eSight V300R002C01 Single-Node System Software Installation Guide

eSight
V300R002C01
Single-Node System Software
Installation Guide (Windows)
Issue
01
Date
2016-04-30
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2016. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address:
Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://e.huawei.com
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
i
eSight
Single-Node System Software Installation Guide
(Windows)
About This Document
About This Document
Purpose
This document describes how to install different eSight editions (compact, standard, and
professional), eSight service components, operating system, database, and obtain references
required for the installation.
Intended Audience
This document is intended for:
l
Huawei technical support engineers
l
Partner technical support engineers
l
Enterprise administrators
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
Indicates an imminently hazardous situation which, if not
avoided, will result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, may result in minor or moderate injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in equipment damage, data loss,
performance deterioration, or unanticipated results.
NOTICE is used to address practices not related to personal
injury.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ii
eSight
Single-Node System Software Installation Guide
(Windows)
Symbol
About This Document
Description
Calls attention to important information, best practices and
tips.
NOTE
NOTE is used to address information not related to
personal injury, equipment damage, and environment
deterioration.
GUI Conventions
Convention
Description
Boldface
Buttons, menus, parameters, tabs, window, and dialog titles
are in boldface. For example, click OK.
>
Multi-level menus are in boldface and separated by the ">"
signs. For example, choose File > Create > Folder.
Command Conventions
The command conventions that may be found in this document are defined as follows.
Issue 01 (2016-04-30)
Convention
Description
Boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italic.
[]
Items (keywords or arguments) in square brackets [ ] are
optional.
{ x | y | ... }
Alternative items are grouped in braces and separated by
vertical bars. One is selected.
[ x | y | ... ]
Optional alternative items are grouped in square brackets
and separated by vertical bars. One or none is selected.
{ x | y | ... } *
Alternative items are grouped in braces and separated by
vertical bars. A minimum of one or a maximum of all can
be selected.
[ x | y | ... ] *
Optional alternative items are grouped in square brackets
and separated by vertical bars. A maximum of all or none
can be selected.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iii
eSight
Single-Node System Software Installation Guide
(Windows)
About This Document
Change History
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Updates in Issue 01 (2016-04-30)
This issue is the first official release.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iv
eSight
Single-Node System Software Installation Guide
(Windows)
Contents
Contents
About This Document.....................................................................................................................ii
1 Restrictions on Installation and Commissioning....................................................................1
2 Installation and Commissioning Process................................................................................. 2
3 Preparing for the Installation...................................................................................................... 4
3.1 eSight Server Installation Plan....................................................................................................................................... 5
3.2 Obtaining eSight Server Installation Software............................................................................................................. 10
3.3 Obtaining Security Hardening Software.......................................................................................................................12
3.4 Preparing Installation Tools..........................................................................................................................................13
3.5 Powering On a Server...................................................................................................................................................13
4 Installing the Operating System...............................................................................................15
4.1 Configuring the RAID.................................................................................................................................................. 17
4.2 Installing the Windows Server 2008 R2....................................................................................................................... 34
4.3 Creating a Partition....................................................................................................................................................... 41
4.4 Turning off the Operating System Firewall.................................................................................................................. 46
4.5 Configuring the Network..............................................................................................................................................47
4.6 Installing the Operating System Patches...................................................................................................................... 52
4.7 Setting the Virtual Memory.......................................................................................................................................... 54
4.8 Activating Windows..................................................................................................................................................... 58
5 Installing the eSight Software.................................................................................................. 63
5.1 Installing the eSight Platform and Components........................................................................................................... 64
5.2 Verifying the Installation.............................................................................................................................................. 73
6 Installing the Antivirus Software.............................................................................................76
7 Commissioning the eSight........................................................................................................ 77
7.1 Obtaining Reference Documents..................................................................................................................................78
7.2 Enabling Port Numbers on Firewalls............................................................................................................................78
7.3 (Optional) Configuring Multi-Subnet Management.....................................................................................................79
7.4 Configuring System Services....................................................................................................................................... 80
7.4.1 (Optional) Configuring the TFTP..............................................................................................................................80
7.4.2 (Optional) Configuring the FTP................................................................................................................................ 83
7.4.3 (Optional) Configuring the FTPS.............................................................................................................................. 85
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
v
eSight
Single-Node System Software Installation Guide
(Windows)
Contents
7.4.4 (Optional) Configuring the SFTP.............................................................................................................................. 88
7.5 Applying for and Loading an eSight License............................................................................................................... 90
7.6 Commissioning eSight's Functions...............................................................................................................................95
7.7 Performing Security Settings........................................................................................................................................96
8 Security Hardening..................................................................................................................... 98
8.1 Overview...................................................................................................................................................................... 99
8.2 Hardening the Windows Operating System................................................................................................................101
8.2.1 Installing SetWin..................................................................................................................................................... 101
8.2.2 Hardening the Windows Using the SetWin............................................................................................................. 106
8.2.3 Hardening the Windows Manually.......................................................................................................................... 110
8.3 Rolling Back Windows Using SetWin........................................................................................................................110
9 Uninstalling eSight System..................................................................................................... 113
9.1 Uninstalling the eSight................................................................................................................................................114
9.2 Uninstalling the SetWin.............................................................................................................................................. 114
10 Appendix................................................................................................................................... 117
10.1 Starting and Stopping the eSight Service................................................................................................................. 118
10.1.1 Starting the eSight Service.....................................................................................................................................118
10.1.2 Stopping the eSight Service...................................................................................................................................118
10.2 Setting the Client Web Browser................................................................................................................................118
10.2.1 Setting the Mozilla Firefox 27 Web Browser........................................................................................................ 118
10.2.2 Setting the Internet Explorer 9 Web Browser........................................................................................................120
11 FAQ............................................................................................................................................ 129
11.1 Huawei Server...........................................................................................................................................................130
11.1.1 How Do I Change the IP Address of the iMana Management Network Port on the Tecal RH2288 Server?....... 130
11.1.2 How Do I Change the IP Address of the iMana Management Network Port on the Tecal RH5885 Server?....... 132
11.1.3 How Do I Set the Running Environment of the iMana Management Software Client?....................................... 133
11.1.4 How Do I Remotely Log In to the Server Through the iMana Management Port?.............................................. 136
11.1.5 How Do I Change the Password of the root User of the iMana Management Software?.....................................138
11.2 Windows Operating System..................................................................................................................................... 142
11.2.1 How Do I Change the Password for the Administrator User administrator?........................................................ 142
11.2.2 How Can I Change the OpenSSH Service Password?...........................................................................................143
11.2.3 When the SetWin Installation Package Fails to Be Installed in the Windows Server English Operating System
Due to Chinese Characters in the Installation Package Path............................................................................................ 143
11.2.4 How to Reinstall SetWin After Deleting the SetWin Installation Directory?....................................................... 144
11.2.5 Failure to Log In to Windows Using Old Accounts and Passwords After Security Hardening............................ 144
11.2.6 How to Check and Analyze SetWin Logs?............................................................................................................144
11.2.7 What Do I Do When I Am Prompted to Log In to the Windows Server Operating System Using a Smart Card
After the Security Hardening?.......................................................................................................................................... 145
11.3 Installation................................................................................................................................................................ 147
11.3.1 What Can I Do When eSight Installation, Upgrade, or Startup Fails Due to FTP Startup?..................................147
11.3.2 Can eSight Be Installed When All Network Adapters Are Down or Not Configured with IP Addresses............ 149
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
vi
eSight
Single-Node System Software Installation Guide
(Windows)
Contents
11.3.3 How Do I Release Occupied eSight Ports............................................................................................................. 149
11.3.4 Can I Store the eSight Installation Directory and Installation Disk in the Same Directory.................................. 150
11.3.5 What Can I Do When eSight Installation Fails Due to System Tool Check Failure?........................................... 150
11.3.6 What Can I Do When eSight Startup Times Out?................................................................................................. 150
11.3.7 What Do I Do When the Remote Login Fails After Security Hardening on Windows Server 2008?.................. 150
11.3.8 What Do I Do When Opening a Page Takes a Long Time After the OfficeScan Antivirus Software Is Installed?
.......................................................................................................................................................................................... 152
11.4 Login.........................................................................................................................................................................154
11.4.1 What Do I Do If the eSight Client Fails to Be Opened in IPv6 Mode Using Mozilla Firefox?............................155
11.4.2 How to Rectify the Failure in Logging In to the eSight Server Using a Browser?............................................... 155
11.4.3 How Do I Address the eSight Login Failure Due to Firefox Browser Proxy Setting?..........................................155
11.4.4 What Do I Do If the eSight Displays a Security Certificate Error During Login?................................................157
11.4.5 What Do I Do If the eSight Displays a Security Warning Message During Login? ............................................ 165
11.4.6 What Do I Do When a Message Is Displayed Indicating the System Internal Error?...........................................170
11.4.7 What Do I Do If I Forget the Password When I Attempt to Log In to the eSight?............................................... 171
11.4.8 How Do I Cancel the Advance Warning of Password Expiration and Mandatory Password Change.................. 171
11.4.9 How Do I Solve the Service Session Failure That Occurs When I Log In to eSight?.......................................... 173
11.5 Others........................................................................................................................................................................174
11.5.1 eSight System Becomes Faulty After the Database User Password Is Changed Using a Database Tool............. 174
11.5.2 How Do I Prevent Problems Caused by eSight Server System Time Change?.....................................................176
A Glossary......................................................................................................................................177
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
vii
eSight
Single-Node System Software Installation Guide
(Windows)
1
1 Restrictions on Installation and Commissioning
Restrictions on Installation and
Commissioning
You must learn about the restrictions of the eSight during the eSight installation and
commissioning.
l
Only one eSight can be installed on a server.
l
The eSight software can be installed on the OS with either the simplified Chinese version
or English version.
l
A virtual machine (VMWare ESXI 5.0) supports the installation only of a single-server
eSight running on the Windows OS. The eSight using other solutions cannot be installed
on the virtual machine.
l
To prevent program conflict, it is recommended that other unnecessary software not be
installed on the eSight server.
l
If the server is installed with an operating system, you should format the local disk, and
then re-install operating system.
l
Enable required services, and disable unnecessary services.
l
Scan the installation program for viruses before installing software (including the
eSight). Ensure security, and then install software.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1
eSight
Single-Node System Software Installation Guide
(Windows)
2
2 Installation and Commissioning Process
Installation and Commissioning Process
This topic describes the processes for installing and commissioning the eSight single-server
system (Windows).
Figure 2-1 shows the installation commissioning process.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2
eSight
Single-Node System Software Installation Guide
(Windows)
2 Installation and Commissioning Process
Figure 2-1 Installation and commissioning flowchart for the eSight single-server system
(Windows)
Start
Prepare for the installation
Install the operating system
Install the eSight platform and
components
Install the antivirus software
Commission the eSight
Perform security hardening
End
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3
eSight
Single-Node System Software Installation Guide
(Windows)
3
3 Preparing for the Installation
Preparing for the Installation
About This Chapter
This topic describes how to prepare for eSight installation, including planning the installation
data, checking the environment, connecting the hardware, and obtaining required software
packages.
3.1 eSight Server Installation Plan
This topic describes how to plan installation information, such as the IP address, host name,
and password, to help correctly install eSight.
3.2 Obtaining eSight Server Installation Software
This topic describes the software required to be checked. Ensure that the required software is
on-hand and meets the installation requirements before installing the eSight server.
3.3 Obtaining Security Hardening Software
Before security hardening, obtain the SetWin tool installation package and hardening policy
package.
3.4 Preparing Installation Tools
Before installing eSight, prepare necessary tools.
3.5 Powering On a Server
This topic describes how to power on a server.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4
eSight
Single-Node System Software Installation Guide
(Windows)
3 Preparing for the Installation
3.1 eSight Server Installation Plan
This topic describes how to plan installation information, such as the IP address, host name,
and password, to help correctly install eSight.
Host Name Planning
Table 3-1 Host name list
Item
Example
Description
eSight server host
name
eSightServer
To ensure that the eSight can run
properly, host name planning must
comply with the following rules and
restrictions:
l Be unique on the live network.
l Contain letters (A to Z, or a to z),
digits (0 to 9), or hyphens (-) and
start with a letter.
l Be case-sensitive.
l Contain at least two characters.
l Contain no more than 24
characters.
Network Port Planning
Table 3-2 Network port list
Item
Example
Description
RH2288H V2
server
Extended network port: standby
Issue 01 (2016-04-30)
Mgmt 1 2 3 4
Network port 1:
provides external
services
Network port 2/3/4:
standby
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
l Network port 1: eSight
server's service
network port used to
connect managed
devices and the web
client.
l Network port 2/3/4
and extended network
port: standby service
network ports.
l Mgmt: Huawei
server's iMana
maintenance network
port
5
eSight
Single-Node System Software Installation Guide
(Windows)
Item
3 Preparing for the Installation
Example
Description
NOTE
RH5885H V3
server
Extended
network port:
standby
Mgmt
1 2 3 4
Network port 1:
provides external
services
Network port 2/3/
4: standby
l The network port
numbers shown in this
figure may be different
from those displayed in
the operating system.
After the server is
powered on, disconnect
network cables and
check the virtual
network ports whose
network connections are
lost to determine the
mapping between
physical network ports
on the server and
network ports displayed
in the operating system.
l The eSight management
server requires two
service network ports:
one used for basic
management and
stateless computing and
the other used for
configuration.
l If eSight needs to
manage devices in
several subnets,
multiple service
network ports are
required to connect
eSight to these subnets.
After the eSight
installation is complete,
enable the function for
managing devices in
several subnets.
IP Address Planning
Table 3-3 IP address list
Item
System
IP
address
Network
port 1
Example
Description
l IP address:
10.137.63.1
l The static IP address must be used.
l eSight supports IPv4, IPv6, and IP
dual-stack. Choose an IP address
type based on your site
requirements.
l The IP address must be unique on
the live network.
l Subnet mask:
255.255.255.0
l Default gateway:
10.137.63.254
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6
eSight
Single-Node System Software Installation Guide
(Windows)
Item
Network
port 2/3/4
and
extended
network
port
Example
Description
-
l You can plan only one IP address
for one network interface. It is not
allowed to plan or set multiple IP
addresses for the same network
interface.
l If the eSight server has multiple IP
addresses in several network
segments, use the IP address that
resides in the same network
segment as the managed device's IP
address or enable the function for
managing devices in several
subnets. If neither of the two
conditions is met, eSight cannot
manage devices with IP addresses
in different network segments from
its own.
l The eSight server can communicate
with managed devices.
l The eSight server can communicate
with Web clients.
l The iMana IP address and system
IP address can be located either on
the same network segment or on
different network segments.
l IP address:
10.137.63.20
iMana IP address
3 Preparing for the Installation
l Subnet mask:
255.255.255.0
l Default gateway:
10.137.63.254
Disk Partition Planning
Table 3-4 Server disk partition list
Issue 01 (2016-04-30)
Partition
Size
File Format
Description
Drive C
30 GB or above. 100 GB is
recommended.
NTFS
Used to install the
operating system.
Drive D
Total remaining space. The
disk capacity depends on
the management scale. For
details, see eSight Product
Description.
NTFS
Used to install eSight.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7
eSight
Single-Node System Software Installation Guide
(Windows)
3 Preparing for the Installation
Installation Path Planning
Table 3-5 Installation path list
Item
Example
Description
eSight installation
path
D:\eSight
l The eSight software cannot be
installed in the root directory.
l It is recommended that the eSight
software be not installed in the
system partition, that is, drive C.
l The eSight installation directory
and its absolute path must contain
only letters, digits, or underscores.
The absolute path must begin with
digits or underscores and cannot
contain more than 50 characters.
SQL Server
installation path
C:\Program Files
\Microsoft SQL Server
-
C:\Program Files
(x86)\Microsoft SQL
Server
SQL Server data file
storage path
D:\data
l The size of data files increments
during eSight operation, so it is
recommended that data files be not
saved to the system partition, that
is, drive C.
l Data files must not be stored in the
eSight installation path.
User Name and Password Planning
NOTICE
You must remember eSight user passwords. If you forget them, you may have to reinstall
eSight.
Table 3-6 User and password list
Issue 01 (2016-04-30)
Item
Default Password
Description
RH2288H V2/
RH5885H V3 server
BIOS administrator
Huawei12#$
BIOS administrator.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8
eSight
Single-Node System Software Installation Guide
(Windows)
Issue 01 (2016-04-30)
3 Preparing for the Installation
Item
Default Password
Description
Huawei server iMana
user root
Huawei12#$
iMana administrator, used to remotely
maintain servers.
