To convert a redundant NFM-P system to IPv6

Description

The following steps describe how to change the communication between components in a redundant NFM-P system from IPv4 to IPv6. Ensure that you record the information that you specify, for example, directory names, passwords, and IP addresses.

Note: You require the following user privileges:

  • on each main and auxiliary server station — root, nsp

  • on each main database station — root

Note: The following RHEL CLI prompts in command lines denote the active user, and are not to be included in typed commands:

  • # —root user

  • bash$ —nsp user

Steps
Disable automatic startup, standby main server
 

Prevent the standby main server from starting in the event of a power disruption during the conversion.

  1. Log in as the root user on the standby main server station.

  2. Open a console window.

  3. Enter the following:

    systemctl disable nspos-nspd.service ↵

  4. Enter the following:

    systemctl disable nfmp-main-config.service ↵

  5. Enter the following:

    systemctl disable nfmp-main.service ↵


Stop standby main server
 

Stop the standby main server.

  1. Enter the following to switch to the nsp user:

    su - nsp ↵

  2. Enter the following:

    bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

  3. Enter the following:

    bash$ ./nmsserver.bash stop ↵

  4. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully stopped if the status is the following:

    Application Server is stopped

    If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.

  5. Enter the following to switch back to the root user:

    bash$ su ↵

  6. If the NFM-P is not part of a shared-mode NSP deployment, enter the following to display the nspOS service status:

    nspdctl status ↵

    Information like the following is displayed.

    Mode:     DR

    Role:     redundancy_role

    DC-Role:  dc_role

    DC-Name:  dc_name

    Registry: IP_address:port

    State:    stopped

    Uptime:   0s

    SERVICE           STATUS

    service_a         inactive

    service_b         inactive

    service_c         inactive

    You must not proceed to the next step until all NSP services are stopped; if the State is not ‘stopped’, or the STATUS indicator of each listed service is not ‘inactive’, repeat this substep.


Stop reserved auxiliary servers
 

If the NFM-P system includes auxiliary servers, perform the following steps on each reserved auxiliary server station.

  1. Log in to the auxiliary server station as the nsp user.

  2. Open a console window.

  3. Enter the following:

    bash$ /opt/nsp/nfmp/auxserver/nms/bin/auxnmsserver.bash auxstop ↵

    The auxiliary server stops.


Stop standby main database
 

Stop the standby database and proxy services.

  1. Log in to the standby main database station as the root user.

  2. Open a console window.

  3. Enter the following to stop the Oracle proxy:

    systemctl stop nfmp-oracle-proxy.service ↵

  4. Enter the following to stop the main database:

    systemctl stop nfmp-main-db.service ↵


Disable automatic startup, primary main server
 

Prevent the primary main server from starting in the event of a power disruption during the conversion.

  1. Log in to the primary main server station as the root user.

  2. Open a console window.

  3. Enter the following:

    systemctl disable nspos-nspd.service ↵

  4. Enter the following:

    systemctl disable nfmp-main-config.service ↵

  5. Enter the following:

    systemctl disable nfmp-main.service ↵


Stop primary main server
 

Stop the primary main server.

Note: This step marks the beginning of the network management outage.

  1. Enter the following to switch to the nsp user:

    su - nsp ↵

  2. Enter the following:

    bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

  3. Enter the following:

    bash$ ./nmsserver.bash stop ↵

  4. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully stopped if the status is the following:

    Application Server is stopped

    If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.

  5. Enter the following to switch back to the root user:

    bash$ su ↵

  6. If the NFM-P is not part of a shared-mode NSP deployment, enter the following to display the nspOS service status:

    nspdctl status ↵

    Information like the following is displayed.

    Mode:     DR

    Role:     redundancy_role

    DC-Role:  dc_role

    DC-Name:  dc_name

    Registry: IP_address:port

    State:    stopped

    Uptime:   0s

    SERVICE           STATUS

    service_a         inactive

    service_b         inactive

    service_c         inactive

    You must not proceed to the next step until all NSP services are stopped; if the State is not ‘stopped’, or the STATUS indicator of each listed service is not ‘inactive’, repeat this substep.


Stop preferred auxiliary servers
 

If the NFM-P system includes auxiliary servers, perform the following steps on each preferred auxiliary server station.

  1. Log in as the nsp user.

  2. Open a console window.

  3. Enter the following:

    bash$ /opt/nsp/nfmp/auxserver/nms/bin/auxnmsserver.bash auxstop ↵

    The auxiliary server stops.


