CORIANT TNMS 14.1 10

May 30, 2018 | Author: Luciano Montalvão | Category: Internet Information Services, File Transfer Protocol, Web Server, Microsoft Windows, Booting
Share
Report this link


Comments



Description

TNMS14.1 10 Coriant TNMS Installation Manual (IMN, Windows) Issue: 5 Issue date: July 2014 A50023-K2035-X040-05-76D1 Coriant is continually striving to reduce the adverse environmental effects of its products and services. We would like to encourage you as our customers and users to join us in working towards a cleaner, safer environment. Please recycle product packaging and follow the recommendations for power use and proper disposal of our products and their components. Installation Manual (IMN, Windows) The information in this document is subject to change without notice and describes only the product defined in the introduction of this documentation. This documentation is intended for the use of Coriant customers only for the purposes of the agreement under which the document is submitted, and no part of it may be used, reproduced, modified or transmitted in any form or means without the prior written permission of Coriant. The documentation has been prepared to be used by professional and properly trained personnel, and the customer assumes full responsibility when using it. Coriant welcomes customer comments as part of the process of continuous development and improvement of the documentation. The information or statements given in this documentation concerning the suitability, capacity, or performance of the mentioned hardware or software products are given "as is" and all liability arising in connection with such hardware or software products shall be defined conclusively and finally in a separate agreement between Coriant and the customer. However, Coriant has made all reasonable efforts to ensure that the instructions contained in the document are adequate and free of material errors and omissions. Coriant will, if deemed necessary by Coriant, explain issues which may not be covered by the document. Coriant will correct errors in this documentation as soon as possible. IN NO EVENT WILL CORIANT BE LIABLE FOR ERRORS IN THIS DOCUMENTATION OR FOR ANY DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL OR ANY LOSSES, SUCH AS BUT NOT LIMITED TO LOSS OF PROFIT, REVENUE, BUSINESS INTERRUPTION, BUSINESS OPPORTUNITY OR DATA,THAT MAY ARISE FROM THE USE OF THIS DOCUMENT OR THE INFORMATION IN IT. This documentation and the product it describes are considered protected by copyrights and other intellectual property rights according to the applicable laws. Other product names mentioned in this document may be trademarks of their respective owners, and they are mentioned for identification purposes only. Copyright © Coriant 2014. All rights reserved. f Important Notice on Product Safety This product may present safety risks due to laser, electricity, heat, and other sources of danger. Only trained and qualified personnel may install, operate, maintain or otherwise handle this product and only after having carefully read the safety information applicable to this product. The safety information is provided in the Safety Information section in the "Legal, Safety and Environmental Information" part of this document or documentation set. The same text in German: f Wichtiger Hinweis zur Produktsicherheit Von diesem Produkt können Gefahren durch Laser, Elektrizität, Hitzeentwicklung oder andere Gefahrenquellen ausgehen. Installation, Betrieb, Wartung und sonstige Handhabung des Produktes darf nur durch geschultes und qualifiziertes Personal unter Beachtung der anwendbaren Sicherheitsanforderungen erfolgen. Die Sicherheitsanforderungen finden Sie unter „Sicherheitshinweise“ im Teil „Legal, Safety and Environmental Information“ dieses Dokuments oder dieses Dokumentationssatzes. 2 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 Installation Manual (IMN, Windows) Table of Contents This document has 96 pages. Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1 1.1 1.2 1.3 1.4 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Structure of this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Symbols and conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Available documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Online Help system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . User Manual (UMN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installation Manual (IMN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Upgrade Manual (UPMN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Other documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 11 11 12 12 13 13 13 13 13 2 2.1 2.2 2.2.1 2.3 2.4 2.5 Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Component delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hardware requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Supported Operating Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Prerequisites by component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . BIOS configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 15 15 16 17 17 18 3 3.1 3.2 3.3 3.4 3.5 3.6 3.7 Server operating system configuration . . . . . . . . . . . . . . . . . . . . . . . . . Integrated Lights-Out (iLO) management console. . . . . . . . . . . . . . . . . Disk configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . HP service pack installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Medium configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Large configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Disk partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 19 19 19 20 20 20 21 4 4.1 4.2 4.3 4.4 4.4.1 4.4.2 4.4.3 4.4.4 4.5 4.6 4.7 Initial system configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Virtual memory configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Audit policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FTP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing Internet Information Services in Windows Server 2008 . . . . . Configuring the FTP Service in Windows Server 2008 . . . . . . . . . . . . . Installing Internet Information Services in Windows 7 . . . . . . . . . . . . . . Configuring the FTP Service in Windows 7 . . . . . . . . . . . . . . . . . . . . . . Domain Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Hosts configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Dynamic Port range configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 23 23 24 25 25 26 26 27 27 27 28 5 Software prerequisites installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 3 Installation Manual (IMN, Windows) 5.1 5.2 5.3 5.4 5.5 5.5.1 5.6 5.6.1 5.6.2 5.6.3 5.7 5.7.1 5.7.2 5.7.3 5.7.4 5.8 5.9 Adobe Reader. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 User Account Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 MSXML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 MS.NET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Oracle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Uninstalling Oracle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 OSI Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Installing OSI Stack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Configuring OSI stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Uninstalling OSI stack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 CopSSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Installing CopSSH. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Configuring CopSSH. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 CopSSH Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 CopSSH Hardening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 NTI third-party software installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 6 6.1 6.2 6.3 TNMS installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Full installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Installation of separate components . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 About the automatic priority updates installation . . . . . . . . . . . . . . . . . . 45 7 7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9 7.10 7.11 7.12 Post-installation procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Starting services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Starting a Client session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Logging in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Default username and password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Changing the password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Terminating a Client session. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Single Sign-on. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Standby server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 License keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Internet Explorer configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Connection timeout configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Importing a public certificate from IOC Online Planning (IOC OP) . . . . . 50 8 8.1 8.2 8.2.1 8.2.2 8.3 8.3.1 8.3.2 8.3.3 8.3.4 Backup and restore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 General description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Overview of the Backup and Restore interfaces. . . . . . . . . . . . . . . . . . . 52 Interactive mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Non-interactive mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Backup procedures through the command line . . . . . . . . . . . . . . . . . . . 53 Backing up the Oracle database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Backing up the TNMS database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Backing up the LDAP (OpenDS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Backing up the TNMS database and the LDAP (OpenDS) simultaneously 55 Automating the Backup procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 8.3.5 4 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 Installation Manual (IMN, Windows) 8.4 8.5 8.5.1 8.5.2 8.5.3 8.5.4 Backup procedures through the TNMS client . . . . . . . . . . . . . . . . . . . . 57 Recovery & Restore procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Recovering the Oracle database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Restoring the TNMS database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Restoring the LDAP (OpenDS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Restoring the TNMS database and the LDAP (OpenDS) simultaneously . 61 9 Upgrade to TNMS 14.1 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 10 10.1 10.1.1 10.1.2 10.1.3 10.2 10.3 TNMS and TNMS Core working together . . . . . . . . . . . . . . . . . . . . . . . Configuring common hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring a Common Netserver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring a Common Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring a Common standby server . . . . . . . . . . . . . . . . . . . . . . . . . Importing data from TNMS Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important note . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 TNMS uninstallation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 12 12.1 12.2 12.2.1 12.2.2 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7 12.2.8 12.2.9 12.2.10 12.2.11 12.2.12 12.3 12.3.1 12.3.2 12.4 12.4.1 12.4.2 12.4.3 12.4.4 12.5 12.6 12.6.1 Security hardening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Physical and hardware hardening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Operating System hardening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Microsoft Windows security patches . . . . . . . . . . . . . . . . . . . . . . . . . . . Disable and delete unnecessary accounts . . . . . . . . . . . . . . . . . . . . . . Uninstall unnecessary applications and roles . . . . . . . . . . . . . . . . . . . . Configure Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Disable unnecessary shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Disable Remote Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows Error Reporting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Additional Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Digitally signed communications (Local Security Policy) . . . . . . . . . . . . Minimize system services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Access/Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Reduce passive FTP port range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Networking and firewall configuration . . . . . . . . . . . . . . . . . . . . . . . . . . List of ports to open in the firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How to configure the Windows firewall . . . . . . . . . . . . . . . . . . . . . . . . . OEM Hardening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . JBoss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CopSSH (SFTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Oracle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Internet Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TNMS Maintenance Packages and Workaround Updates . . . . . . . . . . User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Restricting the specified files’ permissions . . . . . . . . . . . . . . . . . . . . . . 65 65 68 70 70 70 71 75 75 75 75 75 76 76 76 77 77 78 78 78 80 81 81 82 89 89 89 89 90 90 90 90 92 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 5 Installation Manual (IMN, Windows) Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 6 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Backup submenu . . 60 Restore submenu . . . . . . . . 55 Backup submenu . . . . . . . 41 Backup & Restore console . . . . . . . . . . . . . . . . . . 52 Changing the Oracle database backup schedule settings. . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Common Standby Server. . . . . . . . . . . . . . . . . . . . . . . . 68 7 . . 54 Backup submenu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Common Netserver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows) List of Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 "Local Security Settings . . . . . . . . . . 57 Restore submenu . . . . . . . . . . . . . . . 65 Distributed TNMS applications (medium system) . . . .Installation Manual (IMN. . . . . . . . . . . . . . . . . 24 How to set the TNMS installer to run with administrator rights in Windows 7 and Windows Server 2008. . . . . . . . . . 56 Backup window . . . . . . . . . . . . . . . . . . . . 60 Restore submenu . . . . . . . . . . . . . . . . 61 Distributed TNMS applications (large system). . . . .Audit Policy" window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows) 8 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .Installation Manual (IMN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 9 . . Windows) List of Tables Table 1 Table 2 Table 3 Table 4 Table 5 Table 6 Table 7 Table 8 Table 9 Table 10 Table 11 Table 12 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 Structure of the manual . . . . . . . . . . . Note that automatic management is recommended. . . . . . . . . . . 30 List of the available arguments in non-interactive mode . . . . . . . . . . . . . 77 Firewall rules . . . . 90 Default TNMS user accounts and security hardenings. . . . . . . . 82 Database-related configurations and security hardenings. . . . . . . . . . . . . . . . . . . . . . . . . .1 10 on reused legacy hardware . . 52 Windows default shares. . . . . . . . . . . . . . . . . . . . 23 RAM requirements and Oracle template files . . . . . . . . . . . . . . . . . . . . . . . 15 Hardware recommendations for installations of TNMS 14. . . . . . . . . . . . . . . . . . . . 17 TNMS software prerequisites and their installation sequence .1 10. . . 16 Operating System recommendations for TNMS Server. . 11 Hardware requirements for new installations of TNMS 14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Paging file size. . . . . .Installation Manual (IMN. . . . . . . . . . . . . . . . . . . . . . . . NetServer. . . . . . . . . . . . . . . . . . . . . . Client and Citrix Server . . . . . . Windows) 10 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .Installation Manual (IMN. Chapter 9 Upgrade to TNMS 14. This document is structured as follows: Chapter Title Subject Chapter 1 Preface Provides an introduction for this document. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 11 . Chapter 4 Initial system configuration Describes the configurations of the operating system required for TNMS correct functioning. To identify the features released for the product. 1. Chapter 10 TNMS and TNMS Core working together Describes how to configure TNMS to share resources and data with TNMS Core.1 10 Describes the migration to version 14. Chapter 11 TNMS uninstallation Describes how to uninstall TNMS. Chapter 12 Security hardening Describes the existing TNMS security hardenings. Chapter 2 Preparation Provides a guide of the hardware and software required for the installation. 1.pdf file viewable and printable with Adobe Reader.1 Intended audience This document is intended for commissioners of TNMS. - Contains a list of all acronyms and their long form used in TNMS. see the Customer Release Notes delivered together with the product. Chapter 8 Backup and restore Guides the TNMS administrator through the B&R procedures. Chapter 6 TNMS installation Describes how to install TNMS in your operating system. Table 1 Abbreviations Structure of the manual g Some features described in this documentation may not be available.2 Structure of this document The IMN is a single .1 10 from a previous TNMS release. Windows) Preface 1 Preface This Installation Manual contains a complete description of the installation and initial configuration processes of TNMS. Chapter 5 Software prerequisites installation Describes how to install and configure all software prerequisites of TNMS. Chapter 7 Post-installation procedures Describes all post-installation configurations and actions.Installation Manual (IMN. Chapter 3 Server operating system configuration Describes the creation and configuration of the logical drives in the machine where the server will be installed. Example: f Important Notice on Product Safety: This product may present safety risks due to laser. and other sources of danger. keystrokes are printed in bold. and filenames and paths are printed in italics. Notices A notice is a must.Preface Installation Manual (IMN.txt to . Commands Commands and screen output are printed in a monospaced font. Windows) 1. Example: w Do not reboot while mirroring.3 Symbols and conventions The following sections describe the symbols and conventions used in the IMN. Follow tips for convenience or efficiency. limit the size of the root filesystem. 1.. Example: • Click the View menu. Graphical user interface text Window titles are placed inside quotation marks. Example: • Save the log file <NEname>. loss or interruption.4 Available documentation The following documents are delivered with TNMS: 12 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . electricity. Example: g Read the Customer Release Notes before installing.. Example: • Issue powercfg../<product installation directory>/bin Warnings A safety message indicates a dangerous situation where personal injury is possible. Notes A note is an alert. and then click Log List. Follow notes to learn about exceptions. heat. Tips A tips is a suggestion.exe /hibernate off Variables Placeholders are printed in <angle brackets>. Button names. keys. Follow notices to avoid damage. Example: t Before mirroring.. main or context menu entries. side effects or something obscure or yet unclear. you can search for topics via the table of contents. see the corresponding documentation. which displays information about the window contents.4. You can find the tasks and procedures necessary to operate and administer TNMS on the system’s table of contents. For most windows. Help can be invoked in any of the following ways: • After invoking help from the menu bar. the index or a word search. 1.5 Other documents TNMS Core and Network Elements This manual concerns TNMS only. menus and meaning of the icons shown. • Clicking the Help button in the current window. For more detailed information on TNMS Core or the managed network elements (NEs).Installation Manual (IMN. describes its features and functions. and the uninstallation procedures of the TNMS Server and TNMS Client. That is. 1. 1. • Pressing F1.4. which displays information about the contents of the active window. This is for when you want to know what any window element is. Particular aspects of TNMS or deeper knowledge of it are routinely provided. takes you through all major operation topics and helps you troubleshoot common issues. This document is intended for all users of TNMS. Windows) 1. together with topical best practices.4 Upgrade Manual (UPMN) The Upgrade Manual describes in detail all the upgrade procedures of the TNMS components from a previous TNMS release to the current release. and comprehensive instructions on the functions offered by the user interface. F1 help is further available through the main help menu (Help > On <window name>). the Online Help system follows a two-pronged approach: • • Descriptive.3 Installation Manual (IMN) The Installation Manual contains a complete description of the installation procedures of the TNMS Server.4.4. Operational.4. This is for when you want to know how to perform a task. It overviews TNMS’ architecture. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 13 . 1.1 Preface Online Help system A context-sensitive online help system is provided with TNMS which includes information on window contents.2 User Manual (UMN) The UMN is available from Main > Help and displayed in its own Adobe Reader window. in any window. list of supported cards and any relevant last-minute information.Preface Installation Manual (IMN. contains installation hints. patch descriptions. 14 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . Windows) Release notes Where applicable. list of supported NEs. 2K HOT PL 3.1 10 In addition the Legacy hardware configuration is provided (Table 3). logs). Ask Coriant Technical Sales for more information. g Configuration TNMS Server + Netserver (1 optional client only for local troubleshooting) TNMS Client Table 2 New TNMS installations are not recommended in a distributed environment. The components are not damaged in any way. running TNMS may require different specifications depending on parameters such as network architecture (number of Clients) or operation policies (backup.2K or HD SATA 6G 500GB 7. Hardware requirements The tables below give a rough overview of the hardware recommendations for installing TNMS. Two hardware configurations (Medium and Large) designed for new installations are provided (Table 2).1 Component delivery Before installation. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 15 .Installation Manual (IMN.5" BC Hardware requirements for new installations of TNMS 14. This configuration is designed for the reuse of hardware compatible with TNMS 13.2 1x but not with later releases. be sure that: • • • 2. Make sure you use the installation packages in the target machine since TNMS installation from a network drive is not supported. The final hardware specifications and configuration must be planned specifically for each customer. Windows) Preparation 2 Preparation 2.2 The delivery is complete and in accordance with the delivery units specified in the delivery note (hardware. Characteristics Medium Large Base reference model DL360p G8 or BL460c G8 (blade server) DL580 G7 or BL660c G8 (blade server) Minimum CPU (2x) Intel® Xeon® E5-2680/90 (4x) Intel® Xeon® E7-4870 or (4x) Intel® Xeon® E5-4650 Minimum RAM 32 GB 128 GB Minimum HDD (4 x) 300 GB HD (4 x) 146 GB + (2 x) 300GB for hardware reuse (2 x) 300 GB internal SSDs (6 x) 300 GB internal HDs Base reference model ESPRIMO E710 E90+ or PY RX100S7 Minimum CPU Intel® i5-3470 or Intel® Xeon® E3-1220v2 4C/4T 3. software and documentation).10 GHz 8 MB Minimum RAM 8 GB DDR3 1600 GHz Minimum HDD HD SATA III 500GB 7. 