Windows
administrator user
administrator
The password is
configured during
Windows installation.
administrator is a default Windows OS
user. It has the highest operation rights of
the OS. The administrator user can
control all OS resources, create users,
assign rights to the users, and use all the
functions provided by the OS. In
addition, the administrator user can
install or uninstall the eSight server
application, and start or stop eSight
services.
Windows network
management user
ossuser
Changeme_123
The ossuser account, automatically
created by the eSight, performs routine
operation and maintenance (O&M) for
the eSight server. In the distributed
deployment scenario, the ossuser user is
an administrator account used to monitor
and maintain distributed servers. It can be
also used to back up and restore data on
the slave node through the maintenance
tool.
MySQL database
administrator user
root
The password is
configured during
eSight installation.
The root user is a default user provided
by the MySQL. It is the system
administrator of the MySQL and has all
rights of the database. The root user can
control all database resources, create
other users, assign rights to other users,
and perform all operations provided by
the MySQL. During the eSight
installation, the root user is used to create
NMS database and NMS database users.
MySQL database
network management
user commonuser
The password is
configured during
eSight installation.
The commonuser user is a database user
of the NMS.
eSight administrator
user admin
Changeme123
The admin user is the administrator
provided by the eSight. The admin user
has the management rights of all devices
and operation rights of all eSight clients.
Maintenance tool
user sys
Changeme123
The sys user is the unique user of the
maintenance tool. The sys user can
manage the eSight server and perform all
operations on the maintenance tool.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9
eSight
Single-Node System Software Installation Guide
(Windows)
3 Preparing for the Installation
Item
Default Password
Description
OfficeScan
administrator user
root
The password is
configured during
OfficeScan
installation.
The root user is the administrator user of
the OfficeScan.
NOTE
Each user must have a unique password.
The password setting must comply with the following rules:
l The password cannot contain the user name in normal or reverse order.
l The password ranges from 8 to 32 characters.
l No character can exceed 3 occurrences in the password.
l The password must contain at least one uppercase letter (A to Z), lowercase letter (a to z) and digit
(0 to 9).
Time Zone and Time Planning
Table 3-7 Time zone and time list
Item
Example
Description
Time zone
UTC+08:00
-
Time
14:00
-
Port Planning
Refer to the eSight Communication Matrix to know the port numbers used by eSight.
NOTICE
If unrelated software is installed on the eSight server, port conflicts may occur, preventing the
normal eSight operation.
3.2 Obtaining eSight Server Installation Software
This topic describes the software required to be checked. Ensure that the required software is
on-hand and meets the installation requirements before installing the eSight server.
Except for special remarks, all software mentioned in this topic can be downloaded from
Huawei Support-E website. The detailed download procedure is as follows:
1.
Issue 01 (2016-04-30)
Access http://support.huawei.com/enterprise.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10
eSight
Single-Node System Software Installation Guide
(Windows)
3 Preparing for the Installation
2.
Choose SupportDownloadsVertical Industries SolutionseSight SolutioneSight.
3.
Select a product version and download the required software.
4.
After the software is downloaded, use the digital certificate and verification tool
available on Huawei Support-E website to verify the digital signature.
–
On the software download page, click
next to the software name to download
the digital signature file. For the software that is available only to authorized users,
ensure that you have been assigned the permission on the software and then
download the digital signature file.
–
You can obtain the digital certificate, verification tool, and user guide at:
http://support.huawei.com/enterprise/toolsinfo?
lang=en&idAbsPath=0602_ROOT|
8221819&pid=8221819&show=showVDetail&toolId=TL1000000054
NOTE
l The product key of the Windows operating system is pasted on the CD-ROM package or device body.
Keep it safe.
l VxxxRxxxCxx indicates the eSight software version.
eSight
Table 3-8 eSight installation package list
Scenario
Package Name
Description
Using the
software package
to install eSight
eSight_VxxxRxxxCxx_
Win.zip
Mandatory. Used to install the eSight
platform and the service components.
NOTE
Excluding eSight Storage Reporter, eSight
LogCenter Log Manager, eSight Facilities
Infrastructure Manager, eSight Application
Manager, and eSight Server Deployment
Manager extension package.
Operating System
Table 3-9 Operating system installation package list
Issue 01 (2016-04-30)
Scenario
Package Name
Description
Using the
standard
installation CDROM to install
the Windows
Server 2008
operating system
Windows Server 2008
R2 Standard Edition
(64-bit) standard
installation CD-ROM
Optional. Required when the standard
installation CD-ROM is used to install the
Windows Server 2008 R2 operating system.
Windows Server 2008
R2 Standard Edition
patches
(Windows_2008_R2_P
atch.zip)
NOTE
l Windows Server 2008 R2 installation CDROM is provided only upon delivery and
cannot be downloaded as an ISO file.
l Only Huawei's engineers are allowed to
download the operating system patch
installation software package.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11
eSight
Single-Node System Software Installation Guide
(Windows)
Scenario
3 Preparing for the Installation
Package Name
Description
Driver: Huawei server's
Service CD CD-ROM
Optional. Required when the standard
installation CD-ROM is used to install the
Windows Server 2008 R2 operating system
on the Huawei RH2288H V3 or RH5885H
V3 server.
NOTE
The Service CD's ISO file (FusionServer ToolsServiceCD2.0-V102.iso) can be downloaded
from Huawei Support-E website.
1. Access http://support.huawei.com/
enterprise.
2. Choose Support > Downloads > IT >
Server > TaiShan > FusionServer Tools >
V2R2C00RC1.
3. Download FusionServer ToolsServiceCD2.0-V111.zip.
3.3 Obtaining Security Hardening Software
Before security hardening, obtain the SetWin tool installation package and hardening policy
package.
The security hardening software is provided in the CD-ROM that is delivered with the
product. You can also download it from http://enterprise.huawei.com. The method is as
follows:
1.
Access http://support.huawei.com/enterprise.
2.
Choose SupportDownloadsVertical Industries SolutionseSight SolutioneSight.
3.
Select a product version and download the required software.
4.
After the software is downloaded, use the digital certificate and verification tool
available on Huawei Support-E website to verify the digital signature.
–
next to the software name to download
On the software download page, click
the digital signature file. For the software that is available only to authorized users,
ensure that you have been assigned the permission on the software and then
download the digital signature file.
–
You can obtain the digital certificate, verification tool, and user guide at:
http://support.huawei.com/enterprise/toolsinfo?
lang=en&idAbsPath=0602_ROOT|
8221819&pid=8221819&show=showVDetail&toolId=TL1000000054
NOTE
VxxxRxxxCxx indicates the eSight software version.
Only Huawei's engineers are allowed to download the security hardening software.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12
eSight
Single-Node System Software Installation Guide
(Windows)
3 Preparing for the Installation
Table 3-10 Security hardening software list
Scenario
Package Name
Description
Performing
security
hardening
ReinforcementTools_Fo
r_Windows_2008_R2.zi
p
Optional. Used to harden the security of
the Windows Server 2008 operating system.
The software package contains the
following files:
l SetWin installation package VPP SEK
SetWin.exe.
l Security hardening policy package
eSight_Win2008R2_SetWin.zip.
l List of the security harden items.
3.4 Preparing Installation Tools
Before installing eSight, prepare necessary tools.
Table 3-11 Tool list
Tool
Usage
Description
JRE
On the PC or laptop,
JRE is used to access
the remote control
desktop through IE.
Run the java -version command in the CLI
to view the JRE version. If a JRE has not
been installed, running the command fails.
For Huawei RH2288
and RH5885 servers,
JRE 1.6.0 U25 or 1.7.0
U40 is required.
Decompress
software
Used to decompress
packages.
NOTE
If the JRE does not meet requirements, download
it from http://www.oracle.com/technetwork/
java/javase/downloads/index.html.
-
3.5 Powering On a Server
This topic describes how to power on a server.
Procedure
Step 1 Ensure that the power cables and ground cables are securely connected with correct polarity
and good contact.
Step 2 Ensure that the input power supply for the AC PDB is off. Use a multimeter to test the
resistance between the power outputs of the AC PDB and between the BGND and PGND. It
is required that short circuit not occur between power outputs or between the BGND and
PGND.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13
eSight
Single-Node System Software Installation Guide
(Windows)
3 Preparing for the Installation
Step 3 Switch on the power of a rack.
Step 4 Switch on the circuit breakers of PDBs for the rack. The power supply for equipment in the
rack is available.
Step 5 Press the power button on the chassis of the server to power on the server.
Figure 3-1 shows the power button of the Tecal RH2288H V2 server.
Figure 3-1 Tecal RH2288H V2 power button
Figure 3-2 shows the power button of the Tecal RH5885H V3 server.
Figure 3-2 Tecal RH5885H V3 power button
----End
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
14
eSight
Single-Node System Software Installation Guide
(Windows)
4
4 Installing the Operating System
Installing the Operating System
About This Chapter
This topic describes how to install the Windows Server 2008 R2 operating system.
4.1 Configuring the RAID
If a server supports the redundant array of independent disks (RAID) function, configure the
RAID for the server to improve system reliability. This topic describes how to configure
RAID for Huawei RH2288 and RH5885 servers. If you use self-purchased servers, configure
the RAID by referring to the server product manuals or seek assistance from the server
vendors.
4.2 Installing the Windows Server 2008 R2
This topic describes how to locally install the Windows Server 2008 R2 operating system by
using the standard installation CD-ROM on the Huawei RH2288H V3 and RH5885H V3
server.
4.3 Creating a Partition
When you use the ServiceCD to install the Windows operating system, the installer creates
only the system disk (disk C). You need to create another partition (disk D) for the remaining
disk space.
4.4 Turning off the Operating System Firewall
When the operating system is installed, the firewall is turned on by default. To use eSight
functions properly, you must turn off the operating system firewall.
4.5 Configuring the Network
After the operating system is installed, you must configure the network to connect the eSight
server to the network.
4.6 Installing the Operating System Patches
You can install the operating system patches on the eSight server to improve operating system
security.
4.7 Setting the Virtual Memory
If the default system settings are used, the virtual memory paging file may be too large. To
address this problem, set the virtual memory.
4.8 Activating Windows
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
15
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
To ensure the normal operation of the eSight system, activate the Windows operating system
within 30 days.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
16
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
4.1 Configuring the RAID
If a server supports the redundant array of independent disks (RAID) function, configure the
RAID for the server to improve system reliability. This topic describes how to configure
RAID for Huawei RH2288 and RH5885 servers. If you use self-purchased servers, configure
the RAID by referring to the server product manuals or seek assistance from the server
vendors.
Context
NOTICE
l The RAID configuration must be performed before the operating system installation.
l Hard disks in a RAID group must be of the same type: Serial Advanced Technology
Attachment (SATA) or serial attached SCSI (SAS).
You are advised to select an appropriate RAID type in terms of the hard disk quantity as well
as system reliability and perform requirements. Table 4-1 shows the RAID levels based on
the number of hard disks on the server.
Table 4-1 RAID 1 and RAID 5
Hard Disks
Recommended RAID Level
2
RAID 1
3
RAID 5
8
RAID 5 + HotSpare
Procedure
Step 1 Start the server. When Press <Ctrl><H> for WebBIOS or press <Ctrl><Y> for Preboot
CLI is displayed, press Ctrl+H.
Step 2 Click Start.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
17
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
NOTE
If multiple SAS adapters exist, select one based on the site requirements.
The WebBIOS Configuration Utility window is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
18
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
NOTE
l In the Logical View area, the green information indicates the information about the disks that have been
added to the RAID group and the blue information indicates the information about the disks that have not
been added to the RAID group.
l Slot:0, Slot:1, ..., Slot:n indicate the SNs of the disks.
Step 3 Optional: Delete the existing RAID configuration.
l
If the RAID has been created on the system, determine whether to delete the current
RAID configuration and reconfigure the RAID.
l
If no RAID group has been set, go to Step 4.
NOTICE
Deleting the existing RAID will delete all data in the disk where the RAID has been
configured.
1.
In the navigation tree of the MegaRAID BIOS Config Utility Physical Configuration
dialog box, click Configuration Wizard.
2.
In the MegaRAID BIOS Config Utility Configuration Wizard dialog box, select
Clear Configuration, and click Next.
3.
In the MegaRAID BIOS Config Utility Confirm Page dialog box, click Yes.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
19
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 4 Configure the RAID.
1.
In the navigation tree of the MegaRAID BIOS Config Utility Physical Configuration
dialog box, click Configuration Wizard.
2.
In the MegaRAID BIOS Config Utility Configuration Wizard dialog box, select New
Configuration, and then click Next.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
20
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
3.
In the MegaRAID BIOS Config Utility Confirm Page dialog box, click Yes.
4.
In the MegaRAID BIOS Config Utility Configuration Wizard dialog box, select
Manual Configuration and click Next.
Step 5 In the MegaRAID BIOS Config Utility Configuration Wizard -Drive Group Definition
dialog box, add the disks from Drives to Drive Groups as follows:
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
21
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
l
Configure RAID1 for 2 disks: Add Solt:0 and Solt:1 disks to Drive Group0.
l
Configure RAID5 for 3 disks: Add Solt:0, Solt:1, and Solt:2 disks to Drive Group0.
l
Configure RAID5 + HotSpare for 8 disks: Add Solt:0 to Solt:6 disks to Drive Group0.
Disk Slot:7 is reserved.
NOTE
Disk Slot:7 is used as the Global Hot Spare. If you do not need the Global Hot Spare, you can add all
eight disks to Drive Group0.
1.
In the Drives area, select a hard disk and click Add to Array to add the hard disk to a
hard disk array.
NOTE
Select two or more hard disks by holding down Ctrl.
2.
Click Accept DG.
After you click Accept DG, this button disappears from the interface.
If you do not select Accept DG, the operation cannot continue. The server asks you to
create at least one disk group.
Step 6 Configure the RAID for the disk group.
1.
Issue 01 (2016-04-30)
Click Next. The Mega RAID BIOS Config Utility Configuration Wizard- Span
Definition interface is displayed.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
22
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
2.
In the Array With Free Space area, select Drive Group0 and click Add to SPAN to
add the disk group for which you need to add a virtual drive. Click Next.
3.
On the MegaRAID BIOS Config Utility Configuration Wizard - Virtual Drive
Definition interface, set RAID Level and click Update Size.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
23
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
NOTE
Retain the default values for other parameters if there are no special requirements. For details
about the parameters, see Table 4-2.
Table 4-2 RAID parameters
Parameter
Description
Setting
RAID Level
Supported RAID levels.
Select an RAID level from
the drop-down list box.
Strip Size
Size of the data strip on each disk.
The default value is 256 KB.
The default value is
recommended.
Access Policy
Data access policy.
The default value is
recommended.
RW: read and write (default value).
Read Only: Read only.
Blocked: Access is blocked.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
24
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Parameter
Description
Setting
Read Policy
Read policy of the data on a virtual
disk.
The default value is
recommended.
Normal: Read-ahead is disabled.
Ahead: The controller can read
sequential data ahead or anticipates
the data to be used and stores the
data in the cache. This function
improves the speed for accessing
sequential data but does not have
significant effect on random data.
Adaptive: In the adaptive readahead mode, the controller initiates
read-ahead only if the two most
recent read requests accessed
sequential sectors of the disk. If
subsequent read requests access
random sectors of the disk, the
controller reverts to normal (noread-ahead) mode.
Write Policy
Write policy of the data on a virtual
disk.
The default value is
recommended.
Always Write Back: In this mode,
the controller sends a data transfer
completion signal to the host after
the controller cache receives all
data.
Write Through: In this mode, the
controller sends a data transfer
completion signal to the host after
the disk subsystem receives all data.
Write Back with BBU: If the
controller does not have a battery
backup unit (BBU) or if the BBU is
damaged, the controller
automatically switches to the Write
Through mode.
IO Policy
The I/O policy applies to data
reading of special virtual disks and
does not cache read-ahead.
The default value is
recommended.
Direct: Reads are not buffered in
the cache memory. This is the
default value.
Cached: All reads are buffered in
the cache memory.
Drive Cache
Issue 01 (2016-04-30)
Special disk cache policy.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
The default value is
recommended.
25
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Parameter
Description
Setting
Disable BGI
Special background initialization
state.
The default value is
recommended.
No: Background initialization is
enabled. In this mode, the
background automatically initializes
a new configuration for the Web
BIOS to configure other
configuration tasks. This is the
default value.
Yes: The controller cannot use the
background initialization function.
Select Size
Specify the size of a virtual disk. If
you need to multiple virtual disks in
a disk group, the specified size must
be less than the total size.
Click Update Size to enter a
value in the text box.
NOTE
The Update Size button
applies to the following
scenarios:
–
Only a virtual disk is
created in the disk group.
–
A disk group has multiple
virtual disks and the
virtual disk to be created is
the last one.
4.
Click Accept.
5.
