Contents


Installation and Upgrade Guide

Legal notice

Contents

About this document

Part I. Getting started

1. Before you begin

NSP deployment overview

Where do I start?

NSP deployment terms and concepts

Deployment scenarios

NSP fault tolerance and disaster recovery

Workflow to deploy classic IP management

Workflow to deploy resource control

Workflow to deploy the Simulation tool

Workflow to deploy classic IP and model-driven management

Workflow to deploy model-driven management only

Workflow to upgrade small scale optical and classic IP management

Workflow to deploy optical and classic IP management

Workflow to deploy large-scale optical and classic IP management

2. NSP disk setup and partitioning

NSP disk deployment

Introduction

To deploy an NSP RHEL qcow2 disk image

To configure disk partitions using device UUIDs

To apply the VMware cloud-init workaround

To configure and mount an NSP disk partition

Disk partitioning for trial deployments

Trial partitioning requirements, NSP deployer host and cluster VMs

Trial partitioning requirements, additional NSP components

Trial partitioning requirements, NFM-P components

Disk partitioning for live deployments

Live partitioning requirements, NSP deployer host and cluster VMs

Live partitioning requirements, additional NSP components

Live partitioning requirements, NFM-P components

3. RHEL OS deployment for the NSP

NSP RHEL OS deployment

Introduction

To apply a RHEL update to an NSP image-based OS

Manual NSP RHEL OS installation

Manually installing the RHEL OS for the NSP

Workflow for manual NSP RHEL OS installation

Required RHEL OS packages for NSP container elements

Required RHEL OS packages for ancillary NSP components

RHEL OS packages to remove from NSP container elements

RHEL OS packages to remove from ancillary components

Special OS requirements

Required additional OS packages, NFM-P single-user client or client delegate server

Optional RHEL OS packages

To apply the RHEL 8 swappiness workaround

To lock the RHEL OS version

To verify the rngd service startup

To enable the NSP crypto-policy function on a manually installed RHEL OS

To set the default Python version

To create the nsp user on a manually installed NSP cluster RHEL OS

To disable the RHEL firewalld service

To set the default umask to 0027

4. Configuring NSP security

NSP security introduction

NSP user accounts

HTTPS Strict-Transport Security (HSTS)

NSP user authentication

Introduction

OAUTH2 mode

CAS mode

NSP Transport Layer Security (TLS)

Implementation and requirements

Configuring TLS for the NSP

NSP TLS configuration

To generate custom TLS certificate files for the NSP

To configure and enable a PKI server

To migrate to a PKI server

To reset the OpenSearch security configuration

To enable TLS communication with the NFM-P using the NFM-P certificate

To suppress security warnings in NSP browser sessions

NFM-P TLS configuration

To configure an NFM-P main server to request a PKI-server TLS certificate

To configure an NFM-P auxiliary server to request a PKI-server TLS certificate

To enable or disable TLS on an auxiliary database

To disable TLS for NFM-P XML API clients

To enable TLS for NFM-P XML API clients

Part II. NSP system deployment

5. NSP deployment basics

NSP system elements

Introduction

Containerized NSP cluster

NSP deployment infrastructure

Kubernetes deployment environment

To upgrade the NSP Kubernetes environment

IP version support

Introduction

Addressing requirements

Using multiple NSP interfaces

Multi-interface configuration

Centralized logging

Introduction

NSP application log forwarding to OpenSearch

NSP application log forwarding to Elasticsearch

NSP application log forwarding to Splunk

NSP application log forwarding to syslog servers

NFM-P server log forwarding to syslog servers

NFM-P server log forwarding to OpenSearch

User activity log forwarding to syslog servers

6. NSP software configuration

NSP configuration file

Configuring database backups

Configuring nspOS security

Configuring Single-Sign-On (SSO)