5" BC Common Netserver Base reference model ESPRIMO E710 E90+ or PY RX100S7 (TNMS +TNMS Core) Minimum CPU Intel i5-3470 or Intel® Xeon® E3-1220v2 4C/4T 3. Configuration Characteristics Legacy hardware TNMS Server + Netserver Base reference model PY TX/RX200S7 (1 optional client only for local troubleshooting) Minimum CPU Intel® Xeon® E5-2420 6C/12T 1. 16 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .5" EP Base reference model ESPRIMO E710 E90+ or PY RX100S7 Minimum CPU Intel® i5-3470 or Intel® Xeon® E3-1220v2 4C/4T 3.2.40 GHz 10 MB Minimum RAM 24 GB DDR3 1333 GHz Minimum HDD 2x HD SAS 6GB 300GB 15K HOT PL 2.5" BC TNMS Client Base reference model ESPRIMO E710 E90+ or PY RX100S7 or Minimum CPU Intel® i5-3470 or Intel® Xeon® E3-1220v2 4C/4T 3.2K or HD SATA 6G 500GB 7.5" BC TNMS Server Base reference model PY RX/TX300S7 (1 optional client only for local troubleshooting) Minimum CPU Intel® Xeon® E5-2609 4C/4T 2.10 GHz 8 MB Minimum RAM 16 GB DDR3 1600 GHz Minimum HDD HD SATA III 500GB 7.Preparation Installation Manual (IMN.2K HOT PL 3.1.10 GHz 8 MB Minimum RAM 8 GB DDR3 1600 GHz Minimum HDD HD SATA III 500GB 7.90 GHz 15 MB Minimum RAM 12 GB Minimum HDD 2x HD SATA 6GB 500GB 7.2K or HD SATA 6G 500GB 7.2K HOT PL 3. Windows) g A new installation using the Legacy hardware configuration does not support Optical Management.2K or HD SATA 6G 500GB 7.1 Virtualization TNMS supports virtualization using VMware ESXi 4.2K HOT PL 3. However Coriant does not provide neither is responsible for stability limits or performance in these circumstances.1 10 on reused legacy hardware 2.5" BC Common Client TNMS Netserver Table 3 Hardware recommendations for installations of TNMS 14.2K HOT PL 3.10 GHz 8 MB Minimum RAM 8 GB DDR3 1600 GHz Minimum HDD HD SATA III 500GB 7. 2. After installing the operating system. the system should be commissioned as follows: Software Full Installation Server + Netserver Server Netserver Client Adobe Reader Mandatory Optional Optional Optional Mandatory MSXML Mandatory Mandatory Mandatory Mandatory Mandatory MS. 2. Windows) Preparation The requisites of the virtual machines are similar to those presented in Table 2 and Table 3.4 Prerequisites by component The following table describes which software is required for each component. Full Installation Client Citrix Server Microsoft Windows Microsoft Windows Microsoft Windows Server 2008 R2 SP1 Server 2008 R2 SP1 Server 2008 R2 SP1 (x64)1) (x64) 1) (x64) 1) Microsoft Windows Server 2008 R2 SP1 (x64) 1) Microsoft Windows Server 2008 R2 SP1 (x64) 1) NTFS mandatory Microsoft Windows 7 Professional SP1 (x32/x64) Table 4 1) Server.0. Client and Citrix Server Both the Microsoft Windows Server 2008 R2 SP1 (x64) Enterprise Edition and the Standard Edition are supported.NET Mandatory Mandatory Mandatory Mandatory Mandatory Oracle 11. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 17 . Server + Netserver NTFS mandatory Netserver Microsoft Windows 7 Professional SP1 (x64) Operating System recommendations for TNMS Server. except for the CPU that only requires comparable CPU resources. as the Standard Edition cannot allocate more than 32 GB of RAM. Attend to the fact that the table also shows the order in which the components should be installed.0_43 (32 or 64 bit) if required by other software. g Throughout this and the following chapters the designation of the several operating systems is often abbreviated to allow for better readability.3 Mandatory Mandatory Mandatory - - OSI Stack Mandatory Mandatory - Mandatory - CopSSH Mandatory Mandatory - Mandatory - Citrix XenApp - - - - Optional Table 5 TNMS software prerequisites and their installation sequence g A dedicated Java JRE installation is not mandatory given that the installer already includes the JRE versions required by TNMS.3 Supported Operating Systems The following table provides the supported operating systems. However If the machine has more than 32 GB of RAM you must install the Microsoft Windows Server 2008 R2 SP1 (x64) Enterprise Edition.2.Installation Manual (IMN. However you can manually install Java j2re-1. NetServer.6. Always refer to the table above for the exact versions supported for TNMS. boot the machine and press F9 in the startup screen. and set to Maximum performance. If Java automatic updates are enabled the system may not work properly. For additional information refer to the Oracle Java documentation. • System Options > Processor Options > Intel VT-d. and set to Disabled.6. Windows) To install the Java j2re-1. To access the BIOS. 18 • Disable the network: Go to System Options > Embedded NICs > NIC # Boot Options and set to Disabled.Preparation Installation Manual (IMN. 2.5 BIOS configuration The following chapter. • System Options > Power management options > HP Power Regulator. and set to Disabled. These refer to HP machines and may differ with other hardware configurations. describes the recommended configurations for the system BIOS.0_43 (32 or 64 bit) use the packages available in the TNMS prerequisites and follow the default installation procedure. • Processor options: • Go to System Options > Processor Options > Intel Virtualization Technology. Disable all Java automatic updates on the machines where Java is installed. Where # represents the network interface card number. • Power management options: • System Options >Power management options > HP Power Profile. and set to HP Static High Performance Mode A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . 1. 2. 2. 3. 3. Refer to the iLO specific documentation for further information. When the internal controller displays the message Press <F8> to run the option ROM Configuration For Arrays Utility. Accessing the Integrated Remote Console Use the following information to access the console: 1. Windows) Server operating system configuration 3 Server operating system configuration Before installing the server operating system. Using the default settings. click F8. you must create and configure the logical drive where Windows will be installed.NET link. proceed as follows: 1. expand Information > Overview. In the Mount Image File file dialog box. Just need to create one NTFS partition on the previous created volume (RAID 1) with ~50% of the available space. When the Press any key to view Option ROM messages appears.Installation Manual (IMN. The others 50% will be applied on a new partition to be created afterwards.2 Address: https://<machine IP> Username: <user> Password: <password> In the left panel tree. 2. 3. select the Windows 2008 R2 ISO file and press Open. select Create Logical Drive. 3. At the Main Menu. and in Integrated Remote Console. click the . 3. The following chapter applies to the recommended medium and large configuration hardware only and these steps may differ in case you have any other hardware configurations. click ENTER. This console is used to access the server machine and for administration purposes. The Windows installation is standard with no special configurations or inputs. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 19 .3 Windows installation The steps below refer to the Windows operating system installation using the Integrated Lights-Out (iLO) management console.1 Integrated Lights-Out (iLO) management console This chapter describes how to operate the Integrated Lights-Out (iLO) management console. 4. 3. Open the iLO management console. Restart the machine and boot from CD-ROM (typically by pressing F11 to access to the boot menu). 4. Disk configuration It is recommended that you configure a RAID 1 for the disks where the operating systems will be installed. create the RAID 1 configuration with the two available hard drives. While booting the machine. Click Virtual Drives menu > Image file menu entry. 4. Select all available disks and click OK. 3. In “System and Devices” panel.” combo box. Check the HP support website for downloading the ISO service pack. In the “HP Smart Update Manager” window. 3.exe 1. In “System and Devices” panel. Login in Windows. 2. 3. 6. Login in Windows. expand the Smart Array tree and select the first branch and click Create Array. choose the appropriate delay and click OK. 3. choose the Default Repository and click Next. 5. 20 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . click Edit Target and insert the Windows Administrator username. Go to Start > All Programs > HP System Tools > HP Array Configuration Utility (64bits) > HP Array Configuration Utility (64-bits). providing the content of the service pack.. Open the iLO management console. proceed as follows: 1. In tab Configuration. Windows) HP service pack installation It is highly recommended to update to the latest HP Service Pack for the corresponding machine model. Click Virtual Drives menu > Image file menu entry. 3. 7.6 Large configuration In order to configure a Windows large configuration.. Go to Start > All Programs > HP System Tools > HP Array Configuration Utility (64bits) > HP Array Configuration Utility (64-bits). 4. A new CD-ROM drive is mapped in Windows. The machine may reboot automatically. software and firmware to the latest version. In tab “Review/Install Updates”. select the ISO file and press Open. 4. In tab “Select Targets”. In tab “Source Selection”. Select RAID 1 and keep the default settings. click Install. This service pack updates drivers.” combo box. proceed as follows: 1. select your device (make sure it is not the “Embedded slot”). its password and click Next. In tab Configuration. select your device (make sure it is not the “Embedded slot”). Select the two available disks and click OK. in “Select an available device. tab “Welcome”. In the “Mount Image File” file dialog box. click Next. if not click Reboot Now. 3.Server operating system configuration 3. 5. 4. Click Create Logical Drive to create a new logical drive. 2. 2. expand the Smart Array tree and select the first branch and click Create Array. Login in Windows and run the CD-ROM setup located via <drive>:\hp\swpackages\setup.. 1. in “Select an available device.4 Installation Manual (IMN. Click Save to finish the operation. click the machine list item.5 Medium configuration In order to configure a Windows medium configuration. 2.. 5. format this volume with the following settings: A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 21 . Click Create Logical Drive to create a new logical drive. 5. Select RAID 5 and keep the default settings. 4.1 Right-click the unallocated area and select New Simple Volume.3 Choose the drive letter E to the new partition and click Next.4 In the “Format Partition” window. Click Save to finish the operation. Identify the disk that contains the C: drive and select the grey partition that displays an Unallocated area. Windows) Server operating system configuration 6. format this volume with the following settings: • File system = NTFS • Allocation unit size = Default • Choose a volume label for the new partition • Enable the Perform quick format option 3. 3. click Next. click OK keeping the default settings. 3. 3.5 Click Next and Finish to complete the partition creation step. format this volume with the following settings: • File system = NTFS • Allocation unit size = Default • Choose a volume label for the new partition • Enable the Perform quick format option 4.2 Choose the recommended partition size (typically 50% of the disk size) and click Next. D) and select the grey partition that displays an Unallocated area. 2.3 Choose the drive letter D to the new partition and click Next. 4. expand the server tree Server Manager > Storage > Disk Management.NTFS In order to configure the disk partitioning for medium and large configurations. 5. 5. 5. 4. 3. proceed as follows: 1. 3.2 Choose the recommended partition size (typically 65% of the disk size) and click Next.NTFS Two from the disk array .7 Disk partitioning Three new partitions are needed: • • One from the internal disks (D) with the other ~50% available . Identify the disk that contains the E: drive and select the grey partition that displays an Unallocated area.1 Right-click the unallocated area and select New Simple Volume. 4. Go to Start > Search Programs and Files > type Server Manager and press Enter. Identify the disk that does not contain any partition (C. click Next. In case the window ”Initialize Disk” is displayed.4 In the “Format Partition” window.Installation Manual (IMN. 7.5 Click Next and Finish to complete the partition creation step.3 Choose the drive letter F to the new partition and click Next.4 In the “Format Partition” window. 4.2 Choose the recommended partition size (typically 35% of the disk size) and click Next. 3. In “Server Manager”.1 Right-click the unallocated area and select New Simple Volume. click Next. 6. 22 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .Server operating system configuration Installation Manual (IMN. Windows) • File system = NTFS • Allocation unit size = Default • Choose a volume label for the new partition • Enable the Perform quick format option 5.5 Click Next and Finish to complete the partition creation step. Close the “Disk Manager” window. that is.exe /hibernate off 4. Go to Start > Control Panel > System. to 4. disable “Hibernate” by running the following command as administrator: powercfg. 2. 4. if you prefer to set a limit to the paging file size for Server and Netserver. In the Performance Options window. • Oracle must be installed in the same machine as TNMS Server. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 23 . do as follows: 1. check Automatically manage paging file size for all drives.2 Virtual memory configuration Coriant recommends that you configure your system to automatically manage the paging file size: 1. Windows) Initial system configuration 4 Initial system configuration 4. • The machine where the TNMS Server is installed should use NTFS.Installation Manual (IMN. the partition to be used by the installation and the components to install. In the Virtual Memory window. Follow the steps 1. 2. go to the Advanced tab and. In the System Properties window. • Ensure that the host IP addresses are static. go to the Advanced tab and click on Change. do not use DHCP dynamic addresses. • In the machines where the TNMS Server and/or Netserver are installed. click on Settings. select Custom size and enter the paging file size (refer to table Table 6). Click on Advanced system settings. Click Set to save the settings and then OK to close the window. However. In the Virtual Memory window. IP addresses and TCP/IP name management will be handled. 5. 3. 3. above. • Determine the file system to be used. Note that automatic management is recommended.1 Before you begin Before installing complete the following steps: • Check the system requirements. in the Performance area. TNMS Component Legacy Medium Legacy Large Medium Large Server 12 GB 24 GB 16 GB 64 GB Netserver 4 GB 4 GB - - Table 6 Paging file size. as it provides extra security for the Oracle database files. uncheck Automatically manage paging file size for all drives. • How the network. Select the system’s drive. to report access and changes to the directory service . Windows) 4. Figure 1 "Local Security Settings . NEC-interfaced NEs. write. • Audit Directory Service Access. • • 24 Audit Policy Change.select the check boxes ‘Success’ and ‘Failure’. to track user’s logon and logoff . to report file and folder access . In the tree pane.. other than hiT 7300 or hiT 7100.Audit Policy" window 3.. • Audit Logon Events. • Audit Account Management.select the check boxes ‘Success’ and ‘Failure’. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . To enable auditing locally in the installed OS: 1. g The auditing configuration for the individual object (file or folder) must be set within its properties. to report changes to user account . to report group policies changes .select the check boxes ‘Success’ and ‘Failure’. select “Audit Policy” under “Local Policies”. Audit Privilege Use. • Audit Object Access.select the check boxes ‘Success’ and ‘Failure’. Open the Local Security Policy settings via Start menu/button > Control Panel (Windows 7 only) > Administrative tools > Local Security Policy icon. In the details pane double-click the following policy settings to open the properties window: • Audit Account Logon Events. to report success/failure of any local or remote accessbased logon . that is. to report when permissions (read. 2.3 Audit policy w Proceed to configuring Audit policy only if your network has legacy.) are used select only the check box ‘Failure’.No auditing (no check box selected).Initial system configuration Installation Manual (IMN.select the check boxes ‘Success’ and ‘Failure’. to report when process and programs fail (not security related) . 5.4 Initial system configuration Audit Process Tracking.4. 8. In Server Roles. 4. Reboot your computer. • IIS 6 Scripting Tools • FTP Server • FTP Service • FTP Extensibility Click “Next”. click “Install”. Accept their installation. 6. In Role Services. 9. Open Start > Administrative tools > Server Manager > Roles. 3. select “Close”.1 Installing Internet Information Services in Windows Server 2008 To install the FTP server proceed as follows: 1. Audit System Events. select "Web Server (IIS)” and click “Next”.Installation Manual (IMN. 7. to report standard system events (not security related) select the check boxes ‘Success’ and ‘Failure’. FTP configuration The following chapter provides you guidance through the needed component services configuration.No auditing (no check box selected). In Results. In Confirmation. Windows) • • 4. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 25 . 4.when you select this option a warning pops up informing you that two other components must also be installed. 2. select the top end following services from the tree: • Web Server • Common HTTP Features • Static Content • Default Document • Directory Browsing • HTTP Errors • Health and Diagnostics • HTTP Logging • Request Monitor • Security • Request Filtering • Performance • Static Content Compression • Management Tools • IIS Management Console • IIS Management Scripts and Tools • Management Service • IIS Management Compatibility . Click “Add Roles” to open the “Add Roles” Wizard and click “Next”. In Web Server (IIS) click “Next”. 4.NET.Allow access to “All users”. 3. Click “OK” and confirm. In “Authentication and Authorization Information” step. In Physical Path.. 4. 2. configure the IP Address or leave as default. 3. control and troubleshoot IIS and ASP. 4. In the “General” section. Open Start > Administrative tools > Internet Information Services (IIS) Manager.4. In the “Actions” panel on the right.2 Configuring the FTP Service in Windows Server 2008 To configure the FTP Service/Server. Enter the FTP site name.3 Installing Internet Information Services in Windows 7 To install the FTP server proceed as follows: 1. change the folder to “C:\inetpub\ftproot”. In the left pane tree. 2. Start > Administrative Tools > Internet Information Services (IIS) Manager. select “Allow SSL”. The Internet Information Services Manager enables you to configure. In SSL. This opens the “Application Pool Defaults” window. Windows) Enabling ASP. select “Authentication as Basic”. Open Start > Control Panel > Programs and features > Turn Windows features on or off. 4.”. 4. Reboot your computer. 10. In “Binding and SSL Settings” step. 5. follow these steps: 1. set the “Enable 32-Bit Applications” option to “True” and click “OK”. 2.NET and IIS The following description details the configuration steps necessary in IIS Manager: 1.Initial system configuration Installation Manual (IMN. 26 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . 7. expand the Default Computer > Sites. permissions “Read” and “Write”. 9. After the installation go to Control Panel > Administrative Tools > Internet Information Services (IIS) Manager. In the “Connections” panel on the left. click OK and Next. In the right pane tree. In Authorization . expand the server name and click in “Application Pools”. 6. click “Set Application Pool Defaults.4. Click Finish. Select the top end following services from the tree: • Internet information Services • FTP Server • FTP Service • FTP Extensibility • Web Management Tools • IIS 6 Management Compatibility • IIS 6 Management Console • IIS Management Scripts and Tools • Management Service 3. 5. This opens the Add FTP Site window. Click Next. 8. select “Add FTP Site”.. 8. default. permissions "Read" and "Write". • Contact your network administrator to provide you information details on how to configure the domain since domain details are specific for your network. Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager. then: • You may skip this configuration. Start > Control Panel > System.. – If all is properly configured. configure the IP Address or leave as default..com as found in Control Panel > System Properties > Computer Name > Full computer name of the server in question. but then you will not have Single Sign On capabilities in TNMS. In "Binding and SSL Settings" step. • If a network domain exists and both TNMS Core and TNMS belong to it. 5.xx. it is mandatory that the system's "hosts" file is properly configured with at least "<Server IP> <FQDN>" and "127. In SSL. and full computer name follows name. In the default FTP Home area click on FTP Authentication. 6. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 27 .6 System Hosts configuration Since TNMS uses a static IP address configuration. – Edit Windows’ hosts file (typically. change the folder to "C:\inetpub\ftproot". Click Next. click OK and Next. Windows) 4.1 localhost". select "Add FTP Site".xx. then log on to that domain and proceed with the installation as you normally would.4 Initial system configuration Configuring the FTP Service in Windows 7 To configure the FTP Service/Server.4. > Computer Name > Full computer name) will appear automatically in the OpenDS Directory Server Configuration window during the installation procedure. 3.xx is the static IP of the server in question.xx.Allow access to "All users". Then expand the tree in the left pane until default FTP. domain. In Authorization . 4. select "Allow SSL".xx <full computer name> where xx. check the Domain information. Then in the window right click Basic Authentication and click Enable. In “Authentication and Authorization Information” step. Use the following windows steps: 1. select “Authentication as Basic”. 7. In Computer name. 4. 2. and workgroup settings.0.5 Domain Verification Check if a network domain exists. 9.xx. Enter the FTP site name. the full computer name (as found in .Installation Manual (IMN. 2. 4. In Physical Path. In the right pane tree. Click Finish. Go to System Properties via. follow these steps: 1.0. • If a network domain does not exist. 10. C:\Windows\System32\drivers\etc\hosts) and for each server insert a line like xx. This opens the Add FTP Site window.domain. Proper installation of TNMS requires the default port range to be used. 28 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . If no domain exists and the hosts file is not configured. However. Windows) w The TNMS installer will check if the hosts file is correctly configured. Open the command line (cmd) as Administrator.7 Dynamic Port range configuration The default dynamic port range configuration for Windows Server 2008 and Windows 7 starts at port 49152 and ends at port 65535. 