Step 1 |
Log into the
target machine using an account that has administrative privileges:
Windows—Close
all open applications, including any antivirus software.
|
Step 2 |
Download and install the
Java Runtime Environment (JRE) 1.6 or later, or the equivalent Java Development
Kit (JDK), if you have not already done so. These are available from the Oracle
website.
Note
|
On Windows,
add the full path of the bin subdirectory of your Java installation folder to
your PATH environment variable; for example, C:\Program Files
(x86)\Java\jdk1.6\bin.
|
|
Step 3 |
If you are not configuring secure login to the web UI, skip
to
Step 4. If
you are configuring secure login, you must create a keystore file by using the
Java
keytool
utility, which is located in the bin subdirectory of the Java installation (see
Step 2).
Use the utility to define a self-signed certificate, or to request and later
import a certificate from an external signing authority:
-
To create a keystore file containing a
self-signed certificate, run this command and respond to the prompts:
> keytool -genkey -alias tomcat -keyalg RSA -keystore k-file
Enter keystore password: password
What is your first and last name? [Unknown]: name
What is the name of your organizational unit? [Unknown]: org-unit
What is the name of your organization? [Unknown]: org-name
What is the name of your City or Locality? [Unknown]: local
What is the name of your State or Province? [Unknown]: state
What is the two-letter country code for this unit? [Unknown]: cc
Is CN=name, OU=org-unit, O=org-name, L=local, ST=state, C=cc correct? [no]: yes
Enter key password for <tomcat> (RETURN if same as keystore password):
The
keystore filename (k-file) is its fully qualified path. You will be entering
the keystore path and password in
Step
16.
-
To create a Certificate Signing Request (CSR)
that you will submit to the Certificate Authority (CA) when you request a
certificate, create the keystore file as in the previous substep, then execute
this command:
> keytool -certreq -keyalg RSA -alias tomcat -file certreq.cer -keystore k-file
Submit
the resulting certreq.cer file to the CA. Once you receive the certificate from
the CA, first download the Chain Certificate from the CA, then import the Chain
Certificate and your new Certificate into the keystore file, as follows:
> keytool -import -alias root -keystore k-file -trustcacerts -file chain-cert-file
> keytool -import -alias tomcat -keystore k-file -trustcacerts -file new-cert-file
For
details on the
keytool utility, see the documentation at the Java website
of Oracle. For details on the
keystore file and Tomcat, see the documentation at the
website of the Apache Software Foundation.
Caution
|
The
Cisco Prime Network
Registrar
installation program for Windows does not try to modify ACLs to restrict access
to the installed files and directories. If you want to restrict access to these
files and directories, use the native Microsoft utilities to manually change
file and directory permissions. See
Modifying ACLs in Windows Installations.
|
|
Step 4 |
Load the installation CD,
or browse to the network resource where the
Cisco Prime Network
Registrar
software is located. If you download a distribution file from the Cisco
website, run it from a different directory than where you will install
Cisco Prime Network
Registrar.
-
Windows—The cpnr_version-windows.exe file is a self-extracting executable
file that places the setup file and other files in the directory where you run
it. (If you are not configured for Autostart, run the setup.exe file in that
directory.) The Welcome to
Cisco Prime Network
Registrar
window appears.
Click
Next. The second welcome window introduces the setup program
and reminds you to exit all current programs, including virus scanning
software. If any programs are running, click
Cancel, close these programs, and return to the start of
Step
4. If you already exited all programs, click
Next.
-
Solaris
and Linux—Be sure that the
gzip
and
gtar
utilities are available to uncompress and unpack the
Cisco Prime Network
Registrar
installation files. See the GNU organization website for information on these
utilities. Do the following:
-
Download the distribution file.
-
Navigate to the directory in which you will uncompress and extract the
installation files.