In the MegaRAID BIOS Config Utility Confirm Page dialog box, confirm that Write
Policy is set to Write Back with BBU and click Yes
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
26
eSight
Single-Node System Software Installation Guide
(Windows)
6.
Click Next.
7.
Click Accept.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 Installing the Operating System
27
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
8.
In the MegaRAID BIOS Config Utility Confirm Page dialog box, click yes to save the
current settings.
9.
In the MegaRAID BIOS Config Utility Manage SSD Caching dialog box, click
Cancel.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
28
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
10. In the MegaRAID BIOS Config Utility Confirm Page dialog box, click Yes to
initialize the new RAID group.
NOTICE
If the initialization is performed, all data in the new RAID group will be deleted.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
29
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
11. Select select Set Boot Drive(current=NONE). Click GO.
NOTE
If you do not need to install the operating system for the configured RAID, skip this step.
12. Click Home or Back to return to the main interface.
Step 7 Optional: Set the eighth disk to the global hot backup disk.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
30
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
1.
Select Logical View and click the eighth disk (blue characters in the figure) in the right
pane.
2.
Select Make Global HSP and click Go.
3.
Click Back.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
31
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 8 Click Exit.
Step 9 In the Exit Confirmation dialog box, click Yes to exit the application system configuration
interface.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
32
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 10 In the Reset Page dialog box, press Ctrl+Alt+Del to restart the server.
----End
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
33
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
4.2 Installing the Windows Server 2008 R2
This topic describes how to locally install the Windows Server 2008 R2 operating system by
using the standard installation CD-ROM on the Huawei RH2288H V3 and RH5885H V3
server.
Prerequisites
l
The installation software has been prepared.
–
Service CD
NOTE
You can use the Service CD to install the operating system. The Service CD functions as a drive.
You do not need to install a drive after you use the Service CD to install the operating system.
–
Installation CD-ROM for the Windows Server 2008 R2 Standard
–
Patch installation package for the Windows Server 2008 R2 Standard
l
The RAID has been configured for the server as planned. For details, see 4.1
Configuring the RAID.
l
If the server does not have a built-in drive, prepare an external USB drive.
Procedure
Step 1 Insert the Service CD into the CD-ROM drive and restart the server.
Step 2 The Service CD introduces the Service CD screen. Press the up or down arrow key to select
FusionServer Tools-ServcieCD2.0 and press Enter.
NOTE
If no operation is performed for a long period of time, the server automatically starts from the hard disk.
Step 3 Click Start.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
34
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 4 Click Install OS.
Step 5 Click Next.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
35
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 6 Select Windows Server 2008 R2 ServerStandard and click Next.
Step 7 Set the system disk size to a planned value, and click Next.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
36
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 8 In the dialog box that is displayed, click OK.
Step 9 Set the administrator password and server computer name, and enter the Windows product
key. Click Next.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
37
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
NOTE
The Windows product key (SN) is labeled on the CD-ROM packing box or server.
Step 10 Set the operating system language and time zone, and click Next.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
38
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 11 Confirm installation information and click Next.
Step 12 Replace the Service CD with the Windows Server 2008 R2 installation CD-ROM when the
following screen is displayed. Click Next.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
39
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 13 The system starts to copy and install operating system files.
The entire process takes about 30 minutes. During the process, the system restarts several
times. When the installation is complete, the login window is displayed.
NOTICE
If a command-line interface (CLI) is displayed during the process, do not close it. Otherwise,
the installation may fail.
Step 14 Verify the installation.
1.
Log in to the eSight server as the user Administrator.
2.
Right-click Computer and choose Properties.
3.
In the System window, verity that the operating system version is Windows Server
2008 R2 Standard.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
40
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
----End
4.3 Creating a Partition
When you use the ServiceCD to install the Windows operating system, the installer creates
only the system disk (disk C). You need to create another partition (disk D) for the remaining
disk space.
Procedure
Step 1 Choose Start > All Programs > Administrative Tools > Computer Management.
Step 2 In the navigation tree on the left pane, choose Storage > Disk Management.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
41
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 3 Change the drive letter D: of the DVD driver to another value, for example, E:.
1.
Right-click drive letter D: of the DVD driver and choose Change Drive Letter and
Paths from the shortcut menu.
2.
In the dialog box that is displayed, click Change.
3.
Set the new drive letter to E and click OK.
4.
In the dialog box that is displayed, click Yes.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
42
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 4 Assign the remaining disk space to disk D:.
1.
Right-click the remaining disk space and choose New Simple Volume from the shortcut
menu.
2.
Click Next.
3.
Click Next.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
43
eSight
Single-Node System Software Installation Guide
(Windows)
4.
Click Next.
5.
Click Next.
4 Installing the Operating System
NOTICE
Ensure that the value of File system must be NTFS.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
44
eSight
Single-Node System Software Installation Guide
(Windows)
6.
4 Installing the Operating System
Click Finish.
The following figure shows the created partition:
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
45
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
----End
4.4 Turning off the Operating System Firewall
When the operating system is installed, the firewall is turned on by default. To use eSight
functions properly, you must turn off the operating system firewall.
Procedure
Step 1 Choose Start > Control Panel.
Step 2 In Control Panel, choose System and Security > Check firewall status.
The Windows Firewall window is displayed.
Step 3 Click Turn Windows Firewall on or off.
The Customize Settings window is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
46
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 4 Select Turn off Windows Firewall and click OK.
----End
4.5 Configuring the Network
After the operating system is installed, you must configure the network to connect the eSight
server to the network.
Procedure
Step 1 Choose Start > Control Panel.
The Control Panel window is displayed.
Step 2 Click Network and Sharing Center.
The Network and Sharing Center window is displayed.
Step 3 Click Change adapter settings.
The Network Connections window is displayed.
Step 4 Double-click a network connection whose IP address you want to set, for example, Local
Area Connection.
The Local Area Connection Status dialog box is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
47
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 5 Click Properties.
The Local Area Connection Properties dialog box is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
48
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 6 Set the IP address.
l
Setting an IPv4 address
a.
Choose Internet Protocol Version 4 (TCP/IPv4) and click Properties.
The Internet Protocol Version 4 (TCP/IPv4) Properties dialog box is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
49
eSight
Single-Node System Software Installation Guide
(Windows)
l
4 Installing the Operating System
b.
Click Use the following IP address. Set IP address, Subnet mask, Default
gateway, and DNS server addresses.
c.
Click OK.
Setting an IPv6 address
a.
Choose Internet Protocol Version 6 (TCP/IPv6) and click Properties.
The Internet Protocol Version 6 (TCP/IPv6) Properties dialog box is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
50
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
b.
Click Use the following IPv6 address. Set IPv6 address, Subnet prefix length,
Default gateway, and DNS server addresses.
c.
Click OK.
Step 7 Click OK to exit the Local Area Connection Properties dialog box.
Step 8 Verify the configuration.
1.
Log in to another computer that is connected to the network where the eSight server
resides.
2.
Choose Start > Run.
The Run dialog box is displayed.
3.
Enter cmd and click OK.
The command-line interface is displayed.
4.
Enter ping eSight server IP address (example: ping 10.137.63.1) and press Enter.
If information similar to the following is displayed, the network is configured
successfully:
Pinging 10.137.63.1 with 32 bytes of data:
Reply from 10.137.63.1: bytes=32 time=16ms TTL=252
Reply from 10.137.63.1: bytes=32 time<1ms TTL=252
Reply from 10.137.63.1: bytes=32 time<1ms TTL=252
Reply from 10.137.63.1: bytes=32 time<1ms TTL=252
Ping statistics for 10.137.63.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss);
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 16ms, Average = 4ms
5.
Enter exit.
----End
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
51
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
4.6 Installing the Operating System Patches
You can install the operating system patches on the eSight server to improve operating system
security.
Context
Windows Server 2008 R2 patch file Windows_2008_R2_Patch.zip include:
l
Windows Server 2008 R2 SP1: windows6.1-KB976932-x64.exe
l
Patch later than SP1: Hotfix_WIN2008R2x64SP1.exe
NOTE
Some patches are dedicated for some special services. If these special services are not installed on the
eSight server, the corresponding patches will not be installed, which has no impact on the operating
system.
For details about Windows Server 2008 R2 patches, refer to the description in corresponding patch
packages.
Procedure
Step 1 Copy patch file Windows_2008_R2_Patch.zip to the eSight server and decompress the patch
file.
Step 2 Right-click Computer and choose Properties. In the System window that is displayed, check
the operating system patch version.
l
If the patch version is Windows Server 2008 R2 SP1, go to Step 4.
l
If the patch version is not Windows Server 2008 R2 SP1, go to Step 3.
Step 3 Install the Windows Server 2008 R2 SP1 patch.
1.
Double-click windows6.1-KB976932-x64.exe, install the patch as prompted, and restart
the operating system when the installation is complete.
2.
Right-click Computer and choose Properties. In the System window that is displayed,
verify that the patch version is Windows Server 2008 R2 SP1.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
52
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 4 Install the patch later than SP1.
1.
Double-click Hotfix_WIN2008R2x64SP1.exe.
The system starts to install the patch and displays the installation progress in the CLI that
is displayed.
NOTE
The entire process takes about 5 hours.
–
If the message Success: Return code is 0(0x00000000). is
displayed, the patch is installed successfully.
–
If the message Information: Return code is
-2145124329(0x80240017). Operation was not performed
because there are no applicable updates. is displayed, the patch
is not applicable for the system and there is no need to install it.
–
If the message Information: Return code is
2359302(0x00240006). The update to be installed is
already installed on the system. is displayed, the patch has been
installed.
It is going to install: Windows6.1-KB2264107-v2-x64.msu ...
Success: Return code is 0(0x00000000).
It is going to install: Windows6.1-KB2482017-x64.msu ...
Success: Return code is 0(0x00000000).
...
2.
When the patch is installed, restart the operating system to make the patch take effect.
Step 5 Verify the installation.
1.
Choose Start > Control Panel.
2.
In Control Panel, choose Programs > View installed updates.
Check installed patches.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
53
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 6 Delete the patch installation package and temporary files from the server after the patch is
installed.
----End
4.7 Setting the Virtual Memory
If the default system settings are used, the virtual memory paging file may be too large. To
address this problem, set the virtual memory.
Procedure
Step 1 Right-click Computer and choose Properties.
Step 2 In the System window, click Advanced system settings.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
54
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 3 In the System Properties dialog box, click the Advanced tab and click Settings in the
Performance area.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
55
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 4 In the Performance Options dialog box, click the Advanced tab and click Change in the
Virtual memory area.
Step 5 Set the virtual memory of the system drive (C:).
1.
In the Virtual Memory dialog box, clear Automatically manage paging file size for all
drives.
2.
Select C: from the drive list.
3.
Click Custom size and set Initial size and Maximum size based on the following rules:
NOTICE
The paging file size does not exceed the remaining space in drive C and a certain space
must be reserved.
–
Issue 01 (2016-04-30)
If the server memory size is less than or equal to 32 GB, set Initial size to the
physical memory size and Maximum size to a value that is 1.5 times as big as the
memory size.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
56
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
NOTE
To check the physical memory size, run the following command in the command-line interface:
systeminfo | find "Total Physical Memory"
Total Physical Memory:
–
4.
32,740 MB
If the server memory size is greater than 32 GB, set Initial size and Maximum size
to the physical memory size.
Click Set.
Step 6 Set the virtual memory of the eSight installation drive (D:).
1.
Select D: from the drive list.
2.
Select No paging file and click Set.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
57
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 7 If another drive is available, select No paging file for the drive by referring to Step 6.
Step 8 Click OK.
Step 9 In the System Properties dialog box that is displayed, click OK.
Step 10 Restart the eSight server.
----End
4.8 Activating Windows
To ensure the normal operation of the eSight system, activate the Windows operating system
within 30 days.
Prerequisites
You have obtained the product key of Windows Server 2008 R2 Standard.
NOTE
You can obtain the product key on the Windows package box or server.
Context
You can activate Windows by:
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
58
eSight
Single-Node System Software Installation Guide
(Windows)
l
Internet
l
Telephone
4 Installing the Operating System
Procedure
Step 1 Log in to the Windows operating system as the Administrator user.
Step 2 Right-click Computer and choose Properties.
The System window is displayed.
Step 3 Click Activate Windows now.
The Windows Activation dialog box is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
59
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
Step 4 Select an activation mode.
l
To activate Windows by the Internet, select Activate Windows online now.
l
To activate Windows by telephone, select See other ways to activate.
Step 5 Enter the product key, click Next, and activate Windows as prompted.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
60
eSight
Single-Node System Software Installation Guide
(Windows)
4 Installing the Operating System
----End
Verification
1.
Right-click Computer and choose Properties.
2.
In the System window, check the Windows activation.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
61
eSight
Single-Node System Software Installation Guide
(Windows)
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 Installing the Operating System
62
eSight
Single-Node System Software Installation Guide
(Windows)
5
5 Installing the eSight Software
Installing the eSight Software
About This Chapter
This topic describes how to install the eSight platform and components.
5.1 Installing the eSight Platform and Components
This topic describes how to install the eSight platform and components on the Windows
operating system.
5.2 Verifying the Installation
After the eSight is installed, verify the installation.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
63
eSight
Single-Node System Software Installation Guide
(Windows)
5 Installing the eSight Software
5.1 Installing the eSight Platform and Components
This topic describes how to install the eSight platform and components on the Windows
operating system.
Prerequisites
l
Installation software has been obtained. For details, see 3.2 Obtaining eSight Server
Installation Software.
l
The virtual memory of the Windows has been set. For details, see 4.7 Setting the
Virtual Memory.
l
The firewall has been disabled. For details, see 4.4 Turning off the Operating System
Firewall.
l
The network adapter is enabled.
l
The eSight server has assigned a static IP address.
l
The MySQL database will be installed along with the eSight software. Therefore, you do
not need to install the MySQL database. The system will install a new MySQL database
in the eSight installation directory, which does not affect the existing MySQL database.
l
When the installation is complete, the system adds the OpenSSH service to the server by
default. The default user name is ossuser and it cannot be changed. The default password
is Changeme_123. To change the password, see 11.2.2 How Can I Change the
OpenSSH Service Password?.
l
For the Windows system, when the eSight is installed, the eSight service starts with the
operating system.
Context
Procedure
Step 1 Log in to the eSight server as the Administrator user.
Step 2 Upload the installation package to a folder, for example D:\install, on the eSight server, and
decompress the installation package.
NOTICE
l The eSight installation files must be stored on the local computer.
l The installation directory and its absolute path must contain only letters, digits, or
underscores. The absolute path must begin with digits or underscores and cannot contain
more than 50 characters; otherwise, the installation may fail.
Step 3 Double-click the setup.bat.
The Select Language dialog box is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
64
eSight
Single-Node System Software Installation Guide
(Windows)
5 Installing the eSight Software
Step 4 Select English and click OK.
The Introduction dialog box is displayed.
NOTE
l The system automatically checks whether the current environment meets requirements for installing
eSight software. If the current environment does not meet the requirements, the associated message
is displayed.
l If the system indicates that the FTP service is started, see 11.3.1 What Can I Do When eSight
Installation, Upgrade, or Startup Fails Due to FTP Startup? to stop the FTP service.
Step 5 Click Next.
The Copyright Notice dialog box is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
65
eSight
Single-Node System Software Installation Guide
(Windows)
5 Installing the eSight Software
Step 6 Read the software agreement, select I agree, and click Next.
The Set Installation Parameters dialog box is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
66
eSight
Single-Node System Software Installation Guide
(Windows)
5 Installing the eSight Software
Table 5-1 Installation parameter description
Parameter
Description
How to Set
IP Address Type
IP address type of the eSight
server.
eSight supports IPv4, IPv6, and IP
dual-stack. Choose an IP address
type based on the site
requirements.
Server IPv4
Address
IPv4 address of the eSight server.
The installation software
automatically obtains the IPv4
address of the eSight server. If
only one IPv4 address exists, you
do not need to perform any
operation. If multiple IPv4
addresses exist, select an IPv4
address from the drop-down list
box.
You must set this parameter when
IP Address Type is set to IPv4 or
IP Dual-stack.
NOTICE
If the eSight server has multiple IP
addresses in several network
segments, use the IP address that
resides in the same network segment
as the managed device's IP address or
enable the function for managing
devices in several subnets. If neither
of the two conditions is met, eSight
cannot manage devices with IP
addresses in different network
segments from its own.
Server IPv6
Address
IPv6 address of the eSight server.
You must set this parameter when
IP Address Type is set to IPv6 or
IP Dual-stack.
The installation software
automatically obtains the IPv6
address of the eSight server. If
only one IPv6 address exists, you
do not need to perform any
operation. If multiple IPv6
addresses exist, select an IPv6
address from the drop-down list
box.