4. If the reported start port is not 49152. 2. This complies with the Internet Assigned Numbers Authority (IANA) recommendation. Execute the following procedure to ensure the correct configuration of the Server and Netserver machines: 1. then execute the command: netsh int ipv4 set dynamicport tcp start=49152 num=16384 persistent Windows is now prepared concerning dynamic port range configuration. configure the dynamic port range before the installation (required for Server and Netserver machines). to avoid warnings while installing TNMS.Initial system configuration Installation Manual (IMN. g TNMS enforces this setting during its installation. In case the server belongs to a domain. as described below. the installation will not proceed. Execute the command: netsh int ipv4 show dynamicport tcp 3. make sure FQDN matches the domain. in particular when you perform its download. accept the terms of the license agreement. The progress of the installation is indicated by the progress bar.1 Adobe Reader You can either download the latest Adobe Reader from the Adobe website (recommended) or use the version included in the Prerequisites folder. and press Next to continue. To install MSXML 4. To install Adobe Reader just follow the standard options shown in its installer. 5. Press Next to continue. In the Choose Setup Type window. 2. the window Completing the Microsoft XML Parser and SDK Setup Wizard is displayed. Press Next to continue. it can be disabled under Control Panel > User Accounts > Change User Account Control Settings > Never Notify. 4. press Install Now. but requires activation.NET 3. In the End-User License Agreement window. The window Installing Microsoft XML Parser and SDK window is now displayed. enter a user name and the name of your company in the appropriate fields.2 User Account Control When applicable.NET Windows Server 2008 MS.4 MS. Once the installation is complete. proceed as follows: A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 29 . Coriant is not responsible for issues or vulnerabilities introduced by Adobe Reader.NET 3. Windows) Software prerequisites installation 5 Software prerequisites installation This chapter describes the installation and configuration of all prerequisites in the recommended installation sequence. 5. 5.Installation Manual (IMN.5. It must be installed on the system so that network configuration data can be imported and exported in XML format.0 SP2 on all supported operating systems.5 is installed with Windows Server 2008. proceed as follows: 1. 5. 3. 5. Double-click the msxml4sp2. In the Customer Information window. 6. Press Finish to complete the installation. Any specific information on this see the Adobe Reader documentation. 7. Refer to Table 5 TNMS software prerequisites and their installation sequence to know which prerequisites are required for each TNMS component. Typically. To activate . According to your windows version.3 MSXML MSXML 4. Windows User Account Control must be disabled in order to continue with the installation.msi file in the MSXML directory on the software DVD. the procedure may vary.0 is an XML parser. Restart the machine after performing this change. A welcome window is now displayed. The directory structure should be as follows: c:\oramedia\database 3 30 Copy the folders from the delivered TNMS media to the <TNMS INSTALLER DIRECTORY> (recommended default location: c:\inst). the TNMS Database Installer assumes the following directory locations: • • Oracle installation disks: c:\oramedia TNMS INSTALLER DIRECTORY: c:\inst However. 5. TNMS Configuration RAM (GB minimal) Oracle template file Managers Large 128 TNMS_LW. If you want to use other locations.1 features. Windows) 1.2 Hardware requirements. at least 40GB of free disk space must be available in the destination machine before installing the Oracle database.5 Oracle This section describes the installation of Oracle Database 11g Release 2 (64-bit) for Microsoft Windows x64. The directory structure should be as follows: A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .3. Select . During the installation you will be requested to confirm the directory paths. Go to Administrative Tools > Server Manager > Features. 2 Unzip the Oracle installation disks 1 and 2 to c:\oramedia (in case of recommended default location.0. The Oracle Database must be installed in the TNMS Server machine. The supported version is 11.5. Click Add Features. If you use different locations you must enter them manually whenever applicable.NET Framework 3. it is possible to install from different locations. Before installing By default. 1 Create both default directory locations indicated above.Software prerequisites installation Installation Manual (IMN. Note that the values in this table are recommended and may vary according to the network dimension and the used hardware.2. 2. 3. make sure they are accessible from the installer (in a local or mapped drive).dbt All Legacy 8 TMNS_SW. If you choose to use previous default directory locations you have to create them manually before you start the installation. Before installing To successfully install and run TNMS.dbt Ethernet and ASON only Table 7 RAM requirements and Oracle template files For the remaining hardware. follow the recommendations described in 2. RAM requirements are indicated in Table 7 RAM requirements and Oracle template files. Only the extracted database folder is required.dbt All Medium 32 TNMS_MW. The database name must be between 1 and 12 characters long and the first character must be alphabetic. Make sure you have enough disk space and memory before continuing. or accept the default by pressing [ENTER].TNMS database configuration 4 . ORALOG and ORATRACE directories. by typing Y. 1 Go to <TNMS_INSTALLER_DIRECTORY>\TNMS_Prerequisites\Oracle\ installation.Exit Enter the desired option. Windows) Software prerequisites installation c:\inst\TNMS_Installer c:\inst\TNMS_Prerequisites Installation The following steps guide you through the Oracle Database installation. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 31 .. Press [ENTER] to confirm the default path or enter the Oracle Installer setup. showing the available disk space and free memory. The installation log location is c:\temp and the full path is displayed on the screen.. or accept the default by pressing [ENTER].TNMS database creation.Check requirements by pressing “0”. The main menu is presented as follows: 0 .bat file and select Run as administrator. Press [ENTER] to confirm the default path or enter the TNMS.Oracle Software Installation 2 . right-click the Exec_TNMS_oracle_install. M or L. 3 Enter the drives for the ORADATA. Please press Enter to exit. 4 Enter the TNMS database name.Installation Manual (IMN.rsp file path (if different). Wait until the Oracle Software installation finishes. A new terminal window opens. The message Successfully Setup Software. the following message is displayed: You can now proceed with Oracle Database installation! If the requirements are not met. Medium or Large. Make sure you specify a valid drive letter followed by the colon sign (for example: “c:”). 7 Choose option 2 . 5 Choose option 0 .TNMS database creation 3 . 2 Enter your configuration: Legacy. because some requirements failed is displayed.exe path (if different).Check requirements 1 . Press [ENTER] to close the window. the message Error: The Oracle installation cannot be done.Oracle Software Installation. 6 Choose option 1 . respectively. The requirements check is executed. is displayed. This action opens a new window. In case the requirements are met. “C:\oracle\product\11.legacy configuration. If any failure occurs during the TNMS database creation.medium configuration. Check installation requirements is displayed..TNMS database configuration. Run the application: “<Oracle Home>\BIN\LSNRCTL” and run the command status. 9 Choose option 3 .ora file path. by default. The following services should be started: • OracleOraDb11g_home1TNSListener • OracleServiceTNMS (if the default database name was “TNMS”) 3..2.bat” 32 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .dbt . The TNMS database is created and the message Database created successfully is displayed.Software prerequisites installation Installation Manual (IMN.rsp file path. Both SYS and SYSTEM passwords must be at least 5 characters long.large configuration. select run as administrator and then enter the following command: “<Oracle Home>\deinstall\deinstall. The database is created and the message TNMS Database Configuration Successful. Oracle Installation finished is displayed. Go to Start > Run and run the command services. Go to Start > All Programs> Accessories > Command Prompt. TNMS_SW. Press [ENTER] to confirm the default path or enter the TNMSnetca. opposite-click. the message Error creating database. Look for errors in the log file indicated on the screen.msc.0\dbhome_1\” 4.5. (if the default database name was “TNMS”) Uninstalling Oracle To uninstall the TNMS database and the Oracle software you must use the uninstallation tool provided by Oracle. 2. TNMS_MW. The Oracle installation and configuration is completed. Type the SYS password and then retype it. Restart the machine.dbt . 10 Choose option 4 . g 5. Windows) Press [ENTER] to confirm the default path or enter the template file path for your configuration: • • • 8 TNMS_LW. Press [ENTER] to confirm the default path or enter the listener. Next. Post-installation verifications In order to verify the installations check the Oracle Services and the TNMS database: 1.Exit. Check if your SID exists and if its status is READY: Instance "tnms".dbt .1 <Oracle Home> is. status READY. type the SYSTEM password and type it again. Proceed as follows: 1. proceed as follows: 1. enter TNMS and press Enter. 2.6 OSI Stack If QB3 is to be used. Wait until the uninstallation finishes and then restart the machine.. refer to the uninstallation tool documentation at: http://docs. When prompted for TNMS database modification. enter the NSAP address. In case the uninstallation tool requests you additional information.oracle. In the Choose Destination Location window which is now displayed. Do you still want to modify the details of TNMS database(s)? [n]: n) 5. 5. (Do you want to continue (y . 8. go to the OSI_Stack directory. 3. 2. n . by default. 7. 5. an OSI stack must be installed on the NetServer PCs before the NetServer software. and if so.0\dbhome_1\” The following steps describe a typical uninstallation procedure. In the Start Copying Files ensure that the settings displayed are correct. 7.6. In the Getting NSAP window. • C:\oracle • <PATH>\oradata (path chosen during installation) 5. select the NSAP address option best suited to your company’s network and press Next. In the InstallShield Wizard Complete window select the option for restarting the computer and press Finish to complete the OSI stack installation. When prompted for the Listener Name. 5. “C:\oracle\product\11. Windows) g Software prerequisites installation <Oracle Home> is. Press Next to continue. When prompted for the Oracle SID. enter LISTENER and press Enter. Go to C:\ folder and delete the remaining folders and files. 4. 4. enter the MAC address of the network card and press Next. In the Please select: window. A welcome window is now displayed. enter "n" and press Enter.112/e16774/deinstall. enter "y" and press Enter.1 Installing OSI Stack To install an OSI stack. you need to proceed with the following set of configurations: A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 33 . (The details of database(s) TNMS have been discovered automatically.2.htm. 3. press Next to continue. if you selected the option NSAP should be derived from MAC address of my ethernet card on step 4.com/cd/E11882_01/install. In the software DVD.no)? [n]: y) 6.2 Configuring OSI stack Once finished the OSI stack installation and the computer rebooted. When prompted for continuation. showing the progress of the OSI stack installation. For example. a default installation directory is offered for the OSI stack.Installation Manual (IMN. A setup status window is now displayed.yes.6.exe and click Run as administrator. Press Next to continue. 6. opposite-click setup. Open the Advanced system settings > Advanced tab. 6. 5.3 Click Start > Control panel > System and Security > System. otherwise you may experience unexpected delays in the service readiness. right-click OSI Stack and select Run as administrator. In case you have to check the environment variable OSIPIPE: 1. Open OSI stack as administrator via Start > Control Panel > OSI Stack. Select the OSI stack from the software list. Click “Ok” 3. Windows) 1. Confirm the uninstall process with Finish and restart your computer. 3.6. 4.Software prerequisites installation Installation Manual (IMN. search for OSIPIPE variable. • In “OpWin Configuration”. Click the button "Environment variables" In the lower list (user variables). you must install and configure CopSSH in TNMS.7 CopSSH CopSSH is a Secure Shell (SSH) File Transfer Protocol (SFTP) and Secure Copy (SCP) server used for transferring data to and from some types of NEs. • Activate “Start stack as service". 5. Exit the OSI Stack Configuration and reboot the machine in order to reset the variables properly. The OSI stack configuration is finished. 3. Open Start > Control Panel > Administrative Tools > Services. CopSSH installation is required for netservers only if there are hiT 7100. Uninstalling OSI stack To uninstall the OSI stack. activate "Open Stack. 2. Select the OSI stack service and press Stop. Activate the following options: • Select In “Bind to Network Interface Card” and activate all network interfaces. when Operator starts”. 2. hiT 7300 or ADVA NEs in your network. 5. • Click “ES-IS” Stack parameter to enter the “ES-IS configuration” and disable “Enable emission of ES hello”. follow the next steps: 1. g In order to support SFTP or SCP transactions via the LCT. Click Uninstall. Open Start > Control Panel > Add/Remove Programs. 2. 4. 34 g SFTP / SCP use is recommended since it is more secure than FTP. 5. You may need to switch to the classic view or click “View as small icons” or use the search field for OSI Stack. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . keep that password for the future (recommended). Go to Properties.Passwords must be at least six characters in length. You must select the user that will be used for the CopSSH account service management.7.1 Software prerequisites installation Installing CopSSH To install CopSSH 4. • Base 10 digits (0 through 9). A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 35 . %). In the software DVD. Click Install. Click Forward to begin the CopSSH User Activation wizard. Grant the user write privileges on the C:\Program Files (X86)\ICW folder.The username must be at least four characters in length. Therefore. In the Status tab. go to the CopSSH directory. This user will be used to perform the SFTP / SCP. 6. Go to Start > Programs > CopSSH. $. In this case you must provide a username and a password that matches the following requirements: . by choosing one of the following options: • Keep the default CopSSH user: SvcCOPSSH (the installer generates a random password). check if the service is running (green button). 5. • Non-alphabetical characters (for example: !.2 Configuring CopSSH As a security measure. Go to Users tab and click Add. 5. 6. Windows) 5.Passwords cannot contain the user’s account name or parts of the user’s complete name exceeding two consecutive characters. 4.1_x86_Installer. The setup wizard’s Welcome window is shown. click on the red button to start it. Create a user with limited privileges in the operating system. opposite-click on CopSSH Control Panel and click Run as administrator. new users must be created. right-click the Copssh_4. Or • Select a new user (must be different from existing local machine users).Passwords must contain characters from three of the following four categories: • English uppercase characters (A through Z). 3. Configuring users in CopSSH: 1. Enter an Installation folder or accept the default by clicking Next. If not.7.exe file and run as administrator 2. 2.7. 4. In the License Agreement window click I Agree. 5. If you choose this option. . Click Close to finish the installation.7. #. CopSSH’s default user cannot be used to access the machine. . • English lowercase characters (a through z).1 proceed as follows (same procedure for all supported operating systems): 1. Enter the service account credentials. . add the user created and give the user modify permissions. 7.Installation Manual (IMN. 3. Click Next. select “Linux Shell and Sftp”. This avoids an overload of the SSH daemon. Uncheck the other two options “Public key authentication” and “Allow TCP forwarding”. Edit the file C:\Program Files (x86)\ICW\etc\sshd_config Below is a sample sshd_config file (after the CopSSH Control Panel has been run for the first time): Port 22 Compression delayed LogLevel INFO TCPKeepAlive yes LoginGraceTime 120 Protocol 2 MaxAuthTries 6 MaxSessions 10 Subsystem sftp internal-sftp -l ERROR Match User copuser PasswordAuthentication yes PubkeyAuthentication no AllowTcpForwarding no MaxSessions 10 # Catch All Match User * AllowTcpForwarding no MaxSessions 0 PasswordAuthentication no PubkeyAuthentication no 2. • For ADVA and/or hiT 7300 NEs and/or hiT 7100 NEs. Windows) 7. Click Apply to activate the user. 3. w Note that.Software prerequisites installation Installation Manual (IMN. Choose the current machine for domain and the user you created earlier. Add the line MaxStartups 10:30:100 after line 8 to control the number of open unauthenticated sessions. select “Linux shell and Sftp”.. Below is the sample above after the changes: 36 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . only “Password authentication” must remain checked. In the three options available. 9. 8. 1. Select Shell access type: • For ADVA NEs. 4. select “Sftp”. Change both MaxSessions values (lines 8 and 13) to 100. Changing the default number of simultaneous sessions The following mandatory procedure is required in order to support multiple NE requests. Click Forward. Click Forward. all the changes to the passwd file will be reset. • For hiT 7100 and/or hiT 7300 NEs. if you run the CopSSH's Control Panel after the procedure below. Edit the file C:\Program Files (x86)\ICW\etc\passwd. if the user name is “FTPUser”. select Local System account. 4. Windows) Software prerequisites installation Port 22 Compression delayed LogLevel INFO TCPKeepAlive yes LoginGraceTime 120 Protocol 2 MaxAuthTries 6 MaxSessions 100 MaxStartups 10:30:100 Subsystem sftp internal-sftp -l ERROR Match User copuser PasswordAuthentication yes PubkeyAuthentication no AllowTcpForwarding no MaxSessions 100 # Catch All Match User * AllowTcpForwarding no MaxSessions 0 PasswordAuthentication no PubkeyAuthentication no 5. Click OK. Opposite-click the service "Openssh SSHD" and select Properties. Check if the SFTP user is added to the password file: 1.7. Save the sshd_config file and restart the CopSSH service using Windows Control Panel. 5. If not: 1.Installation Manual (IMN. Start the Openssh service. 3. 2. the file will be: A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 37 . It must contain the details of the SFTP user that was created and activated. For example. In the Log On tab. 5. check that the CopSSH service is running (green color).3 CopSSH Troubleshooting Go to Start > Programs > CopSSH > CopSSH Control Panel and in the Status tab. Go to (Windows) Control panel > Administrative tools > Services. S-1-5-21-3507081192-3007060136-5153133141026:/var/:/bin/bash 2. This procedure is mandatory only if you want to have NTI operational.U-TSVM41\TestPL. all the changes to the passwd file will be reset.8 Antivirus To protect TNMS against viruses.. if you run the CopSSH's Control Panel after the procedure below.Software prerequisites installation Installation Manual (IMN. skip this procedure.. 5. Refer to the software release notes to see the released versions. Save the file. 1. Edit the line (example) from reguser:unused:11010:10513:reguser.S-1-5-21-3507081192-3007060136-5153133141021:/home/FTPUser:/bin/bashGuest:unused:10501:10513:U-AUMELRD-TD-03\ Guest.9 NTI third-party software installation The “NTI DS” is a third-party software part of the TNMS prerequisites. 2. Otherwise.S-1-5-21-3507081192-3007060136-515313314501:/home/Guest:/bin/bashsshd:unused:11025:10513:U-AUMELRD-TD-03\ sshd. You find the installer in the installation folder TNMS_Prerequisites > NTI_DS and it launches and controls the setup of this third-party software. grant write access to the ICW folder to the Windows user that is used to install COPSSH.S-1-521-3507081192-3007060136-515313314500:/home/Administrator:/bin/bashFTPUser:unused:11021:10513:FTPUser. 5.S-1-5-21-3507081192-3007060136-5153133141025:/var/empty:/bin/bashSvcCOPSSH:unused:11026:10513:U-AUMELRD-TD-03\ SvcCOPSSH.UAUMELRD-TD-03\FTPUser. The main setup also configures the software after the installation to work with TNMS. Windows) Administrator:unused:10500:10513:U-AUMELRD-TD-03\Administrator. do as follows: w Note that.):/bin/false 3. 38 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . 5. you should install F-Secure Client on all machines.4 CopSSH Hardening If you wish to further restrict the CopSSH's user privileges by making connections via interactive shell impossible.7. Go to <CopSSH installation path>\etc\ and edit the passwd file.S-1-5-212769772405-123357289-3683661142-1010:/home/reguser:/bin/bash to (. If the password file does not contain the details of the SFTP user. 5 In the “Directory Name” (Default: C:/NTI_DS) window. Click Finish. 9 After rebooting. 3 In the “License Agreement” window. Locate the “localhost” of the OpenFusion object. click Next. Click Next. right-click and then click Start in the context menu. In the “Welcome” window. If already started. This changes the state to “Started”. “Disable indirection encoding”: on (default option). “Choose level of verbosity”: fatal errors only (default option). click Next. Ensure the services are started through Start > Control Panel > Administrative Tools > Services. “Choose details for compact Typecodes”: off (default option). Choose “Full Installation” as the installation type. 4 In the “Choose Install Set” window.NotificationService 4. enter the installation directory or select it from the Choose dialog and click Next. 6 In the “Notification Service Configuration” window. “Please enter port number for Notification Service”: 17289 (default option). 2 Proceed as described in the setup windows. proceed as follows: • • • Go to <Installation Folder>\NoSe\bin and run the “Object Viewer” by double clicking the manager.Installation Manual (IMN. 8 In the “Install Complete” window. skip this step. “Please choose maximum Java heap size for Notification Service”: choose one of the three available values. The following services must exist and be in state “Started”. The default value is 256 MB. you see the message “Your computer must be restarted to complete the installation”. Check the file in the folder TNMS_Prerequisites. Windows) Software prerequisites installation Installing the NTI third-party software: 1 Run the NTI_DS_Installer. select one of the following options: • • • • • • “Contact with IMR on every server start-up”: off (default option).2.bat file.exe file. choose “I accept the terms of License Agreement” and click Next.3 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 39 . • • JacORB IMR OpenFusion. 