-
Uncompress and unpack the .gtar.gz file. Use
gtar with the
-z option:
gtar -zxpf cpnr_8_3_2-linux-x86_64.gtar.gz
or
gtar -zxpf cpnr_8_3_2-linux-i686.gtar.gz
OR
gtar -zxpf cpnr_8_3_2-solaris.gtar.gz
To
unpack the .gtar file that
gunzip already uncompressed, omit the
-z option:
gtar -xpf cpnr_8_3_2-linux5.gtar
The
command creates the
cpnr_8_3 directory into which the
Cisco Prime Network
Registrar
installation files are extracted.
-
Run
the following command or program:
-
Solaris—Run the
pkgadd command with the
-d option that specifies the directory from which you are
installing, with the
-a option in case you want to upgrade from a previous
release. The name of the
Cisco Prime Network
Registrar
package is
nwreg2:
pkgadd -a pkgdir/solaris/nwreg2/install/cnradmin -d pkgdir/solaris nwreg2
-
Linux—Run the install_cnr script from the directory containing the installation
files:
# ./install_cnr
The install-path is the CD-ROM directory that contains the installation files
or the directory that contains the extracted
Cisco Prime Network
Registrar
installation files, if they were downloaded electronically.
|
Step 5 |
Specify whether you want to
install
Cisco Prime Network
Registrar
in the local or regional cluster mode.
Note
|
Since a
regional server is required for license management, install the regional server
first so that you can register the local to the regional. If you face any
problem with synchronizing the regional cluster to the local cluster after
registration, unset and set the password on the regional cluster, and sync
again.
|
Tip
|
Include a
network time service in your configuration to avoid time differences between
the local and regional clusters. This method ensures that the aggregated data
at the regional server appears consistently. The maximum allowable time drift
between the regional and local clusters is five minutes. If the time skew
exceeds five minutes, then the installation process will not be able to
correctly register the server with the regional. In this case, unset and set
the password on the regional cluster, and sync again.
|
-
Windows—Keep the default
Cisco Prime Network
Registrar
Local or choose
Cisco Prime Network
Registrar
Regional. Click
Next. The Select Program Folder appears, where you determine
the program folder in which to store the program shortcuts in the Start menu.
Accept the default, enter another name, or choose a name from the Existing
Folders list. Click
Next.
-
Solaris
and Linux—Enter
1
for a local, or
2
for regional. The default mode is 1.
|
Step 6 |
On Linux,
specify if you want to run Cisco Prime Network Registrar Local Server Agent as
a non-root
nradmin
user. If you choose to run Cisco Prime Network Registrar for a
non-root user, a user
nradmin
is created with the requisite privileges to run the Cisco Prime Network
Registrar services. When running Cisco Prime Network Registrar as a non-root
user
(nradmin), some changes occur in the CLI operation of the
product . Though it is still possible to run as root, it is not recommended.
Instead, create regular Linux users and add them to the nradmin group. Users
in this group will have full access to the Cisco Prime Network Registrar files.
To start and stop Cisco Prime Network Registrar, these users may use the new
‘cpnr_service
program in the path which is in <install directory>/bin/cpnr_service).
Note
|
The root
user is only needed for installation and uninstallation.
|
|
Step 7 |
Note these
Cisco Prime Network
Registrar
installation default directories and make any appropriate changes to meet your
needs:
Note
|
The
installation directory path with spaces is not supported on non-Windows
platforms and not recommended on Windows (except for the "Program Files" path).
|
Note
|
If you
are upgrading, the upgrade process autodetects the installation directory from
the previous release.
|
Windows default
locations:
Caution
|
Do not
specify the
\Program
Files (x86) or \Program Files or \ProgramData for the location of the
Cisco Prime Network
Registrar
data, logs, and temporary files. If you do this, the behavior of
Cisco Prime Network
Registrar
may be unpredictable because of Windows security.
