|
Table Of Contents
Installation and Upgrade Guide for CiscoWorks Network Compliance Manager Gateway 1.2.1
Using the Old Gateway with NCM 1.2.1
Obtaining Documentation, Obtaining Support, and Security Guidelines
Installation and Upgrade Guide for CiscoWorks Network Compliance Manager Gateway 1.2.1
August, 2007
The CiscoWorks Network Compliance Manager (NCM) Gateway enables an NCM Core to manage servers that are behind one or more NAT devices or firewalls. It does this by creating persistent TCP tunnels between the NCM Gateway instances.
This guide contains instructions for installing NCM Gateway 1.2.1 and information for upgrading from previous releases of NCM Gateway to release 1.2.1.
Note All documentation, including this document and any or all of the parts of the NCM documentation set, might be upgraded over time. Therefore, we recommend you access the NCM documentation set using the Cisco.com URL: http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html.
In addition, the Docs tab visible from within Network Compliance Manager might not include links to the latest documents.
Contents
This guide contains the following sections:
• Installing a Non-root Gateway
• Obtaining Documentation, Obtaining Support, and Security Guidelines
Getting Started
This Gateway release supports NCM Version 1.2.1 and later.
The Gateway is supported on the following platforms:
•RedHat-Linux-3AS
•RedHat-Linux-4AS
•SuSE-Linux-9ES
•SunOS-5.9
•SunOS-5.10
Terminology
The following terms are used in this guide:
Realm: A collection of networks with no overlapping IP addresses.
Gateway: An application that routes IP traffic to other Gateways.
Gateway Mesh: A collection of Gateways that route traffic between themselves.
Core Gateway: A Gateway running in the same Realm with an NCM Core.
Satellite Gateway: A Gateway running in a Realm that does not have an NCM Core.
Non-Root Gateway: A Gateway that connects to a Root Gateway.
Gateway Crypto file: Private and Public keys for SSL Gateway communication.
Installing the Root Gateway
To install a Root Gateway in the same Realm with an NCM Core, in an xterm (no DISPLAY required) do the following:.
Step 1 Enter:
unzip cisco_gw-34.3.0.4-1.zip
Archive:
cisco_gw-34.3.0.4-1.zip
extracting: install.pl
...
Step 2 Enter:
perl install.pl
The screen displays:
Welcome to the NCM Gateway Installer
Supported Platforms:
1) RedHat-Linux-3AS
2) RedHat-Linux-4AS
3) SuSE-Linux-9ES
4) SunOS-5.10
5) SunOS-5.9
Platform? (1/2/3/4/5) [1]
Step 3 Enter the number for the platform on which you want to install NCM Gateway or press Return to select the default RedHat-Linux 3AS. The screen displays:
Are you installing the Root Gateway? (y/n) [n]
Step 4 Enter y. The screen displays:
Directory to save the Gateway crypto data file? [/tmp/gw]
Step 5 Enter a directory path or just press Return to use /tmp/gw. The screen displays:
New Password for the Gateway crypto data file?
Step 6 Enter a password to secure the Gateway Mesh. The screen displays:
Re-enter New Password for the Gateway crypto data file?
Step 7 Re-enter the password. The screen displays:
Gateway name for this gateway?
Step 8 Enter a name for the gateway being installed. The screen displays:
Realm name for this gateway?
Step 9 Enter the realm name where the gateway is being installed. The screen displays:
License filename for this gateway?
Step 10 Enter the full path and filename of the license file. The screen displays:
IP address or hostname of the NCM core?
Step 11 Enter the DNS hostname or IP address of the NCM Core that will connect to this gateway. The screen displays:
These are the network interfaces on this machine:
eth0 Link encap:Ethernet HWaddr 00:07:E9:12:C8:D7
inet addr:10.255.132.253 Bcast:10.255.132.255 Mask:255.255.255.0
...
IP address to connect to the gateway on this machine? [10.255.132.253]
Step 12 Enter the IP address for other gateways to connect to this gateway. The screen displays:
No more questions. Completing install...
Unpacking installer...
...
Gateway crypto data file (opswgw-crypto.tgz.e) moved to /tmp/gw/
NCM Gateway Install completed.
Step 13 The Gateway crypto data file will be needed for Non-root gateway installs. Keep this data file in a secure location to secure the IP traffic between gateways.
Step 14 NCM needs a private key for the administration port of the Root Gateway. Copy the file saOPSWgw*/certificates/opswgw-mngt-server.pkcs8 for later use.