Stop primary main database
 

Stop the primary database and proxy services.

  1. Log in to the primary main database station as the root user.

  2. Open a console window.

  3. Enter the following to stop the Oracle proxy:

    systemctl stop nfmp-oracle-proxy.service ↵

  4. Enter the following to stop the main database:

    systemctl stop nfmp-main-db.service ↵


Update auxiliary database IP addresses
 

If the NFM-P includes an auxiliary database, perform the NSP System Administrator Guide procedure that describes changing the auxiliary database external IP addresses.


Configure primary main database
 
10 

Enter the following:

samconfig -m db ↵

The following is displayed:

Start processing command line inputs...

<db>


11 

Enter the following:

<db> configure ip address

where address is the IPv6 address of this database

The prompt changes to <db configure>.


12 

Enter the following, and then enter back ↵:

<db configure> redundant ip address

where address is the IPv6 address of the peer database


13 

To enable IP validation, which restricts the server components that have access to the main database; configure the parameters in the following table, and then enter back ↵.

Note: For security reasons, it is strongly recommended that you enable IP validation.

Note: When you enable IP validation on an NFM-P system that includes auxiliary servers, NSP Flow Collectors, or analytics servers, you must configure the remote-servers parameter; otherwise, the servers cannot reach the database.

Table 17-9: Primary database parameters —
ip-validation

Parameter

Description

main-one

Public IPv6 address of primary main server

Configuring the parameter enables IP validation.

main-two

Public IPv6 address of standby main server

remote-servers

Comma-separated list of the IPv6 address of each of the following components that must connect to the database:

  • auxiliary servers

  • NSP Flow Collectors

  • NSP analytics servers


14 

To enable the forwarding of NFM-P system metrics to the NSP; configure the parameters in the following table, and then enter back ↵.

Note: The parameters are required only for a distributed main database, so are not shown or configurable if the main server and database are collocated.

Table 17-10: Primary database parameters —
tls

Parameter

Description

keystore-pass

The TLS keystore password

Default: available from technical support

pki-server

The PKI server IP address or hostname

You must configure the parameter.

Default: —

pki-server-port

The TCP port on which the PKI server listens for and services requests

Default: 2391


15 

Verify the database configuration.

  1. Enter the following:

    <db configure> show-detail ↵

    The database configuration is displayed.

  2. Review each parameter to ensure that the value is correct.

  3. Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.

  4. When you are certain that the configuration is correct, enter the following:

    <db configure> back ↵

    The prompt changes to <db>.


16 

Enter the following to apply the configuration changes:

<db> apply ↵

The changes are applied.


17 

Enter the following:

<db> exit ↵

The samconfig utility closes.


18 

Enter the following:

ssh-keyscan -t rsa standby_database_IPv6_address >>/opt/nsp/nfmp/oracle19/.ssh/known_hosts

where standby_database_IPv6_address is the IPv6 address that you are assigning to the standby main database


Configure primary main server
 
19 

Log in as the root user on the primary main server station.


20 

Open a console window.


21 

Enter the following:

samconfig -m main ↵

The following is displayed:

Start processing command line inputs...

<main> 


22 

Enter the following:

<main> configure ip address

where address is the main server IPv6 address that each database must use to reach the main server

The prompt changes to <main configure>.


23 

As required, configure the client parameters as described in the following table, and then enter back ↵.

Table 17-11: Primary main server parameters —
client

Parameter

Description

nat

Not applicable to IPv6

If the parameter is enabled, disable the parameter.

hostname

The main server hostname, if the GUI clients, XML API clients, and auxiliary servers are to use hostnames, rather than IP addresses, for communication with the main server

Modify the value if the hostname changes as part of the conversion to IPv6.

If the TLS certificate contains the FQDN, you must use the FQDN value to configure the hostname parameter.

public-ip

The IPv6 address that the GUI and XML API clients must use to reach the main server

The parameter is configurable and mandatory when the hostname parameter is unconfigured.

delegates

A list of the client delegate servers, in the following format:

address1;path1,address2;path2...addressN;pathN

where

an address value is a client delegate server IP address

a path value is the absolute file path of the client delegate server installation location

Replace each IPv4 address with the appropriate IPv6 address.


24 

Enter the following, and then enter back ↵:

<main configure> database ip address

where address is the IPv6 address of the primary database


25 

To enable IPv6 for communication with the managed network, enter the following, and then enter back ↵:

<main configure> mediation snmp-ipv6 address

where address is the main server IPv6 address that the managed NEs must use to reach the main server


26 

To disable IPv4 for communication with the managed network, perform the following steps.