Configuring LLDP link discovery

Configuring SROS

7. NSP system installation

Supported installation scenarios

Workflow for NSP system installation

To provision the network bridge for NSP VMs

To install the NSP

Workflow for independent NFM-P migration to the NSP

To migrate from an independent NFM-P system to the NSP

8. NSP system upgrade from Release 22.6 or earlier

Upgrading from Release 22.6 or earlier

Workflow for standalone NSP system upgrade from Release 22.6 or earlier

Workflow for DR NSP system upgrade from Release 22.6 or earlier

To back up the Release 22.3 or earlier NSP file service data

To prepare for an NSP system upgrade from Release 22.6 or earlier

To upgrade a Release 22.6 or earlier NSP cluster

9. NSP system upgrade from Release 22.9 or later

Upgrading from Release 22.9 or later

Workflow for standalone NSP system upgrade from Release 22.9 or later

Workflow for DR NSP system upgrade from Release 22.9 or later

To prepare for an NSP system upgrade from Release 22.9 or later

To upgrade a Release 22.9 or later NSP cluster

10. NSP system conversion

Supported NSP system conversions

To convert a standalone NSP system to DR

To enlarge an NSP deployment

To convert an IPv4 NSP system to an IPv6-enabled NSP system

To migrate from CAS to OAUTH2 NSP user authentication

Workflow for NSP system conversion to multi-interface

11. NSP system integration

Integrating other systems and the NSP

System integration support

NFM-P and NSP integration

To add an independent NFM-P to an existing NSP deployment

To enable NSP compatibility with an earlier NFM-P system

WS-NOC and NSP integration

To enable WS-NOC compatibility with an NSP system

To map external user groups to predefined WS-NOC roles

To install the NSP templates for NSP service management on the NFM-P

To integrate a containerized Release 21.12, 22.6, 22.12, 23.6, or 23.12 WS-NOC and the NSP

12. NSP system uninstallation

Introduction

Workflow to uninstall an NSP cluster

To uninstall the NSP software from an NSP cluster

To uninstall the NSP Kubernetes software

To uninstall the NSP Kubernetes registry

Part III. NSP component deployment

13. NSP component configuration

Configuring NSP component deployments

Common configuration elements

NSP hosts file

NSP RPM-based configuration file

NFM-P deployment configuration

NFM-P deployment requirements

NFM-P deployment restrictions

Configuring an NFM-P system deployment

To obtain the UUID of a station

Using hostnames in the management network

Deployment in a VM

Enabling FIPS security for NFM-P network management

Workflow for FIPS-enabled NFM-P discovery of a new device

Workflow for NE conversion to FIPS mode

GPG-signed RPM files

To verify the GPG keys

To verify Nokia RPM-file GPG signatures

Common Access Card security

GUI client deployment

To configure a GUI client login form to list multiple NFM-P systems

IGP topology data source configuration

Configuring the IGP topology data source

To change the IGP topology data source

14. NSP component installation

Installing NSP components

NSP component installation overview

NSP Flow Collector / Flow Collector Controller installation

To install NSP Flow Collectors and Flow Collector Controllers

NSP analytics server installation

To install an NSP analytics server

WS-RC installation

To install the WS-RC

VSR-NRC installation

VSR-NRC installation overview

To commission the VSR-NRC for NSP management

NFM-P installation

Installing the NFM-P

NFM-P samconfig utility

Using an NFM-P disk image

To deploy a trial NFM-P system using a qcow2 disk image

Standalone NFM-P system installation

Standalone system installation workflow

To install a standalone NFM-P system

Redundant NFM-P system installation

Redundant system installation workflow

To install a redundant NFM-P system

Auxiliary server installation

Auxiliary server installation workflow

To install an NFM-P auxiliary server

To add auxiliary servers to an NFM-P system

Auxiliary database installation

Installing an auxiliary database

Auxiliary database installation workflow

To prepare a station for auxiliary database installation

To install the auxiliary database software

To add an auxiliary database to a deployment

To add a station to an auxiliary database

To convert a standalone auxiliary database to geo-redundancy

NFM-P single-user GUI client installation

Installing an NFM-P single-user GUI client

To install an NFM-P single-user GUI client

NFM-P client delegate server installation

Installing an NFM-P client delegate server

To add a client delegate server to an NFM-P system

To install an NFM-P client delegate server

15. NSP component upgrade from Release 22.6 or earlier

Upgrading NSP components

NSP component upgrade overview

NSP Flow Collector and Flow Collector Controller upgrade from Release 22.6 or earlier

To upgrade Release 22.6 or earlier NSP Flow Collector Controllers and NSP Flow Collectors

NSP analytics server upgrade from Release 22.6 or earlier

To upgrade Release 22.6 or earlier NSP analytics servers

NFM-P system upgrade from Release 22.6 or earlier

Upgrade requirements

NFM-P system upgrade restrictions

General NFM-P Release 22.6 or earlier upgrade workflow

NFM-P Release 22.6 or earlier pre-upgrade procedures

To prepare for an NFM-P system upgrade from Release 22.6 or earlier

To prepare an SELinux-enabled Release 22.6 or earlier NFM-P system for an upgrade