NOTICE
If the eSight server has multiple IP
addresses in several network
segments, use the IP address that
resides in the same network segment
as the managed device's IP address or
enable the function for managing
devices in several subnets. If neither
of the two conditions is met, eSight
cannot manage devices with IP
addresses in different network
segments from its own.
Server Port
Issue 01 (2016-04-30)
Port number of the eSight server.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
The default port is 8080. If the
port is already used, use an
available port based on the site
requirements.
67
eSight
Single-Node System Software Installation Guide
(Windows)
5 Installing the eSight Software
Parameter
Description
How to Set
Installation
Directory
eSight installation directory.
eSight is installed in D:\eSight by
default. You can change the
directory based on the site
requirements.
NOTICE
l The eSight software cannot be
installed in the root directory.
l To ensure successful eSight
server installation, verify that the
eSight server installation
directory is empty before the
installation.
Encryption
Algorithm
The security certificate is a digital
certificate that is used to create a
secure channel between the client
browser and web server for data
encryption and transmission.
By default, Advanced
Encryption
Algorithm(SHA256withRSA) is
selected. You can select Common
Encryption
Algorithm(SHA1withRSA) in
scenarios that pose low
requirements on security.
NOTE
Here, Common Encryption
Algorithm(SHA1withRSA) is risky
and Advanced Encryption
Algorithm(SHA256withRSA) is
recommended.
Step 7 Set the installation parameters and click Next.
NOTE
If the specified installation directory does not exist, the system displays a dialog box, asking you
whether to create an installation directory. In this dialog box, click Yes.
The Select Software Components To Be Installed dialog box is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
68
eSight
Single-Node System Software Installation Guide
(Windows)
5 Installing the eSight Software
NOTE
l Component functions are controlled by the license.
l Dimmed components are mandatory components to install.
l eSight components support incremental installation. If a component is not installed during the first
eSight server installation, it can be installed during the next eSight server installation.
Step 8 Select components specified in the contract and Next.
The Configure Database Server dialog box is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
69
eSight
Single-Node System Software Installation Guide
(Windows)
5 Installing the eSight Software
Table 5-2 Database parameter description
Parameter
Description
How to Set
DB Type
Type of the database used by
the eSight.
Select a value from the
drop-down list box.
MySQL Database Parameters
Issue 01 (2016-04-30)
DB Server IP Address
IP address of the MySQL
database server or eSight
server.
Use the value automatically
generated by the system.
DB Port
Port number of the MySQL
database. The default port
number is 33306.
Use the value automatically
generated by the system.
DB System Administrator
Name
Name of the system
administrator of the MySQL
database. The default system
administrator name is root.
Use the value automatically
generated by the system.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
70
eSight
Single-Node System Software Installation Guide
(Windows)
5 Installing the eSight Software
Parameter
Description
How to Set
DB System Administrator
Password
Password of the system
administrator of the MySQL
database.
Enter the password of the
database system
administrator as planned.
NOTE
After the eSight is installed,
use the maintenance tool to
change this password. For
details, see the eSight
Administrator Guide.
NMS Database User
Password
Password of the database
NMS user.
NOTE
After the eSight is installed,
use the maintenance tool to
change this password. For
details, see the eSight
Administrator Guide.
Enter the password of the
database NMS user as
planned.
Confirm NMS Database
User Password
Confirm password of the
database NMS user.
Enter the password of the
database NMS user again.
Data File Directory
The directory where the data
files reside. The default
directory is eSight
installation directory/
MySQL/data.
Use the value automatically
generated by the system.
Step 9 Select database from the drop-down list, enter the database parameters and click Next.
Step 10 Verify the installation information in the Confirm Installation screen.
NOTE
If the installation information is incorrect, click Previous to reset installation information.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
71
eSight
Single-Node System Software Installation Guide
(Windows)
5 Installing the eSight Software
Step 11 Click Next.
The system starts to install the eSight. When eSight is installed, the Installation Completed
dialog box is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
72
eSight
Single-Node System Software Installation Guide
(Windows)
5 Installing the eSight Software
NOTE
In the Installation Completed dialog box, Start eSight Server is unselected by default. If you want to
start the eSight server immediately, select Start eSight Server.
Step 12 Click Finish.
----End
5.2 Verifying the Installation
After the eSight is installed, verify the installation.
Procedure
Step 1 Start the eSight service.
1.
Log in to the eSight server as the Administrator user.
2.
Choose Start > All Programs > eSight > eSight Console.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
73
eSight
Single-Node System Software Installation Guide
(Windows)
3.
5 Installing the eSight Software
Click Start in the eSight Console dialog box.
When the status of every process is RUNNING and starting eSight system
succeeded is displayed, the eSight service has been started.
Step 2 Log in to the eSight and maintenance tool from the client web browser.
1.
Set the client web browser, for details, see 10.2 Setting the Client Web Browser.
2.
In the address box, enter http://eSight server IP address:port number, and press Enter.
NOTICE
– If the server has multiple IP addresses, enter the IP address selected during eSight
server installation in the address box. Otherwise, eSight will not function normally.
– The default port number of the eSight is 8080. The default port number of the
maintenance tool is 8088.
– If the message "There is a problem with this website's security certificate." is
displayed, see 11.4.4 What Do I Do If the eSight Displays a Security Certificate
Error During Login?.
– If the browser is not equipped with a flash player, download and install Adobe Flash
Player provided by eSight. Otherwise, some pages cannot be displayed normally.
– If you set the server IP address to localhost or 127.0.0.1 on the eSight server, the
security certificate cannot be installed.
3.
On the eSight login page, enter the user name admin and the default password
Changeme123, and click Log In.
NOTICE
You must change the password when you log in to eSight for the first time. Keep the new
password safe. If you forget the password of the admin user, you have to reinstall eSight
to restore the default password.
4.
On the maintenance tool login page, enter the user name sys and the default password
Changeme123 and click Log In.
NOTE
You must change the password when you log in to maintenance tool for the first time.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
74
eSight
Single-Node System Software Installation Guide
(Windows)
5 Installing the eSight Software
Step 3 Check the eSight version.
After login, click
version.
at the upper right corner, and verify that the current version is the target
----End
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
75
eSight
Single-Node System Software Installation Guide
(Windows)
6
6 Installing the Antivirus Software
Installing the Antivirus Software
Antivirus software protects the computer from malicious software, network viruses, webbased threads, spyware, and mixed threads. To prevent computers from security attacks,
install and upgrade the antivirus software in time. The recommended antivirus software is
Trend Micro OfficeScan.
You can obtain the installation guide for OfficeScan in either of the following ways:
1.
Log into Huawei's enterprise support website http://support.huawei.com/enterprise.
2.
Browse or search eSight (Support > Product Support > Vertical Industries Solutions
> eSight Solution > eSight).
3.
On the Documentation tab page, download the AntiVirus Software Deployment Guide
(OfficeScan11.0).
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
76
eSight
Single-Node System Software Installation Guide
(Windows)
7
7 Commissioning the eSight
Commissioning the eSight
About This Chapter
To allow the eSight to manage the network, you must commission the eSight before using the
eSight to manage devices and configuring services.
7.1 Obtaining Reference Documents
Some reference documents, for example, northbound commissioning documents, help you
perform the commissioning. Obtain the reference documents to the local computer before the
commissioning to accelerate the commissioning.
7.2 Enabling Port Numbers on Firewalls
If the eSight is not in the same network segment as the devices, upper-layer NMS, SMS
gateway, and email server, you must enable ports on firewalls before the commissioning.
7.3 (Optional) Configuring Multi-Subnet Management
If eSight needs to manage devices in multiple subnets, or management clients in multiple
subnets need to access eSight, enable the multi-subnet management features.
7.4 Configuring System Services
Before using eSight, configure necessary system services correctly.
7.5 Applying for and Loading an eSight License
The eSight license file is used to control the functions and management capabilities of the
eSight. eSight offers 90-day free trial, after that you need to apply for and loading a
commercial license.
7.6 Commissioning eSight's Functions
After the agent is deployed on a device to be managed by eSight, connect the device to eSight
and commission the eSight's network monitoring, device management, and service
management functions.
7.7 Performing Security Settings
Security settings must be performed, such as changing the user password, replacing the
security certificate, and setting the user security policy.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
77
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
7.1 Obtaining Reference Documents
Some reference documents, for example, northbound commissioning documents, help you
perform the commissioning. Obtain the reference documents to the local computer before the
commissioning to accelerate the commissioning.
Table 7-1 lists the documents required during commissioning.
Table 7-1 Document list
Document
Description
eSight Communication
Matrix
This document describes
ports used by the eSight.
You must enable the ports
on firewalls based on actual
conditions before the
commissioning.
eSight Operation Guide
This document describes
how to commission eSight's
functions.
1. Access http://
support.huawei.com/
enterprise.
NOTE
About the eSight
commissioning, you can also
see the eSight online help.
2. Choose Support >
Product Support >
Vertical Industries
Solutions > eSight
Solution > eSight >
VxxxRxxxCxx.
eSight SNMP Northbound
Interface User Guide
This document describes
how to commission SNMP
northbound interfaces.
eSight FTP Northbound
Interface User Guide
This document describes
how to commission FTP
northbound interfaces.
eSight Administrator Guide
This document describes
how to perform system
security settings.
Download Path
3. Download the required
documents.
7.2 Enabling Port Numbers on Firewalls
If the eSight is not in the same network segment as the devices, upper-layer NMS, SMS
gateway, and email server, you must enable ports on firewalls before the commissioning.
Based on actual network plans, refer to the eSight Communication Matrix to enable the
communication ports on firewalls between the eSight and devices, upper-layer NMS, SMS
gateway, email server, and distributed servers.
NOTE
Refer to 7.1 Obtaining Reference Documents to obtain the eSight Communication Matrix.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
78
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
7.3 (Optional) Configuring Multi-Subnet Management
If eSight needs to manage devices in multiple subnets, or management clients in multiple
subnets need to access eSight, enable the multi-subnet management features.
Prerequisites
l
The eSight service is stopped. For details, see 10.1.2 Stopping the eSight Service.
l
If IP phones are used onsite, ensure that all IP phones are deployed on the same network
segment; otherwise, some functions of IP phone cannot be used.
Context
NOTICE
l eSight can manage devices in multiple subnets. If this feature is enabled, the protocols
used by eSight to manage devices are open to all subnets, raising security risks. Once
being enabled, this feature cannot be disabled. Therefore, before executing this operation,
assess network security risks and ensure that network security reaches the required level.
l eSight can support access from management clients in multiple subnets. After this feature
is enabled, the entries through which management clients in multiple subnets access eSight
are open to all subnets, raising security risks. Once being enabled, this feature cannot be
disabled. Therefore, before executing this operation, assess network security risks and
ensure that network security reaches the required level.
l The eSight Application Manager, eSight Facilities Infrastructure Manager, eSight
LogCenter Log Manager, and AR audio management function do not support multi-subnet
management.
l
By default, eSight manages devices in only one subnet.
l
By default, eSight supports access from management clients in only one subnet.
Procedure
Step 1 Log in to the eSight server as the Administrator user.
Step 2 Choose Start > All Programs > eSight > eSight Console.
Step 3 Choose Tools > Multi-subnetwork Management Tool in the eSight Console dialog box.
The Multi-subnetwork Management Tool dialog box is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
79
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
NOTE
l eSight login via multiple subnetworks: enables eSight to supports access from management clients in
multiple subnets.
l Manage all subnetwork devices: enables eSight to manage devices in all subnets.
l Auto stop and start eSight: enables eSight to automatically start or stop.
Step 4 Select the required function and click Modify.
Step 5 Restart the eSight service.
----End
7.4 Configuring System Services
Before using eSight, configure necessary system services correctly.
7.4.1 (Optional) Configuring the TFTP
If the network device management component and service management component are
installed, the TFTP service is automatically enabled. If the two components are not installed,
the TFTP service is disabled by default. Configure the TFTP service as required.
Context
The following table lists the application scenarios and default settings for the TFTP service.
NOTICE
The system is potentially risky if the TFTP is enabled all the time. You are advised to disable
the TFTP service after performing related operations.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
80
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
Application Scenario
Home Directory
Network device configuration file backup
and restoration
eSight installation directory/AppBase/var/
iemp/data/ftp
Server OS installation
Procedure
Step 1 Log in to the eSight server as the Administrator user.
Step 2 Open the eSight installation directory/AppBase/etc/conffile/tftpconfig.xml file.
<?xml version="1.0" encoding="UTF-8"?><config name="tftpServer">
<param name="enable">false</param>
<!-- if no ip config, read from etc/modifyIP/modifyIP.cfg -->
<!--param name="ip">0.0.0.0</param-->
<param name="listenerPort">69</param>
<param
name="passivePorts">32160,32161,32162,32163,32164,32165,32166,32167,32168,32169</
param>
<param name="paths">network,ucc,ic</param>
<param name="home">D:\eSight\AppBase\var\iemp\data\ftp</param>
</config>
Table 7-2 TFTP parameter description
Parameter
Description
Setting
tftpServer.enable
Indicates whether the TFTP is
enabled.
To manage network devices
and servers, enable the TFTP
service.
Value range:
l true: enable
l false: disable
Default value: If the network
device management component
and server management
component are installed, the
default value is true. If the two
components are not installed, the
default value is false.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
81
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
Parameter
Description
Setting
tftpServer.ip
Indicates the listening IP address
of the TFTP service.
By default, the TFTP service
monitors only the IP address
of the eSight server. To
manage servers, configure two
network ports for the eSight
server. The two network ports
are used for stateless
computing and server
deployment services. To
properly use the services,
modify <!--param
name="ip">0.0.0.0</param-> to <param
name="ip">0.0.0.0</
param>.
NOTE
If multi-subnet management is
enabled, use the default setting.
tftpServer.listenerPort
Indicates the TFTP listening
port.
The default value is
recommended.
Value range: 0–65535
Default value: 69
tftpServer.passivePort
s
Indicates the port for data
transmission through TFTP.
The default value is
recommended.
Value range: 0–65535
Default value: 32160–32169
tftpServer.paths
Indicates the subdirectory for
storing files of different fields
(under the home directory).
The default value is
recommended.
Default value: network,ucc,ic
tftpServer.home
Indicates the home directory of
the TFTP service.
The default value is
recommended.
Default value: eSight
installation directory/
AppBase/var/iemp/data/ftp
Step 3 Modify and save TFTP parameters as required.
Step 4 Restart the eSight service.
----End
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
82
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
7.4.2 (Optional) Configuring the FTP
If the network device management component and service management component are
installed, the FTP service is automatically enabled. If the two components are not installed,
the FTP service is disabled by default.
Context
The following table lists the application scenarios and default settings for the FTP service.
NOTE
The FTP protocol is an insecure one. In the network device configuration file backup and restoration
scenarios, secure protocols such as SFTP and FTPS are recommended. In the server OS installation
scenario, it is recommended that the FTP service be disabled after being used.
NOTICE
Do not change a user's home directory; otherwise, the device management functions may
malfunction.
Application
Scenario
User Name
Default
Password
Home Directory
Network device
configuration file
backup and
restoration
admin
Changeme_123
eSight installation directory/
AppBase/var/iemp/data/ftp
Network device
software upgrade
admin
Changeme_123
eSight installation directory/
AppBase/var/iemp/data/ftp
Backup and restore
of IAD
configuration data,
backup and restore
of SIP user
information, and
IAD upgrade
ftpread
Huawei@123
eSight installation directory/
AppBase/etc/uc/upgrade/ftp/
read
ftpwrite
Huawei@123
eSight installation directory/
AppBase/etc/uc/upgrade/ftp/
write
NOTE
FTPS is used by
default.
UCEMS
Huawei@123
eSight installation directory/
AppBase/etc/uc/
IADBackupFile
-
-
eSight installation directory/
AppBase/var/iemp/data/ftp
The upper-layer
NMS obtains NE
performance data
through the FTP
northbound
interface
Issue 01 (2016-04-30)
NOTE
The FTP
northbound
interface does
not have an
initial account.
You can modify
the nbi.xml file
to add an
account.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
83
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
Procedure
Step 1 Log in to the eSight server as the Administrator user.
Step 2 Open the eSight installation directory/AppBase/sysagent/etc/sysconf/svcbase/
med_node_1_svc.xml file.
<!-- ftp server configuration -->
<config name="ftp">
<!-- Is not activated, defualt false -->
<param name="enable">false</param>
<!-- Listening port -->
<param name="listenerPort">31921</param>
<param name="passivePorts">32150-32159</param>
</config>
Table 7-3 FTP parameter description
Parameter
Description
Setting
oms.ftpServer.ftp.enable
Indicates whether the FTP is
enabled.
To manage network devices
and servers, enable the FTP
service.