  1. Enter the following:

    <main configure> mediation no snmp-ipv4 ↵

  2. Enter the following:

    <main configure mediation> no nat ↵

  3. Enter the following:

    <main configure mediation> back ↵

    The prompt changes to <main configure>.


27 

Perform one of the following.

  1. If the NFM-P system does not include auxiliary servers, and the XML API clients require IPv6 access, enter the following, and then enter back ↵:

    <main configure> oss public-ip address

    where address is the IPv6 address that the XML API clients must use to reach the main server

  2. If the NFM-P system includes auxiliary servers, configure the aux parameters in the following table, and then enter back ↵.

    Table 17-12: Primary main server parameters —
    aux

    Parameter

    Description

    ip-to-auxes

    The primary main server IPv6 address that the auxiliary servers must use to reach the main server

    Default: —

    preferred-list

    Comma-separated list of Preferred auxiliary server IPv6 addresses

    Default: —

    reserved-list

    Comma-separated list of Reserved auxiliary server IPv6 addresses

    Default: —

    peer-list

    Comma-separated list of Remote auxiliary server IPv6 addresses

    Default: —


28 

If required, configure the tls parameters in the following table, and then enter back ↵.

Table 17-13: Primary main server parameters —
tls

Parameter

Description

keystore-file

The absolute path of the TLS keystore file

To enable automated TLS deployment, enter no keystore-file.

Default: —

keystore-pass

The TLS keystore password

Default: available from technical support

truststore-file

The absolute path of the TLS truststore file

To enable automated TLS deployment, enter no truststore-file.

Default: —

truststore-pass

The TLS truststore password

Default: available from technical support

alias

The alias specified during keystore generation

You must configure the parameter.

Default: —

pki-server

The PKI server IP address or hostname

Default: —

pki-server-port

The TCP port on which the PKI server listens for and services requests

Default: 2391

hsts-enabled

Whether HSTS browser security is enabled

Default: false


29 

If the NFM-P includes an auxiliary database, enter the following, and then enter back ↵:

Note: In a geo-redundant auxiliary database deployment, the order of the IP addresses must be the same on each main server in the geo-redundant system.

<main configure> auxdb ip-list cluster_1_IP1,cluster_1_IP2,cluster_1_IPn;cluster_2_IP1,cluster_2_IP2,cluster_2_IPn

where

cluster_1_IP1, cluster_1_IP2,cluster_1_IPn are the external IPv6 addresses of the stations in one cluster

cluster_2_IP1, cluster_2_IP2,cluster_2_IPn are the external IPv6 addresses of the stations in the geo-redundant cluster; required only for geo-redundant auxiliary database


30 

Enter the following:

<main configure> redundancy enabled ↵

The prompt changes to <main configure redundancy>.


31 

Enter the following:

<main configure redundancy> ip-to-peer address

where address is the IPv6 address that the peer main server must use to reach this main server for general communication


32 

Enter the following:

<main configure redundancy> rsync-ip address

where address is the IPv6 address that the peer main server must use to reach this main server for data synchronization


33 

Enter the following, and then enter back ↵:

<main configure redundancy> database ip address

where address is the IPv6 address of the standby database


34 

Configure the peer-server redundancy parameters in the following table, and then enter back ↵.

Table 17-14: Primary main server parameters —
redundancy, peer-server

Parameter

Description

ip

The IPv6 address that this main server must use to reach the peer main server for general communication

Default: —

rsync-ip

The IPv6 address that this main server must use to reach the peer main server for data synchronization

Default: —

public-ip

The IPv6 address that the GUI and XML API clients must use to reach the peer main server

The parameter is configurable if the public-ip parameter is configured in Step 23.

Default: —

hostname

The hostname that the GUI and XML API clients must use to reach the peer main server

The parameter is configurable if the hostname parameter is configured in Step 23.

Default: —

ip-to-auxes

The IPv6 address that the auxiliary servers must use to reach the peer main server

You must configure the parameter If the NFM-P system includes one or more auxiliary servers.

Default: —

snmp-ipv6

The IPv6 address that the managed NEs must use to reach the peer main server

Configure the parameter only if you need to enable IPv6 for communication with managed NEs


35 

Enter the following:

<main configure redundancy> back ↵

The prompt changes to <main configure>.


36 

Configure the nspos parameters in the following table, and then enter back ↵.

Table 17-15: Primary main server parameters —
nspos

Parameter

Description

ip-list

The nspOS-server IP addresses, separated by a semicolon

Specify only one IP address for a standalone NSP system.

