CAUTION

Service Disruption

Perform Step 3 to Step 12 on each main server.

Go to Step 13.

If the SANE portal is TLS-secured, import your SANE-server TLS certificate for portal access to the main-server truststore.

Note: If the certificate is CA-signed, you must import the entire CA chain of certificates to the truststore; see the CA documentation for information about importing trusted certificates.

1. Log in to the main server station as the root user.

2. Enter the following:

   # path/keytool -import -trustcacerts -alias alias -file certificate_file -keystore truststore_file -storepass password ↵

   where

   path is the path to the keytool utility

   alias is the alias of the certificate to import

   certificate_file is the self-signed or CA certificate file

   truststore_file is the truststore file that is to hold the certificate

   password is the truststore password

Perform one of the following.

1. If you are performing the procedure as part of a main server installation or upgrade, perform the installation or upgrade procedure steps up to, but not including, the step that describes opening the samconfig utility.

2. If you are configuring SANE access on an installed NFM-P system, stop the main server.

   1. Log in to the main server station as the nsp user.

   2. Open a console window.

   3. Enter the following:

      bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

   4. Enter the following:

      bash$ ./nmsserver.bash stop ↵

   5. Enter the following:

      bash$ ./nmsserver.bash appserver_status ↵

      The server status is displayed; the server is stopped if the status is the following:

      Application Server is stopped

      If the server is not stopped, wait five minutes and then repeat this substep.

      Do not perform the next step until the server is fully stopped.

Enter the following:

bash$ sudo samconfig -m main -sane ↵

The following is displayed:

Start processing command line inputs...

<main>

Enter the following:

<main> configure sane ↵

The prompt changes to <main configure sane>

Enter the following:

<main configure sane> windows-dir directory ↵

where directory is the absolute path of the GUI client installation location on each Windows client station

Enter the following:

<main configure sane> linux-dir directory ↵

where directory is the absolute path of the GUI client installation location on each RHEL client station

If the SANE portal is TLS-secured, enter the following:

<main configure sane> certificates "certificate-list" ↵

where certificate-list is a list of paired entities and certificate file paths in the following format:

entity1#path1;entity2#path2...entityn#pathn

Enter the following:

<main configure sane> back ↵

The prompt changes to <main configure>.

If the SANE portal is TLS-secured, specify the location of the truststore file that contains the SANE certificate.

Note: You must specify the truststore location, regardless of whether the location has changed.

Enter the following:

<main configure> tls truststore-file truststore_file back ↵

where truststore_file is the absolute path and filename of the TLS truststore file on the main server station

Perform one of the following.

1. If you are configuring SANE access during an installation or upgrade, perform the remaining installation or upgrade procedure steps.

2. If you are configuring SANE access on an installed system, perform the following steps.

   1. Enter the following:

      <main configure> back ↵

      The prompt changes to <main>.

   2. Enter the following:

      <main> apply ↵

      The configuration is applied.

   3. Enter the following:

      <main> exit ↵

      The samconfig utility closes.

   4. Enter the following to start the NFM-P main server:

      bash$ ./nmsserver.bash start ↵

      The NFM-P main server restarts, and puts the SANE configuration into effect.

If the NFM-P system is redundant and you want to restore the initial primary and standby main-server roles, perform a manual server activity switch.

To enable NSP sign-in access, configure the following URL on the SANE server:

• https://NFM-P_address/cas/login?service=https://NFM-P_address/cas/login&#38;client_name=SANEClient&#38;SAMLart=%%SAML_ART%%

where NFM-P_address is the NFM-P main server IP address or hostname, depending on which is configured for client access

Note: Cross-launch from a SANE portal to the NSP may occasionally fail; in such an event, repeat the SANE cross-launch attempt.

To enable single-user client installation using the binary installer, configure the following link definitions, as required, on the SANE server:

• for Mac OS clients:

  urlFile="https://NFM-P_address/cas/login?service=localLaunch:/Applications/NFMPclient.NFM-P_address.app/Contents/Resources/nms/bin/runSaneClient.sh&#38;client_name=SANEClient&#38;SAMLart=%%SAML_ART%%"

• for RHEL clients:

  urlFile="https://NFM-P_address/session-manager/login?service=localLaunch:path/nms/bin/runSaneClient.sh&#38;client_name=SANEClient&#38;SAMLart=%%SAML_ART%%"

• for Windows clients:

  urlFile="https://NFM-P_address/session-manager/login?service=localLaunch:path\nms\bin\runSaneClient.bat&#38;client_name=SANEClient&#38;SAMLart=%%SAML_ART%%"

where

NFM-P_address is the NFM-P main server IP address or hostname, depending on which is configured for client access

path is the absolute file path of the client installation directory, for example, /opt/nsp/client on RHEL, or C:\nsp\client on Windows

Note: After you configure a link definition, the client installation page is available from the Install NFM-P link on the User Settings page of the NSP UI, or at one of the following URLs:

• http://NFM-P_address:8085/saneclient/ if client TLS is disabled

• https://NFM-P_address:8444/saneclient/ if client TLS is enabled

To enable single-user client installation using the traditional JNLP installer, configure the following URL on the SANE server:

• https://NFM-P_address/session-manager/login?service=https://NFM-P_address/?launchNFMPClient=true&#38;client_name=SANEClient&#38;SAMLart=%%SAML_ART%%

where NFM-P_address is the NFM-P main server IP address or hostname, depending on which is configured for client access

To enable client delegate server installation, configure the following link definitions on the SANE server, as required.

• RHEL client delegate server:

  urlFile="https://NFM-P_address/session-manager/login?service=localLaunch:path/nms/bin/runSaneClient.sh&#38;client_name=SANEClient&#38;SAMLart=%%SAML_ART%%"

• Windows client delegate server:

  urlFile="https://NFM-P_address/session-manager/login?service=localLaunch:path\nms\bin\runSaneClient.bat&#38;client_name=SANEClient&#38;SAMLart=%%SAML_ART%%"

where

NFM-P_address is the NFM-P main server IP address or hostname, depending on which is configured for client access

path is the absolute file path of the client delegate server installation directory, for example, /opt/nsp/client on RHEL, or C:\nsp\client on Windows

Note: After you configure a link definition, the client delegate server installation page is at one of the following URLs:

• http://NFM-P_address:8085/saneclientdelegate/ if client TLS is disabled

• https://NFM-P_address:8444/saneclientdelegate/ if client TLS is enabled

End of steps