Value range:
l true: enable
l false: disable
Default value: If the
network device management
component and server
management component are
installed, the default value is
true. If the two components
are not installed, the default
value is false.
oms.ftpServer.ftp.listenerPo
rt
Indicates the listening IP
address of the FTP service.
The default value is
recommended.
Value range: 1–65535
Default value: 31921
oms.ftpServer.ftp.passivePo
rts
Indicates the ID of the
listening port on the passive
data link of the FTP server.
The default value is
recommended.
Value range: 1–65535
Default value:
32150-32159
NOTE
For the detailed description about med_node_*_svc.xml, see the eSight Administrator Guide.
Step 3 Modify and save FTP parameters as required.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
84
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
Step 4 Change the password of the FTP users.
NOTE
For details, see the eSight Administrator Guide.
Step 5 Restart the eSight service.
----End
7.4.3 (Optional) Configuring the FTPS
After eSight is installed, the FTPS service is enabled by default. Set the FTPS parameters as
planned.
Context
The following table lists the application scenarios and default settings for the FTPS service.
NOTICE
Do not change a user's home directory; otherwise, the device management functions may
malfunction.
Application
Scenario
User Name
Default
Password
Home Directory
Upload and
download of
version files,
configuration files,
perform result files,
and configuration
data files for eLTE
base station and
code network
devices
elte
ei*b
+@b#6Nh(tS1j
eSight installation directory/
AppBase/var/iemp/data/ftp/elte
Backup and restore
of IAD
configuration data,
backup and restore
of SIP user
information, and
IAD upgrade
ftpsread
Huawei@123
eSight installation directory/
AppBase/etc/uc/upgrade/ftps/
read
ftpswrite
Huawei@123
eSight installation directory/
AppBase/etc/uc/upgrade/ftps/
write
UCEMS
Huawei@123
eSight installation directory/
AppBase/etc/uc/
IADBackupFile
UCIPPBX
Huawei@123
eSight installation directory/
AppBase/etc/uc/tftp
IP PBX backup and
restore
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
85
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
Application
Scenario
User Name
Default
Password
Home Directory
IP phone
distributed
deployment
esight
Huawei123
eSight installation directory/
AppBase/fileServer/webapps/
WebContent/tr069
loguser
Huawei123
eSight installation directory/
AppBase/etc/uc/
configFile/egw
fileuser
Huawei123
eSight installation directory/
AppBase/fileServer/conf
ftpsuser
Huawei123
eSight installation directory/
AppBase/tlsfileServer/
webapps/certificate
capf
CapfAdmin123
eSight installation directory/
AppBase/etc/uc/capf/cert
IP phone license
application
Procedure
Step 1 Log in to the eSight server as the Administrator user.
Step 2 Open the eSight installation directory/AppBase/sysagent/etc/sysconf/svcbase/
med_node_1_svc.xml file.
<config name="ftps">
<param name="enable">true</param>
<param name="listenerPort">31923</param>
<param name="passivePorts">31932,32145-32154</
param>
<param name="implicitSsl">false</param>
<param
name="includeCipherSuites">TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AE
S_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA</param>
<param
name="keystoreFileName">JettyServerKeyStore</param>
<param name="sslPassword">TepvToLrYDVuuq2a1/G
+Tw==</param>
<param name="permitFileSize">0</param>
<param name="permitFileType"/>
</config>
Table 7-4 FTPS parameter description
Parameter
Description
Setting
oms.ftpServer.ftps.en
able
Indicates whether the FTPS is
enabled.
The default value is
recommended.
Value range:
l true: Enable
l false: disable
Default value: true
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
86
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
Parameter
Description
Setting
oms.ftpServer.ftps.list
enerPort
Indicates the ID of the listening
port on the FTPS server.
The default value is
recommended.
Value range: 1–65535
Default value: 31923
oms.ftpServer.ftps.pa
ssivePorts
Indicates the ID of the listening
port on the passive data link of
the FTPS server.
The default value is
recommended.
Value range: 1–65535
Default value:
31932,32145-32154
oms.ftpServer.ftps.ke
ystoreFileName
Indicates the name of the FTPS
server key library.
Configure the parameter as
required.
Value range: unrestricted
Default value:
JettyServerKeyStore
oms.ftpServer.ftps.ssl
Password
Indicates the password for the
FTPS server key library.
Configure the parameter as
required.
Value range: unrestricted
Default value:
TepvToLrYDVuuq2a1/G
+Tw==
NOTE
The configuration is as follows:
1. Enter the folder eSight
installation directory/
AppBase/tools/bmetool/
encrypt.
2. Run the following command
to generate the ciphertext for
the new password:
encrypt.bat 0 Changeme123
zvOREMT6k4suh87jICjqsQ=
=
oms.ftpServer.ftps.im
plicitSsl
Specifies whether the FTPS
hidden mode is enabled.
NOTE
The explicit mode is risky.
Value range:
l true: hidden mode
l false: Display mode
Default value: false
To comply with devices that do
not support the hidden mode,
eSight uses the explicit mode by
default, which may lead to
security risks. If managed
devices (eLTE, IAD, IP PBX,
and IP phone) support the
hidden mode, use the hidden
mode.
NOTE
For the detailed description about med_node_*_svc.xml, see the eSight Administrator Guide.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
87
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
Step 3 Modify and save FTPS parameters as required.
Step 4 Change the password of the FTPS users.
NOTE
For details, see the eSight Administrator Guide.
Step 5 Restart the eSight service.
----End
7.4.4 (Optional) Configuring the SFTP
After eSight is installed, the SFTP service is enabled by default. Set the SFTP parameters as
planned.
Context
The following table lists the application scenarios and default settings for the SFTP service.
NOTICE
Do not change a user's home directory; otherwise, the device management functions may
malfunction.
Issue 01 (2016-04-30)
Application
Scenario
User Name
Default
Password
Home Directory
Network device
configuration file
backup and
restoration
admin
Changeme_123
eSight installation directory/
AppBase/var/iemp/data/ftp
Network device
software upgrade
admin
Changeme_123
eSight installation directory/
AppBase/var/iemp/data/ftp
WLAN
performance data
collection
admin
Changeme_123
eSight installation directory/
AppBase/var/iemp/data/ftp
iPCA performance
data collection
admin
Changeme_123
eSight installation directory/
AppBase/var/iemp/data/ftp
Server OS
installation and
firmware upgrade
itSftpUser
Huawei@123
eSight installation directory/
AppBase/var/iemp/data/ftp
Host management
in agentless mode
itSftpUser
Huawei@123
eSight installation directory/
AppBase/var/iemp/data/ftp
Host installation
and upgrade
itSftpUser
Huawei@123
eSight installation directory/
AppBase/var/iemp/data/ftp
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
88
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
Application
Scenario
User Name
Default
Password
Home Directory
The upper-layer
NMS obtains NE
performance data
through the SFTP
northbound
interface
-
-
eSight installation directory/
AppBase/var/iemp/data/ftp
NOTE
The SFTP
northbound
interface does
not have an
initial account.
You can modify
the nbi.xml file
to add an
account.
Procedure
Step 1 Log in to the eSight server as the Administrator user.
Step 2 Open the eSight installation directory/AppBase/sysagent/etc/sysconf/svcbase/
med_node_1_svc.xml file.
<config name="sftp">
<param name="enable">true</param>
<param name="listenerPort">31922</param>
<param
name="keystoreFileName">esight.keystore.sftp</param>
<param
name="sslPassword">zvOREMT6k4suh87jICjqsQ==</param>
<param name="permitFileSize">0</param>
<param name="permitFileType"/>
<param name="sftpMAC">hmac-sha1,hmac-sha2-256</
param>
<param name="sftpCipher">aes128-ctr</param>
</config>
Table 7-5 SFTP parameter description
Parameter
Description
Setting
oms.ftpServer.sftp.enable
Indicates whether the SFTP is
enabled.
The default value is
recommended.
Value range:
l true: Enable
l false: disable
Default value: true
oms.ftpServer.sftp.listener
Port
Indicates the ID of the
listening port on the SFTP
server.
The default value is
recommended.
Value range: 1–65535
Default value: 31922
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
89
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
Parameter
Description
Setting
oms.ftpServer.sftp.keystor
eFileName
Indicates the name of the
SFTP server key library.
Configure the parameter as
required.
Value range: unrestricted
Default value:
esight.keystore.sftp
oms.ftpServer.sftp.sslPass
word
Indicates the password for the
SFTP server key library.
Configure the parameter as
required.
Value range: unrestricted
Default value:
zvOREMT6k4suh87jICjqsQ
==
NOTE
The configuration is as follows:
1. Enter the folder eSight
installation directory/
AppBase/tools/bmetool/
encrypt.
2. Run the following
command to generate the
ciphertext for the new
password:
encrypt.bat 0
Changeme123
zvOREMT6k4suh87jICjqs
Q==
NOTE
For the detailed description about med_node_*_svc.xml, see the eSight Administrator Guide.
Step 3 Modify and save SFTP parameters as required.
Step 4 Change the password of the SFTP users.
NOTE
For details, see the eSight Administrator Guide.
Step 5 Restart the eSight service.
----End
7.5 Applying for and Loading an eSight License
The eSight license file is used to control the functions and management capabilities of the
eSight. eSight offers 90-day free trial, after that you need to apply for and loading a
commercial license.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
90
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
Prerequisites
You must have the Guest permission of the ESDP platform to apply for a commercial license.
You can obtain the Guest permission of the ESDP platform after applying for an account at
Huawei's official website.
Context
A license file is an authentication file that a special encryption tool generates based on the
information about the contract that a user signs with Huawei and the information about the
server where the eSight is installed. After obtaining a license file, load it to eSight manually to
obtain permission to use eSight.
l
The license file is not delivered to customers along with a eSight installation DVD.
Apply for a license according to the contract number and the equipment serial number
(ESN) of the eSight server.
l
A license needs to be bound to an ESN of the server. If an ESN is changed because an
NIC or server is replaced, you need to apply for a new eSight license. For details, see the
eSight License User Guide.
Procedure
Step 1 Obtain an activation password.
The password can be found in the license entitlement certificate.
NOTE
The paper license entitlement certificate is delivered with the product, while the electronic copy is directly
sent to the mailbox of the distributor that has signed contracts with Huawei. If you do not have the paper or
electronic certificate, contact Huawei's channel partner and provide your contract number to activate the
password.
Step 2 Obtain the server equipment serial number (ESN).
1.
Access the eSight login page, and log in to eSight as an administrator.
2.
When logged in to eSight as an administrator, choose System > Administration >
License Management.
3.
Click Obtain ESN.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
91
eSight
Single-Node System Software Installation Guide
(Windows)
4.
7 Commissioning the eSight
Obtain the ESN by entering or selecting the MAC address.
–
Method one: Select the network adapter on the eSight server, and click Generate
ESN.
eSight automatically obtains the network adapter information on the eSight server.
Record ESN information.
NOTE
You can use this method to obtain the ESN of the current logged-in server only. Obtain the ESNs
of other servers by entering their MAC addresses.
–
Issue 01 (2016-04-30)
Method two: Enter the Media Access Control (MAC) address of the eSight server,
and click Generate ESN.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
92
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
Step 3 Apply for an eSight license.
1.
Log in to ESDP (http://app.huawei.com/isdp) choose License Activation >
Entitlement Activation.
2.
Enter activation password.
a.
Enter activation password in the Password text box.
NOTE
Click Add to add more entitlements to activate them in batches.
Issue 01 (2016-04-30)
b.
Read the preceding information, and choose I have read the above carefully.
c.
Click Next.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
93
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
3.
Fill in the ESN or click
to select an existing device (NE), separate multiple ESNs
by comma, and click Next.
4.
After the activation information is verified, click Confirm Activation.
5.
In the dialog box that is displayed, click Confirm.
The activation task is submitted, the Operation Record page is displayed, and the task
name is Activate License By Password.
6.
Download License:
–
Website
You can check the task progress on the Operation Record page. After the task
status is changed to Success, you can download the license.
–
Mailbox
After the task is executed, the system sends an email to your registered mailbox and
you can download the license from the attachment.
Step 4 Loading an eSight license file.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
94
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
1.
Log in to eSight as an administrator.
2.
Choose System > Administration > License Management from the main menu.
3.
On the License Management page, click Import License.
4.
Select a license file and click Upload.
NOTE
The license file name cannot contain any space. If the name contains a space, uploading or updating the
license file will fail. If the name of the obtained license file contains spaces, delete the spaces or change
them to _ before using the license file.
5.
Click Apply.
The license file takes effect immediately. The information about the imported license file
is displayed on the License Management page.
----End
Follow-up Procedure
After the license file is loaded, choose System > Administration > License Management,
check the license items and resource items.
7.6 Commissioning eSight's Functions
After the agent is deployed on a device to be managed by eSight, connect the device to eSight
and commission the eSight's network monitoring, device management, and service
management functions.
Issue 01 (2016-04-30)
Task
Description
Reference Document
Connecting a
device to eSight
Devices can be managed by
eSight only after being
connected to eSight. Devices can
be connected to eSight in three
ways: automatic discovery, batch
import, and single adding.
Discovering Devices in the
eSight Operation Guide or
eSight Help
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
95
eSight
Single-Node System Software Installation Guide
(Windows)
7 Commissioning the eSight
Task
Description
Reference Document
Commissioning the
network
monitoring
function
Commission the eSight's
topology, alarm, and
performance management
functions.
The following sections in the
eSight Operation Guide or
eSight Help:
l Setting Topology
l Setting Alarm Monitoring
l Setting Performance
Monitoring
l Setting the Home Page
l Monitoring the Network
Commissioning the
device and service
management
functions
Commission the device and
service management functions
for the devices and services
actually used in the network.
eSight Operation Guide or
eSight Help:
(Optional)
Commissioning
northbound
interfaces
l The SNMP northbound
interface is used by eSight to
report alarms to the upperlayer network management
system and to handle alarms.
l To commission the SNMP
northbound interface, see the
eSight SNMP Northbound
Interface User Guide.
l The FTP is used by eSight to
transfer performance files to
the upper-layer network
management system through
the FTP or SFTP protocol.
l To commission the FTP
northbound interface, see the
eSight FTP Northbound
Interface User Guide.
7.7 Performing Security Settings
Security settings must be performed, such as changing the user password, replacing the
security certificate, and setting the user security policy.
Issue 01 (2016-04-30)
Task
Description
Reference Document
Changing the user
password
The system provides default
accounts and passwords and
assign different rights to the
accounts. For the sake of the
system and user security, change
the default passwords as required
in time.
Managing eSight System User
in the eSight Administrator
Guide
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
96
eSight
Single-Node System Software Installation Guide
(Windows)
Issue 01 (2016-04-30)
7 Commissioning the eSight
Task
Description
Reference Document
Replacing the
security certificate
During the eSight installation, a
temporary security certificate is
generated to ensure the normal
running of eSight. After the
eSight installation is complete,
replace the temporary security
certificate.
Managing Security Certificate
in the eSight Administrator
Guide
Setting the user
security policy
Configure user right, password,
account, and access control
policies to facilitate network
management and fortify eSight
security.
Configuring eSight Users and
Their Rights in the eSight
Administrator Guide
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
97
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
8
Security Hardening
About This Chapter
This topic describes how to harden the security of the operating system and database on the
eSight server after the operating system, database, and eSight are installed.
8.1 Overview
Security hardening aims to enhance the defense capabilities of the Operating system and
database.
8.2 Hardening the Windows Operating System
This topic describes how to use SetWin to harden the security of the Windows Server 2008
operating system.
8.3 Rolling Back Windows Using SetWin
When the hardening fails, an operation fails, or services are affected, you must perform
rollback operations.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
98
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
8.1 Overview
Security hardening aims to enhance the defense capabilities of the Operating system and
database.
The eSight server has the following potential security risks:
l
During the installation of the operating system, many services and ports are enabled by
default. In this situation, the operating system is prone to malicious attacks.
l
System file properties and environment variables have some defects, which increase
system security risks.
To ensure secure and stable system running, securely harden the system by adding,
modifying, or deleting system modules and components, thereby screening or eliminating the
operating system defects and security vulnerabilities.
Security Hardening Objects
The primary objects of security hardening are the operating system and database. For details,
see Table 8-1.
Table 8-1 Security hardening objects
Object
Method
Windows Server 2008
operating system
SetWin
NOTE
The MySQL database integrated to the eSight has been securely hardened.
Security Hardening Scenarios
Table 8-2 Security Hardening Scenarios
Issue 01 (2016-04-30)
Operation
Scenario
Description
Security hardening
After installation and
commissioning
After each component is installed and
commissioned, security hardening must be
performed for the system where the
component runs to enhance system
security.