  • If the NFM-P system is in a shared-mode NSP deployment specify the advertised address of each NSP cluster.

  • If the NSP system includes only the NFM-P, specify the main server private IP address.

Default: —

address-to-nspos

The main server IP address that is reachable by the nspOS server

Default: —

secure

Whether communication with the nspOS servers is secured using TLS

Default: false

internal-certs

Whether internal certificates are used to secure nspOS communication between components; the parameter is configurable when the secure parameter is set to true.

The parameter is deprecated, and must be set to the same value as the secure parameter.

Default: false

dc-name

The nspOS DR data center name for aligning NSP components with the local NFM-P main server; must match the dcName value in the NSP configuration file

The parameter is required only in a redundant deployment; however, in a shared-mode deployment, it is recommended that you configure the parameter, regardless of the NFM-P deployment type.

Default: —


37 

Configure the remote-syslog parameters in the following table, and then enter back ↵.

Table 17-16: Standalone main server parameters —
remote-syslog

Parameter

Description

enabled

Enable the forwarding of the NFM-P User Activity logs in syslog format to a remote server

Default: disabled

syslog-host

Remote syslog server hostname or IP address

Default: —

syslog-port

Remote server TCP port

Default: —

ca-cert-path

Absolute local path of public CA TLS certificate file copied from remote server

The file requires nsp:nsp ownership.


38 

Configure the server-logs-to-remote-syslog parameters in the following table, and then enter back ↵.

Table 17-17: Standalone main server parameters —
server-logs-to-remote-syslog

Parameter

Description

enabled

Enable the forwarding of the NFM-P server logs in syslog format to a remote server

Default: disabled

secured

Whether the communication with the remote server is TLS-secured

Default: disabled

syslog-host

Remote syslog server hostname or IP address

Default: —

syslog-port

Remote server TCP port

Default: —

ca-cert-path

Absolute local path of public CA TLS certificate file copied from remote server

The file requires nsp:nsp ownership.


39 

Verify the main server configuration.

  1. Enter the following:

    <main configure> show-detail ↵

    The main server configuration is displayed.

  2. Review each parameter to ensure that the value is correct.

  3. Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.

  4. When you are certain that the configuration is correct, enter the following:

    <main configure> back ↵

    The prompt changes to <main>.


40 

Enter the following:

<main> apply ↵

The configuration is applied.


41 

Enter the following:

<main> exit ↵

The samconfig utility closes.


Enable Windows Active Directory access
 
42 

If you use Windows Active Directory for single-sign-on client access to the NFM-P, open the following file with a plain-text editor such as vi:

/opt/nsp/os/install/config.json

Otherwise, go to Step 48.


43 

Change the IPv4 addresses to IPv6 addresses, as required.


44 

Save and close the file.


45 

Enter the following:

samconfig -m main ↵

The following is displayed:

Start processing command line inputs...

<main> 


46 

Enter the following:

<main> apply ↵

The configuration is applied.


47 

Enter the following:

<main> exit ↵

The samconfig utility closes.


Configure preferred auxiliary servers
 
48 

If the NFM-P system does not include auxiliary servers, go to Step 63. Otherwise, perform Step 49 to Step 61 on each preferred auxiliary server station.


49 

Log in as the root user.


50 

Open a console window.


51 

Enter the following:

samconfig -m aux ↵

The following is displayed:

Start processing command line inputs...

<aux> 


52 

Enter the following:

<aux> configure ip address

where address is the auxiliary server IPv6 address that the managed NEs must use to reach the auxiliary server

The prompt changes to <aux configure>.


53 

Enter the following:

<aux configure> main-server ip-one address

where address is the IPv6 address that the auxiliary server must use to reach the primary main server

The prompt changes to <aux configure main-server>.


54 

Enter the following, and then enter back ↵:

<aux configure main-server> ip-two address

where address is the IPv6 address that the auxiliary server must use to reach the standby main server


55 

Enter the following:

<aux configure> data-sync local-ip address

where address is the IPv6 address of the interface on this station that the peer auxiliary server in an auxiliary server pair must use to reach this auxiliary server

The prompt changes to <aux configure data-sync>.


56 

Enter the following, and then enter back ↵:

<aux configure data-sync> peer-ip address

where address is the IPv6 address of the interface on the peer auxiliary server station in an auxiliary server pair that this auxiliary server must use to reach the other auxiliary server


57 

Configure the tls parameters in the following table, and then enter back ↵.