Installing a Non-root Gateway
Install a Non-Root Gateway in every Realm that does NOT have an NCM Core. In an xterm (no DISPLAY required) do the following:
Step 1 Enter:
unzip cisco_gw-34.3.0.4-1.zip
Archive:
cisco_gw-34.3.0.4-1.zip
extracting: install.pl
...
Step 2 Enter:
perl install.pl
The screen displays:
Welcome to the NCM Gateway Installer
Supported Platforms:
1) RedHat-Linux-3AS
2) RedHat-Linux-4AS
3) SuSE-Linux-9ES
4) SunOS-5.10
5) SunOS-5.9
Platform? (1/2/3/4/5) [1]
Step 3 Enter the number for the platform on which you want to install NCM Gateway or press Return to select the default RedHat-Linux 3AS. The screen displays:
Are you installing the Root Gateway? (y/n) [n]
Step 4 Enter n or press Return. The screen displays:
Non-Root installs require the directory of the Gateway crypto data file created during the Root Gateway install.
If the directory has a : then scp will be used to copy the file.
Directory of the Gateway crypto data file? [/tmp]
Step 5 Enter the path to the crypto data file. If the Root Gateway was installed on host foo and crypto data file saved in /tmp/gw , then enter foo:/tmp/gw/opswgw-crypto.tgz.e. The screen displays:
Password for the Gateway crypto data file?
Step 6 Enter the password used when installing the Root Gateway. See Step 6 above. The screen displays:
Gateway name for this gateway?
Step 7 Enter a name for the gateway being installed. The screen displays:
Realm name for this gateway?
Step 8 Enter the realm name where the gateway is being installed. The screen displays:
License filename for this gateway?
Step 9 Enter the full path to the license file. The screen displays:
IP address to connect to the root gateway?
Step 10 Enter the DNS hostname or IP address of the Root Gateway that this gateway will connect to. See Step 11 above. The screen displays:
No more questions. Completing install...
Unpacking installer...
...
NCM Gateway Install completed.
Configuring NCM
To configure NCM after a gateway is installed, do the following:
Step 1 Login to host where NCM is installed.
Step 2 Copy the file opswgw-mngt-server.pkcs8 from the Root Gateway to the root of the NCM installation, typically C:\Rendition.
Step 3 Log in to NCM as an Administrator.
Step 4 Navigate Go to Admin > Administrative Settings > Device Access.
Step 5 Scroll to the bottom to the section Gateway Mesh.
Step 6 For the Local Gateway Host enter the DNS hostname or IP address for the Root Gateway.
Step 7 Click Save.
Step 8 To test whether NCM can communicate with the Root Gateway navigate Devices > New Device.
Step 9 Scroll down to the section Connection Information. If there is a select list after IP Address or Hostname for Realm then NCM is successfully communicating with the Root Gateway.
Upgrading NCM Gateway 1.2.1
This section describes the steps to upgrade from a previous version of NCM Gateway to NCM Gateway 1.2.1. It includes the following:
• Using the Old Gateway with NCM 1.2.1
Removing the Old Gateway
NCM 1.2.1 uses a new secure gateway to manage remote devices. To install the new secure gateway, first remove the old gateway. Do the following:
Step 1 Stop the gateway process. Find the gateway process, which is called opswgw with ps and use kill to terminate it.
% ps ax | grep opswgw
8715 ? Ss 0:00 opswgw --PropertiesFile /some/where/opswgw.properties
% kill 8715
Step 2 Remove any startup script you may have created to automatically start the gateway when the gateway host machine boots up.
Installing the New Gateway
To install NCM Gateway 1.2.2, follow the instructions in the "Installing the Root Gateway" section.
Using the Old Gateway with NCM 1.2.1
NCM 1.2.1 can use the old insecure gateway if you set the private key filename to the empty string as follows:
Step 1 Login to NCM as an Administrator.
Step 2 Navigate Admin > Administrative Settings > Device Access.
Step 3 Scroll to the bottom to the section Gateway Mesh.
Step 4 For the Local Gateway Host enter the DNS hostname or IP address for the Root Gateway.
Step 5 For the Gateway Admin Private Key Filename set the empty string (erase the filename specified there).
Step 6 Click Save.
Step 7 To test whether NCM can communicate with the Root Gateway navigate Devices >New Device.
Step 8 Scroll down to the section Connection Information. If there is a select list after IP Address or Hostname for Realm then NCM is successfully communicating with the Root Gateway.
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007 Cisco Systems, Inc. All rights reserved.
Posted: Tue Sep 25 21:27:46 PDT 2007
All contents are Copyright © 1992--2007 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.