After an upgrade
After each component version is upgraded,
security hardening must be performed for
the system where the component runs to
enhance system security.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
99
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
Operation
Scenario
Description
Rollback
Before an upgrade
Before version upgrade, if the operating
system has been hardened, roll back the
security hardening. Otherwise, the upgrade
may fail.
Before uninstallation
Before uninstallation, if the operating
system has been hardened, roll back the
security hardening. Otherwise, the
uninstallation may fail.
Security Hardening Impacts
l
Impacts on an operating system
–
Some services of Windows operating system may be restricted in the hardening
policy. Therefore, the services are unavailable after the hardening.
For specific services to be disabled, see the hardening policy file.
–
After the security of a Windows operating system is hardened, the account of the
Administrator user is reset to SWMaster.
–
After the security hardening, some hardening items of the Windows operating
system cannot be rolled back.
Table 8-3 lists the Windows Server 2008 operating system hardening items that
cannot be rolled back.
Table 8-3 Windows Server 2008 hardening items that cannot be rolled back
l
Hardening Item
Hardening Item Path
Store Passwords using
Reversible Encryption
SetWin Policies > Auditing and Account
policies > Account Policy
Allow Anonymous SID/
Name Translation
SetWin Policies > Security Settings > Security
Options > Network Access
Kerberos Policy
SetWin Policies > Auditing and Account
policies > Kerberos Policy
Patch Scripts
SetWin Policies > Patch Scripts
Impacts on a database
After the security of a database is hardened, certain parameters and user permission are
changed.
l
Impacts on a service
If service running requires continuous system and data services, security hardening and
system rollback have impacts on service running.
Duration
Table 8-4 describes the duration for security hardening.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
100
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
Table 8-4 Security hardening duration
Object
Operation
Estimated Duration (min)
Windows Server 2008
operating system
Hardening
10
Hardening rollback
10
NOTE
Security hardening duration is an approximate duration of security hardening in a laboratory, and it is
only for reference. Security hardening duration is subject to environment, network, and security
hardening item.
8.2 Hardening the Windows Operating System
This topic describes how to use SetWin to harden the security of the Windows Server 2008
operating system.
8.2.1 Installing SetWin
Before performing security hardening for a Windows operating system, install SetWin on the
host.
Prerequisites
You have obtained the SetWin installation package. For details, see 3.3 Obtaining Security
Hardening Software.
Context
SetWin is an independent tool used to protect the operating system from attacks and
vulnerabilities. SetWin offers preconfigurations recommended by industry-accepted
benchmarks (such as CIS).
Procedure
Step 1 Log in to Windows as the Administrator user.
Step 2 Double-click the SetWin installation file. Select a language and click OK.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
101
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
Step 3 Click Next.
Step 4 Select I accept the terms in the License Agreement and click Next.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
102
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
Step 5 Select an installation directory and click Next.
NOTE
The SetWin installation path must not contain Chinese characters.
Step 6 Select No configuration, and click Install.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
103
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
The system displays the message Installation will proceed without any
configuration file. Would you like to proceed?.
NOTE
The configuration file contains detailed hardening policies and items.
The configuration file is contained in the eSight security hardening package. To obtain the file, see 3.3
Obtaining Security Hardening Software. The configuration file will be imported into the hardening tool in
8.2.2 Hardening the Windows Using the SetWin.
Step 7 Click Yes.
The system starts to install the SetWin tool and displays the installation progress and details.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
104
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
Step 8 After the installation is complete, clear Run VPP SEK SetWin V300R003C22, and click
Finish.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
105
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
Step 9 Delete the installation package and temporary files from the server after the SetWin is
installed.
----End
8.2.2 Hardening the Windows Using the SetWin
You can use the SetWin tool to harden the Windows operating system. You must comply with
the procedure when executing a hardening policy.
Prerequisites
l
The security hardening policy file has been obtained. For details, see 3.3 Obtaining
Security Hardening Software.
l
The eSight service is stopped. For details, see 10.1.2 Stopping the eSight Service.
Procedure
Step 1 Log in to Windows as the Administrator user.
Step 2 Right-click SetWin and choose Run as administrator. The Initial Backup dialog box is
displayed.
Step 3 Select the path where the system backup status is stored in a file, and click OK.
After the file is backed up, the system displays the message Backup completed.
Step 4 Click OK.
Step 5 Optional: If the configuration file is not imported during hardening tool installation, the
system displays the message Configuration file is not present or
corrupted. Please import a valid configuration file. Click OK.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
106
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
Step 6 Choose Configuration > Import Configuration File on the SetWin (Online Mode) page.
Step 7 Select the security hardening configuration file of the operating system, and click Open.
NOTE
Only .zip or .inf policy files can be imported.
Step 8 The system displays the message Import successful. Click OK.
Imported policies are displayed on the SetWin home page.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
107
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
NOTE
To view details about a hardening item, perform the following steps:
1. Choose Help > SetWin Help Contents on SetWin.
2. Click the Search tab on the help and enter a hardening item name.
3. Click topic.
4. Find the topic for the hardening item based on the hardening item path and view details about the
hardening item.
Step 9 Choose Policy > Execute.
Step 10 In the dialog box that is displayed, click Yes.
Step 11 When the system displays the message Do you want to create a backup
point?, click Yes and select the backup path.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
108
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
NOTICE
Save the security hardening policy and create a file to store the security hardening policy that
will be used in rollback. Otherwise, the operating system cannot be rolled back to the prehardened state.
Step 12 When the system displays the message Backup completed, click OK.
Step 13 In the Policy(s) Configured dialog box that is displayed, click Yes to harden the security of
the operating system.
Step 14 After the hardening is complete, the system displays the message Execution
completed. Click OK.
Step 15 The system displays the message Please restart system to affect all
policies. Do you want to restart now?. Click Yes to restart the system.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
109
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
NOTICE
After the security hardening policy takes effect, the administrator account changes from
Administrator to SWMaster, the guest account changes from guest to SWVisitor, but the
password remains unchanged.
----End
8.2.3 Hardening the Windows Manually
This topic describes how to harden the Windows manually after the Windows is hardened by
the SetWin.
Hardening the Windows by Running Scripts
Step 1 Log in to Windows as the SWMaster user.
Step 2 Enter the folder eSight installation directory\AppBase\tools\security-harden\win2008.
Step 3 Double-click changeACL.bat.
The system starts to run the hardening script.
If the hardening fails, the detailed information is displayed.
----End
(Optional) Configuring the ActiveX Installer Service
For details, see Administering the ActiveX Installer Service in the ActiveX official website.
8.3 Rolling Back Windows Using SetWin
When the hardening fails, an operation fails, or services are affected, you must perform
rollback operations.
Prerequisites
The eSight service is stopped. For details, see 10.1.2 Stopping the eSight Service.
Context
NOTICE
Before eSight reinstallation or upgrade, roll back the security hardening. Otherwise, the
reinstallation or upgrade may fail.
You can roll back Windows to the initial status or a backup point.
l
Issue 01 (2016-04-30)
Initial status: indicates Windows status at the first backup point. To roll back to the initial
status, select the initial policy file.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
110
eSight
Single-Node System Software Installation Guide
(Windows)
l
8 Security Hardening
Backup point: indicates a point at which hardening policies are backed up. To roll back
to a backup point, select the related backup policy file. Backup policy files are created
during security hardening.
Procedure
Step 1 Log in to Windows as the SWMaster user.
Step 2 Choose Policy > Rollback on the SetWin (Online Mode) page.
Step 3 In the dialog box that is displayed, click Yes.
Step 4 Select the backup file and roll back the operating system of the eSight server to the prehardened state.
NOTE
The backup file is generated during 8.2.2 Hardening the Windows Using the SetWin.
Step 5 When the system displays the message Rollback completed, click OK.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
111
eSight
Single-Node System Software Installation Guide
(Windows)
8 Security Hardening
The system displays the message Please restart system to affect all
policies. Do you want to restart now?.
Step 6 Click Yes to restart the system.
NOTICE
After the security of the operating system is rolled back, the administrator account restores to
be Administrator, the guest account restores to be guest, but the password remains
unchanged.
----End
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
112
eSight
Single-Node System Software Installation Guide
(Windows)
9
9 Uninstalling eSight System
Uninstalling eSight System
About This Chapter
This topic describes how to uninstall eSight system.
9.1 Uninstalling the eSight
The service components that rely on eSight cannot be uninstalled separately. They are
uninstalled automatically as eSight is uninstalled.
9.2 Uninstalling the SetWin
This topic describes how to uninstall the SetWin.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
113
eSight
Single-Node System Software Installation Guide
(Windows)
9 Uninstalling eSight System
9.1 Uninstalling the eSight
The service components that rely on eSight cannot be uninstalled separately. They are
uninstalled automatically as eSight is uninstalled.
Prerequisites
The operating system is rolled back to the pre-hardened state. For details, see 8.3 Rolling
Back Windows Using SetWin.
Context
When eSight is uninstalled, the eSight database and configuration file are uninstalled. To save
the eSight database data and configuration file, back up in advance files in the AppBase/
backup and mttools/etc/sysconf/backup directory that is in the same directory as the eSight
installation directory or files on the remote server.
Procedure
Step 1 Log in to the eSight server as the Administrator user.
Step 2 Choose Start > All Programs > eSight > eSight Console.
Step 3 Click Stop in the eSight Console dialog box.
When the status of every process is STOPPED and stopping eSight system
succeeded. is displayed, the eSight service has been started.
Step 4 Close the eSight Console dialog box.
Step 5 Choose Start > Programs > eSight > Uninstall eSight.
Information similar to the following is displayed:
Are you sure you want to uninstall the system? (Please enter y or n):
Enter y and press Enter
When the uninstallation is complete, the system displays the message The eSight is
uninstalled successfully.
NOTE
Delete the eSight installation directory manually after the uninstallation is complete.
----End
9.2 Uninstalling the SetWin
This topic describes how to uninstall the SetWin.
Context
Before SetWin uninstallation, ensure that the security hardening has been rolled back. For
details about the rollback, see 8.3 Rolling Back Windows Using SetWin.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
114
eSight
Single-Node System Software Installation Guide
(Windows)
9 Uninstalling eSight System
Procedure
Step 1 Log in to the Windows as the Administrator user.
Step 2 Choose Start > All Programs > Huawei > SetWin > Uninstall.
Step 3 In the Installer Language dialog box, click OK.
Step 4 In the Uninstall dialog box, click Yes.
Step 5 In the dialog box that is displayed, click No.
NOTICE
If the rollback is not performed before the uninstallation, click Yes here to perform the
rollback.
Step 6 When the uninstallation is complete, click OK.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
115
eSight
Single-Node System Software Installation Guide
(Windows)
9 Uninstalling eSight System
----End
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
116
eSight
Single-Node System Software Installation Guide
(Windows)
10 Appendix
10
Appendix
About This Chapter
10.1 Starting and Stopping the eSight Service
This topic describes how to start and stop the eSight service.
10.2 Setting the Client Web Browser
Before using a web browser to log in to eSight, set the web browser to ensure the normal
display of pages and improve browsing effects.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
117
eSight
Single-Node System Software Installation Guide
(Windows)
10 Appendix
10.1 Starting and Stopping the eSight Service
This topic describes how to start and stop the eSight service.
10.1.1 Starting the eSight Service
This topic describes how to start the eSight service.
Procedure
Step 1 Log in to the eSight server as the Administrator user.
NOTE
Log in to the server as the SWMaster user if the Windows is hardened.
Step 2 Choose Start > All Programs > eSight > eSight Console.
Step 3 Click Start in the eSight Console dialog box.
When the status of every process is RUNNING and starting eSight system
succeeded is displayed, the eSight service has been started.
----End
10.1.2 Stopping the eSight Service
This topic describes how to stop the eSight service.
Procedure
Step 1 Log in to the eSight server as the Administrator user.
NOTE
Log in to the server as the SWMaster user if the Windows is hardened.
Step 2 Choose Start > All Programs > eSight > eSight Console.
Step 3 Click Stop in the eSight Console dialog box.
When the status of every process is STOPPED and stopping eSight system
succeeded. is displayed, the eSight service has been stopped.
----End
10.2 Setting the Client Web Browser
Before using a web browser to log in to eSight, set the web browser to ensure the normal
display of pages and improve browsing effects.
10.2.1 Setting the Mozilla Firefox 27 Web Browser
If Mozilla Firefox 27 is used to log in to eSight, set Mozilla Firefox 27 before your login.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
118
eSight
Single-Node System Software Installation Guide
(Windows)
10 Appendix
Procedure
Step 1 Open the browser.
Step 2 Enable cookies in Mozilla Firefox
1.
On the menu bar of Mozilla Firefox, choose Tools > Options.
2.
In the Options window, click Privacy.
3.
Choose User custom settings for history and select Accept cookies from sites.
4.
Click OK.
Step 3 Optional: (Recommended) Set the web page display mode to achieve optimal browsing
effects.
1.
On the menu bar of Mozilla Firefox, choose Tools > Options.
2.
In the Options window, click Tabs and select Open new windows in a new tab instead
and Warn me when opening multiple tabs might slow down Firefox.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
119
eSight
Single-Node System Software Installation Guide
(Windows)
3.
10 Appendix
Click OK.
Step 4 Restart the browser.
----End
10.2.2 Setting the Internet Explorer 9 Web Browser
If Internet Explorer 9 is used to log in to eSight, set Internet Explorer 9 before your login.
Procedure
Step 1 Open the browser.
Step 2 Add the URLs for accessing eSight as trusted websites.
If the security level of the browser is set too high, the browser displays a security warning
when you access eSight.
1.
On the menu bar of Internet Explorer, choose Tools > Internet Options (If the menu bar
is unavailable, press Alt to display it.).
2.
In the Internet Options dialog box, select the Trusted sites icon on the Security tab
page, and click Sites.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
120
eSight
Single-Node System Software Installation Guide
(Windows)
3.
Issue 01 (2016-04-30)
10 Appendix
In the Trusted sites dialog box, enter the eSight website address in the Add this website
to the zone text box, and click Add to add the website to the list of trusted websites.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
121
eSight
Single-Node System Software Installation Guide
(Windows)
10 Appendix
NOTE
The websites for accessing the eSight over Hypertext Transfer Protocol (HTTP) or Hypertext
Transfer Protocol Secure (HTTPS) must be added to the list of trusted websites.
For example, if the IP address of eSight is 10.10.10.10, you must add both http://10.10.10.10 and
https://10.10.10.10 as trusted websites.
4.
Click Close.
Step 3 Set the Internet Explorer security level.
1.
On the menu bar of Internet Explorer, choose Tools > Internet Options.
2.
In the Internet Options dialog box, click the Security tab and select Trusted sites.
3.
In the Security level for this zone area, set the security level to Medium.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
122
eSight
Single-Node System Software Installation Guide
(Windows)
4.
10 Appendix
Click OK.
Step 4 Set the compatibility view of Internet Explorer.
1.
On the menu bar of Internet Explorer, choose Tools > Compatibility View Settings
from the main menu.
2.
In the Compatibility View Settings dialog box, deselect Include updated website lists
from Microsoft, Display intranet sites in Compatibility view, and Display all
websites in Compatibility View.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
123
eSight
Single-Node System Software Installation Guide
(Windows)
3.
10 Appendix
Click Close.
Step 5 Enable Cookies and set the web browser mode.
1.
On the menu bar of Internet Explorer, choose Tools > Developer Tools.
2.
In the Developer Tools window, click Cache and deselect Disable Cookies.
3.
Set the web browser mode.
In the Developer Tools window, click Browser Mode and select Internet Explorer 9.
4.
Close the Developer Tools window.
Step 6 Optional: (Recommended) Set the web page display mode to achieve optimal browsing
effects.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
124
eSight
Single-Node System Software Installation Guide
(Windows)
10 Appendix
1.
On the menu bar of Internet Explorer, choose Tools > Internet Options.
2.
In the Tabs area, click Settings.
3.
In the Tabbed Browsing Settings dialog box, set When a pop-up is encountered to
Let Internet Explorer decide how pop-ups should open.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
125
eSight
Single-Node System Software Installation Guide
(Windows)
4.
Click OK.
5.
In the Internet Options dialog box, click OK.
10 Appendix
Step 7 Perform the following operation in the Windows Server 2008 R2 environment.
1.
2.
Set Binary and script behaviors to Enable; otherwise, the portlet background of the
home page is displayed in red after you log in to eSight.
a.
On the menu bar of Internet Explorer, choose Tools > Internet Options.
b.
In the Internet Options dialog box, click the Security tab.
c.
On the Security tab page, click Custom level....
d.
In the Security Settings - Internet Zone dialog box, set Binary and script
behaviors to Enable.
Disable the enhanced security configuration of Internet Explorer, otherwise, the browser
displays an empty page instead of the login page.