7 In the “Pre-Installation Summary” window check if the installation options are correct and confirm by clicking Install. Windows) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .Software prerequisites installation 40 Installation Manual (IMN. Read the License Agreement and then select I accept the terms of the License Agreement. Large (see 2. 3. Before you install TNMS be sure to read and follow the directions below.1 Full installation To install TNMS Server. Click Next to continue.2 Hardware requirements) or Legacy Hardware. 6. A usage warning pops up to let you know that the database should not be in use by any application. If you have a previous TNMS version installed in your system. Select your type of hardware configuration: Medium. 5. 2. Login on the operating system with a user that has administrative rights. 6. 7. 9. if there is a previous TNMS version installed. Select Build and click Next to continue. Select Legacy Hardware to install TNMS Server in machines that meet the hardware requirements for TNMS 13. Click Next to continue. Click Next to continue. refer instead to the Upgrade Manual.x xx.2 1x but not for TNMS 14. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 41 . Failing to comply will result in a failed installation. Opposite-click the installation file in the TNMS SW CD and select “Run as administrator” (Figure 2). To upgrade your installation. The Introduction window opens and the complete list of installation steps is displayed on the left pane.. NetServer and Client in the same machine (full installation): 1.1 10. The Oracle database connection step asks you to enter a set of database connection parameters: • Database IP Address: the Oracle host IP address. Windows) TNMS installation 6 TNMS installation This chapter describes the TNMS installation. 8. will delete all the data in the database. The “Build” option.Installation Manual (IMN. 4. The available buttons describe the installation variants offered. jump to 9 Upgrade to TNMS 14.\TNMS Installer\PUs. Copy all relevant priority updates into . g w Optical Management is not supported in the Legacy Hardware configuration.. In the Choose Install Set step. click Full to install all components in the machine. Figure 2 How to set the TNMS installer to run with administrator rights in Windows 7 and Windows Server 2008. 50 [X] hiT 7300 5. is “TNMS”. Using the same user / password in all installations is recommended since it ensures that the database is restorable in any machine. such as welcome. account. • Differs from the user name.60 Click Next to continue. you must have previously installed the NTI as described in 5. as long as you keep these data for future reference and you use the same user / password in the system where you perform the backup and the system where you restore it.30. The password must meet the following requirements: • Is at least four characters long. • Has at least one alphabetic. In the Choose Components step: 10. Click Next. In the Choose Install Folder step: 11. Click Next to continue 10. 42 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .10 [X] hiT 7300 5.1 Select the Managers to be installed. for example: [X] hiT 7300 5. 10. • g User password: the password for the DB user (example: fk12!igp).2x [X] hiT 7300 5.TNMS installation Installation Manual (IMN. the LCT installation folder and the EML Mediation installation folder.5 Oracle. Click Next to continue. the TNMS Data folder (see note).10. 10. 10. Mind that all managers can be installed but each requires a specific license to be used. w On Legacy hardware installations the Optical Manager will not be installed. However another user / password can be used for security reasons. • User ‘sys’ password: fill in with the password defined in 5. To install and use the Optical Manager you must select the Medium or the Large configuration.30.3 Select the LCTs to be installed.1 Enter the path for the TNMS installation folder. if any. database. Windows) • • g Database port: the Oracle server port number. • Is not simple or obvious.10. • • Re-enter user password: re-enter the password. Click Next to continue.0x [X] hiT 7300 5. The default value is 1521. one numeric and one punctuation characters. Database name (SID): the name of the Oracle database (DB instance). g If you select TMF/Corba.2 Select the North Bound Interface to install. which.10. 11.9 NTI third-party software installation.4 Select the NEs to be installed and all their versions. Database username: the user scheme of the database to be created (example: TNMS). by default. or user. a warning pops up to let you know that the NetServer requires you to install it (see 5. The server and admin port numbers shown are default. you must provide a valid SFTP User. In case you only have one NIC. g The user is not created again. Click Next to continue. Server port. 14. 17. You can use any port number from 1024 to 49151 • Admin ID: default is admin. • • • Computer name: <Computer Name>. Click Next to continue. Click Next to continue. 15. Click Next to continue 16.7. • Re-enter Admin password: re-enter the selected password. Enter the TNMS server’s IP address if you are installing the netserver on a machine other than the server (blank by default). such as if the server has only one IP address. If not.1 Installing CopSSH) If CopSSH is already installed. In case you have more than one Network Interface Card (NIC) installed. backup and remove the data or select a different folder. 12. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 43 . the Choose host IP address panel is displayed providing a list of the IPs associated with each NIC. In the OpenDS Directory Server Configuration step set the following OpenDS database server information: All fields except the Admin password. • Admin password: select password (minimum 8 character). complete the 4. If CopSSH is not installed in the machine. that is. 13.<Domain> Install directory: folder wherein the OpenDS server will be installed.2).2 Configuring CopSSH). g g This step is skipped in some cases. Click the pulldown menu and choose the IP that corresponds to the host name of the machine. not mandatory.7. Windows) TNMS installation Default paths are provided. Click Next to continue. are automatically filled in. g Make sure that the TNMS Data folder is empty. If not. Select the TNMS server’s IP address (blank by default). a Windows user that was added to CopSSH (see 5. cancel the installation wizard. this panel is not displayed and you must proceed to the next step. Admin port: ports used respectively to communicate with OpenDS Server and for administrative actions. Decide whether to have Coriant’s as your default desktop wallpaper. The user mentioned in this step serves as a cross check with the user added in the CopSSH configuration (see 5.6 System Hosts configuration and start the installation once more. In the Choose Shortcut Folder step configure the options of the icons and shortcuts to be created during installation.7.Installation Manual (IMN. In the netserver machine. The results of the installation are presented in the Installation Results step. Click Done to close the installation wizard. If the settings are correct.TNMS installation Installation Manual (IMN. In this step choose Client. 22. Server. Such contradiction arises due to the TNMS Installer use of the netsh adv commands to check the firewall status which can return a different status from that presented in the GUI. RCTSrv (automatically triggered off by TNMS and thus listed as Manual).3 About the automatic priority updates installation). 19.1 Full installation.3 About the automatic priority updates installation). In the server machine.3 Networking and firewall configuration. click Install to start the installation. w The PUs that generate warnings will not be installed.. Server and NetServer or Server and Client. the system can be immediately operated by selecting the server name and using the default user name and password (see 7. is detected during the installation an error message is displayed (for additional information check 6. if you use the Windows Firewall. TNMS Generic Mediator (automatically started). note that: • 44 If you install the TNMS Client and/or the Netserver on Windows 7. g The TNMS installation creates the following services on the target machine after the full installation is completed: • • • • • • • • 6. Windows) 18. such as a corrupted PU file.\TNMS Installer\PUs does not comply with a set of preconditions a warning message is displayed (for additional information check 6.3 Logging in and 7. g A warning message may be displayed during the installation configuration stating that the firewall is enabled. In the server machine. A summary of the installation settings is given in the Pre-Installation Summary step. The subsequent steps are a subset of those described in 6. Installation of separate components To install only one of the components or a specific combination of components you must follow the procedure described in the previous section until step 5. To configure the firewall refer to 12. However. TNMS TrapHandler (automatically started). In the netserver machine. TNMS platform (automatically started). Reboot the machine to complete the installation. Open DS (automatically started). in some cases. TNMS EmlMediator (automatically started). the firewall window displays the disabled status. If an error. After the TNMS Server has been installed and started. go to Start > Control Panel > System > Advanced System Settings > Advanced tab > Performance pane > Settings button > Visual Effects tab and select the option “adjust for best performance”. 20. 21. Click Next to continue or click Cancel to go back to the previous step. If one or more of the priority updates you copied into . NetServer. In the netserver machine. In the server machine. However. In the netserver machine.4 Default username and password). A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . In the server machine. TNMS Multivendor Mediator (automatically started).2 TNMS (automatically started). Windows) • 6. if you need this information later on.3 TNMS installation If you install the TNMS Netserver in a machine other than the Server. an error message is displayed. or automatically. If one or more PUs fail to meet one or more of these conditions. For details on these errors and warnings refer to the PU_InstallLog.Installation Manual (IMN. The PUs listed in this section will not be installed. anytime after installing TNMS. If you install the TNMS Netserver in the same machine as the Server. in the Pre-installation summary you can find the following two sections: • • t Installation Check Warnings In this section are listed all warnings displayed during the configuration steps. warnings are displayed to let you know which PUs fail to comply with which condition.log.log. If any PU was not correctly installed. Also. The correct installation of the PUs is also verified during the TNMS installation. while installing TNMS. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 45 . you can find their content here. Refer to the preinstall_warnings. The automatic procedure includes several verifications that are useful and timesaving. About the automatic priority updates installation You can install priority updates (PU) either manually. If any warnings regarding PUs were displayed. During the configuration of the installation the TNMS installer checks if: • • • The PUs are valid. Priority Updates to Install In this section are listed all PUs that comply with the conditions above and that will be installed. the TNMS Server’s IP address is requested only if the server has more than one IP address. where ou can find the logs of the execution of all installed PUs. Any error or warning messages during the installation are also referred in the final installation step. All dependencies between PUs are met. the TNMS Server’s IP address is requested during the installation. A PU is considered valid if its file has the characteristics of a PU and if the PU is being installed on the supported TNMS version. There are no duplicated PUs. Windows) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .TNMS installation 46 Installation Manual (IMN. Global • Default domain . 7. Windows) Post-installation procedures 7 Post-installation procedures w If you decide to harden the system. The default values are localhost:1100. input server data either in the <server IP address>:<port number> or <server name>:<port number> formats. 7. Network connectivity. The server may not be running. Press the spacebar or click the icon to get the login window. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 47 . If you are logging in after an update rather than an installation from scratch. You are trying to connect to a standby server instead of the active server.Global Logging in Once started. such as TNMS Server.Administrators • Default policy .3 • Default available user . Input a valid user name. If the Server is unavailable the following error message is displayed: ”Server not reachable. you must do it before starting TNMS in a production environment. • Password. See 12 Security hardening for instructions. Please check your network connectivity or if server is running” In this situation check for one of the following scenarios: • • • • g The server is not reachable. The user defined below has full access rights: 7.2 Starting a Client session A Client session is started by clicking either the shortcut icon on the desktop (if one was created during installation) or the client icon in the installation folder. You must fill in the fields: • Server name.1 Starting services Services.Administrator • Default user group . Input the user’s password. TNMS EmlMediator and TNMS Generic Mediator start automatically with the machine. TNMS can be logged in to. Functions authorized by the current user’s access rights can now be accessed. You can select a previously used value set from the menu.Installation Manual (IMN. • User name. the users and passwords remain unchanged from the previous version. Alternatively. the administrator is requested to change the password. TNMS stores the history of passwords registry in the OpenDS database.4 Installation Manual (IMN. • User name: administrator • Password: e2e!Net4u# For security reasons. Windows) Default username and password After the TNMS Server has been installed and started.Post-installation procedures 7. 7. this menu item will no longer be displayed as no password within TNMS will be required. The new password must not: 7. 48 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .5 Changing the password The first password change is performed in a popup window after the first login. Terminating a Client session A Client session terminates when you log off. g If Single Sign-on is enabled later on. Subsequent changes are performed in the Administration > User Management > User Modification window. the system can be immediately operated using the default user and password. You are asked to enter the new password twice for confirmation. check whether that user can’t change the password or otherwise whether the user has to change the password at next logon and/or define the password expiration deadline between 3 and 90 days. Both fields are case-sensitive. *. This is enforced only if the password is changed through the Change Password window. / and @ • Contain at most 3 consecutive digits or letters from the alphabet • Differ from the old one by at least 3 characters. $. Password complexity rules New passwords are validated by the system according to the rules below.6 • Be the same as the user id • Contain the user id • Contain a rotated version of the user id • Match any of the previous. All windows are closed and only the login function is accessible. The new password must: • Be at least 8 characters long • Contain at least 2 alphabetic characters • Contain at least 1 numeric character • Contain at least 1 special character other than #. 2.8 Standby server This configuration can be done at any point in time and is therefore described in TNMS User Manual.2 in the ActiveX controls and plug-ins.11 Connection timeout configuration In order to avoid possible timeouts in communications between the TNMS Client and Server. 7. configure Internet Explorer as follows: 1. 2. Refer to the User Manual for more information on how to manage licenses. 7. 7. proceed as follows: 1. without having to enter another username and password. is granted through the acquisition and installation of proper license keys. Windows) 7. Internet Explorer configuration To ensure the correct behavior of the context sensitive online help.7 Post-installation procedures Single Sign-on By enabling Single Sign-on (SSO) the users can log in to TNMS using the operating system credentials. Search for the section that configures the connector of port 8080 and adjust the timeout to a value adequate to your network conditions.9 License keys Logging in allows you to access elementary TNMS features such as viewing the network map or activating NEs. full access to the whole TNMS. such as in case of APS uploads. enable Initialize and script ActiveX controls not marked as safe for scripting. Select the desired security level and then click Custom:. including the Managers ASON.bind.1 in the Scripting section.Installation Manual (IMN. enable Active Scripting. Within Internet Explorer go to Tools > Internet Options > Security.address}" maxThreads="250" maxHttpHeaderSize="8192" emptySessionPath="true" protocol="HTTP/1. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 49 . 2.xml 2. Restart the TNMS Server. This configuration can be done at any point in time and is therefore described in the TNMS User Manual. For example. However. Edit the file <TNMS installation folder>\jboss\server\bicnet\deploy\jboss-web. to set the timeout to 60 seconds you must enter the value 60000 as in bold below: <Connector port="8080" address="${jboss.10 Optical Manager licenses require a TNMS service restart after importing.deployer\ server.1" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="60000" disableUploadTimeout="true" /> 3. g 7. Ethernet and Optical. proceed as follows: 1 Log in to IOC OP. The certificates shipped with Coriant products and solutions exist to perform a correct installation and leave them ready to work.keystore” -storepass changeit 6 TNMS Server returns the certificate details and asks you to allow the import: Owner: CN=tcserver tcserver.12 Installation Manual (IMN. section on generating IOC OP server keystore and public key pair.exe). If on IOC OP a keystore or certificate changes for any reason. O=Coriant. Trust this certificate? [no]: yes 7 A successful import returns: Certificate was added to keystore 50 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . 3 Open a Windows Command Prompt window (through cmd. O=Coriant.. Issue: keytool -import -file tcserver. 4 Change to the directory with the keytool command: cd<TNMS_InstallationDirectory>\jre\bin 5 Import tcserver.cer and copy it to the TNMS Server. Comply with all your organization’s security rules and established practices before final deployment. OU=Optical Networks.cer -alias tcserver -keystore “<Coriant_TNMS_InstallationDirectory>/jboss/server/bicnet/co nf/sslmq. C=PT Issuer: CN=tcserver tcserver. To import a public certificate. L=Lisboa. Windows) Importing a public certificate from IOC Online Planning (IOC OP) The communication between IOC OP and TNMS is SSL-encrypted. For information on how to generate this file refer to the IOC OP Installation Manual for Solaris. a new key must be generated and then imported to avoid disabling communication.. ST=Alfragide. ST=Alfragide. L=Lisboa. C=PT Serial number: 4ffd7431 . Such encryption is in turn based on certificates. OU=Optical Networks.cer into the TNMS truststore.Post-installation procedures 7. 2 Get the IOC OP Server public certificate file tcserver. The Oracle database backups are stored in Oracle’s Fast Recovery Area under the BACKUPSET directory.User and security information. In such case. Inside this directory. OpenDS server . undo undesired user configurations or restore TNMS state to a clean installation. TNMS database backup files are stored under a target directory (local or remote) of your creation or choice. where the backup files are saved. in case a problem occur. • OpenDS database backup files are also stored under a target directory (local or remote) of your creation or choice. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 51 .Installation Manual (IMN. where the backup files are saved. Inside this directory. w When performing a database backup.1 General description You must back up information contained in the following two data repositories: • • Oracle server . ensure there are writing permissions to the target directory. • g TNMS database backup files are used to restore TNMS to a previous state in order to. The required information is backed up into three sets: • w Oracle database backups are used to recover the database from corruption events or unexpected integrity issues and recovered it to its last most consistent state.DCN management and services information. Backup and restore is a safeguard mechanism to backup the system and recover it. the timestamped subdirectory will contain both databases backup files. These backups contain TNMS specific data plus other Oracle files required for database recovery. Full backups of the Oracle database are stored with a retention policy that allows for a redundancy of 2 backups. TNMS database backup files cannot be used to directly recover from an Oracle database corruption event. 8. Therefore the BACKUPSET directory contains the last 3 backups and older ones are automatically removed. each backup operation creates a subdirectory named after the backup timestamp <yyyy_MM_dd_HH_mm_ss>. for example. This server includes the TNMS database. You may choose to back up simultaneously the TNMS and OpenDS databases. You must not use the BACKUPSET directory for any operations other than Oracle database backups. Windows) Backup and restore 8 Backup and restore This chapter guides an TNMS administrator through the backup and restore procedures. each backup operation creates a subdirectory named after the backup timestamp <yyyy_MM_dd_HH_mm_ss>. Figure 3 8. -d --directory When saving or loading a backup. -s --schema Performs the operation on the TNMS database. You can enter backuprestore-h in the command line to see this list. run the backuprestore. Options -b --backup Performs a TNMS and/or an OpenDS database backup.2 Backup & Restore console Non-interactive mode The non-interactive mode allows you to embed the B&R feature into a scriptable language in order to automate common and repetitive tasks.2 Installation Manual (IMN. Table 8 52 Description List of the available arguments in non-interactive mode A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . run backuprestore. Note that it does not refer to the TNMS database. Windows) Overview of the Backup and Restore interfaces The TNMS DB backup can be performed via console. 8. -R --recovery Use this option to recover the Oracle database. -r --restore Performs a TNMS and/or an OpenDS database restore.Backup and restore 8. interactive (CLI) and non-interactive mode (friendly script). TNMS DB restore can only be performed via console (interactive or non-interactive modes). To use the non-interactive mode. -u --username This option must be followed by the TNMS username.2.bat application from C:\Program Files (x86)\Coriant\TNMS\backuprestore (default location) using arguments to specify the operation you intend to perform (Table 8). -p --password This option must be followed by the password matching the TNMS username.2. or via TNMS Client (GUI). this option must be followed by the path to the directory where the backup files will be stored in or loaded from. -l --ldap Performs the operation on the LDAP (OpenDS) database. to open the interactive menu as displayed in Figure 3.bat with no arguments from C:\Program Files (x86)\Coriant\TNMS\backuprestore (default location).1 Interactive mode To access the interactive mode console. Provide the TNMS credentials (Figure 4). 