Standalone NFM-P system upgrade from Release 22.6 or earlier

Workflow to upgrade a standalone Release 22.6 or earlier NFM-P system

To upgrade a standalone Release 22.6 or earlier NFM-P system

Redundant NFM-P system upgrade from Release 22.6 or earlier

Component references

Workflow to upgrade a redundant Release 22.6 or earlier NFM-P system

To upgrade a redundant Release 22.6 or earlier NFM-P system

Auxiliary server upgrade from Release 22.6 or earlier

To upgrade a Release 22.6 or earlier NFM-P auxiliary server

Auxiliary database upgrade from Release 22.6 or earlier

To upgrade a Release 22.6 or earlier auxiliary database cluster

NFM-P single-user GUI client upgrade from Release 22.6 or earlier

Upgrading a Release 22.6 or earlier single-user GUI client

To upgrade a Release 22.6 or earlier NFM-P single-user GUI client

NFM-P client delegate server upgrade from Release 22.6 or earlier

Upgrading a Release 22.6 or earlier client delegate server

To upgrade a Release 22.6 or earlier NFM-P client delegate server

16. NSP component upgrade from Release 22.9 or later

Upgrading NSP components from Release 22.9 or later

NSP component upgrade overview

NSP Flow Collector and Flow Collector Controller upgrade from Release 22.9 or later

To upgrade Release 22.9 or later NSP Flow Collectors and Flow Collector Controllers

NSP analytics server upgrade from Release 22.9 or later

To upgrade Release 22.9 or later NSP analytics servers

NFM-P system upgrade from Release 22.9 or later

Upgrade requirements

NFM-P system upgrade restrictions

General NFM-P Release 22.9 or later upgrade workflow

NFM-P pre-upgrade procedures for Release 22.9 or later

To prepare for an NFM-P system upgrade from Release 22.9 or later

To prepare an SELinux-enabled NFM-P Release 22.9 or later system for an upgrade

Standalone NFM-P system upgrade from Release 22.9 or later

Workflow to upgrade a standalone Release 22.9 or later NFM-P system

To upgrade a standalone Release 22.9 or later NFM-P system

Redundant NFM-P system upgrade from Release 22.9 or later

Component references

Workflow to upgrade a redundant Release 22.9 or later NFM-P system

To upgrade a redundant Release 22.9 or later NFM-P system

Auxiliary server upgrade from Release 22.9 or later

To upgrade a Release 22.9 or later NFM-P auxiliary server

Auxiliary database upgrade from Release 22.9 or later

To upgrade a Release 22.9 or later NFM-P auxiliary database cluster

NFM-P single-user GUI client upgrade from Release 22.9 or later

Upgrading a Release 22.9 or later single-user GUI client

To upgrade a Release 22.9 or later NFM-P single-user GUI client

NFM-P client delegate server upgrade from Release 22.9 or later

Upgrading a Release 22.9 or later client delegate server

To upgrade a Release 22.9 or later NFM-P client delegate server

17. NSP component conversion

Converting NSP components

Introduction

NSP component conversion procedures

To enable redundancy support on an NSP analytics server

NFM-P system conversion to IPv6

Converting an NFM-P system to IPv6

NFM-P conversion to IPv6 workflow

To perform the pre-conversion tasks

To convert a standalone NFM-P system to IPv6

To convert a redundant NFM-P system to IPv6

NFM-P system conversion to redundancy

Converting an NFM-P system to redundancy

System conversion to redundancy workflow

To convert a standalone NFM-P system to a redundant system

18. NSP component integration

Integrating NSP components

To integrate IP-optical coordination and path simulation

To add a WS-RC controller to IP-optical coordination

19. NSP component uninstallation

Uninstalling supplementary system components

To uninstall an NSP analytics server

To uninstall NSP Flow Collectors

To uninstall NSP Flow Collector Controllers

Uninstalling the NFM-P

NFM-P system uninstallation workflow

To uninstall a single-user GUI client

To uninstall a client delegate server

To uninstall an auxiliary server

To uninstall an auxiliary database

To uninstall a collocated main server and database

To uninstall a distributed main server or main database

Appendix A. Removing world permissions from compiler executables

Resetting GCC-compiler file permissions

To remove world permissions from compiler executables

To restore compiler world permissions

Appendix B. NSP Single Sign-On configuration examples

LDAPS configuration examples

Configuring LDAPS or secure AD

LDAPS configuration for OAUTH2 mode

Secure AD configuration for OAUTH2 mode

LDAPS configuration for CAS mode

Secure AD configuration for CAS mode

RADIUS configuration examples

Configuring RADIUS authentication

RADIUS configuration for OAUTH2 mode

RADIUS configuration for CAS mode

TACACS+ configuration examples

Configuring TACACS+ authentication

TACACS+ configuration for OAUTH2 mode

TACACS+ configuration for CAS mode