not available in the installation directory, cancel the installation process and free-up the disk space to proceed with the installation.
The installation script starts different processes and the following dialog box appears reporting that the installation was successful.
.
CCI Installation Complete Dialog Box
All of the parameters configured get stored in a configuration file located in the /<application_base_directory>/etc directory. For more information on the configuration files, see the Modifying CF Components’ Configuration Files section.
4
https://cci_installation server name or IP Address:HTTPS Port/cci/login.jsp
In case any of the process is stopped the PSMON process will restart all required processes. However you can stop and restart the CCI server manually by entering the following commands:
./stopserver.sh
./startserver.sh
After verifying the CF-CCI server application installation, user can access the CCI through client station with the following link in web browser address field:
https://cci_installation server name or IP Address:HTTPS Port/cci/login.jsp
To start using CCI and Report Engine, refer to the Customer Care Interface and Report Engine appendix.
Uninstalling CF Application Components
This section describes the procedures to uninstall CF application components.
Uninstalling CF-CDP Application
The following steps describe how to uninstall the CF-CDP application:
1
2
Change to the /cdp_base_directory/ and enter the following command:
./uninst
The script uninstalls CF-CDP, Report Generator, and all related components from the CF-CDP server.
Uninstalling CF-CCI Application
*IMPORTANT: This section is applicable only for the Category-based Content Filtering solution.
The following steps describe how to uninstall the CF-CCI application:
1
2
Change to the /cci_base_directory/cci directory and enter the following command:
./uninst
The Uninstall CCI dialog box appears.
Uninstall CCI Dialog Box
3
The uninstall script leaves the /cci_base_directory/ directory in place with several sub-directories.
4
Optional. Delete the secure key and certificate file keyfile_name from the key store locations provided during installation.
*IMPORTANT: If you want to keep secure key and certificate file keyfile_name, skip this step.
Modifying CF Components’ Configuration Files
Once the CF components have been installed according to the information and instructions in this chapter, this information can be used as a reference for performing further configuration of the CF components to customize it to your needs.
The CF provides a number of configuration files which can be modified to fine-tune the operation of the application. These files are located in the /<application_base_directory>/etc directory by default.
This section provides descriptions for each of the configuration files. Details on the parameters each file contains is located within the files. The default values for these parameters are suitable for most installations. However, the values can be modified using a text editor (such as Vi Editor) if required.
*CAUTION: For many of these files, the CF application must be stopped and restarted in order for the modifications to take effect. To ensure proper operation, be sure to read and understand all of the information provided in the files prior to making changes.
CF-CDP Specific Configuration Files
This section provides descriptions for each of the configuration files that are associated with the CF-CDP application.
The following are the CF-CDP specific configuration files:
l
l
l
l
l
l
l
The cdp.cfg File
This file contains CF-CDP specific parameters that are configured for generation of ad-hoc reports. The parameters are also configured to export Optimized Customer Master Database (OPTCMDB) files to CF-CDP.
 
This indicates the time interval, in minutes, in which CF-CDP Server will check if any database is available from WEM in a preconfigured path.
1440 min (24 hrs)
This is the directory where WEM can export the latest Optimized Database (OPTCMDB) in CF-CDP.
<Absolute_Path>/cdp/cfems
This is the path where CF-CDP will keep full DB to be loaded in memory.
<Absolute_Path>/cdp/optcmdb
This is the path to keep archives of full and incremental updates of OPTCMDB.
<Absolute_Path>/cdp/archive
This indicates the time interval, in minutes, in which CF-CDP Server will push incremental DBs to STxx in a preconfigured path.
1440 min (24 hrs)
This identifies the debugging levels for the CF-CDP logs. The levels are:
This config is used only in cdp_deliver script. This can be changed dynamically.
This field will carry the IP address of the server where alarms and traps are to be sent. If this field is empty the CF-CDP will not generate and send traps.
This field will carry the port number of the server where alarms and traps are to be sent. If this field is empty the CF-CDP will not generate and send traps.
This field will configure community string of the server where alarms and traps are to be sent. If this field is empty the CF-CDP will not generate and send traps.
This specifies the IP address that will be used by CF-CDP Server for generating IOR files.
If the field has default loopback interface value then CF-CDP Server will take the first active interface present on the machine.
If the specified IP is not active, the CF-CDP Server will not start.
The img.cfg File
This file contains the parameters that are used for configuring the chassis. These parameters can be changed dynamically.
 
This is the Black List Remote Directory Path for each CF-STxx to where Optimized Black Listing Database can be exported.
The processmonitor.cfg File
This file contains parameters used by the Process Monitor module. These include parameters such as the directories from which CF-related processes are started, polling intervals, and maximum percentage thresholds.
 