3. set it to run off high load periods. Windows) Backup and restore Options -h --help Table 8 8. including the TNMS database backup files. 4. Select option “4> Schedule settings” on the console. Backing up the Oracle database The backup of the Oracle database runs automatically and is scheduled inside Oracle Scheduler to run daily at a predefined hour.3. Run backuprestore. You are advised to back up the files onto a safe repository. You should also consider to schedule an independent backup of the TNMS database backup files since Oracle backup files are kept for 3 days maximum.5 Automating the Backup procedures for more information. Before proceeding. is 03:00 AM. List of the available arguments in non-interactive mode (Cont.3 Description This option displays the list of the available arguments.1 Oracle and OpenDS servers must be running. 2. some general considerations and advice apply: • • • 8. which. including the file name. 5. To change the scheduled backup time: 1. so that the application performance is not affected. Refer to the chapter 8. These operations’ logs are stored in the B&R application folder. C:\Program Files (x86)\ Coriant\TNMS\backuprestore\RMAN_TNMS. This operation will perform the full backup of the entire Oracle database. No other parameter is changeable. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 53 . Otherwise restoring the backup will not be possible. g In case you reschedule the daily backup. Go to the B&R application folder (the default is C:\Program Files (x86)\Coriant\TNMS\backuprestore). You are responsible for guaranteeing that the TNMS server backup data files are not corrupted or changed in any way. You can change the scheduled time using the B&R console schedule settings option. by default.log. Open a command line window using the option "Run as Administrator".) Backup procedures through the command line This chapter describes how to back up the system data using the command line.Installation Manual (IMN.3. 4.).DMP.3 Provide the TNMS credentials upon request (Figure 5). 4. Open a command line window using the option "Run as Administrator".3. Either back up the TNMS database using the interactive mode console: 4. in a 24-hour format (Figure 4). The backup file is saved as <name of the TNMS database>. Or run backuprestore -b -s -d <directory> -u <username> -p <password> As a result.4 Select option “1> TNMS database” from the submenu in Figure 5. Press Enter.) or the non-interactive mode (go to step 5. a subdirectory named after the backup timestamp <yyyy_MM_dd_HH_mm_ss> is created under the directory you provided and the backup file of the TNMS database is saved within.1 Run backuprestore. 7. Windows) Figure 4 Changing the Oracle database backup schedule settings 6. 4. Back up the TNMS database using either the interactive mode console (go to step 4.2 Backing up the TNMS database To back up the TNMS database: 1. Go to the B&R application folder (the default is C:\Program Files (x86)\Coriant\TNMS\backuprestore) 3.5 Enter the directory of your choice (local or remote) where the backup files will be stored and press Enter. 5. 2. 4. Figure 5 Backup submenu 4. 54 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .Backup and restore Installation Manual (IMN. 8.2 Select option “1> Perform backup”. Provide the new time for the scheduled backup to run. Or run backuprestore -b -l -d <directory> -u <username> -p <password>. a subdirectory named after the backup timestamp <yyyy_MM_dd_HH_mm_ss> is created under the directory you provided and the backup file of the LDAP database is saved within. Either back up the TNMS database and the LDAP using the interactive mode console: 4. Windows) 8. 4.2 Select option “1> Perform backup”. 8. Open a command line window using the option "Run as Administrator".1 Run backuprestore.4 Backing up the TNMS database and the LDAP (OpenDS) simultaneously To back up the TNMS database and the LDAP (OpenDS) simultaneously: 1.) or the non-interactive mode (step 5. The backup file is saved as userRoot.1 Run backuprestore.3.).5 Enter the directory where the backup files will be stored and press Enter. Either back up the LDAP using the interactive mode console: 4.) or the non-interactive mode (step 5.Installation Manual (IMN. 4. 4. 4. Go to the B&R installation folder (the default is C:\Program Files (x86)\Coriant\TNMS\backuprestore) 3.4 Select option “2> LDAP database” from the submenu in Figure 6.) 4. As a result.2 Select option “1> Perform backup”. Go to the B&R application folder (the default is C:\Program Files (x86)\Coriant\TNMS\backuprestore) 3.3 Provide the TNMS credentials upon request (Figure 7). 2.ldif.3 Provide the TNMS credentials upon request (Figure 6). 2. 5. Open a command line window using the option "Run as Administrator". 4.3 Backup and restore Backing up the LDAP (OpenDS) To back up the LDAP (OpenDS): 1. 4. Back up the TNMS and the LDAP databases using either the interactive mode console (go to step 4. Back up the LDAP using either the interactive mode console (go to step 4. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 55 .3. Figure 6 Backup submenu 4. As a result. You can create command scripts for the backup and restore procedures and configure the operating system scheduler to run them at scheduled times.5 Automating the Backup procedures It is recommended to back up the TNMS database at least weekly.ldif. Windows) Figure 7 Backup submenu 4.EXE /DELETE /TN "<SCHEDULE_NAME>" w 56 You must create a user in TNMS dedicated to scheduled backups and do not allow it to expire. The script contains sensitive data.5 Enter the directory where the backup files will be stored and press Enter. such as usernames or passwords. Ensure the correct access rights. The backup files are saved respectively as <name of the TNMS database>. a subdirectory named after the backup timestamp <yyyy_MM_dd_HH_mm_ss> is created under the directory you provided and the backup files of the TNMS and LDAP databases are saved within. You can also use SCHTASKS. according to your security policy. Create the user via “User Administration” and select the option “User cannot A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . w It is recommended to automate the backup using TNMS instead of a command script (see 8.4 Select option “3> Both TNMS and LDAP databases” from the submenu in Figure 7. 8.EXE /CREATE /SC WEEKLY /TN "<SCHEDULE_NAME>" /ST <SCHEDULE_TIME> /TR "<COMMAND>" /RU "SYSTEM" Where: • • • <SCHEDULE_NAME> is the name of the schedule. you can create a weekly schedule with the following command: SCHTASKS.EXE /TN "<SCHEDULE_NAME>" And to delete a schedule run: SCHTASKS. By using TNMS you overcome such security issues.3. <SCHEDULE_TIME> is the time at which the command will be run (for example.4 Backup procedures through the TNMS client). <COMMAND> is the command to be run. such as usernames or passwords. To list schedule details run: SCHTASKS. 5. 02:50:00). For example.DMP and userRoot. to any command script containing sensitive data. that require access control.Backup and restore Installation Manual (IMN.EXE to inspect the schedule details or delete schedules. Or run backuprestore -b -a -d <directory> -u <username> -p <password>. 4. 3 g Select the Path to save the backup file. 2 Click the Manual button. This window is for information purposes only. The Backup window opens. click the Administration > System > Backup menu item. This opens the Manual Backup window. otherwise the task fails and you receive the following error message in a notification popup. so that no credentials are requested to 57 . in the bottom right corner: Backup operation failed. 8. use this user. About the upload folder: • • A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 The backup path must already exist beforehand in the server side. Figure 8 Backup window To run a manual backup of the TNMS database: 1 In the TNMS main window. Windows) Backup and restore change password”. or to schedule a backup. When setting the backup commands to be run by the schedules. for everyone within the domain.4 Backup procedures through the TNMS client The Backup feature is also embedded in the TNMS client. and choose to run a manual backup or schedule a backup. It allows you to run a manual backup of the TNMS database (TNMS data) and/or LDAP (TNMS users). TNMS server machine must have read and write permissions on the shared folder. The Backup window (Figure 8) allows you to see information about the backup status.Installation Manual (IMN. If you use a remote drive. To schedule a backup of the TNMS database: 1 In the TNMS main window.\\<IP address>\<BackupFolder> 4 Select whether to export the TNMS Data. The backup task starts.C:\<BackupFolder> • Remote drive . g When there is a backup running through the command line. for accesses from outside the domain. you have to specify the full network drive path. 5 Click Start to run the backup. the TNMS Users. it is not possible to run a manual backup through the TNMS Client. Periodic: allows you to define the recurring time and the backup period in days and hours. This schedules the backup.C:\backup Remote drive . you have to specify the full network drive path.Backup and restore Installation Manual (IMN. TNMS server machine must have read and write permissions on the shared folder. menu item. 2 Click the Schedule button.. since TNMS is not able to reach the mapped drive through the letter assigned by Windows.\\<IP address>\backup Click OK. This opens the Schedule Backup window. 6 Select the Path where to save the backup file. However.. the credentials will still be requested. 3 Check the Activate checkbox. Windows) • read it. If you use a remote drive. 5 Under Recurrence pattern. Weekly: allows you to define the recurring time and the week days. since TNMS is not able to reach the mapped drive through the letter assigned by Windows only. or both. select the recurrence of the scheduling. select the Start date. 4 Under Backup Options. 58 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . At least one of these fields needs to be selected. The Backup window opens. click the Administration > System > Backup. Monthly: allows you to define the recurring time and the days of the month. It also allows you to define the end date. Example: • • 7 Local drive . The opposite is also not possible. Example: • Local drive . The database recovery automatically stops and restarts the "TNMS Server" service.2 Select option “2> Perform restore”. 8. recovering the TNMS database alone will not restore the Oracle database.Installation Manual (IMN. Open a command line window using the option "Run as Administrator". Open a command line window using the option "Run as Administrator".5.1 Run backuprestore. However. 3.4 Select option “1> TNMS database” from the submenu (Figure 9). Restoring the TNMS database During this procedure the "TNMS Server" service is automatically stopped and restarted. both the TNMS database and LDAP are backed up. g 8. An Oracle database recovery is made using the last consistent backup found in the Fast Recovery Area of Oracle. Windows) Backup and restore g When a scheduled backup is run. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 59 . a TNMS database restore is not necessary since the Oracle database backups also contain the TNMS specific data.5. Select option “3> Perform database recovery”.1 g Recovering the Oracle database A database recovery is not the same as a TNMS database restore and should only be performed in case of Oracle database corruption. 2.5 Recovery & Restore procedures This chapter describes how to recover/restore the previously backed up system data.) or the non-interactive mode (step 5. 4. Restore the TNMS database using either the interactive mode console (go to step 4. This application is run only through the command line. 8. Use either the non-interactive mode or the interactive console: • Run backuprestore -R or backuprestore --recovery • Run backuprestore. 2. Recovering the Oracle database will restore the TNMS database.3 Provide the TNMS credentials upon request. To restore the Oracle database: 1. Go to the B&R application folder (the default is C:\Program Files (x86)\Coriant\TNMS\backuprestore) 3. Go to the B&R application folder (the default is C:\Program Files (x86)\Coriant\TNMS\backuprestore). Either restore the TNMS database using the interactive mode console: 4. To restore the TNMS database: 1.) 4. 4.2 After the Oracle database recovery. 4. 3. 5.3 Provide the TNMS credentials upon request. 5.ldif) from and press Enter.1 Run backuprestore. Go to the B&R application folder (the default is C:\Program Files (x86)\Coriant\TNMS\backuprestore) 4. 5. Or run backuprestore -r -s -d <directory> The "TNMS Server" service is automatically restarted when the restore procedure is complete.3 Restoring the LDAP (OpenDS) To restore the LDAP: 1.Backup and restore Installation Manual (IMN. Restore the LDAP database using either the interactive mode console (go to step 5. Or run backuprestore -r -l -d <directory> Both the "TNMS Server" and the “OpenDS” services are automatically restarted after the restore procedure is complete. Figure 10 Restore submenu 5.4 Select option “2> LDAP database” from the submenu (Figure 10). 6. Windows) Figure 9 Restore submenu 4. Either restore the LDAP database using the interactive mode console: 5. 2. 60 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .2 Select option “2> Perform restore”. Make sure the "OpenDS" service is running.5 Enter the directory where to load the backup file <name of the TNMS database>.5. Open a command line window using the option "Run as Administrator". 5.) 5.DMP from and press Enter.5 Enter the directory where to load the backup file (userRoot.) or the non-interactive mode (step 6. 8. ldif) from and press Enter. 2. Windows) 8.5.4 Backup and restore Restoring the TNMS database and the LDAP (OpenDS) simultaneously To restore the TNMS database and the LDAP: 1.1 Run backuprestore. Figure 11 Restore submenu 5. Restore the TNMS and the LDAP databases using the interactive mode console: 5. 5.) or the non-interactive mode (step 6. Go to the B&R application folder (the default is C:\Program Files (x86)\Coriant\TNMS\backuprestore) 4. 5. Or Run backuprestore -r -a -d <directory> The TNMS Server service will be stopped before the restore procedure and both the TNMS Server and the OpenDS services will be restarted after the restore procedure. Restore the TNMS and the LDAP databases using either the interactive mode console (go to step 5. 3.2 Select option “2> Perform restore”. Make sure the "TNMS Server" service is running.DMP and userRoot. Open a command line window using the option "Run as Administrator".Installation Manual (IMN.5 Enter the directory where to load the backup files (<name of the TNMS database>. 6.3 Provide the TNMS credentials upon request.) 5. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 61 . 5.4 Select option “3> Both TNMS and LDAP databases” from the submenu (Figure 11). Backup and restore 62 Installation Manual (IMN. Windows) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . Installation Manual (IMN.1 10 refer to the TNMS Upgrade Manual (Windows). A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 63 .1 10 9 Upgrade to TNMS 14. Windows) Upgrade to TNMS 14. where you can find the full description of the upgrade procedure.1 10 To transfer your data to TNMS 14. 1 10 64 Installation Manual (IMN.Upgrade to TNMS 14. Windows) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . they must share a machine if you want both client applications integrated with a GUI cut-through.3 Configuring a Common standby server. It is possible to install TNMS Netserver and TNMS Core Netserver in a same machine. you must follow the procedure described under 10. you must follow the procedure described under 10. but. with a common set of hardware resources. Windows) TNMS and TNMS Core working together 10 TNMS and TNMS Core working together TNMS and TNMS Core can be used in the same environment. there are constraints on how to set up such an environment: • • • It is possible to install TNMS Client and TNMS Core Client / System Administration either in a same machine or in separate machines. In this scenario.1. if you use the UDP protocol to connect the DCN to any NE. Below are examples of possible setups: Example 1: Large system The applications are mostly distributed on different machines. 10. It is possible to install TNMS Standby Server and TNMS Core Standby Server in a same machine.Installation Manual (IMN. However.1.1 Configuring a Common Netserver. Figure 12 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 Distributed TNMS applications (large system) 65 . However.1 Configuring common hardware TNMS and TNMS Core can be used in the same environment while sharing a common set of hardware resources. The example in Figure 13 shows that the netservers run on the same machines as the appropriate servers.TNMS and TNMS Core working together Installation Manual (IMN. Windows) Example 2: Medium system To reduce the amount of machines in medium networks. Figure 13 66 Distributed TNMS applications (medium system) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . components can run in parallel on the same machine. Windows) TNMS and TNMS Core working together Example 3: Common Netserver TNMS and TNMS Core share a common Netserver machine. Figure 14 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 Common Netserver 67 .Installation Manual (IMN. TNMS and TNMS Core working together Installation Manual (IMN. There is no specific configuration in a common Netserver. So. The hardware requirements for a Common Netserver are described in Table 3 Hardware recommendations for installations of TNMS 14.1. in this particular case. except if you use the UDP protocol to connect the DCN to a (supported) NE. you must perform configurations in: • • 68 The operating system TNMS A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . Windows) Example 4: Common Standby server TNMS and TNMS Core share a common Standby server machine. You should also consider a specific configuration of the DCN while using TNMS and TNMS Core clients.1 10 on reused legacy hardware.1 Common Standby Server Configuring a Common Netserver A common Netserver is a machine where both the TNMS Core Netserver and the TNMS Netserver are installed. Figure 15 10. In such hybrid scenarios a special configuration of the Netserver machine is required in order to allow multiple connections without traffic interference. • In the field Bind IP Address enter the Secondary IP. otherwise you will get an inconsistent network state representation. TNMS Core and TNMS must use different IPs to communicate with each NE via UDP protocol. Select Network and Sharing Center. 4. Go to Start > Control Panel. In TNMS Core proceed as follows: A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 69 . Click OK and activate the channel.2 If you wish to use the Secondary IP: • Uncheck the Automatic IP Address.1 If you want to use the Primary IP leave the Automatic IP Address checked. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Change Adapter Settings. 6. 8. The connection to the NetServer is performed using the Primary IP and the connection to the NEs will be established using the Secondary IP. Choose Advanced tab. Those IPs are configured in the Bind IP Address field. In the General tab: 3. In the field IP Address enter the Primary IP. 4. To configure the operating system in the Netserver machine. Make sure the IP is statically defined and not by DHCP server. In Network Connection select the Use connection. 2. as it will be necessary at later stage. If you configure the Primary IP in TNMS you must configure the Secondary IP in TNMS Core and vice versa. Note down the Secondary IP address. However the configuration must be done prior to connecting TNMS Core and TNMS to same network element via UDP. In TNMS proceed as follows: 1. w Remember you must use different IPs in TNMS and in TNMS Core. Windows) • TNMS and TNMS Core working together TNMS Core You must complete all of the following three sets of instructions for the configuration to be complete. Go to the DCN Management window. 3. proceed as follows: 1. as it will be necessary later on. In IP Setting tab add the Secondary IP in order to be used in the common server. 5. Note down the defined Primary IP. • In the field IP Address enter the Primary IP. 3. Create a new SNMP channel. If you use the Primary IP in TNMS you must use the Secondary IP in TNMS Core and vice versa.Installation Manual (IMN. 2. 3. Restart the Netserver. w This configuration can be done any time after installation. 7. w Using both UDP and TCP protocols to connect to the same NE is not allowed and will result in an inconsistent network state representation. Later. If you used the Primary IP in TNMS you must use the Secondary IP in TNMS Core and vice versa. The setup of this machine is done by installing first the TNMS Core. • In the field Bind IP Address enter the Secondary IP. 4. for example. In case of failure of one TNMS or TNMS Core active servers (connection loss due to network failure or hardware failure of the server).1. w Installation Manual (IMN. No special installation procedures are necessary for the Common Standby servers. In the field IP Address enter the Primary IP. Windows) In System Administration go to DCN. In DCN Connections add a Netserver. it is possible to activate and use one of the TNMS or TNMS Core standby servers until the problem is fixed. subscribers and services involving hiT 7300 and FSP3000 R7 NEs. You can import DCN configurations. This feature can. For the standby server configuration procedures. speed up the setup of your TNMS. followed by TNMS according to the corresponding Installation Manuals. Remember you must use different IPs in TNMS and in TNMS Core.2 If you wish to use the Secondary IP: • Uncheck the Automatic IP Address. The hardware requirements for a Common Client are similar to those of a regular Client (Table 3). • In the field IP Address enter the Primary IP.TNMS and TNMS Core working together 1. In the Channel Properties tab. Click OK and activate the channel. The supported configurations for this scenario are all configurations of TNMS Core and all the Legacy configurations of TNMS. 10. 4. 5. a special configuration of the Netserver machine may be performed in order to allow multiple connections. 10.2 Configuring a Common Client A common Client is a machine where both the TNMS Core Client / System Administration and the TNMS Client are installed.1 If you want to use the Primary IP leave the Automatic IP Address checked. in UDP Connection Settings group: 4. physical trails. This configuration is similar to the Common Netserver. The connection to the NetServer is performed using the Primary IP and the connection to the NEs will be established using the Secondary IP. 3. 10. refer to the TNMS Core Installation manual (IMN) or the TNMS User Manual. 2. 70 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . paths.3 Configuring a Common standby server The Common standby server allows you to have both TNMS and TNMS Core Standby Servers running in the same machine.2 Importing data from TNMS Core It is possible to import several types of data from TNMS Core. Choose the Netserver you created and add a new SNMP channel.1. Check TNMS User Manual for detailed instructions on how to configure and use the import from TNMS Core feature. the configuration of the respective properties in the DCN Management window must be the same.Installation Manual (IMN. avoiding the repetition of manual changes. in shared network management scenarios. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 71 . Windows) TNMS and TNMS Core working together You can also synchronize the DCN between TNMS Core and TNMS. You can schedule a periodical import from TNMS Core that updates the DCN configuration in TNMS. 10.3 Important note When an NE is simultaneously managed by TNMS and TNMS Core. TNMS and TNMS Core working together 72 Installation Manual (IMN. Windows) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . When the unassignment finishes. Alternatively. 2. 3. you must first unassign it by doing as follows in the active server: 1. 3.Installation Manual (IMN. do as follows: 1. In the list. The progress and result can be followed in the configuration steps. Verify your input and click Unassign to start the procedure. perform the following steps: 1. the logs can be checked in /tmp_home/[timestamp]/result. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 73 . a notification pops up in the lower right corner with the status of the operation. the users and groups are kept on the system and they are not deleted. opposite-click TNMS and select Uninstall. Go to the installation folder and. Select Administration > System > Standby Server Configuration and fill in the available fields. either success or error. 2. The address of the current standby server is filled in automatically. Restart the machine once the uninstallation finishes. 2. Unconfigure StandBy. it is possible to check in System Event Log that the procedure has ended successfully. in \bin\scripts.log. run as Administrator standby-server. Go to Start > Control Panel > Programs and Features. To uninstall TNMS.bat. In the interactive menu select 3. If any error occurs. In the standby server. along with the elapsed time. Windows) TNMS uninstallation 11 TNMS uninstallation Before uninstalling TNMS and in case you have a standby server assigned. g When the application is uninstalled. Windows) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .TNMS uninstallation 74 Installation Manual (IMN. Windows) Security hardening 12 Security hardening This chapter describes the existing TNMS security hardenings. Any type of communication interfaces not required for the operation of TNMS should be removed or. it should be verified before TNMS is installed that no additional unnecessary users exist. at least.1 Physical and hardware hardening Any effort in securing a system is useless if possible attackers can have physical access to a TNMS machine.2 Disable and delete unnecessary accounts Unnecessary accounts should not exist as the machine should be exclusively used by TNMS server. However it is possible to improve from that level as is described in the following sections. disabled. at least. Operating System hardening Microsoft Windows security patches Coriant recommends that you install the Microsoft Windows security patches listed in the Customer Release Notes in all the machines running TNMS. such as USB interfaces or DVD drives. the server room should be air-conditioned. A physical access control should be put in place. The facilities where the hardware is located should have sufficient heat dissipation and.2. TNMS only requires the existence of the following users: • • • Administrator sshd SvcCOPSSH A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 75 . electronic door locks.2. The BIOS of the machines used for TNMS should be protected by password. It is very easy to disable security mechanisms or compromise the system if there is easy physical access to a machine. For this reasons the following measures should be taken: • • • • • • • • 12. for example. in a default installation. Additional security measures like video surveillance of server rooms is recommended. This is especially important for wireless interfaces such as Bluetooth or WLAN adapters. 12. Note that TNMS already applies security hardening during installation.2 12.1 The TNMS server machine should be located in a room where only the system administrators have access. for example. disabled. hardened to an acceptable level. should be removed or. The remaining items are. including. 12. security settings are defined so that no unnecessary permissions are granted.Installation Manual (IMN. Anyhow. if needed. This means that. to prevent unauthorized modification of the machines BIOS configuration. Any non-required I/O interfaces. All hardware should be securely installed so that it cannot easily be moved. 3 Uninstall unnecessary applications and roles TNMS only requires the following roles: • Web Server (IIS) • Security • FTP Server (optional . run the following command.bat t 12. Go to Start > All Programs > Administrative Tools > Server Manager > Configuration > Local Users and Groups > Users. See Table 9 Windows default shares for guidance on which default shares you should disable. Both Guest and Help Assistant accounts should be disabled at all times. Click on Disable Account. Right-click on the user name (for example Guest or Help Assistant) and select Properties. 76 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 .only if legacy NEs.2. For example.NET Extensibility All other roles should be uninstalled. do as follows: 1. during the Windows Server 2008 installation. To disable shares. Get a list of all the shares on the server by running the following command: #> net share 2. 12. select the application and click to remove. Disable all shares that are not in use.5 You can check the configured audit policies by running in the command line: auditpol /get /category:* Disable unnecessary shares System and security administrators should disable all unnecessary shares. Windows) All other users should be disabled. 2. Guest and Help Assistant accounts are created by default.4 Go to Start > Control Panel > Programs and Features. configure the necessary ones and harden all NTFS and Share permissions. To disable an account.Security hardening Installation Manual (IMN.2. which only support FTP. 3. are to be managed by TNMS) • Application development • . do as follows: 1. Configure Auditing To automatically configure the audit policies. To uninstall an unnecessary application: • 12. To uninstall an unnecessary role: • Go to Start > All Programs > Administrative tools > Server manager > Roles and click to remove roles. the Administrator.2. located in the TNMS software: TNMS_Prerequisites\Audit Policies\AuditPolicies. 2.2. 5. Should not be disabled. Table 9 12. Disable manually. - SYSVOL Used by domain controller and should not be disabled. Go to Start > All Programs > Accessories > Run. Even though this service is blocked by the firewall and ACLs. • Share Recommended Hardening measure DriveLetter$ - Disable ADMIN$ Only needed in case of remote administration of the machine. Remote Registry should be disabled. 12. - Print$ Only needed in case of remote administration of printers. Select the appropriate users/groups and appropriate permissions. Disable manually. enter regedit and press Enter. Go to Start > Control panel > Administrative tools > Computer Management-> System Tools > Shared Folders > Shares 2. if you have no reason to allow remote registry access. - IPC$ Needed by Windows and can/must thus not be disabled.Installation Manual (IMN. 4. if exists. Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecureP ipeServers\ 3. Click OK and close the window. FAX$ Only needed in case of remote administration of fax clients.7 Windows Error Reporting Windows Error Reporting (WER) is a set of Windows technologies that capture software crash data and support end-user reporting of crash information. WER should be enabled. To disable the remote registry: 1. Select the share and chose "Stop sharing".6 Description Windows default shares Disable Remote Registry The Remote Registry service allows registry access to authenticated remote users. if exists. Windows) • Security hardening Via command line: #> net share <sharename> /delete Via the graphical user interface: 1. Select winreg and right-click and select Permissions. - NETLOGON Used by domain controller and should not be disabled.2. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 77 . 3.2. 3. To enable this feature. automatically send summary reports . 5. To enable WER: 1.2. any active default service should be disabled. do as follows: 1. No additional software should be installed beyond the TNMS application and its prerequisites listed below: • • • • • • • • • • • 12.only non-personal data is sent to Microsoft 4. Repeat step 3. right-click Microsoft network server: Digitally sign communications (always) and select Properties. Click to expand Local Policies and select Security Options. Click OK. 4. select one of the following options: • Yes. Go to Start > All Programs > Administrative tools > Server Manager and expand Resources and Support. for the policy Microsoft network server: Digitally sign communications (if client agrees). and step 4. If required. By default this security feature is not switched on.9 Acrobat Reader CopSSH ICW Base ICW COPSSHCP ICW OpenSSHServer J2SE Runtime Environment Java (TM) MicroSoft Visual C++ Redestributable (several packages) OSI Stack TNMS Virus Scanner (for example.personal data may be sent to Microsoft. So. • Yes. 12.8 Additional Software The TNMS server machine should be dedicated to run the TNMS Server only. Go to Start > Control Panel > Administrative Tools and double-click Local Security Policy. in Windows Server 2008 you should enable WER. 2. Windows) In Windows 7 the Windows Error Reporting is enabled by default. 12. On the Windows Error Reporting Configuration dialog box. automatically send detailed reports .Security hardening Installation Manual (IMN.2. TrendMicro OfficeScan Client) Digitally signed communications (Local Security Policy) It is possible to digitally sign all Microsoft network server communications. However. the Remote Access can be kept open for remote 78 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . From the list.10 Minimize system services TNMS enables all services it requires for its proper operation. Click on Configure Windows Error Reporting. Select Enable and click OK to apply the changes. 2. such as in case of headless server (see 12. If a service is changed to "disabled" via context menu it is no longer running and will no longer be automatically started during OS startup. TNMS Server uses the following services: A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 79 .TCP Listener Adapter Network Location awareness Office Source Engine Parental Controls Peer Name Resolution Protocol Peer Networking Grouping/Identity Manager Performance Counter DLL Host / Logs / Alerts Problem Report and Solution Support Program compatibility Assistant Remote Access (**) Remote Desktop (**) Routing and Remote Access Secondary Logon Secure Socket Tunneling Protocol Service • • • • • • • • • • • • • • • • • • • • • • • • • Smart card SNMP Trap Software Protection SPP Notification Service SSDP Discovery Storage Service Tablet PC Input Service Telephony Thread Ordering Server TPM Base Services UPnP Device Host Virtual Disk Volume Shadow Copy WebClient Windows Backup Windows Biometric Service Windows CardSpace Windows Connect Now .Msmq Listener Adapter Net.11 Remote Access/Remote Desktop).Pipe Listener Adapter Net.2. which only support ftp and not SFTP/SCP or FTPS. The following services must be disabled as they are not needed by TNMS.NET State Bitlocker Drive Encryption Service Block Level Backup Engine Service DHCP Server/Client Bluetooth Bluetooth Support Service BranchCache Certificate Propagation Credential Manager Disk Defragmenter Distributed Link Tracking Client Encrypting File System Enterprise Connect WebDAV Fax Function Discovery Provider Host Function Discovery Resource Publication Health Key and Certificate Management HomeGroup Listener HomeGroup Provider IKE and AuthIP IPSec Keying Modules Any type of wireless LAN adapters • • • • • • • • • • • • • • • • • • • • • • • • Any type of bluetooth adapter Interactive Services Detection Internet Connection Sharing KtmRm for Distributed Transaction Coordinator Link-Layer Topology Discovery Manager Microsoft Office Diagnostics Microsoft FTP Service (*) Microsoft Software Shadow Copy Provider Net. ActiveX Installer (AxInstSV) Application Layer Gateway Application Management ASP. Windows) Security hardening configuration of the system. ** Disable only if no remote server administration shall be permitted Windows services can be disabled via Start > Administrative Tools > Services.Installation Manual (IMN.Config Registrar Windows Media Player Network Sharing Service Windows Remote Management (**) Windows Search WinHTTP Web Proxy Auto-Discovery Service Wired AutoConfig WLAN AutoConfig WWAN AutoConfig * FTP is only needed if TNMS manages legacy NEs. Some of them must be considered inherently insecure: g • • • • • • • • • • • • • • • • • • • • • • • • ftp shall only explicitly enabled whenever legacy NEs are used. which support FTP but do not support any secure protocol. g. It is therefore recommended that you configure the Network Level Authentication for the allowed connections as described below.11 Application Host Helper Service Certificate Propagation COM+ Event System COM+ System Application Cryptographic Services DCOM Server Process Launcher Desktop Window Manager Session Manager Diagnostic Policy Service Distributed Transaction Coordinator DNS Client IIS Admin Service IP Helper IPsec Policy Agent Microsoft FTP Service Net.Pipe Listener Adapter Net.Security hardening Installation Manual (IMN.e. OfficeScan NT RealTime Scan OpenDS Openssh SSHD OracleOraDb11g_home1TNSListener OracleServiceTNMS Plug and Play Portable Device Enumerator Service Power Print Spooler RCTSrv Remote Desktop Configuration* Remote Desktop Services* Remote Desktop Services UserMode Port Redirector* Remote Procedure Call (RPC) RPC Endpoint Mapper Security Accounts Manager Server Shell Hardware Detection Remote Access/Remote Desktop TNMS does not rely on the remote access/remote desktop feature provided by the Windows operation system.2. 80 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . it is possible to remotely administer TNMS machines. Windows) • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 12. However.Tcp Listener Adapter Net.Tcp Port Sharing Service Netlogon Network Connections Network List Service Network Location Awareness Network Store Interface Service Optional: Virus Scanner . the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and applied to the Remote Desktop Session Host server.12 Reduce passive FTP port range By default FTP uses any port of the dynamic port range 49152-65535. Other supported NEs may need different/additional ports/protocols. It is recommended that you install a network firewall. such as Windows Firewall (see 12. Enter a range of values for the Data Channel Port Range. 2. This scenario is not tested and therefore is not officially supported. 2. Access to the general internet should also be disabled.2.3 The range should contain 50 or more ports. In the Connections pane. Windows) Security hardening To configure the Network Level Authentication for a connection: 1. Go to the IIS 7 Manager. 1. click the server-level node in the tree. 3. On the General tab. as the measures highly depend on the network infrastructure and topology. w Coriant does not recommend the deployment of a firewall between the NetServer and the NE network. g If the Allow connections only from computers running Remote Desktop with Network Level Authentication check box is selected and not enabled. 4. In case the costumer needs to deploy one due to topology/security reasons. Networking and firewall configuration You should configure the network in a way that makes the TNMS machines only accessible from machines with which TNMS needs to communicate. the ports listed for NetServer <> NE communication in this manual can be used as a starting point to configure the firewall for the Coriant hiT7300 and hiT7100 NEs. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 81 . Please refer to the specific NE's manual to gather the required information to configure your firewall. This can be done by network segmentation and by firewall deployment. Click Apply in the Actions pane to save your settings. 12. go to Start > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration. Under Connections.2 How to configure the Windows firewall). you can also use local firewalls.Installation Manual (IMN. On the Remote Desktop Session Host server. right-click the name of the connection and then click Properties.3. However. which is quite wide. You should consider disabling any default gateways and using static routes between the TNMS machines and other machines with which TNMS needs to communicate. 4. 3. Double-click the FTP Firewall Support icon in the list of features. Click OK. The hardening description below is general. To limit this range do as follows: w 12. select Allow connections only from computers running Remote Desktop with Network Level Authentication. Windows) List of ports to open in the firewall Below is the list of ports to be open in the firewall. Only if CORBA NBI is used 3528 (CORBA IIOP) TNMS Server CORBA Northbound Interface configurable TCP CORBA External CORBA Naming Service. Firewall between a remote Administrator machine and TNMS Server or TNMS NetServer (northbound) machines TNMS remote Administrator machine Table 10 82 3389 TNMS Server machine / TNMS NetServer (northbound) machine TCP RDP (Windows Remote Access) Yes (if TNMS security hardening is followed) Windows Remote Desktop for remote administration. Used in the IOC deployment. but if you decide to use one you must open a port in the firewall for the proxy. g Coriant does not recommend the use of a proxy to access the Citrix Server through the web interface. Firewall between an NBI and TNMS Server CORBA Northbound Interface TNMS Server 17289 (Default) TCP MTMN CORBA (CORBA NS) TMF-814 interface for integration into umbrella NMS. Used in IOC deployment Optional No Optional Only for IOC.Security hardening 12.3.1 Installation Manual (IMN. as well as their description. Firewall rules A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . Only for IOC. Host address Source Destination Service Destination Port Protocol Application Encrypte d Description Optional / Mandatory Firewall between a Planning Tool (PT) and TNMS Server PT TNMS Server TNMS Server 8093 PT 4189 TCP TCP MTOSI / JMS Yes (TLS) TMF-854 interface between TNMS and PT. Optional Only required if TNMS machines need to be administered remotely. configurable TCP CORBA External CORBA Notification Service. Optional PCEP Yes (TLS) PCEP interfaces used by TNMS to request routes from PT. Firewall between TNMS clients and TNMS Server TNMS Client Table 10 TNMS Server 1098 TCP RMI Yes (TLS) Naming service port for RMI requests from client proxies 1100 TCP JBoss NS JBoss Naming Service 3873 TCP EJB3 EJB3 Remoting Connector 4444 TCP RMI Port for the RMI/JRMP invoker 4445 TCP RMI Port for the Pooled invoker 5445 TCP RMI RMI (JMX HornetQ) 8080 TCP WEBDAV WEBDAV service 8083 TCP RMI RMI Web Service Port for dynamic class and resource loading 8093 TCP JMS JMS Service Mandatory Firewall rules (Cont. Optional 2598 TCP ICA Yes For Citrix SecureICA. 80 TCP http No 443 TCP https Yes Only if you use the Citrix web client. If you have a Citrix client installed locally you do not need to open these ports Only required when Citrix is used. If not used. Windows) Security hardening Host address Source Destination Service Destination Port Protocol Application Encrypte d Description Optional / Mandatory Firewall between CITRIX Client and CITRIX Server Citrix server and client are only deployed if a central user interfaces’ server is used (for example a central Windows server for TNMS clients).Installation Manual (IMN. packets arriving at those ports can be rejected or dropped.) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 83 . TNMS user workstation TNMS Client (CITRIX server) (CITRIX client) 1494 TCP ICA No For Citrix. Optional Optional Only if TNMS manages hiT 7100 or hiT 7300 NEs Only used for NEs that use SFTP. To be able to communicate with the central SFTP server running on the TNMS Netserver machine. Windows) Host address Source Destination Service Destination Port Protocol Application Encrypte d Description Optional / Mandatory Firewall between TNMS clients and TNMS Netserver(s) Embedde d EM Netserver 22 TNMS client can open the craft terminal as it is embedded in the TNMS client.Security hardening Installation Manual (IMN.) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . a tunnel is created. for example: hiT 7300 and hiT 7100. Firewall between TNMS Server and TNMS Netserver TNMS Server 22 TNMS NetServer (northbound) Table 10 84 TCP SSH/SCP No (local only) Secure Copy (secure copy over ssh) 1198 TCP RMI Naming service port for RMI requests from client proxies 1199 TCP JBossNS JBoss Naming Service 3973 TCP EJB3Con n JBoss default EJB3connector 4445 TCP RMI Port for the Pooled invoker 8083 TCP RMI RMI Web Service Port for dynamic class and resource loading 8093 TCP RMI RMI 19980 TCP CORBA CORBAOMNIORB listening port Firewall rules (Cont. Optional Only if TNMS manages hiT70xx. Table 10 Firewall rules (Cont.Installation Manual (IMN. Go to IIS connection manager > Connections Column (Server) > FTP Firewall Support > Set Data Channel Port Range and insert desired range. 3.) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 85 . 1. 2. Restart IIS. Windows) Security hardening Host address Source TNMS Server TNMS Server Destination Service Destination Port Protocol Application Encrypte d No (local only) Description 22 TNMS NetServer 1298 (northbound) TCP SFTP TCP RMI 1299 TCP JBossNS JBoss Naming Service 4073 TCP EJB3Con n JBoss default EJB3connector 8083 TCP RMI RMI Web Service Port for dynamic class and resource loading 8093 TCP RMI RMI TCP FTP TCP FTP 21 TNMS NetServer (north49152 bound) 65535 No (local only) Secure FTP Naming service port for RMI requests from client proxies File Transfer Protocol File Transfer Protocol Limit the dynamic range used by the FTP server: Optional / Mandatory Optional Only if TNMS manages Juniper MX / PTX NEs. ADVA or hiT7500 NEs. Insert the same range in the firewall. Windows) Host address Source Destination TNMS TNMS Netserver Server (northbound) Service Destination Port Protocol Application Encrypte d Description 1098 TCP RMI No (local only) Naming service port for RMI requests from client proxies 1100 TCP JBoss JBoss Naming Service 3528 TCP CORBA / IIOP CORBA Object Adapter (used by TNMS NBI/SBI) 4444 TCP RMI Port for the RMI/JRMP invoker 8083 TCP RMI RMI Web Service Port for dynamic class and resource loading 8093 TCP JMS JMS Service Optional / Mandatory Mandatory Firewall between TNMS active server and TNMS standby server TNMS active server TNMS standby server 1521 TNMS standby server TNMS active server 1521 TCP TCP Oracle stream No Oracle database replication Optional Oracle No Oracle database replication Optional Only if there is a standby TNMS Server installed. Mandatory Firewall rules (Cont.) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . No DNS Optional only required if TNMS standby server is used Firewall between TNMS Server and Customer Network TNMS Server Table 10 86 DNS server 53 NTP server 123 TCP DNS Only if a DNS service is used. TCP / UDP NTP No NTP Use TCP or UDP depending on the configuration of the NTP server.Security hardening Installation Manual (IMN. Installation Manual (IMN. Traffic between TNMS and NE Network (firewall not recommended) Example for hiT7300 / hiT7100 NE/GNE TNMS Netserver management (southinterface bound) NE/GNE management interface Table 10 10000 13999 TCP 161 TCP 22 TNMS Netserver (southbound) TCP SNMPv3 over TCP (RFC342 0) Yes (SNMPv3 ) SNMP multiplexing ports (NAPT) for embedded CT. Communication with Optional domain controller for Only required if single sign on SSO is used.) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 87 . (SSO). target NE Mandatory SNMP managers SSH / SCP Yes Secure Copy (secure copy over SSH) Mandatory Firewall rules (Cont. Windows) Security hardening Host address Source TNMS Server Service Destination Destination Port Protocol Application Encrypte d Server where TNMS logs are transferred to 21 TCP FTP No 22 TCP SFTP Yes Domain controller 88 UDP Kerberos No 135 TCP / UDP DCE / RPC 389 TCP / UDP LDAP 445 TCP / UDP AD / SMB 464 TCP / UDP Kerberos Description External server to store logs Optional / Mandatory Optional Only needed if logs are to be transferred to an external log file server. 7025.Security hardening Installation Manual (IMN. Yes (SSL) FTP over SSL For LCT communication. Additional ports may be opened if more simultaneous LCTs are required. 7030. Windows) Host address Source NE/GNE management interface Service Destination Destination Port Protocol Application Encrypte d Description TNMS Client 990-993 TCP FTPS Yes (SSL) FTP over SSL For LCT communication. (LCT) g The number of ports within this range that are in use at a given time is the same as LCTs communicating with the NE up until a maximum of 4 ports. 7065.) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . your network) UDP SNMPv3 Yes (SNMPv3 ) Trap notifications from Juniper (southbound) Optional (only if there are Juniper NEs in your network) Traffic between TNMS and NE Network (firewall not recommended) (Example for hiT 7020. 7035. 7080 NEs) NE/GNE management interface Table 10 88 8002 TNMS Netserver (southbound) TCP SNMPv3 Yes (SNMPv3 ) Traphandler Optional (only if there are any of these NEs in your network) Firewall rules (Cont. 7060HC. and not recommended.Optional (only if there are ment interface for Juniper NEs in Juniper. 49152 65535 TCP FTPS Optional / Mandatory Optional For hiT 7300 / hiT 7100 if required for FTPS file operations between LCT and NE. Traffic between TNMS and NE Network (firewall not recommended) (Example for Juniper NEs) NE/GNE TNMS Netserver management (southinterface bound) NE/GNE management interface 22 32666 TNMS Netserver TCP NetConf Yes (SSH) NETCONF manage. 7060. To avoid direct connectivity you should configure the TNMS SFTP settings for tunneling communications between LCT and NEs. Open access to the home directory.4 OEM Hardening In this section you can find instructions on how OEM and 3rd party software that works with TNMS can be hardened to decrease the attack surface for attacks against TNMS. Add the Copssh user to the user group above and make sure that the user is not member of any other groups. Click Next. Run #> net localgroup CopsshUsers <user> /add A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 89 .Installation Manual (IMN.war 12. Click on Advanced settings. In the right pane. depending on the direction of the connection you are configuring. In the Name step type a name for the rule. Repeat the procedure for each of the remaining ports. In the Protocols and Ports step: • select TCP. To disable the JMX console remove the folder: …\TNMS\jboss\server\bicnet\deploy\jmx-console. 5. 12. In the Profile step check Domain (uncheck all others). In the Rule Type step select port. Click Next. In the Action step check Allow the connection. Click Next. Create a local group by running the following command in the command line: #> net localgroup CopsshUsers /ADD 2. 12. To do so you must manually configure the NTFS file system properties as described below: 1. by running: #> cacls copssh-inst-<path>\home /c /e /t /r \ CopsshUsers 4. 7.4. by running: #> cacls <drive letter>:\ /c /e /t /d CopsshUsers 3. Deny access to this group for each available local drive.3. In the left pane click on Inbound Rules or Outbound Rules. 8. 3.4. 4. click on New Rule to open a port for the traffic of a service. 2. Click Finish to create the rule and close the wizard. • select Specific local ports and enter the port number to which the rule applies (see Table 10). Windows) 12. 6.1 JBoss JMX should be disabled.2 CopSSH (SFTP) You should limit user access to CopSSH home folder. Click Next. 10. Go to Start > Control Panel > Windows Firewall.2 Security hardening How to configure the Windows firewall To configure the Windows 7 / Windows Server 2008 firewall proceed as follows: 1. 9. The New In/Outbound Rule Wizard starts. 5 TNMS Maintenance Packages and Workaround Updates Coriant recommends that you install. to 12.6. the TNMS Maintenance Packages and Workaround Updates. Location <Product Install Dir>/jboss/server/bicnet/conf/props/jmxconsole-users. when available. Only required for JBoss administration / configuration. for JBoss instance.4.Security hardening Installation Manual (IMN.3 Oracle File name Location Explanation/Goal Hardening config. since they may contain relevant security improvements. 6. Shell access will not work due to limitations on system directories. db-ds. A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . and 5.4 Database-related configurations and security hardenings. to 12. Table 11 12. Internet Explorer The Internet Explorer should not be used for browsing the public internet. as this raises the threat to compromise the system. deploy Identified in the file by: username/password.xml Restrict the file per<USER_INSTALL_DIR> Text file which connects JBoss com. 12.6. 12.1. Table 12 90 Default TNMS user accounts and security hardenings. Windows) 5.dat <USER_INSTALL_DIR> Binary file which Restrict the file per\jboss\server\bicnet\conf allows to connect missions according USM to LDAP server.missions according \jboss\server\bicnet\ ponents to database.6 User Management Components Username/Password TNMS Server (JMX Console) User: admin The password is automatically generated and there is no need to change it. Repeat steps 4.4. 12.1.N/A: the password is ment console with automatically generAdministrator role ated. You should disable the access to public internet. Go to the CopSSH control panel and activate user for 'Linux shell and Sftp' or 'Sftp only'.properties Explanation/Goal Hardening Access manage. for each user. (JMX Console) Security hardening Location <Product Install Dir>/jboss/server/gm/co nf/props/jmx-consoleusers.Installation Manual (IMN.properties Explanation/Goal Hardening Access manage. N/A because this user is only needed to fulfill RADIUS protocol requirements. Only required for JBoss administration / configuration. Authentication from TNMS (GM) to the NE is possible when checking the option in NE Properties window: "Use RADIUS server for authentication". The EM/NE uses this authentication to allow the opening of the LCT window corresponding to that NE. N/A because it is not possible to change this password (solution underway). for JBoss instance. Only required for JBoss administration / configuration. This user cannot be used for login purposes.properties Access manage. (Cont. Then the option "Use TNMS username for LCT login (Radius required at NE)" in GCT User tab is checked automatically. Hardcoded. Windows) Components Username/Password Generic Mediator User: admin The password is automatically generated and there is no need to change it. Authentication sent from GM to EM/NE to open LCT window is possible when the option "Use TNMS username for LCT login (Radius required at NE)" in GCT User tab is checked.N/A: the password is ment console with automatically generAdministrator role ated. Default TNMS user accounts and security hardenings. Generic Mediator User: RemoteLoginFunction Password: <no password> LCT User: <Username_RU> (concatenation of the username from tab SNMP Settings in NE Properties window and the string "_RU")Password: <Password from tab SNMP Settings in NE Properties window> Table 12 Hardcoded. The Generic Mediator uses the following user only in the first message of the authentication process between the Generic Mediator and the RADIUS server. for JBoss instance.N/A: the password is ment console with automatically generAdministrator role ated.) A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 91 . Multi Vendor Mediator (JMX Console) User: admin The password is automatically generated and there is no need to change it <Product Install Dir>/jboss/server/mvm/c onf/props/jmx-consoleusers. Navigate to the file using Windows Explorer. 5.ldif Password for user N/A because the user Administrator has has to be changed at to be changed at the first login.6. 2. N/A because it is not possible to change this password (solution underway). 4. In the Security tab click on Advanced. Click OK to accept the changes and close the window.war\WEB-INF\ classes\ users. Permissions tab. Opposite-click the file and select Properties. Security context for communication from server to netserver components. C:\Program Files (x86)\ OpenDS\install\ cf-usminstall-data_opends. BCB Mediator User: jleal Multiple NE functions User: tomcat User and Security Management User: Administrator User and Security Management User: ptc Table 12 Password (hardcoded): jleal Password: tomcat Password (default): e2e!Net4u# Password (hardcoded): e2e!Net4u# Location Explanation/Goal Hardening Hardcoded in those components so that their authentication match each one with the other.1 Restricting the specified files’ permissions To restrict the specified files’ permissions: 1. <data path>\TNMS\ nedata\webdav\webdav.1. Select all users except SYSTEM and the Administrators group and click on Remove.Security hardening Installation Manual (IMN. Default TNMS user accounts and security hardenings. C:\Program Files (x86)\ OpenDS\install\ cf-usminstall-data_opends. 3. Restrict the file permissions according to 12.ldif ptc user is an internal account.) 12. 6. 92 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . first login.properties Security context for communication from client to server components.6. Remove file after installing and/or protect the installation directory against unauthorized users. In the Advanced Security Settings window. Only the user SYSTEM and the Administrators group should remain and both having full access. (Cont. click on Change Permissions. Windows) Components Username/Password Connection Manager. Windows) Index A Adobe Reader 29 Antivirus 38 Audit policies 76 Audit policy 24 B Backup 51 automating 56 client 57 command line 53 console 52 interactive mode 52 LDAP 55 non-interactive mode 52 OpenDS 55 Oracle database 53 TNMS database 54 BIOS 18 C Client terminating session 48 Common standby server 70 Common Netserver 68 Common Standby Server 70 Common standby server 70 Component delivery 15 Component Services 25 Console 52 CopSSH configure 35 hardening 38 install 35 security hardening 89 troubleshooting 37 D Disk configuration 19 Disk partitioning 21 Documentation online help 13 Domain Verification 27 Dynamic Port range 28 F Firewall configuration 81 Windows firewall 89 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 H Hardware 15 client 15 large configuration 15 medium configuration 15 netserver 15 requirements 15 security hardening 75 server 15 HP service pack 20 I Installation CopSSH 34 full 41 Hardware 15 OSI stack 33 separate components 44 TNMS 41 XML parser 29 Integrated Lights-Out 19 Interactive mode 52 Internet Explorer 49 Internet Information Services 26 Interworking 65 TNMS 65 J Java JRE 17 JBoss 89 JRE 17 L Large configuration 20 LDAP 55 License 49 Local security policy 78 Login 47 M Medium configuration 20 Microsoft Windows security hardening 75 security patches 75 MS.NET 29 MSXML 29 N Netserver 68 Non-interactive mode 52 NTI 38 93 .Installation Manual (IMN. 70 Structure online help 13 System Hosts configuration 27 System services 78 T Template files 30 Third-party software OSI stack 33 XML parser 29 TNMS 65 uninstallation 73 TNMS Core 65 U Uninstallation 73 Upgrade 63 User Account Control 29 User interface username and password 48 Username 48 V Virtual memory 23 94 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . 59 LDAP 60 OpenDS 60 simultaneous 61 TNMS database 59 Roles 76 S Security 75 Security hardening 75 audit policies 76 CopSSH 89 digitally signed communications 78 firewall 81 Internet Explorer 90 jboss 89 local security policy 78 Microsoft Windows security patches 75 networking 81 OEM 89 operating system 75 Oracle 90 physical and hardware 75 remote access 80 remote registry 77 SFTP 89 system services 78 unnecessary accounts 75 unnecessary applications and roles 76 user management 90 Windows Error Reporting 77 Server 19 standby 49 Services 47 SFTP security hardening 89 Single Sign-on 49 Standby server 49.Installation Manual (IMN. Windows) O OpenDS 55 Operating system security hardening 75 shares 76 Operating Systems 17 Oracle 30 security hardening 90 template files 30 Uninstalling 32 Oracle backup files 53 OSI Stack 33 configure 33 install 33 OSI stack Installation 33 uninstalling 34 P Password 48 change 48 complexity rules 48 Policies 76 Prerequisites 17. 29 Q Quick format 22 R Recovering Oracle 59 Recovery 59 Remote access 80 desktop 80 Remote registry 77 Restore 51. 26. Windows) Virtualization 16 W Web Server 25 Windows 19 Windows 7 26. 27 FTP 27 Windows Error Reporting 77 Windows Server 2008 25.Installation Manual (IMN. 29 FTP 26 X XML parser Installation 29 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 95 . Installation Manual (IMN. Windows) 96 A50023-K2035-X040-05-76D1 Issue: 5 Issue date: July 2014 . Abbreviations Abbreviations ACS Actual Creation State ALS Automatic Laser Shutdown ASON Automatically-Switched Optical Network BCB Broadcast Band CAM Common Array Manager CBS Committed Burst Size CC CDM CIR CFM CLI CORBA CSPF Cross Connection Cross-domain Manager Committed Information Rate Connectivity Fault Management Console Interactive Common Object Request Broker Architecture Constrained Shortest Path First CST Central Standard Time CSV Comma-Separated Values DA DCN DHCP (Oracle’s Sun Storage) Disk Array Data Communications Network Dynamic Host Configuration Protocol DNS Domain Naming Service DSR Dynamic Source Routing DWDM ELP EM EM/NE FA-LSP Dense Wavelength Division Multiplexing Ethernet Linear Protection Element Manager Element Manager/Network Element object management Forwarding Adjacency LSP FEC Forward Error Correction FTP File Transfer Protocol GBE Gigabit Ethernet GCT GUI Cut-Through GFPG Issue date: July 2014 Generic Framing Procedure Group . transport technology Issue date: July 2014 . Administration and Maintenance OCH Optical Channel ODU Optical Data Unit .Abbreviations GM GMPLS Generic Mediator Generalized Multi-Protocol Label Switching GMT Greenwich Mean Time GNE Gateway Network Element GPS Global Positioning System GUI Graphical User Interface IMN Installation Manual IOC Intelligent Optical Control IOC OP IP LACP Intelligent Optical Control Online Planning Internet Protocol Link Aggregation Control Protocol LAG Link Aggregation LAN Local Area Network LCT Local Craft Terminal LDAP Lightweight Directory Access Protocol LSP Label Switched Path LSR Label Switch Router MDI Multiple Document Interface MIB Management Information Base MSDE Microsoft SQL Server Desktop Engine MTOSI Multi Technology Operations System Interface MVM NE NEC Multi-Vendor Mediator Network Element NE Controller NIC Network Interface Card NNI Network to Network Interface NTFS NTP NW (Microsoft’s) New Technology File System Network Time Protocol Network OAM Operation. transport technology PBS Peak Burst Size PC PCEP PDF PIR PT Personal Computer Path Computation Engine Protocol Portable Document Format Peak Information Rate Physical Trail PTC Planning Tool Connector PTP Physical Termination Point RAID Redundant Array of Independent Disks RNE Remote Network Element SCP Secure Copy SCSI Small Computer System Interface SDH Synchronous Digital Hierarchy SFTP Secure File Transfer Protocol. or Secure Shell File Transfer Protocol SLA Service-Level Agreement SNC SubNetwork Connection SNCP SubNetwork Connection Protection SNMP Simple Network Management Protocol SONET Synchronous Optical Networking SPC Soft Permanent Connection SQL Structured Query Language SRLG Shared Risk Link Group SSH Secure Shell STP Spanning Tree Protocol SVID TC TCP/IP Issue date: July 2014 Service Virtual Local Area Network Identifier Topological Container or TransConnect Transport Control Protocol/Internet Protocol .Abbreviations OM Optical Manager or Optical Management OMS Optical Multiplex Section OPU Optical Payload Unit .transport technology OTS Optical Transport Section .transport technology OTU Optical Transport Unit . Abbreviations TL1 Transaction Language 1 TE-Link Traffic Engineering-Link TMN TN TNMS TP Telecommunications Management Network TransNet Telecommunications Network Management System Terminal Point USB Universal Serial Bus UMN User Manual UNI UNI-S UPS VC VLAN WAN WLAN XC User-to-Network Interface User-to-Network Interface-Service Uninterruptible Power Supply Virtual Container Virtual LAN Wide Area Network Wireless LAN Cross Connection X-NE Cross-NE XML eXtended Markup Language Issue date: July 2014 . log files). Alarm An alarm is a management mechanism intended to inform the user that there is a standing fault condition in the system. provided ALS is provisioned on both ends of the fiber pair. log entries or alarm reporting. and is fast in both software and hardware. Issue date: July 2014 101 .Glossary Glossary @CT @CT is a web-based craft terminal (that is. Advanced Encryption Standard (AES) Is a specification for the encryption of electronic data. In addition. Alien wavelength A wavelength that does not originate from a transponder or muxponder card. Actual Creation State (ACS) Is the current state of the path which results from the accumulation of the actual creation states of the path’s route elements. Alarm log An alarm log provides a list of the alarms associated with a managed object. The following values are used: • indeterminate • critical • major • minor • warning • cleared alarms • not Existent • not Alarmed Element Manager (EM) can configure the severity which is assigned to each fault cause by an alarm severity assignment profile. 3DES Triple DES is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher. and provides the following information about each of the alarms: • the identification of the affected object • the identification of the failed NE or the NE in which the failed unit resides • the alarm severity • the time the event occurred • the indication whether the alarmed event is service affecting or not • the location and the affected traffic Alarm severity Each failure is assigned a severity. These fault causes will be blocked. hence do not lead to any LED alarm indications. It communicates via SNMP with the NEs and uses the FTPS for upload/download of software or other data configuration (for example. but is still allowed to be multiplexed into the aggregate line signal for transport as an optical channel by the system. AES is based on a design principle known as a substitution-permutation network. Automatic Laser Shutdown (ALS) Is a technique used to automatically shut down the output power of the transmitter in case of fiber break. element manager) software which provides web access to hiT 7300 network elements (NEs) in the customer network without the use of a management system. This is a safety feature that prevents dangerous levers of laser light from leaking out of a broken fiber. EM can specify that a fault cause shall not be alarmed. which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. 102 Issue date: July 2014 . In normal use. Committed Information Rate (CIR) Is the guaranteed average rate (in Mbit/s) at which the information units are transferred through the port over a measurement interval. the two nearest surviving stations "loop back" their ends of the ring. They provide the benefit of easy end-to-end provisioning. Card slot A card slot is the insertion facility for a card in a shelf. Card A card is a plug-in unit that occupies one (or multiple) shelf slots. Cards perform specific electrical and/or optical functions within an NE. The controller card performs the following main functions: Fault Management. and can restore one when it fails. Bidirectional Selfhealing Ring (BSHR) Is a telecommunications term for loop network topology.1ag CFM is a service level OA&M protocol that provides tools for detecting and isolating connectivity failures in the network. The Control Plane uses network-generated signaling and routing protocols to set up or release a connection. Communication Management. Therefore. this loop or ring is used to provide redundancy. This includes proactive connectivity monitoring. Data Communication Network (DCN) Data Communications Network is a management network for telecommunication transport systems. Ethernet Connectivity Fault Management (CFM) Is an end-to-end perservice Ethernet layer OA&M protocol. Security Management. and fault and protection management. fundamental shelf equipping errors (which might cause hardware damage or fatal malfunctions) are impossible. NE controller cards provide the central monitoring and controlling functions of the system. and software integrity functions) and controlling the NE alarm LEDs. Performance Management. or of an entire station. Mechanical coding elements make sure that each card can be fully inserted only into a card slot that is suitable for the given card type. which have a Control Plane. as well as the MCF to operate the Q and QF Ethernet interfaces. uploads. The communication is established via the Optical Supervisory Channel (OSC) of the optical links and an Ethernet/L2 switching network implemented by the NEs. Configuration Management. In the event of the loss of a link. in most cases. The NE commissioning phase is performed after the NE is installed and powered-up. IEEE 802. ASON domains can be built up as part of the transport network. In this way. traffic is dispatched in the direction of the shortest path towards its destination. several ports for interconnection of optical fibers and/or optical interfaces. Each card has a faceplate with information LEDs and. fault verification and fault isolation for large Ethernet Metropolitan Area Networks (MANs) and WANs. Each card slot is designed for one or several particular card types. Soft permanent connections (SPCs) connect both endpoints (NE1 and NE2) within an ASON domain. The system consists of a ring of bidirectional links between a set of stations. If a path fails. even if it has to travel "the long way round". A DCN domain interconnects several NEs for the purpose of network management. Software Management (performing all software downloads. Equipment Management. Commissioning Controller card Commissioning an network element (NE) is the process of taking an installed NE and bringing it in to an operational state. and on OCh layer of hiT 7300 and on ODU2 layer of hiT 7100. 