|
-
Local
cluster
-
Program files (32-bit OS)—C:\Program Files\Network Registrar\Local
-
Program files (64-bit OS)—C:\Program Files (x86)\Network Registrar\Local
-
Data files—C:\NetworkRegistrar\Local\data
-
Log
files—C:\NetworkRegistrar\Local\logs
-
Temporary files—C:\NetworkRegistrar\Local\temp
-
Regional cluster
-
Program files (32-bit OS)—C:\Program Files\Network Registrar\ Regional
-
Program files (64-bit OS)—C:\Program Files (x86)\Network Registrar\ Regional
-
Data files—C:\NetworkRegistrar\ Regional\data
-
Log
files—C:\NetworkRegistrar\ Regional\logs
-
Temporary files—C:\NetworkRegistrar\ Regional\temp
Solaris and Linux
default locations:
-
Local
cluster
-
Program files— /opt/nwreg2/local
-
Data files— /var/nwreg2/local/data
-
Log
files— /var/nwreg2/local/logs
-
Temporary files— /var/nwreg2/local/temp
-
Regional cluster
-
Program files— /opt/nwreg2/regional
-
Data files— /var/nwreg2/regional/data
-
Log
files— /var/nwreg2/regional/logs
-
Temporary files— /var/nwreg2/regional/temp
|
Step 8 |
If there are
no defined administrators, create an administrator by providing the username
and password. You have to confirm the password entered.
If you are
installing a regional, continue; else go to
Step
10.
|
Step 9 |
Enter the
filename, as an absolute path, for your base license (see
License Files).
Note
|
Ensure
that you use the absolute path and not a relative path for your base license as
there are chances that there might be changes to the default path from what you
started the install with.
|
Entering
the filename during installation is optional. However, if you do not enter the
filename now, you must enter it when you first log into the web UI or CLI.
Note
|
If you
install
Cisco Prime Network
Registrar
using a Remote Desktop Connection to the Windows Server, you will not be able
to enter the license information during the installation.
Cisco Prime Network
Registrar
will reject the licenses as invalid. You must therefore skip the license
information step, and add the license after the installation completes, using
either the web UI or CLI. See
Starting Cisco Prime Network Registrar
for details.
|
|
Step 10 |
Register
the local to the regional by providing the regional IP address and SCP port.
After the
local is registered to the regional, it can provide those services for which
the licenses are present in the regional.
Note
|
If you
face any problem synchronizing the regional cluster to the local cluster after
registration, unset and set the password on the regional cluster, and sync
again. This can happen due to time skew of more than five minutes between local
and regional clusters.
|
Include a
network time service in your configuration to avoid time differences between
the local and regional clusters. This method ensures that the aggregated data
at the regional server appears consistently. The maximum allowable time drift
between the regional and local clusters is five minutes. If the time skew
exceeds five minutes, then the installation process will not be able to
correctly register the server with the regional. In this case, unset and set
the password on the regional cluster, and sync again.
|
Step 11 |
After you
register local to the regional, you can select the required services from the
licensed services.
Note
|
If a
service is not selected, upgrade process will use the existing configuration.
To remove a service wait until the upgrade process is completed.
|
|
Step 12 |
Choose whether to
archive the existing binaries and database in case this installation does not
succeed. The default and recommended choice is
Yes or
y:
If you
choose to archive the files, specify the archive directory. The default
directories are:
-
Windows—Local cluster (C:\NetworkRegistrar\Local.sav);
Regional cluster (C:\NetworkRegistrar\Regional.sav). Click
Next.
-
Solaris
and Linux—Local cluster (/opt/nwreg2/local.sav); Regional cluster (/opt/nwreg2/regional.sav)
|
Step 13 |
Choose the appropriate
installation type: server and client (the default), or client-only:
-
Windows—Choose
Both
server and client (default) or
Client
only. Click
Next. The Select Port window appears.
-
Solaris
and Linux—Entering
1
installs the server and client (the default), or
2
installs the client only.