Table 17-18: Auxiliary server parameters —
tls

Parameter

Description

keystore-file

The absolute path of the TLS keystore file

To enable automated TLS deployment, enter no keystore-file.

Default: —

keystore-pass

The TLS keystore password

Default: available from technical support

pki-server

The PKI server IP address or hostname

Default: —

pki-server-port

The TCP port on which the PKI server listens for and services requests

Default: 2391


58 

If the XML API clients require IPv6 access, enter the following, and then enter back ↵:

<aux configure> oss public-ip address

where address is the IPv6 address that the XML API clients must use to reach the auxiliary server

The prompt changes to <aux configure oss>.


59 

Verify the auxiliary server configuration.

  1. Enter the following:

    <aux configure> show-detail ↵

    The auxiliary server configuration is displayed.

  2. Review each parameter to ensure that the value is correct.

  3. Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.

  4. When you are certain that the configuration is correct, enter the following:

    <aux configure> back ↵

    The prompt changes to <aux>.


60 

Enter the following:

<aux> apply ↵

The configuration is applied.


61 

Enter the following:

<aux> exit ↵

The samconfig utility closes.


Start preferred auxiliary servers
 
62 

If the NFM-P system includes auxiliary servers, perform the following steps on each preferred auxiliary server station.

  1. Log in as the nsp user.

  2. Open a console window.

  3. Enter the following:

    bash$ /opt/nsp/nfmp/auxserver/nms/bin/auxnmsserver.bash auxstart ↵

    The auxiliary server starts.


Enable automatic startup, primary main server
 
63 

Enable the automatic startup of the primary main server.

  1. Log in as the nsp user on the primary main server station.

  2. Open a console window.

  3. Enter the following to disable the main server startup:

    systemctl enable nfmp-main.service ↵


Start primary main server
 
64 

Start the primary main server.

Note: The primary main server startup marks the end of the network management outage.

  1. Enter the following on the standby main server station:

    su - nsp ↵

  2. Enter the following:

    bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

  3. Enter the following:

    bash$ ./nmsserver.bash start ↵

  4. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully initialized if the status is the following:

    Application Server process is running.  See nms_status for more detail.

    If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.


Configure standby main database
 
65 

Log in as the root user on the standby main database station.


66 

Open a console window.


67 

Enter the following:

samconfig -m db ↵

The following is displayed:

Start processing command line inputs...

<db>


68 

Enter the following:

<db> configure ip address

where address is the IPv6 address that the other NFM-P components must use to reach the standby main database

The prompt changes to <db configure>.


69 

Enter the following:

<db configure> redundant ip address

where address is the IPv6 address of the primary database

The prompt changes to <db configure redundant>.


70 

Enter the following, and then enter back ↵:

<db configure redundant> instance instance_name

where instance_name is the primary database instance name


71 

To enable IP validation, which restricts the server components that have access to the main database; configure the parameters in the following table, and then enter back ↵.

Note: For security reasons, it is strongly recommended that you enable IP validation.

Note: When you enable IP validation on an NFM-P system that includes auxiliary servers, NSP Flow Collectors, or analytics servers, you must configure the remote-servers parameter; otherwise, the servers cannot reach the database.

Table 17-19: Standby database parameters —
ip-validation

Parameter

Description

main-one

Public IPv6 address of standby main server

Configuring the parameter enables IP validation.

main-two

Public IPv6 address of primary main server

remote-servers

Comma-separated list of the IPv6 address of each of the following components that must connect to the database:

  • auxiliary servers

  • NSP Flow Collectors

  • NSP analytics servers


72 

To enable the forwarding of NFM-P system metrics to the NSP; configure the parameters in the following table, and then enter back ↵.

Note: The parameters are required only for a distributed main database, so are not shown or configurable if the main server and database are collocated.

Table 17-20: Standby database parameters —
tls

Parameter

Description

keystore-pass

The TLS keystore password

Default: available from technical support

pki-server

The PKI server IP address or hostname

You must configure the parameter.

Default: —

pki-server-port

The TCP port on which the PKI server listens for and services requests

Default: 2391


73 

Verify the database configuration.

  1. Enter the following:

    <db configure> show-detail ↵

    The database configuration is displayed.

  2. Review each parameter to ensure that the value is correct.

  3. Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.

  4. When you are certain that the configuration is correct, enter the following:

    <db configure> back ↵

    The prompt changes to <db>.


74 

Enter the following to apply the configuration changes:

<db> apply ↵

The changes are applied.


75 

Enter the following:

<db> exit ↵

The samconfig utility closes.