7070 or 7080. traffic can still travel to all surviving parts of the ring. a common configuration in telecommunications transmission systems. an alternative path is automatically used.Glossary AutomaticallySwitched Optical Networks (ASON) ASON domains are built on the VC4 layer of hiT 7065. Glossary Dense Wavelength Division Multiplexing (DWDM) In fiber-optic communications, wavelength-division multiplexing (WDM) is a technology which multiplexes a number of optical carrier signals onto a single optical fiber by using different wavelengths (colors) of laser light, that is, simultaneously places a large number of optical signals (in the 1550 nm band) on a single optical fiber. This technique enables bidirectional communications over one strand of fiber, as well as multiplication of capacity. Data Encryption Standard (DES) Is a widely-used method of data encryption using a private key. DES applies a 56-bit key to each 64-bit block of data. The process can run in several modes and involves 16 rounds or operations. Dynamic Host Configuration Protocol (DHCP) Is a standardized networking protocol used on IP networks that dynamically configures IP addresses and other information that is needed for Internet communication. DHCP allows computers and other devices to receive an IP address automatically from a central DHCP server, reducing the need for a network administrator or a user from having to configure these settings manually. Domain TNMS allows you to restrict user groups to operate only a set of NEs or DCN subnets instead of the entire network. This partitioning is called a “Domain” and limits the operation on nodes outside of their partitions by assigning user groups to domains. Further, you can also assign policies to domains for further control and security, limiting the user groups to specific menu entries and actions. This arrangement is required, for example, in network centers that are responsible for maintaining only a subset of the nodes. The main purpose is security: it avoids that a login to the system grants access to the entire network. TNMS now supports the creation, modification or deletion of multiple domains, granting or restricting their accesses. By default, all NEs belong to the GLOBAL domain which cannot be modified or deleted. Ethernet Linear Protection (ELP) Is a protection scheme defined in the ITU-T G.8031 standard designed to protect pointto-point Ethernet paths such as VLAN based Ethernet networks. To achieve protection ELP uses two disjointed paths, a working path and a protection path, traffic is carried firstly on the active path (working path) and in case of failure, traffic is switched to the protection path. Both paths can be monitored using OAM protocols like CFM.ELP provides 1:1 bi-directional protection switching with revertive mode capabilities.ELP must first be configured at the NE side via the LCT, only then they are visible in TNMS so that you can use it in the E-LAN and E-Line service creation via the New Ethernet Service wizard.ELP is supported in specific network elements and cards only. Refer to the NE dedicated documentation for more information. Element Manager (EM) Ethernet Fault management File Transfer Protocol (FTP) Issue date: July 2014 Network elements enable the user to perform operation, administration and maintenance tasks with the NE system in a GUI environment. Ethernet is a family of frame-based computer networking technologies for LANs. It defines a number of wiring and signaling standards for the physical layer, through means of network access at the MAC/Data Link Layer, and a common addressing format. Fault management reports all hardware and software malfunctions within an NE, and monitors the integrity of all incoming and outgoing digital signals. FTP is a network protocol used to transfer files from one computer to an NE and viceversa through the network. 103 Glossary Frequency Frequency is a physical attribute of a wave (for example, an optical wave), defined as the number of wave cycles per time unit. The frequency is directly related to the wavelength. Generalized MultiProtocol Label Switching (GMPLS) Is a protocol suite extending MPLS to manage further classes of interfaces and switching technologies other than packet interfaces and switching, such as time division multiplex, layer-2 switch, wavelength switch and fiber-switch. Intelligent Optical Control (IOC) Is the Coriant software platform integrating the software defined networking (SDN) framework with intelligent control for multi-layer optical transport networks. IOC addresses the complete operational workflow and network lifecycle from service planning to optimization up to maintenance, by combining the capabilities of the Coriant TransNet optical planning tool, the IOC OP provisioning system and the TNMS network management system. Internet Protocol (IP) Is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. Internet Protocol version 4 (IPV4) Is a connectionless protocol for use on packet-switched networks. It operates on a best effort delivery model, in that it does not guarantee delivery, nor does it assure proper sequencing or avoidance of duplicate delivery. These aspects, including data integrity, are addressed by an upper layer transport protocol, such as the Transmission Control Protocol (TCP). Link Aggregation Control Protocol (LACP) Within the IEEE specification the Link Aggregation Control Protocol (LACP) provides a method to control the bundling of several physical ports together to form a single logical channel. LACP allows a network device to negotiate an automatic bundling of links by sending LACP packets to the peer (directly connected device that also implements LACP). Link Aggregation (LAG) Allows a bridge to treat multiple physical links between two end-points as a single logical link, referred to also as a port-channel. The feature can be used to directly connect two switches when the traffic between them requires high bandwidth and/or reliability, or to provide a higher bandwidth connection to a public network. For this purpose, all the physical links in a given port-channel must operate in full-duplex mode and at the same speed.If a physical port or the related link of a LAG fails, the traffic previously carried over the failed link automatically is switched to the remaining link(s) of the LAG (rapid reconfiguration). Bandwidth degradation is an obvious impact if the sum ofthroughput of the two/multiple aggregated links are higher than the throughput of the remaining link(s). Be aware that certain link failures are not always visibleto both ends of a link. Link Aggregation Control Protocol (LACP) and Automatic Laser Shutdown (ALS) enabled, guarantees that both ends of a link properly detect all failures and perform the correct response.LAG groups must first be created at the NE side via the LCT, only then, they are visible in TNMS so that you can use it in the E-LAN and E-Line service creation via the New Ethernet Service wizard. LAG is supported in specific network elements and cards only. Refer to the NE dedicated documentation for more information. Laser Laser safety 104 A laser is a device that generates an intense narrow beam of light by stimulating the emission of photons from excited atoms or molecules. Laser safety rules are a group of mechanisms and actions necessary to protect all users from harmful laser light emissions. Issue date: July 2014 Glossary Local Craft network (LCT) LCT is a client-based craft terminal (that is, element manager) software which provides access to network elements (NEs) in the customer network without the use of a management system. Lightweight Directory Access Protocol (LDAP) Is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network. Line interface A line interface is a transponder interface that faces the line side of the link. Contrast with “client interface” which faces the client equipment side of the link. Long Haul (LH) hiT 7300 LH segment is a DWDM application characterized by a reach of more than 500 km and up to 1200 km. Label Switched Path (LSP) Is a path through an MPLS network, set up by a signaling protocol such as LDP, RSVPTE, BGP or CR-LDP. The path is set up based on criteria in the forwarding equivalence class (FEC). Label switch router (LSR) Sometimes called transit router, is a type of a router located in the middle of a Multiprotocol Label Switching (MPLS) network. It is responsible for switching the labels used to route packets. When an LSR receives a packet, it uses the label included in the packet header as an index to determine the next hop on the Label Switched Path (LSP) and a corresponding label for the packet from a look-up table. The old label is then removed from the header and replaced with the new label before the packet is routed forward. MD5 Maintenance Association End Points (MEP) Management Information Base (MIB) Message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed as a 32 digit hexadecimal number Are points at the edge of the domain that define the boundaries and sends and receives CFM frames through the wire side (physical port) or relay function side. Is used for backup purposes where you can plan automatic upload jobs. MX Juniper MX Series Universal Edge Routers are Ethernet-centric services routers that are purpose-built for demanding carrier and enterprise applications (font: Juniper website). NetConf Network Configuration Protocol (NETCONF), is an IETF network management protocol. NETCONF provides mechanisms to install, manipulate, and delete the configuration of network devices. Its operations are realized on top of a simple Remote Procedure Call (RPC) layer. The NETCONF protocol uses an Extensible Markup Language (XML) based data encoding for the configuration data as well as the protocol messages. This in turn is realized on top of the transport protocol. Network Craft Terminal (NCT) NCT is a network management craft terminal (that is, element manager) software which is used for either local or remote network management. Network Element (NE) A network element (NE) is a self-contained logical unit within the network. The NE can be uniquely addressed and individually managed via software. Each NE consists of hardware and software components to perform given electrical and optical functions within the network. Issue date: July 2014 105 and correlation of alarms to network resources. Optical path The path followed by an optical channel from the first multiplexer to the last demultiplexer. Performance management Performance monitoring and signal quality analysis provide information for detecting and alerting. Optical Network Node (ONN) An ONN is an NE where the incoming channels are either dropped or routed to a line in a different direction. Network to Network Interface (NNI) Is an interface which specifies signaling and management functions between two networks. Path Computation Engine Protocol (PCEP) Implements. such as the visualization of the network topology. point-to-point. Pseudo-Random Binary Sequence (PRBS) Is a known sequence of bits that can be used as a test signal to measure transmission delay and bit error rate of a channel. a CIR of 10 Mbit/s PIR of 12 Mbit/s allows you access to 10 Mbit/s minimum speed with burst/spike control that allows a throttle of an additional 2 Mbit/s. ring. while also notifying OM when PCEP is available or unavailable to send/receive PCEP Route messages. chain. Planning Tool Connector (PTC) Interfaces Coriant TransNet/Intelligent Optical Control DWDM network planning tool. NNI circuit can be used for interconnection of IP (e. Network topologies A topology of a network is defined by the list of NEs included in the network and the list of links that connect those NEs (for example. sets up and manages PCEP. with integrated. For example. Issue date: July 2014 . Apart from multiplexing and demultiplexing an ONN NE implements optical or 3R signal regeneration and dispersion compensation. outgoing channels can also be added locally.g. It runs on PCs using Microsoft Windows operating systems. Physical Trails (PT) Trails are represented as Physical Trails (PTs).Glossary Network Management The network management layer includes all the required functions to manage the optical network in an effective and user-friendly way. In this test. Optical Channel A predefined wavelength that can be used to transmit a bit stream by means of a modulated light signal. Coriant TransNet is a sophisticated software simulation tool developed specifically for designing and/or upgrading optical DWDM networks with hiT 7300. PTX 106 Juniper Packet Transport Routers are Converged Supercore platforms that deliver powerful capabilities based on the Junos Express chipset and forwarding architectures optimized for MPLS and Ethernet. and so on). MPLS) networks. They connect two Physical Termination Points (PTP) on a physical layer rate. one port inserts the PRBS signal in the channel (source port) and another detects if the sequence was received correctly (sink port). Peak Information Rate (PIR) Is a burstable rate set on routers and/or switches that allows throughput overhead. Related to Committed Information Rate which is a committed rate speed guaranteed/capped. creation of services. This kind of test is traffic affecting since the test sequence is inserted into the OPUk until the test is stopped. Coriant TransNet Planning of a hiT 7300 network is done by the Coriant TransNet tool. but can also contain non-physical layers. coherent 100GbE technology (font: Juniper website). a cause that could lead to a degraded performance before a failure is declared. a database schema. which is set by the user upon creation. cross connections and internal port connections between line cards and multiplexers/demultiplexers are provisioned via the NMS. and software integrity functions. It consists of a set of standards for network management. The data to be encoded are often called the message. Topological Container (TC) Issue date: July 2014 Defines a containment relationship between other topological container and/or NEs. OSNR is the ratio of an optical signal power to the noise power in the signal. forming a circular optical path for signals (that is.Glossary Required Creation State (RCS) Optical Signal to Noise Ratio (OSNR) Ring network Synchronous Digital Hierarchy (SDH) Is the desired state of the path. Simple Network Management Protocol (SNMP) SNMP is used in network management systems to monitor network-attached devices for conditions that warrant administrative control. This means they can contain NE symbols and other TCs. Software management Software management performs all software downloads. respectively). a ring). remote commandline login. which corresponds to a network view. including an application layer protocol. and password concept. the relevant line cards. using a hierarchical security management user ID. All subagents within a multicontroller NE are controlled by the master agent. Security management Security Management controls the individual access to particular NE functions via the network management system and/or via a craft terminal. A ring network is a network topology in which each NE connects to exactly two other NEs. uploads. Secure Shell (SSH) Is a cryptographic network protocol for secure data communication. while services are manually provisioned via the NMS. and a set of data objects. such that any (accidental or intentional) change to the data will (with very high probability) change the hash value. The network map is always associated with one TC. the cryptographic hash value. and other secure network services between two networked computers that connects. At low transmission rates data can also be transferred via an electrical interface. Subsystem A subsystem is a set of shelves and cards in multicontroller NE that is controlled by a subagent. remote command execution. Secure Hash Algorithm (SHA) Is a family of cryptographic hash functions that takes an arbitrary block of data and returns a fixed-size bit string. via a secure channel over an insecure network. The method was developed to replace the Plesiochronous Digital Hierarchy system for transporting large amounts of telephone calls and data traffic over the same fiber without synchronization problems. The core equipment is provisioned by downloading and swapping NCFs. a finite-state machine is event driven if the transition from one state to another is triggered by an event or a message. 107 . Is a standardized protocol that transfer multiple digital bit streams over optical fiber using lasers or highly coherent light from light-emitting diodes. When adding new services or expanding an existing network. and the hash value is sometimes called the message digest or simply digest. State Event Machine (SEM) In computation. Service Provisioning via NMS Provisioning mode in hiT 7300. a server and a client (running SSH server and SSH client programs. core and backbone levels. The returned signal can then be compared to the transmitted one. Loopbacks return the transmitted signal back to the sending device after the signal has passed across a particular link. edge. endto-end connection) or specific sections only and implement an Optical channel Data Unit (ODU) termination provisioned to support up to six TCM levels. alerting personnel of the incorrect connections. TL1 Transaction Language 1 (TL1) is a widely used management protocol in telecommunications. They provide a Performance Management of all the Optical Transport Network (that is. and is so common that the entire suite is often called TCP/IP. Transponder loopback Loopbacks are diagnostic tests that can be activated via Element Manager. Transmission Control Protocol (TCP) Is one of the core protocols of the Internet protocol suite (IP). It supports NEs with DWDM. administer and maintain hiT 7300 NEs. ring and mesh network configurations. QST. QST V2. Operations domains such as surveillance. TCP provides reliable. medium and small size networks. and access and testing define and use TL1 messages to accomplish specific functions between the OS and the NE. TNMS Core can be used to manage networks in the access. The basic principle is that specific overhead bytes are reserved for Trace Messages of the user's choosing. It is a cross-vendor. metro. Transponder card A transponder card receives an optical input signal and converts it to an optical output signal suitable for DWDM multiplexing and transmission. SW management (also referred to as X-NE or Cross-NE). error-checked delivery of a stream of octets between programs running on computers connected to a local area network. TL1 is used in the input and output messages that pass between Operations Systems (OSs) and Network Elements (NEs). ring and mesh networks and provides access to NEs via Ethernet interface or via a serial line interface (RS232). TNMS TNMS Core Telecommunications Network Management System . Optical Management and Ethernet Management. TNMS Core is an integrated solution designed for large.Glossary Tandem Connection Monitoring (TCM) TCMs are configurable parameters (via Element Manager) of the transponders. star. cross-technology man-machine language. SDH. It resides at the transport layer. ordered. If they differ.is a standalone application that provides a full range of network-management functions. TNMS CT TNMS CT is a transparent software platform for SDH and DWDM NEs using QD2. memory administration. It allows remote operation and control of these network elements. PDH. Trail Trace Identifier (TTI) TTI is a transponder card parameter (configurable via Element Manager) of which is used to verify correct cabling or correct Tandem Connection Monitoring (TCM) configuration. the system can automatically verify that fiber connections have been made as intended. TNMS DX TNMS DX is a telecommunications network management system to operate. This is accomplished by comparing the expected Trace Message to that actually received. Any discrepancy between the transmitted and the returned signal helps to trace faults. intranet or the public Internet. Ethernet in line. 108 Issue date: July 2014 . It supports line. and is widely used to manage optical (SONET) and broadband access infrastructure in North America. from the transport network’s physical structure and its NEs to those required for Automatically-Switched Optical Networks (ASON). star. By specifying the Actually Sent (transmitted) and the Expected (received) trace messages. Q3 or SNMP telegram protocols. an alarm is raised. OTH. Although the design of XML focuses on documents. The design goals of XML emphasize simplicity. defined as the distance between corresponding points of two consecutive wave cycles. in this case referred to as datagrams. a single layer-2 network may be partitioned to create multiple distinct broadcast domains. Virtual LAN or VLAN. This is distinct from a Network to Network Interface (NNI) that defines a similar interface between provider networks. As this is normally IP over unreliable media. UDP provides checksums for data integrity. assuming the Revertive option is selected. ordering or duplicate protection.Glossary User Datagram Protocol (UDP) Is one of the core members of the Internet protocol suite (the set of network protocols used for the Internet). Virtual Local Area Networks (VLAN) In computer networking. which are mutually isolated so that packets can only pass between them via one or more routers. and thus exposes any unreliability of the underlying network protocol to the user's program. UDP uses a simple transmission model with a minimum of protocol mechanism. Wavelength Wavelength is a physical attribute of a wave (for example. such a domain is referred to as a Virtual Local Area Network. eXtensible Markup Language (XML) Is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. Issue date: July 2014 109 . generality. The wavelength is directly related to the frequency of the wave. Ultra Long Haul (ULH) hiT 7300 ULH segment is a DWDM application characterized by long path lengths of up to 1600 km. there is no guarantee of delivery. it is widely used for the representation of arbitrary data structures. User-to-Network Interface (UNI) Is a demarcation point between the responsibility of the service provider and the responsibility of the subscriber. It has no handshaking dialogues. With UDP. an optical wave). to other hosts on an Internet Protocol (IP) network without prior communications to set up special transmission channels or data paths. for example in web services. and port numbers for addressing different functions at the source and destination of the datagram. computer applications can send messages. Wait to restore time (WTR) The time in minutes that TNMS waits until it tries to switch to the working path again. It is a textual data format with strong support via Unicode for the languages of the world. and usability over the Internet. Glossary 110 Issue date: July 2014 . Documents Similar To CORIANT TNMS 14.1 10Skip carouselcarousel previouscarousel next17293557 HiT Training Presentation 2HIT 7050 Tr3271eu00tr 0302 MaintenanceTNMS-M_hiT_7060_LCT_UserManual_3SURPASS HiT 7025 Technical Description Issue 10Troubleshooting_Manual[1].pdfHIT7300 Installation Procedure ICON+ ProjectSurpass 73002A9M1V2Y0JTNMS-CT User ManualSiemens TNMS (Technical Descriptions)Nokia Siemens Networks_SURPASS HiT 7035_Technical DescriptionTechnical Description Stm64Surpass Hit 7300Coriant HiT 7025 Technical DescriptionCFL_SURPASS_hiT_7065_20081110SURPASS_hiT_7060_Installation_and_Test_Manual_R4.0.pdfManual ADVA FSP 150CC-825 Coriant Overview PresentationDatasheet HiT 7030SURPASS HiT 7060 Technical ManualSurpassTellabs 7100 InstallationTREINA_CORIANT_7100DS_hiT_7300_74C0037.pdfhit_7080_omnhit_7300_olc.pdfHiT Training Presentation-2Surpass Hit 7050Surpass Hit 73007030 Surpass HitFooter MenuBack To TopAboutAbout ScribdPressOur blogJoin our team!Contact UsJoin todayInvite FriendsGiftsSupportHelp / FAQAccessibilityPurchase helpAdChoicesPublishersLegalTermsPrivacyCopyrightSocial MediaCopyright © 2018 Scribd Inc. .Browse Books.Site Directory.Site Language: English中文EspañolالعربيةPortuguês日本語DeutschFrançaisTurkceРусский языкTiếng việtJęzyk polskiBahasa indonesiaYou're Reading a Free PreviewDownloadClose DialogAre you sure?This action might not be possible to undo. Are you sure you want to continue?CANCELOK
Copyright © 2024 DOKUMEN.SITE Inc.