NFM-P deployment restrictions

Network restrictions

Note: The use of NAT between NFM-P server and database components is not supported. The NFM-P supports NAT only between the following:

• main server and single-user client or client delegate server

• main or auxiliary server and XML API client

• main or auxiliary server and managed network

Note: Before you attempt to deploy an NFM-P system, or add a component to a system, you must ensure that any firewalls between the components allow the required traffic to pass between the components, or are disabled. The NSP Planning Guide lists the open ports required by each component, and provides information about using NFM-P templates to create RHEL firewalld rules.

Note: If you use SSH X forwarding to open a console window on an NFM-P main database station, the “su - oracle” command fails. In such a scenario, you must log in directly as the Oracle management user to perform the required actions.

The following restrictions apply to the network environment in which an NFM-P system or component is deployed.

• The NFM-P supports the use of RHEL IP bonding only when IP bonding is deployed in an active/backup configuration; see the RHEL documentation for IP bonding information.

• The RHEL TFTP server conflicts with the NFM-P TFTP server, and must be disabled on a main or auxiliary server station.

• DNS or NIS name resolution is not supported between NFM-P components, and a pre-existing name service must not conflict with NFM-P address resolution. The restriction also applies to XML API client communication with the NFM-P.

• You cannot use “localhost” or an alias IP address to identify a component.

• An NFM-P main server listens for GUI and XML API client communication on only one interface unless you specify a hostname for the main server during an installation or upgrade.

• You cannot use a hostname to identify a main database station; NFM-P components can use only an IP address to reach a database.

• All IP communication from an NFM-P auxiliary server to an NFM-P main server must originate from one IP address, which is the auxiliary server address specified during the main server configuration. A main server rejects communication from an auxiliary server if the auxiliary server uses a source address other than the configured address.

• During a single-user client installation, you can specify a hostname instead of an IP address to identify a main server. A client upgrade occurs automatically through a connection to a main server named in the client configuration.

IPv4 and IPv6

• NFM-P components communicate with other NFM-P components and external entities using IPv4 or IPv6 exclusively, with the following exceptions:

  • You can configure an NFM-P system to concurrently manage IPv4 and IPv6 networks.

  • An NFM-P GUI or browser-based client can connect to the NFM-P using IPv4 or IPv6, regardless of the protocol version in use between the NFM-P server and database components.

    Note: If the clients are to connect to the NFM-P using IPv4 and IPv6, when you use the samconfig utility to configure client access on a main server, you must specify a hostname rather than an IP address.

• Before you can specify an IPv6 address for an NFM-P component, the IPv6 interface must be plumbed and operational. See the OS documentation for information about enabling and configuring an IPv6 interface.

Platform restrictions

The following are the NFM-P platform restrictions.

• An NFM-P single-user client or client delegate server cannot be installed on the same station as an NFM-P server or database.

• An NFM-P single-user client and client delegate server cannot be installed on the same station.

• An optional system component requires a dedicated station. The sharing of a station by optional components is not supported; attempts to deploy multiple components on one station fail.

• If you plan to convert a standalone NFM-P system to a redundant system, and also plan to upgrade the system, you must perform the upgrade before the conversion.

• An NFM-P system conversion from IPv4 to IPv6 is not supported during an upgrade or conversion to redundancy.

Security restrictions

The following are the NFM-P security restrictions.

• The user that starts an NFM-P client must be the user that installs the client software, or another user that has read, write, and execute privileges on the client files and directories.

• An NFM-P domain name defines the network-management domain to which an NFM-P component belongs, and must be unique to a network. An NFM-P component can interact only with other NFM-P components in the same NFM-P domain. During system installation, you must specify the same domain name for each component in the system.

Software deployment restrictions

You must observe the following NFM-P software deployment restrictions.

• You cannot share an existing Oracle installation with the NFM-P, and no other application can use the NFM-P Oracle software.

• You can specify the installation directory for a single-user client or client delegate server, but not for any other type of component.

• You can deploy a main server without specifying a license file. However, if you do not specify a license file, you cannot start the main server until you import a license. See the NSP System Administrator Guide for information about importing a license.