NOTE
The Windows Server 2008 R2 operating system enforces high security requirements. By default,
the enhanced security configuration of Internet Explorer is enabled for both administrative and
common users. The security level of Internet Explorer is set to the highest and cannot be adjusted.
Therefore, the login page cannot be displayed properly.
Issue 01 (2016-04-30)
a.
Right-click Computer on the desktop and choose Manage from the shortcut menu.
b.
In the Server Manager dialog box that is displayed, click Configure IE ESC.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
126
eSight
Single-Node System Software Installation Guide
(Windows)
c.
Issue 01 (2016-04-30)
10 Appendix
In the dialog box that is displayed, set Administrator and Users to Off, and click
OK.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
127
eSight
Single-Node System Software Installation Guide
(Windows)
10 Appendix
Step 8 Restart the browser.
----End
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
128
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
11
FAQ
About This Chapter
11.1 Huawei Server
11.2 Windows Operating System
11.3 Installation
11.4 Login
This topic describes the solutions to the FAQs about eSight login failures.
11.5 Others
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
129
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
11.1 Huawei Server
11.1.1 How Do I Change the IP Address of the iMana
Management Network Port on the Tecal RH2288 Server?
Question
How do I change the IP address of the iMana management network port on the Tecal RH2288
server?
Answer
The default IP address of the iMana management network port on the Tecal RH2288 server is
192.168.2.100. You can check and change the IP address of the iMana management network
port on the the BIOS interface of the server.
Step 1 Restart the Tecal RH2288 server, press Del during the startup to access the BIOS interface,
choose Advanced.
Step 2 Choose IPMI BMC Configuration and press Enter.
The IPMI configuration screen is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
130
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Step 3 Choose BMC Configuration and press Enter.
The BMC Configuration screen is displayed.
Step 4 Choose IPv4 IP Address, IPv4 Subnet Mask, and IPv4 Gateway Address in sequence,
press Enter, and change them one by one.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
131
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Step 5 Press F10 to save the settings and exit when the settings are complete. Restart the server to
make the settings take effect.
----End
11.1.2 How Do I Change the IP Address of the iMana
Management Network Port on the Tecal RH5885 Server?
Question
How do I change the IP address of the iMana management network port on the Tecal RH5885
server?
Answer
The default IP address of the iMana management network port on the Tecal RH5885 server is
192.168.2.100. You can check and change the IP address of the iMana management network
port on the the BIOS interface of the server.
Step 1 Restart the Tecal RH5885 server, press Del during the startup to access the BIOS interface,
choose Server Mgmt.
Step 2 Choose BMC Network Configuration and press Enter.
The BMC network configuration screen is displayed.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
132
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Step 3 Choose Configuration Source and set Configuration Source to Static.
Step 4 Choose Station IP Address, Subnet Mask, Station Gateway Address, and Station MAC
Address in sequence, press Enter, and change them one by one.
Step 5 Press F4 to save the settings and exit when the settings are complete. Restart the server to
make the settings take effect.
----End
11.1.3 How Do I Set the Running Environment of the iMana
Management Software Client?
Question
How do I set the running environment of the iMana management software client?
Answer
To use the remote control function, a browser and the Java runtime environment (JRE) of
proper versions must be installed on the client.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
133
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
NOTICE
Do not frequently press the Forward and Backward buttons in the browser when you use the
remote control function.
Table 11-1 describes the software requirements on the client.
Table 11-1 Client software requirements
Running Environment
Configuration Requirement
Browser
Internet Explorer 8.0
Mozilla Firefox 9.0, 23.0
JRE
JRE 1.6.0 U25, 1.7.0 U40
NOTE
If the JRE does not meet requirements, download it from http://
www.oracle.com/technetwork/java/javase/downloads/
index.html.
Step 1 Check the JRE version.
On the command-line interface (CLI), run the following command to view the JRE version:
C:\>java -version
The command output is displayed as follows:
java version "1.6.0_25-rev"
Java(TM) Platform, Standard Edition for Business (build 1.6.0_25-rev-b05)
Java HotSpot(TM) Client VM (build 16.3-b04, mixed mode, sharing)
The bold characters indicate that the JRE1.6.0_25 is installed on the client.
Step 2 If JRE 1.7.0_21 or a later version is installed, change the Java security setting. Otherwise, the
remote control function offered by the iMana is unavailable.
1.
In Control Panel of the client, choose Programs > Java.
2.
In Java Control Panel, click the Security tab.
3.
Add the iMana's address to Exception Site List or set Security Level to Medium.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
134
eSight
Single-Node System Software Installation Guide
(Windows)
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11 FAQ
135
eSight
Single-Node System Software Installation Guide
(Windows)
4.
11 FAQ
Click OK.
----End
11.1.4 How Do I Remotely Log In to the Server Through the
iMana Management Port?
Question
How do I remotely log in to the server through the iMana management port?
Answer
To remotely manage server processes, you can log in to the management software commandline interface through SSH or Telnet, or log in to the management software web page through
a web browser.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
136
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
NOTICE
l A maximum of five users are allowed to log in to the management software command-line
interface through SSH or Telnet at the same time.
l A maximum of four users are allowed to log in to the WebUI at the same time. However,
only two users are allowed to use the keyboard, video, and mouse (KVM) over IP function
at a time, and only one user is allowed to use the virtual media function at a time.
l The system timeout period is 5 minutes by default. That is, if you do not perform any
operation about requesting server data on the WebUI within 5 minutes, the system logs out
automatically. In this case, enter the user name and password to log in to the WebUI again.
l
Log in to the management software command-line interface.
–
By SSH: Start the SSH client tool and log in with the IP address, user name, and
password of the management network port.
–
By Telnet: Start the Windows command terminal, run the telnet IP address
command, and enter the user name and password as prompted.
NOTE
The default user name is root, and the default password is root or Huawei12#$.
l
Log in to the management software web page.
a.
Open a web browser, enter the IP address of the iMana management network port in
the address bar, and press Enter.
The Security Alert dialog box is displayed.
b.
Click Yes.
The login page is displayed.
c.
Enter the user name and password and choose to log in through a local host or a
user domain.
NOTE
The default user name is root, and the default password is root or Huawei12#$.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
137
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
d.
Click Log In. The iMana web page is displayed.
e.
Select Remote Control, and click Remote Virtual Console (requiring JRE) to
log in to the server.
NOTE
l Remote Virtual Console (shared mode) allows two users to access the server and supports
concurrent user operations. A user can view operations of another user.
l Remote Virtual Console (private mode) allows only one user to access the server.
----End
11.1.5 How Do I Change the Password of the root User of the
iMana Management Software?
Question
How do I change the password of the root user of the iMana management software?
Answer
You can change the password of the root user on the BIOS interface. You can also change or
add a user name and password on the iMana command-line interface.
NOTE
l The user name of the root user cannot be changed.
l When you set the password for the root user on the BIOS interface, the system does not recognize uppercase letters and automatically convert upper-case letters to lower-case letters.
l On the BIOS interface, a password contains a maximum of 16 characters, and on the command-line
interface, a password contains a maximum of 20 characters.
l
Change the root user password of the Tecal RH2288 server on the BIOS interface.
a.
Issue 01 (2016-04-30)
Restart the Tecal RH2288 server, press Del during the startup to access the BIOS
interface, choose Advanced.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
138
eSight
Single-Node System Software Installation Guide
(Windows)
Issue 01 (2016-04-30)
b.
Choose IPMI BMC Configuration and press Enter.
The IPMI configuration screen is displayed.
c.
Choose BMC Configuration and press Enter.
The BMC Configuration screen is displayed.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11 FAQ
139
eSight
Single-Node System Software Installation Guide
(Windows)
d.
11 FAQ
Choose Change BMC User Password and press Enter.
The Change BMC User Password page is displayed.
l
e.
Enter the new and confirm passwords.
f.
Press F10 to save the settings and exit when the settings are complete. Restart the
server to make the settings take effect.
Change the root user password of the Tecal RH5885 server on the BIOS interface.
a.
Issue 01 (2016-04-30)
Restart the Tecal RH5885 server, press Del during the startup to access the BIOS
interface, choose Security.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
140
eSight
Single-Node System Software Installation Guide
(Windows)
Issue 01 (2016-04-30)
11 FAQ
b.
Choose BMC Root Password and press Enter.
c.
Change the root user password as prompted.
d.
Press F4 to save the settings and exit when the settings are complete. Restart the
server to make the settings take effect.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
141
eSight
Single-Node System Software Installation Guide
(Windows)
l
11 FAQ
Manage users on the iMana command-line interface.
a.
Run the following command to view the list of users:
root@BMC:/# ipmcget -d userlist
b.
Run the following command to add a user and set a password for the user:
NOTE
A maximum of 17 users can exist at the same time, with 16 actually effective users.
root@BMC:/# ipmcset -d adduser -v username
c.
Run the following command to set rights for the new user:
root@BMC:/# ipmcset -d privilege -v username { 15 | 2 | 3 | 4 }
d.
Parameter
Description
15
No access permission.
2
User rights.
3
Operator rights.
4
Administrator rights.
Run the following command to change the user password:
root@BMC:/# ipmcset -d password -v username
e.
Run the following command to delete the user:
root@BMC:/# ipmcset -d deluser -v username
----End
11.2 Windows Operating System
11.2.1 How Do I Change the Password for the Administrator User
administrator?
Question
How do I change the password for the administrator user administrator on the Windows
operating system?
Answer
Step 1 Log in to the Windows operating system as the administrator user.
Step 2 Press Ctrl+Alt+Delete.
Step 3 In the dialog box that is displayed, click Change a password.
Step 4 Enter the old password, new password, and confirm password for the administrator user.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
142
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Step 5 Click OK.
----End
11.2.2 How Can I Change the OpenSSH Service Password?
Question
How can I change the OpenSSH service password?
Answer
To change the OpenSSH service password, perform the following steps:
l
l
Windows Server 2008
a.
Right-click Computer and choose Management.
b.
On the Server Manager page, choose Configuration > Local Users and Groups
> Users.
c.
Right-click ossuser and select Set Password in the right pane.
d.
On the dialog box that is displayed, click Proceed.
e.
On the dialog box that is displayed, enter the new password and click OK.
SUSE Linux
a.
Run the following command to change the password of the ossuser user:
# passwd ossuser
b.
Enter New password and Confirm New Password as prompted.
----End
11.2.3 When the SetWin Installation Package Fails to Be Installed
in the Windows Server English Operating System Due to Chinese
Characters in the Installation Package Path
Symptom
The SetWin installation package fails to be installed in the Windows Server English operating
system because the installation package path contains Chinese characters.
Possible Causes
The English operating system cannot resolve the SetWin installation package path that
contains Chinese characters.
Procedure
Step 1 Change the Chinese characters in the installation package path to English characters.
----End
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
143
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
11.2.4 How to Reinstall SetWin After Deleting the SetWin
Installation Directory?
Symptom
When installing SetWin, the error message SetWin is already installed in
your system is displayed.
Possible Causes
The SetWin installation directory is deleted from the installation path.
Procedure
1.
Choose Start > Run and enter regedit in the Run dialog box.
2.
Choose HKEY_LOCAL_MACHINE > SOFTWARE > Huawei > SetWin.
3.
Delete the SetWin register key.
4.
Reinstall SetWin.
11.2.5 Failure to Log In to Windows Using Old Accounts and
Passwords After Security Hardening
Symptom
After you harden Windows security and restart Windows, login to Windows using the old
administrator account and password or old guest account and password fails.
Possible Causes
Security hardening items include Rename Administrator Account and Rename Guest
Account.
Procedure
1.
Import a security hardening policy file to SetWin.
2.
Choose SetWin Policies > Security Settings > Security Options > Accounts.
3.
Check the values of Rename Administrator Account and Rename Guest Account.
NOTE
If the security hardening policy file contains the two items, SetWin renames the administrator
account and guest account to configured ones, leaving the passwords for the two accounts
unchanged.
4.
Use the new administrator account or guest account and the old password to log in to
Windows.
11.2.6 How to Check and Analyze SetWin Logs?
After you use SetWin to back up, harden security for, or roll back Windows, SetWin generates
a log file. This topic describes how to check and analyze SetWin logs.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
144
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Context
SetWin records operation information to a log file.
l
The default path to SetWin log files is SetWin installation path\SetWin\Logs.
l
The preset maximum number of log files is 100. The maximum size of a single log file is
2 MB.
l
A SetWin log file is named after the time when the file is generated.
Procedure
Step 1 Log in to Windows as the system administrator.
Step 2 Open a SetWin log file.
You can check the current and historical SetWin logs.
l
To check the current SetWin logs, view the Log dialog box displayed or choose Log >
View Log Messages in the SetWin's main window when the current operation is
complete.
NOTE
After the Log dialog box is closed, you can view the current SetWin logs only in a historical log
file.
l
To check historical SetWin logs, choose Log > Open Log File in the SetWin's main
window or click Open Log File in the Log dialog box. You can choose a log file based
on the operation time.
Step 3 Analyze SetWin logs.
In the Log dialog box, log colors vary according to log type. In a historical log file, logs of
each type start with a specified letter. Logs are classified into the following types:
l
Informational log: records policy information and operation success information. An
informational log starts with M. In the Log dialog box, informational logs are in green.
l
Operation wise log: records new values of hardening items in a security hardening policy
file. An operation wise log starts with W. In the Log dialog box, operation wise logs are
in brown.
l
Reporting log: records common information. A reporting log starts with R. In the Log
dialog box, reporting logs are in black.
l
Error log: records error information. An error log starts with E. In the Log dialog box,
error logs are in red.
----End
11.2.7 What Do I Do When I Am Prompted to Log In to the
Windows Server Operating System Using a Smart Card After the
Security Hardening?
Question
What Do I do when I am prompted to log in to the Windows Server operating system using a
smart card after the security hardening?
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
145
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Answer
Step 1 Log in to the operating system in safe mode.
Step 2 Choose Start > Run, enter gpedit.msc, and press Enter.
Step 3 In the Local Group Policy Editor window that is displayed, choose Computer
Configuration > Windows Settings > Security Settings > Local Policies > Security
Options.
Step 4 On the right of the window, double-click Interactive logon:Require smart card. In the
dialog box that is displayed, select Disabled and click OK.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
146
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Step 5 Restart the operating system.
----End
11.3 Installation
11.3.1 What Can I Do When eSight Installation, Upgrade, or
Startup Fails Due to FTP Startup?
Question
During eSight installation, upgrade, or startup, the environment check result shows that the
FTP service check is not passed.
To solve this problem, stop the started FTP service before eSight installation, upgrade, or
startup.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
147
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Answer
l
Windows:
a.
Access the CLI and run the following command to check the ID of the process that
occupies port 21:
netstat -ano|findstr :21
Information similar to the following is displayed:
NOTE
Here, 820 indicates the ID of the process that occupies port 21.
b.
Run the following command to stop the process.
taskkill /F /PID 820
c.
l
Perform eSight installation, upgrade, or startup again.
SUSE11 Linux:
a.
Access the CLI and run the following command to check the ID of the process that
occupies port 21:
netstat -anp|grep :21
Information similar to the following is displayed:
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
148
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
NOTE
Here, 324 indicates the ID of the process that occupies port 21.
b.
Run the following command to stop the process.
kill -9 324
c.
Perform eSight installation, upgrade, or startup again.
----End
11.3.2 Can eSight Be Installed When All Network Adapters Are
Down or Not Configured with IP Addresses
Question
Can eSight be installed when all network adapters are down or not configured with IP
addresses?
Answer
l
No. IP addresses must be configured and network adapter must be up before eSight
installation.
----End
11.3.3 How Do I Release Occupied eSight Ports
Question
The eSight installation or startup cannot continue because some ports are occupied. How do I
release these ports?
Answer
l
Windows:
a.
Run the following command in the CLI to find the process ID (PID) of the occupied
port:
netstat -ano|findstr :Number of the occupied port
Information similar to the following is displayed:
NOTE
Here, 820 indicates the ID of the process that occupies port 21.
b.
Run the following command to release the port:
taskkill /F /PID Process ID
l
SUSE Linux:
a.
Run the following command on the command terminal to find the process ID (PID)
of the occupied port:
netstat -anop|grep :Number of the occupied port
Information similar to the following is displayed:
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
149
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
NOTE
Here, 25294 indicates the ID of the process that occupies port 8080.
b.
Run the following command to release the port:
kill -9 Process ID
----End
11.3.4 Can I Store the eSight Installation Directory and
Installation Disk in the Same Directory
Question
Can I store the eSight installation directory and installation disk in the same directory?
Answer
No. The eSight installation directory must be empty. If any file exists in the installation
directory, the installation will fail.
11.3.5 What Can I Do When eSight Installation Fails Due to
System Tool Check Failure?
