Step 1
| Log into the
target machine using an account that has administrative privileges:
Windows—Close
all open applications, including any antivirus software.
|
Step 2
| Download and install the
Java Runtime Environment (JRE) 1.6 or later, or the equivalent Java Development
Kit (JDK), if you have not already done so. These are available from the Oracle
website.
Note
|
On Windows,
add the full path of the bin subdirectory of your Java installation folder to
your PATH environment variable; for example, C:\Program Files
(x86)\Java\jdk1.6\bin.
|
|
Step 3
| If you are not configuring secure login to the web UI, skip
to
Step 4. If
you are configuring secure login, you must create a keystore file by using the
Java
keytool
utility, which is located in the bin subdirectory of the Java installation (see
Step 2). Use
the utility to define a self-signed certificate, or to request and later import
a certificate from an external signing authority:
- To create a keystore file containing a
self-signed certificate, run this command and respond to the prompts:
> keytool -genkey -alias tomcat -keyalg RSA -keystore k-file
Enter keystore password: password
What is your first and last name? [Unknown]: name
What is the name of your organizational unit? [Unknown]: org-unit
What is the name of your organization? [Unknown]: org-name
What is the name of your City or Locality? [Unknown]: local
What is the name of your State or Province? [Unknown]: state
What is the two-letter country code for this unit? [Unknown]: cc
Is CN=name, OU=org-unit, O=org-name, L=local, ST=state, C=cc correct? [no]: yes
Enter key password for <tomcat> (RETURN if same as keystore password):
The
keystore filename (k-file) is its fully qualified path. You will be entering
the keystore path and password in
Step
16.
- To create a Certificate Signing Request (CSR)
that you will submit to the Certificate Authority (CA) when you request a
certificate, create the keystore file as in the previous substep, then execute
this command:
> keytool -certreq -keyalg RSA -alias tomcat -file certreq.cer -keystore k-file
Submit the
resulting certreq.cer file to the CA. Once you receive the certificate from the
CA, first download the Chain Certificate from the CA, then import the Chain
Certificate and your new Certificate into the keystore file, as follows:
> keytool -import -alias root -keystore k-file -trustcacerts -file chain-cert-file
> keytool -import -alias tomcat -keystore k-file -trustcacerts -file new-cert-file
For details
on the
keytool utility, see the documentation at the Java website
of Oracle. For details on the
keystore file and Tomcat, see the documentation at the
website of the Apache Software Foundation.
Caution
|
The
Cisco Prime IP Express
installation program for Windows does not try to modify ACLs to restrict access
to the installed files and directories. If you want to restrict access to these
files and directories, use the native Microsoft utilities to manually change
file and directory permissions. See
Modifying ACLs in Windows Installations.
|
|
Step 4
| Load the installation CD,
or browse to the network resource where the
Cisco Prime IP Express
software is located. If you download a distribution file from the Cisco
website, run it from a different directory than where you will install
Cisco Prime IP Express.
-
Windows—The
cpipe_version-windows.exe file is a self-extracting executable
file that places the setup file and other files in the directory where you run
it. (If you are not configured for Autostart, run the setup.exe file in that
directory.) The Welcome to
Cisco Prime IP Express
window appears.
Click
Next.
The second welcome window introduces the setup program and reminds you to exit
all current programs, including virus scanning software. If any programs are
running, click
Cancel, close these programs, and return to the start of
Step
4. If you already exited all programs, click
Next.
-
Linux—Be
sure that the
gzip
and
gtar
utilities are available to uncompress and unpack the
Cisco Prime IP Express
installation files. See the GNU organization website for information on these
utilities. Do the following:
-
Download the distribution file.
-
Navigate to the directory in which you will uncompress and extract the
installation files.
-
Uncompress and unpack the .gtar.gz file. Use
gtar with the
-z
option:
gtar -zxpf cpipe_8_3_3-linux-i686.gtar.gz
To
unpack the .gtar file that
gunzip already uncompressed, omit the
-z
option:
gtar -xpf cpipe_8_3_3-linux-i686.gtar
The
command creates the
cpipe_8_3_3 directory into which the
Cisco Prime IP Express
installation files are extracted .
-
Run
the following command or program:
-
Linux—Run the install_cnr script from the directory containing the installation
files:
# ./install_cnr
The install-path is the CD-ROM directory that contains the installation files
or the directory that contains the extracted
Cisco Prime IP Express
installation files, if they were downloaded electronically.
|
Step 5
| Specify whether you want to
install
Cisco Prime IP Express
in the local or regional cluster mode (see
About Cisco Prime IP Express):
Note
|
Since a
regional server is required for license management, install the regional server
first so that you can register the local to the regional. If you face any
problem with synchronizing the regional cluster to the local cluster after
registration, unset and set the password on the regional cluster, and sync
again.
|
Tip
|
Include a
network time service in your configuration to avoid time differences between
the local and regional clusters. This method ensures that the aggregated data
at the regional server appears consistently. The maximum allowable time drift
between the regional and local clusters is five minutes. If the time skew
exceeds five minutes, then the installation process will not be able to
correctly register the server with the regional. In this case, unset and set
the password on the regional cluster, and sync again.
|
-
Windows—Keep the default
Cisco Prime IP Express
Local or choose
Cisco Prime IP Express
Regional. Click
Next. The Select Program Folder appears, where you determine
the program folder in which to store the program shortcuts in the Start menu.