This is a flag indicating whether the process information should include the information of child processes or not.
This is a flag indicating whether the process information should include the information of child processes or not.
This is a flag indicating whether the process information should include the information of child processes or not.
The process which changes frequently can be monitored for threshold limits with a smaller poll interval, say 5 seconds.
The directory size does not change suddenly and can be monitored with 1 min or greater than 1min poll interval for threshold limit.
Threshold Information: This section provides information needed for the configuration of default threshold values for various parameters monitored by the module. These values are used for default configuration of the threshold values for the parameters.These values indicate maximum percentage threshold limits for the individual parameters as the default values.
This calculates the average of 'NumberofSample' given in the cfg file.
The psmon.cfg File
This file contains parameters for the operation of the PSMon (Process Monitor) function supported by CF.
 
Defines the frequency of process table queries. This is the polling interval. The value must not be less than 10 seconds.
This is the final directory threshold (in % on the file system where FinalDirPath present). Keep it blank if you do not want to monitor the final directory.
When defined, psmon will never attempt to kill a process ID which is numerically less than or equal to the value defined by the last safe PID.
Accepts a boolean value of On or Off. Suppresses all notifications from preserved process IDs when used in conjunction with the last safepid directive.
Forces this psmon as if the --dryrun command line switch had specified. This is useful if you want to force a specific configuration file to only report and never actually take any automated action. This is enabled in this default distribution configuration to prevent people from blindly executing psmon “out of the box” and causing damage in live environments.
The <Process *> scope is commented out by default. It should be used with extreme care. If used, run psmon in 'DryRun' mode by adding the 'DryRun' directive in this configuration file.
The reportengine.cfg File
This file contains parameters that are specific to the Report Engine (RE) server.
 
This directory contains the reports which will be generated by Report Engine.
This directory contains the archive files which are moved from input directory after completion of parsing.
This flag enables the archiving of report engine files. Possible values are:
This parameter is used to open number of database connections.
This is the file polling interval (in seconds) in the data directory.
This Parser manager threads poll on file InfoMap and allocates file parsing jobs to worked threads.
This DB Insert manager threads poll on DB insertion vector queue and allocates record insertion jobs to worked threads.
This archive manager threads poll on archive file InfoMap and allocates file archiving jobs to worked threads.
This is the time interval, in seconds, after which the statistics will be generated for Report Engine (RE).
This is the IP address of the machine where the RE server is running.
This indicates the Date-Time format that is supported in EDR files which are getting parsed by RE. Possible values are:
This indicates the split interval of 'detailinfo' table in hours.
This indicates the time interval after which the index table will be created.
The reports.cfg File
This file provides information on the configurables that are associated with the different report types.
 
ReportSchemaFields: The following fields are used for Subscriber Detail report. Each field represents the column in the report. You can select the columns to be represented in report by setting or unsetting these field values. Some fields are set by default.
n
This is the absolute path of the file mentioning the list of URLs with each URL at new line. This is required for generating URL Summary report.
This is the number of threads to be spawned to execute parallel distributed queries. The value must be an integer from 1 through 10.
The thr.cfg File
This is the configuration file for the thread pool.
*IMPORTANT: Any changes to the parameters in the thr.cfg file need server restart for the modifications to take effect.
 
CF-CCI Configuration File
This section provides descriptions for each of the parameters in the configuration file, psmon.cfg, associated with the CF-CCI application.
The psmon.cfg File
This file contains parameters for the operation of the PSMon (Process Monitor) function supported by CF.
 
When defined, psmon will never attempt to kill a process ID which is numerically less than or equal to the value defined by the last safe PID.
Accepts a boolean value of On or Off. Suppresses all notifications from preserved process IDs when used in conjunction with the last safepid directive.
Forces this psmon as if the --dryrun command line switch had specified. This is useful if you want to force a specific configuration file to only report and never actually take any automated action. This is enabled in this default distribution configuration to prevent people from blindly executing psmon “out of the box” and causing damage in live environments.
The <Process *> scope is commented out by default. It should be used with extreme care. If used, run psmon in 'DryRun' mode by adding the 'DryRun' directive in this configuration file.
Managing Application Level Traps and Alarms
This section describes the procedure to configure the application level traps and alarms for Content Filtering applications.
All traps need to be defined manually in processmonitor.cfg file in /etc directory at the base directory of CF applications.
1
2
Change to the /etc directory by entering the following command:
cd /application_base_directory/etc
3
Open the processmonitor.cfg file in vi editor by entering the following command:
vi processmonitor.cfg
This configuration file contains the supported threshold and trap configuration fields for all CF applications.
4
After opening the file in vi editor, press the Insert key to enable the INSERT mode.
5
Go to the desired section in the processmonitor.cfg and edit the values as required:
 
6
Save and close the processmonitor.cfg file by entering the following commands:
Esc
:wq
7
For more information on supported traps and objects at the chassis and application level, refer to the Content Filtering Application MIB and Default Trap Severities in SNMP MIB Reference.

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883