76 

Enter the following:

ssh-keyscan -t rsa primary_database_IPv6_address >>/opt/nsp/nfmp/oracle19/.ssh/known_hosts

where primary_database_IPv6_address is the IPv6 address of the primary main database


Configure standby main server
 
77 

Log in to the standby main server station as the root user.


78 

Open a console window.


79 

Enter the following:

samconfig -m main ↵

The following is displayed:

Start processing command line inputs...

<main> 


80 

Enter the following:

<main> configure ip address

where address is the main server IPv6 address that each database must use to reach the main server

The prompt changes to <main configure>.


81 

As required, configure the client parameters as described in the following table, and then enter back ↵.

Table 17-21: Standby main server parameters —
client

Parameter

Description

nat

Not applicable to IPv6

If the parameter is enabled, disable the parameter.

hostname

The main server hostname, if the GUI clients, XML API clients, and auxiliary servers are to use hostnames, rather than IP addresses, for communication with the main server

Modify the value if the hostname changes as part of the conversion to IPv6.

If the TLS certificate contains the FQDN, you must use the FQDN value to configure the hostname parameter.

public-ip

The IPv6 address that the GUI and XML API clients must use to reach the main server

The parameter is configurable and mandatory when the hostname parameter is unconfigured.

delegates

A list of the client delegate servers, in the following format:

address1;path1,address2;path2...addressN;pathN

where

an address value is a client delegate server IP address

a path value is the absolute file path of the client delegate server installation location

Replace each IPv4 address with the appropriate IPv6 address.


82 

Enter the following, and then enter back ↵:

<main configure> database ip address

where address is the IPv6 address of the standby database


83 

If you need to enable IPv6 for communication with the managed network, enter the following, and then enter back ↵:

<main configure> mediation snmp-ipv6 address

where address is the main server IPv6 address that the managed NEs must use to reach the main server


84 

If you need to disable IPv4 for communication with the managed network, perform the following steps.

  1. Enter the following:

    <main configure mediation> no snmp-ipv4 ↵

  2. Enter the following:

    <main configure mediation> no nat ↵

  3. Enter the following:

    <main configure mediation> back ↵


85 

Perform one of the following.

  1. If the NFM-P system does not include auxiliary servers, and the XML API clients require IPv6 access, enter the following, and then enter back ↵:

    <main configure> oss public-ip address

    where address is the IPv6 address that the XML API clients must use to reach the main server

  2. If the NFM-P system includes auxiliary servers, configure the aux parameters in the following table, and then enter back ↵.

    Table 17-22: Standby main server parameters —
    aux

    Parameter

    Description

    ip-to-auxes

    The primary main server IPv6 address that the auxiliary servers must use to reach the main server

    Default: —

    preferred-list

    Comma-separated list of Preferred auxiliary server IPv6 addresses

    Default: —

    reserved-list

    Comma-separated list of Reserved auxiliary server IPv6 addresses

    Default: —

    peer-list

    Comma-separated list of Remote auxiliary server IPv6 addresses

    Default: —


86 

Configure the tls parameters in the following table, and then enter back ↵.

Table 17-23: Standby main server parameters —
tls

Parameter

Description

keystore-file

The absolute path of the TLS keystore file

To enable automated TLS deployment, enter no keystore-file.

Default: —

keystore-pass

The TLS keystore password

Default: available from technical support

truststore-file

The absolute path of the TLS truststore file

To enable automated TLS deployment, enter no truststore-file.

Default: —

truststore-pass

The TLS truststore password

Default: available from technical support

alias

The alias specified during keystore generation

You must configure the parameter.

Default: —

pki-server

The PKI server IP address or hostname

Default: —

pki-server-port

The TCP port on which the PKI server listens for and services requests

Default: 2391

hsts-enabled

Whether HSTS browser security is enabled

Default: false


87 

If the NFM-P includes an auxiliary database, enter the following, and then enter back ↵:

Note: In a geo-redundant auxiliary database deployment, the order of the IP addresses must be the same on each main server in the geo-redundant system.

<main configure> auxdb ip-list cluster_1_IP1,cluster_1_IP2,cluster_1_IPn;cluster_2_IP1,cluster_2_IP2,cluster_2_IPn

where

cluster_1_IP1, cluster_1_IP2,cluster_1_IPn are the external IPv6 addresses of the stations in one cluster

cluster_2_IP1, cluster_2_IP2,cluster_2_IPn are the external IPv6 addresses of the stations in the geo-redundant cluster; required only for geo-redundant auxiliary database


88 

Enter the following:

<main configure> redundancy enabled ↵

The prompt changes to <main configure redundancy>.