Accept the default, enter another name, or choose a name from the Existing
Folders list. Click
Next.
-
Linux—Enter
1
for a local, or
2
for regional. The default mode is 1.
|
Step 6
| On Linux,
specify if you want to run Cisco Prime IP Express Local Server Agent as a
non-root
nradmin
user. If you choose to run Cisco Prime IP Express for a non-root
user, a user
nradmin is
created with the requisite privileges to run the Cisco Prime IP Express
services. When running Cisco Prime IP Express as a non-root user
(nradmin),
some changes occur in the CLI operation of the product . Though it is still
possible to run as root, it is not recommended. Instead, create regular Linux
users and add them to the nradmin group. Users in this group will have full access to
the Cisco Prime IP Express files. To start and stop Cisco Prime IP Express,
these users may use the new ‘cnr_service program in the path which is in <install
directory>/bin/cnr_service).
Note
|
The root
user is only needed for installation and uninstallation.
|
|
Step 7
| Note these
Cisco Prime IP Express
installation default directories and make any appropriate changes to meet your
needs:
Note
|
The
installation directory path with spaces is not supported on non-Windows
platforms and not recommended on Windows (except for the "Program Files" path).
|
Note
|
If you are
upgrading, the upgrade process autodetects the installation directory from the
previous release.
|
Windows default
locations:
Caution
|
Do not
specify the
\Program
Files (x86) or \Program Files or \ProgramData for the location of the
Cisco Prime IP Express
data, logs, and temporary files. If you do this, the behavior of
Cisco Prime IP Express
may be unpredictable because of Windows security.
|
-
Local
cluster
-
Program files (32-bit OS)—C:\Program Files\Cisco Prime IP Express\Local
-
Program files (64-bit OS)—C:\Program Files (x86)\Cisco Prime IP Express\Local
-
Data
files—C:\CiscoPrimeIPExpress\Local\data
-
Log
files—C:\CiscoPrimeIPExpress\Local\logs
-
Temporary files—C:\CiscoPrimeIPExpress\Local\temp
-
Regional
cluster
-
Program files (32-bit OS)—C:\Program Files\Cisco Prime IP Express\ Regional
-
Program files (64-bit OS)—C:\Program Files (x86)\Cisco Prime IP Express\
Regional
-
Data
files—C:\CiscoPrimeIPExpress\ Regional\data
-
Log
files—C:\CiscoPrimeIPExpress\ Regional\logs
-
Temporary files—C:\CiscoPrimeIPExpress\ Regional\temp
Linux default
locations:
-
Local
cluster
-
Program files— /opt/nwreg2/local
-
Data
files— /var/nwreg2/local/data
-
Log
files— /var/nwreg2/local/logs
-
Temporary files— /var/nwreg2/local/temp
-
Regional
cluster
-
Program files— /opt/nwreg2/regional
-
Data
files— /var/nwreg2/regional/data
-
Log
files— /var/nwreg2/regional/logs
-
Temporary files— /var/nwreg2/regional/temp
|
Step 8
| If there are
no defined administrators, create an administrator by providing the username
and password. You have to confirm the password entered.
If you are
installing a regional, continue; else go to
Step 10.
|
Step 9
| Enter the
filename, as an absolute path, for your base license (see
License Files).
Note
|
Ensure that
you use the absolute path and not a relative path for your base license as
there are chances that there might be changes to the default path from what you
started the install with.
|
Entering the
filename during installation is optional. However, if you do not enter the
filename now, you must enter it when you first log into the web UI or CLI.
Note
|
If you
install
Cisco Prime IP Express
using a Remote Desktop Connection to the Windows Server, you will not be able
to enter the license information during the installation.
Cisco Prime IP Express
will reject the licenses as invalid. You must therefore skip the license
information step, and add the license after the installation completes, using
either the web UI or CLI. See
Starting Cisco Prime IP Express
for details.
|
|
Step 10
| Register the
local to the regional by providing the regional IP address and SCP port.
After the
local is registered to the regional, it can provide those services for which
the licenses are present in the regional.
Note
|
If you face
any problem synchronizing the regional cluster to the local cluster after
registration, unset and set the password on the regional cluster, and sync
again. This can happen due to time skew of more than five minutes between local
and regional clusters.
|
Include a
network time service in your configuration to avoid time differences between
the local and regional clusters. This method ensures that the aggregated data
at the regional server appears consistently. The maximum allowable time drift
between the regional and local clusters is five minutes. If the time skew
exceeds five minutes, then the installation process will not be able to
correctly register the server with the regional. In this case, unset and set
the password on the regional cluster, and sync again.
|
Step 11
| After you
register local to the regional, you can select the required services from the
licensed services.