Note
|
Choose
Client
only in a situation where you want the client software running on a
different machine than the protocol servers. Be aware that you must then set up
a connection to the protocol servers from the client.
|
|
Step 14 |
Enter CCM
management SCP port number that the server agent uses for internal
communication between servers. The default value is 1234 for local cluster and
1244 for regional cluster.
|
Step 15 |
Enter the location of the Java installation (JRE) 1.6 or
JDK selected in
Step 2.
(The installation or upgrade process tries to detect the location.):
-
Windows—A dialog box reminds you of the Java requirements. Click
OK
and then choose the default Java directory or another one. Click
OK. The Select Connection Type window appears.
-
Solaris
and Linux—Enter the Java installation location.
Note
|
Do not
include the bin subdirectory in the path. If you install a new Java version or
change its location, rerun the
Cisco Prime Network
Registrar
installer then specify the new location in this step.
|
|
Step 16 |
Choose whether to enable the web UI to use a nonsecure
(HTTP) or secure (HTTPS) connection for web UI logins:
-
Windows—Choose
Non-secure/HTTP (default),
Secure/HTTPS (requires JSSE), or
Both
HTTP and HTTPS.
-
Solaris
and Linux—Enter
1
for Non-secure/HTTP (default),
2
for Secure/HTTPS (requires JSSE), or
3
for both HTTP and HTTPS .
Enabling
the secure HTTPS configures security for connecting to the Apache Tomcat web
server (see
Step 3
for configuration). (To change the connection type, rerun the installer, and
then make a different choice at this step.)
-
If you
choose HTTPS, or HTTP and HTTPS, click
Next and continue with
Step
17.
-
If you
choose the default HTTP connection, click
Next, and go to
Step
18.
|
Step 17 |
If you
enabled HTTPS web UI connectivity, you are prompted for the location of the
necessary keystore and keystore files:
-
For the
keystore location, specify the fully qualified path to the keystore file that
contains the certificate(s) to be used for the secure connection to the Apache
Tomcat web server. This is the keystore file that you created in
Step
3.
-
For the
keystore password, specify the password given when creating the keystore file.
On Windows, click
Next.
Caution
|
Do not
include a dollar sign ($) in the keystore password as it will result in an
invalid configuration on the Apache Tomcat web server.
|
|
Step 18 |
Enter a port
number for the web UI connection. The defaults are:
|
Step 19 |
Choose
Yes if
you want to enable the
Cisco Prime Network
Registrar
web services.
|
Step 20 |
Select the
security mode to be configured.
Optional.
Allow fallback to unsecure connection is selected by default. Click
Next.
|
Step 21 |
If you are
installing a regional, select
Yes to
enable BYOD service.
Note
|
Enabling
BYOD service option is available only in Windows and Linux.
|
The
Cisco Prime Network
Registrar
installation process begins. (Solaris prompts you to verify that you want to
continue with the installation.) Status messages report that the installer is
transferring files and running scripts. This process may take a few minutes:
-
Windows—The Setup Complete window appears. Choose
Yes, I
want to restart my computer now or
No, I
will restart my computer later, and then click
Finish.
-
Solaris
and Linux—Successful completion messages appear.
Note
|
When you
upgrade
Cisco Prime Network
Registrar,
the upgrade process takes place during the installation. Therefore, the
installation and upgrade processes take a longer time depending on the number
of scopes, prefixes, and reservations that you have configured.
|
|
Step 22 |
Verify the status of
the
Cisco Prime Network
Registrar
servers:
-
Windows—In the Services control panel, verify that the
Cisco Prime Network
Registrar
Local Server Agent or
Cisco Prime Network
Registrar
Regional Server Agent is running after rebooting the system when the
installation has completed successfully.
-
Solaris
and Linux—Use the install-path/usrbin/cnr_status command to verify status. See
Starting and Stopping Servers.
If the
upgrade fails, you can revert to the earlier
Cisco Prime Network
Registrar
version. For details about reverting to the earlier version, see the
Reverting to an Earlier Product Version.
|