89 

Enter the following:

<main configure redundancy> ip-to-peer address

where address is the IPv6 address that the peer main server must use to reach this main server for general communication


90 

Enter the following:

<main configure redundancy> rsync-ip address

where address is the IPv6 address that the peer main server must use to reach this main server for data synchronization


91 

Enter the following, and then enter back ↵:

<main configure redundancy> database ip address

where address is the IPv6 address of the primary database


92 

Configure the peer-server redundancy parameters in the following table, and then enter back ↵.

Table 17-24: Standby main server parameters —
redundancy, peer-server

Parameter

Description

ip

The IPv6 address that this main server must use to reach the peer main server for general communication

Default: —

rsync-ip

The IPv6 address that this main server must use to reach the peer main server for data synchronization

Default: —

public-ip

The IPv6 address that the GUI and XML API clients must use to reach the peer main server

The parameter is configurable if the public-ip parameter is configured in Step 81.

Default: —

hostname

The hostname that the GUI and XML API clients must use to reach the peer main server

The parameter is configurable if the hostname parameter is configured in Step 81.

Default: —

ip-to-auxes

The IPv6 address that the auxiliary servers must use to reach the peer main server

You must configure the parameter If the NFM-P system includes one or more auxiliary servers.

Default: —

snmp-ipv6

The IPv6 address that the managed NEs must use to reach the peer main server

Configure the parameter only if you need to enable IPv6 for communication with managed NEs


93 

Enter the following:

<main configure redundancy> back ↵

The prompt changes to <main configure>.


94 

Configure the nspos parameters in the following table, and then enter back ↵.

Table 17-25: Standby main server parameters —
nspos

Parameter

Description

ip-list

The nspOS-server IP addresses, separated by a semicolon

Specify only one IP address for a standalone NSP system.

  • If the NFM-P system is in a shared-mode NSP deployment specify the advertised address of each NSP cluster.

  • If the NSP system includes only the NFM-P, specify the main server private IP address.

Default: —

address-to-nspos

The main server IP address that is reachable by the nspOS server

Default: —

secure

Whether communication with the nspOS servers is secured using TLS

Default: false

internal-certs

Whether internal certificates are used to secure nspOS communication between components; the parameter is configurable when the secure parameter is set to true.

The parameter is deprecated, and must be set to the same value as the secure parameter.

Default: false

dc-name

The nspOS DR data center name for aligning NSP components with the local NFM-P main server; must match the dcName value in the NSP configuration file

The parameter is required only in a redundant deployment; however, in a shared-mode deployment, it is recommended that you configure the parameter, regardless of the NFM-P deployment type.

Default: —


95 

Configure the remote-syslog parameters in the following table, and then enter back ↵.

Table 17-26: Standby main server parameters —
remote-syslog

Parameter

Description

enabled

Enable the forwarding of the NFM-P User Activity logs in syslog format to a remote server

Default: disabled

syslog-host

Remote syslog server hostname or IP address

Default: —

syslog-port

Remote server TCP port

Default: —

ca-cert-path

Absolute local path of public CA TLS certificate file copied from remote server

The file requires nsp:nsp ownership.


96 

Configure the server-logs-to-remote-syslog parameters in the following table, and then enter back ↵.

Table 17-27: Standby main server parameters —
server-logs-to-remote-syslog

Parameter

Description

enabled

Enable the forwarding of the NFM-P server logs in syslog format to a remote server

Default: disabled

secured

Whether the communication with the remote server is TLS-secured

Default: disabled

syslog-host

Remote syslog server hostname or IP address

Default: —

syslog-port

Remote server TCP port

Default: —

ca-cert-path

Absolute local path of public CA TLS certificate file copied from remote server

The file requires nsp:nsp ownership.


97 

Verify the main server configuration.

  1. Enter the following:

    <main configure> show-detail ↵

    The main server configuration is displayed.

  2. Review each parameter to ensure that the value is correct.

  3. Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.

  4. When you are certain that the configuration is correct, enter the following:

    <main configure> back ↵

    The prompt changes to <main>.


98 

Enter the following:

<main> apply ↵

The configuration is applied.


99 

Enter the following:

<main> exit ↵

The samconfig utility closes.


Enable Windows Active Directory access
 
100 

If you use Windows Active Directory for single-sign-on client access to the NFM-P, open the following file with a plain-text editor such as vi:

/opt/nsp/os/install/config.json

Otherwise, go to Step 106.