Note
|
If a
service is not selected, upgrade process will use the existing configuration.
To remove a service wait until the upgrade process is completed.
|
|
Step 12
| Choose whether to
archive the existing binaries and database in case this installation does not
succeed. The default and recommended choice is
Yes or
y:
If you choose
to archive the files, specify the archive directory. The default directories
are:
-
Windows—Local cluster (C:\CiscoPrimeIPExpress\Local.sav); Regional cluster (C:\CiscoPrimeIPExpress\Regional.sav). Click
Next.
-
Linux—Local cluster (/opt/nwreg2/local.sav); Regional cluster (/opt/nwreg2/regional.sav)
|
Step 13
| Choose the appropriate
installation type: server and client (the default), or client-only:
-
Windows—Choose
Both
server and client (default) or
Client
only. Click
Next. The Select Port window appears.
-
Linux—Entering
1
installs the server and client (the default), or
2
installs the client only.
Note
|
Choose
Client
only in a situation where you want the client software running on a
different machine than the protocol servers. Be aware that you must then set up
a connection to the protocol servers from the client.
|
|
Step 14
| Enter CCM
management SCP port number that the server agent uses for internal
communication between servers. The default value is 1234.
|
Step 15
| Enter the location of the Java installation (JRE) 1.6 or
JDK selected in
Step 2.
(The installation or upgrade process tries to detect the location.):
-
Windows—A
dialog box reminds you of the Java requirements. Click
OK
and then choose the default Java directory or another one. Click
OK.
The Select Connection Type window appears.
-
Linux—Enter the Java installation location.
Note
|
Do not
include the bin subdirectory in the path. If you install a new Java version or
change its location, rerun the
Cisco Prime IP Express
installer then specify the new location in this step.
|
|
Step 16
| Choose whether to enable the web UI to use a nonsecure
(HTTP) or secure (HTTPS) connection for web UI logins:
-
Windows—Choose
Non-secure/HTTP (default),
Secure/HTTPS (requires JSSE), or
Both
HTTP and HTTPS.
-
Linux—Enter 1 for Non-secure/HTTP (default), 2 for Secure/HTTPS (requires
JSSE), or 3 for both HTTP and HTTPS.
Enabling the
secure HTTPS port configures security for connecting to the Apache Tomcat web
server (see
Step 3
for configuration). (To change the connection type, rerun the installer, and
then make a different choice at this step.)
-
If you
choose HTTPS, or HTTP and HTTPS, click
Next
and continue with
Step
17.
-
If you
choose the default HTTP connection, click
Next, and go to
Step
18.
|
Step 17
| If you
enabled HTTPS web UI connectivity, you are prompted for the location of the
necessary keystore and keystore files:
-
For the
keystore location, specify the fully qualified path to the keystore file that
contains the certificate(s) to be used for the secure connection to the Apache
Tomcat web server. This is the keystore file that you created in
Step
3.
-
For the
keystore password, specify the password given when creating the keystore file.
On Windows, click
Next.
Caution
|
Do not
include a dollar sign ($) in the keystore password as it will result in an
invalid configuration on the Apache Tomcat web server.
|
|
Step 18
| Enter a port
number for the web UI connection. The defaults are:
On Windows,
click
Next.
|
Step 19
| Choose
Yes if you
want to enable the
Cisco Prime IP Express
web services.
|
Step 20
| Select the
security mode to be configured.
Optional.
Allow fallback to unsecure connection is selected by default. Click
Next.
|
Step 21
| If you are
installing a regional, select Yes to enable BYOD service.
The
Cisco Prime IP Express
installation process begins. Status messages report that the installer is
transferring files and running scripts. This process may take a few minutes:
-
Windows—The Setup Complete window appears. Choose
Yes, I
want to restart my computer now or
No, I
will restart my computer later, and then click
Finish.
-
Linux—Successful completion messages appear.
Note
|
When you
upgrade
Cisco Prime IP Express,
the upgrade process takes place during the installation. Therefore, the
installation and upgrade processes take a longer time depending on the number
of scopes, prefixes, and reservations that you have configured.
|
|
Step 22
| Verify the status of
the
Cisco Prime IP Express
servers:
-
Windows—In the Services control panel, verify that the IP Express Local Server
Agent or IP Express Regional Server Agent is running after rebooting the system
when the installation has completed successfully.
-
Linux—Use
the install-path/usrbin/cnr_status command to verify status. See
Starting and Stopping Servers.
If the
upgrade fails, you can revert to the earlier
Cisco Prime IP Express
version. For details about reverting to the earlier version, see the
Reverting to an Earlier Product Version.
|