101 

Change the IPv4 addresses to IPv6 addresses, as required.


102 

Save and close the file.


103 

Enter the following:

samconfig -m main ↵

The following is displayed:

Start processing command line inputs...

<main> 


104 

Enter the following:

<main> apply ↵

The configuration is applied.


105 

Enter the following:

<main> exit ↵

The samconfig utility closes.


Configure reserved auxiliary servers
 
106 

If the NFM-P system does not include auxiliary servers, go to Step 120. Otherwise, perform Step 107 to Step 118 on each reserved auxiliary server station.


107 

Log in as the root user.


108 

Enter the following:

samconfig -m aux ↵

The following is displayed:

Start processing command line inputs...

<aux> 


109 

Enter the following:

<aux> configure ip address

where address is the auxiliary server IPv6 address that the managed NEs must use to reach the auxiliary server

The prompt changes to <aux configure>.


110 

Enter the following:

<aux configure> main-server ip-one address

where address is the standby main server IPv6 address that the auxiliary server must use to reach the main server

The prompt changes to <aux configure main-server>.


111 

Enter the following, and then enter back ↵:

<aux configure main-server> ip-two address

where address is the primary main server IPv6 address that the auxiliary server must use to reach the main server


112 

Enter the following:

<aux configure> data-sync local-ip address

where address is the IPv6 address of the interface on this station that the peer auxiliary server in an auxiliary server pair must use to reach this auxiliary server

The prompt changes to <aux configure data-sync>.


113 

Enter the following and then enter back ↵:

<aux configure data-sync> peer-ip address

where address is the IPv6 address of the interface on the peer auxiliary server station in an auxiliary server pair that this auxiliary server must use to reach the other auxiliary server


114 

Configure the tls parameters in the following table, and then enter back ↵.

Table 17-28: Auxiliary server parameters —
tls

Parameter

Description

keystore-file

The absolute path of the TLS keystore file

To enable automated TLS deployment, enter no keystore-file.

Default: —

keystore-pass

The TLS keystore password

Default: available from technical support

pki-server

The PKI server IP address or hostname

Default: —

pki-server-port

The TCP port on which the PKI server listens for and services requests

Default: 2391


115 

If the XML API clients require IPv6 access, enter the following, and then enter back ↵:

<aux configure> oss public-ip address

where address is the IPv6 address that the XML API clients must use to reach the auxiliary server


116 

Verify the auxiliary server configuration.

  1. Enter the following:

    <aux configure> show-detail ↵

    The auxiliary server configuration is displayed.

  2. Review each parameter to ensure that the value is correct.

  3. Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.

  4. When you are certain that the configuration is correct, enter the following:

    <aux configure> back ↵

    The prompt changes to <aux>.


117 

Enter the following:

<aux> apply ↵

The configuration is applied.


118 

Enter the following:

<aux> exit ↵

The samconfig utility closes.


Start reserved auxiliary servers
 
119 

If the NFM-P system includes auxiliary servers, perform the following steps on each reserved auxiliary server station.

  1. Log in as the nsp user.

  2. Open a console window.

  3. Enter the following:

    bash$ /opt/nsp/nfmp/auxserver/nms/bin/auxnmsserver.bash auxstart ↵

    The auxiliary server starts.


Enable automatic startup, standby main server
 
120 

Enable the automatic startup of the standby main server.

  1. Log in to the standby main server station as the root user.

  2. Open a console window.

  3. Enter the following to disable the main server startup:

    systemctl enable nfmp-main.service ↵


Start standby main server
 
121 

Start the standby main server.

  1. Enter the following to switch to the nsp user:

    su - nsp ↵

  2. Enter the following:

    bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

  3. Enter the following:

    bash$ ./nmsserver.bash start ↵

  4. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully initialized if the status is the following:

    Application Server process is running.  See nms_status for more detail.

    If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.


122 

If Windows Active Directory access is configured to use the AUTHENTICATED type of LDAP server, and the NFM-P is not part of a shared-mode NSP deployment, enter the following to restart the local nspos-tomcat service:

Note: The service restart may take a few minutes, during which NFM-P GUI and REST client access is degraded. General NFM-P operation is unaffected.

systemctl restart nspos-tomcat ↵


Verify converted system using GUI client
 
123 

Use an NFM-P GUI client to perform sanity testing of the converted system.

Note: If IP addresses are specified for NFM-P client access, ensure that you use the required IPv6 address, rather than the IPv4 address, for the client connection.

End of steps