Question
If the system tool check is not passed, eSight installation may fail.
Answer
System tools include ping, tracert, and netstat command tools that are frequently used on the
operating system. These command tools are used during eSight device management. If these
command tools are unavailable, certain eSight functions cannot be used.
Rectify or re-install the eSight server operating system to support ping, tracert, and netstat
command tools.
11.3.6 What Can I Do When eSight Startup Times Out?
Question
There is a very low possibility that eSight startup times out due to a report engine
initialization deadlock.
Answer
To resolve this problem, stop and restart the eSight service.
11.3.7 What Do I Do When the Remote Login Fails After Security
Hardening on Windows Server 2008?
Question
What do I do when the remote login fails after Windows Server 2008 is hardened?
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
150
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Answer
Modify LAN Manager authentication level Properties on the host that runs Windows
Server 2008.
Step 1 Choose Start > Run.
Step 2 In the text box, enter gpedit.msc and press Enter.
Step 3 In the dialog box that is displayed, choose Windows Settings > Security Settings > Local
Policies > Security Options. Double-click Network security: LAN Manager
authentication level Properties.
Step 4 In the dialog box that is displayed, select Send NTLMv2 response only. Refuse LM &
NTLM and click OK.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
151
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
----End
11.3.8 What Do I Do When Opening a Page Takes a Long Time
After the OfficeScan Antivirus Software Is Installed?
Symptom
What do I do when opening a page takes a long time after the OfficeScan antivirus software is
installed?
Possible Causes
This problem occurs at a very low possibility. It is because the eSight operating efficiency is
negatively influenced when the OfficeScan antivirus software is scanning eSight.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
152
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Procedure
Step 1 Log in to the OfficeScan Web Console.
NOTE
The URL for the OfficeScan Web Console is https://OfficeScan Server IP:32148/officescan.
Step 2 Choose Networded Computers > Client Management.
Step 3 On the Client Management tab page, choose OfficeScan Server.
Step 4 Set not to scan the eSight installation directory during manual scanning.
1.
Choose Settings > Manual Scan Settings from the toolbar.
2.
On the Manual Scan Settings page, select Adds path to the client computer's
exclusion list, enter the eSight installation path (for example, D:\eSight), and click Add.
3.
Enter the SQL Server database file path (for example, D:\data), and click Add.
4.
Click Apply to All Clients.
5.
In the dialog box that is displayed, click OK.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
153
eSight
Single-Node System Software Installation Guide
(Windows)
6.
11 FAQ
On the Manual Scan Settings page, click Close.
Step 5 Set not to scan the eSight installation directory during real-time scanning.
1.
Choose Settings > Real-time Scan Settings from the toolbar.
2.
On the Real-time Scan Settings page, select Adds path to the client computer's
exclusion list, enter the eSight installation path (for example, D:\eSight), and click Add.
3.
Enter the SQL Server database file path (for example, D:\data), and click Add.
4.
Click Apply to All Clients.
5.
In the dialog box that is displayed, click OK.
6.
On the Real-time Scan Settings page, click Close.
----End
11.4 Login
This topic describes the solutions to the FAQs about eSight login failures.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
154
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
11.4.1 What Do I Do If the eSight Client Fails to Be Opened in
IPv6 Mode Using Mozilla Firefox?
Question
l
When I use the Firefox 3.6 browser to access the eSight, I enter an abbreviated IPv6
address that contains two consecutive colons (::) in the address box. The Topology
Management page cannot be opened. Two consecutive colons (::) indicate the
consecutive zero-block sequence.
l
I cannot log in to the eSight client in IPv6 mode using Mozilla Firefox 4.0 or later.
Answer
This problem is a defect of Mozilla Firefox.
When logging in to the eSight client in IPv6 mode, use Windows Internet Explorer.
11.4.2 How to Rectify the Failure in Logging In to the eSight
Server Using a Browser?
Question
After the eSight server starts properly, the login to the eSight server using a browser fails and
a message indicating access failure is displayed. How do I rectify this failure?
Answer
Step 1 Check whether the firewall is enabled on the eSight server. If the firewall is enabled, adjust
the firewall policies.
Step 2 Log in to the eSight server using the browser and check whether the login is successful.
----End
11.4.3 How Do I Address the eSight Login Failure Due to Firefox
Browser Proxy Setting?
Question
When the Firefox browser proxy is set, I cannot log in to eSight. How do I address this
problem?
NOTE
This problem does not occur when Internet Explorer is used.
Answer
Step 1 Open the Firefox browser (for example, Firefox 27).
Step 2 Choose Tools > Options from the main menu.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
155
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Step 3 In the Options window that is displayed, choose Advanced > Network and click Settings.
Step 4 Set the eSight server to access in No Proxy for and click OK.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
156
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Step 5 Click OK.
When the configuration is complete, log in to eSight again.
----End
11.4.4 What Do I Do If the eSight Displays a Security Certificate
Error During Login?
Symptom
Internet Explorer or Mozilla Firefox displays a message indicating that the security certificate
is incorrect when you log in to the eSight.
l
Issue 01 (2016-04-30)
The following figure shows the security certificate error prompted by Internet Explorer.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
157
eSight
Single-Node System Software Installation Guide
(Windows)
l
11 FAQ
The following figure shows the security certificate error prompted by Firefox.
Possible Causes
The security certificate is incorrect or is not installed, you need to install a valid security
certificate.
Procedure
l
Issue 01 (2016-04-30)
Method 1: Deploy the certificated authorized by the Certificate Authority (CA) to eSight.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
158
eSight
Single-Node System Software Installation Guide
(Windows)
l
11 FAQ
a.
Contact the eSight server administrator to apply for a certificate from the CA.
b.
Deploy the certificates issued by the CA to the eSight.
Method 2: Set the certificate of the eSight to a trust certificate of the browser.
–
Install the security certificate in Internet Explorer.
i.
On the error message page, click Continue to this website (not
recommended).
ii.
Click Certificate Error. In the Certificate Invalid dialog box, click View
certificates.
iii. On the General tab page, click Install Certificate.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
159
eSight
Single-Node System Software Installation Guide
(Windows)
iv.
Issue 01 (2016-04-30)
11 FAQ
In the Certificate Import Wizard dialog box, click Next.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
160
eSight
Single-Node System Software Installation Guide
(Windows)
v.
11 FAQ
Select Place all certificates in the following store and click Browse.
vi. In the Select Certificate Store dialog box, select Trusted Root Certification
Authorities and click OK.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
161
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
vii. Click Next.
viii. In the Certificate Import Wizard dialog box, click Finish.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
162
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
ix. In the Security Warning dialog box, click Yes.
x.
Issue 01 (2016-04-30)
In the Certificate Import Wizard dialog box, click OK.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
163
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
xi. Close Internet Explorer and open it again to log in to the eSight.
The security certificate error page is displayed due to the invalid certificate.
Click Continue to this website (not recommended). The eSight login page is
displayed for you to log in to the eSight.
–
Issue 01 (2016-04-30)
Install the security certificate in Mozilla Firefox.
i.
On the error message page, expand I Understand the Risks and click Add
Exception.
ii.
In the Add Security Exception dialog box, click Confirm Security
Exception.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
164
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
iii. Close Mozilla Firefox and open it again to log in to the eSight.
----End
Suggestion and Summary
Method 1 is recommended. Method 2 may do not work in some scenario because Internet
Explorer versions differ.
11.4.5 What Do I Do If the eSight Displays a Security Warning
Message During Login?
Symptom
The Web browser displays a security alarm when you log in to the eSight.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
165
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Possible Causes
The security level of the browser is too high. To solve this problem, you can add the website
of the eSight as a trusted website or set the security level of the browser to a low level.
Procedure
l
Issue 01 (2016-04-30)
Solution 1: Add Trusted Websites
a.
In the security alarm dialog box, click Add.
b.
In the Internet Options dialog box, select the Trusted sites icon on the Security
tab page, and click Sites.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
166
eSight
Single-Node System Software Installation Guide
(Windows)
c.
11 FAQ
In the Trusted sites dialog box, enter the eSight website address in the Add this
website to the zone text box, and click Add to add the website to the list of trusted
websites.
NOTE
The websites for accessing the eSight over Hypertext Transfer Protocol (HTTP) or Hypertext
Transfer Protocol Secure (HTTPS) must be added to the list of trusted websites.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
167
eSight
Single-Node System Software Installation Guide
(Windows)
l
Issue 01 (2016-04-30)
d.
Click Close.
e.
Close Internet Explorer and open it again to log in to the eSight.
11 FAQ
Solution 2: Set the Security Level of the Browser
a.
Open Microsoft Internet Explorer, and choose Tools > Internet Options.
b.
In the Internet Options dialog box, select the Trusted sites icon on the Security
tab page, and click Custom level in the Security level for this zone area.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
168
eSight
Single-Node System Software Installation Guide
(Windows)
c.
Issue 01 (2016-04-30)
11 FAQ
In the Security Settings-Internet Zone window, select Enable under Submit nonencrypted from data and Enable under Active scripting, and click OK.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
169
eSight
Single-Node System Software Installation Guide
(Windows)
d.
In the Internet Options window, click OK.
e.
Close Internet Explorer and open it again to log in to the eSight.
11 FAQ
----End
11.4.6 What Do I Do When a Message Is Displayed Indicating the
System Internal Error?
Symptom
During login to eSight, a message indicating system internal error is displayed, as shown in
Figure 11-1.
Figure 11-1 System error message
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
170
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Possible Causes
1.
eSight is being restarted.
2.
A key eSight component, for example, the security component, fails to start.
l
Log in to eSight later.
l
If the problem persists, restart eSight.
Procedure
----End
11.4.7 What Do I Do If I Forget the Password When I Attempt to
Log In to the eSight?
Question
What do I do if I forget the password when I attempt to log in to the eSight?
Answer
l
For non-admin users, contact the admin user to reset the password.
l
For the admin user, the eSight does not support password resetting. The password of the
admin user cannot be retrieved and you must reinstall the eSight. Therefore, you must
remember the password of the admin user.
11.4.8 How Do I Cancel the Advance Warning of Password
Expiration and Mandatory Password Change
Question
When I log in to the eSight, I receive an advance warning before the password expires every a
specified period, for example, three months, and I am asked to change the password. If I do
not change the password before it expires, I cannot log in after the password expires and have
to change it immediately.
How do I cancel the advance warning of password expiration and mandatory password
change or prolong the password change period?
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
171
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Answer
NOTICE
Changing passwords periodically can improve user information security and reduce the
possibility of account forgery. Exercise caution when canceling the functions and changing
the password change period.
User information is more secure if a password is changed more frequently. However, you may
forgot the passwords if you change password frequently.
Step 1 Choose System > Administration > User Management from the main menu.
Step 2 In the navigation tree, select Password Policy.
The eSight password policy includes Forcibly change an expired password, as shown in
Figure 11-2. By default, the check box is selected. The default password validity period is 90
days and users are notified that their passwords are about to expire 7 days in advance.
Users who have security management rights can modify the policy as follows:
l
Determine whether to require users to periodically change passwords. Select the check
box to retain the function.
l
Prolong or shorten the password change period. Specifically, change the password
validity period. The password change period is determined by the password validity
period.
l
Change the number of days in advance users are notified that their passwords are about
to expire.
Figure 11-2 Password policy
If a user logs in to the eSight when the password is about to expire, the user receives
notifications and is asked to change the password, as shown in Figure 11-3. Users can change
the password or ignore the notification and do not change the password. If the password is not
changed after it expires, the user can log in only after changing the password.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
172
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Figure 11-3 Password change notification
----End
11.4.9 How Do I Solve the Service Session Failure That Occurs
When I Log In to eSight?
Question
A user has already logged in to eSight. The user uses the same browser to log in to eSight on
the same PC for a second time. A message indicating service session failure may be displayed
on the first eSight page.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
173
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
Answer
Close all the eSight pages and log in to eSight again.
NOTICE
Do not use the same browser to log in to eSight on the same PC more than once.
11.5 Others
11.5.1 eSight System Becomes Faulty After the Database User
Password Is Changed Using a Database Tool
Question
After I use a database tool instead the maintenance tool to change the password for a NMS
user or administrators of the eSight database, some problems occur on the eSight system. For
example, I cannot start the eSight using the maintenance tool. How do I resolve the problems?
Answer
The maintenance tool of the eSight system changes the database access password and the
database password. Other database tools, however, change only the database password. Use
the maintenance tool instead of a database tool to change the password for a NMS user or
administrators of the database. Otherwise, the following problems may occur:
l
Issue 01 (2016-04-30)
The eSight system cannot be started using the maintenance tool if the password for a
database NMS user is changed.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
174
eSight
Single-Node System Software Installation Guide
(Windows)
l
11 FAQ
The password for a database NMS user cannot be changed using the maintenance tool if
the password for the administrator is changed.
When these problems occur, perform the following steps to change the password used for
database access to maintain password consistency:
Step 1 On the maintenance tool, choose System > DB Password Management from the main menu.
Step 2 Change the database access password to the same as the database password.
l
For the eSight system startup failure
On the Database NMS User password area of the DB Password Management
window, set parameters listed in Table 11-2 in the displayed window.
Table 11-2 Parameters required for changing the password for a database NMS user
l
Parameter
Description
Old Password
Enter the NMS user password used for database access.
New Password
Enter the database NMS user password changed using the
database tool.
Confirm Password
Enter the new password again for confirmation.
For the failure to change the password for a database NMS user using the maintenance
tool
On the Database System Administrator password area of the DB Password
Management window, set parameters listed in Table 11-3 in the displayed window.
Table 11-3 Parameters required for changing the password for a administrator
Parameter
Description
Old Password
Enter the administrator password used for database access.
New Password
Enter the administrator password changed using the
database tool.
Confirm Password
Enter the new password again for confirmation.
Step 3 Click Apply.
Step 4 For the eSight startup failure, start the eSight again. For the failure to change the password for
a common user using the maintenance tool, change the password for the database NMS user
again.
----End
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
175
eSight
Single-Node System Software Installation Guide
(Windows)
11 FAQ
11.5.2 How Do I Prevent Problems Caused by eSight Server
System Time Change?
Symptom
If the eSight server system time is changed, eSight may fail to work. For example, the
topology is not refreshed.
Procedure
Step 1 Stop eSight services.
Step 2 Restart eSight services.
----End
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
176
eSight
Single-Node System Software Installation Guide
(Windows)
A Glossary
A
Glossary
Numerics
3GPP
3rd Generation Partnership Project
A
ADSL Port
information Protocol
(APP)
A protocol that is used to control and maintain the line-capturing device, for example,
control the STAM, ETAM, and so on.
APP
See ADSL Port information Protocol.
ARP
See Address Resolution Protocol.
Address Resolution
Protocol (ARP)
An Internet Protocol used to map IP addresses to MAC addresses. The ARP protocol
enables hosts and routers to determine link layer addresses through ARP requests and
responses. The address resolution is a process by which the host converts the target IP
address into a target MAC address before transmitting a frame. The basic function of
ARP is to use the target equipment's IP address to query its MAC address.
administrator
A user who has authority to access all EMLCore product management domains. This
user has access to the entire network and all management functions.
B
BBU
See backup battery unit.
BIOS
See basic input/output system.
BMC
See baseboard management controller.
backup battery unit
(BBU)
A battery module that can supplies power for a controller enclosure in a short time
when the system is powered off.
baseboard
Responsible for collecting, processing, and storing signals of all sensors and
management controller monitoring the running status of all parts.
(BMC)
basic input/output
system (BIOS)
Issue 01 (2016-04-30)
Firmware stored on the computer motherboard that contains basic input/output control
programs, power-on self test (POST) programs, bootstraps, and system setting
information. The BIOS provides hardware setting and control functions for the
computer.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
177
eSight
Single-Node System Software Installation Guide
(Windows)
A Glossary
C
CD
compact disc
CD-ROM
compact disc read-only memory
CLI
command-line interface
CPU
See central processing unit.
central processing unit The computational and control unit of a computer. The CPU is the device that
(CPU)
interprets and executes instructions. The CPU has the ability to fetch, decode, and
execute instructions and to transfer information to and from other resources over the
computer's main data-transfer path, the bus.
certificate
The certificate, also called the digital certificate, establishes the association between
the user identity and user public key. The certificate is issued by the third-party
authority, and provides identity authentication for the communications parties.
D
DB
database
DC
data center
DG
See disk group.
DHCP
See Dynamic Host Configuration Protocol.
DNS
See domain name service.
DNS server
A device that can provide domain name resolution for the client on the network
Dynamic Host
A client-server networking protocol. A DHCP server provides configuration
Configuration Protocol parameters specific to the DHCP client host requesting information the host requires
(DHCP)
to participate on the Internet network. DHCP also provides a mechanism for allocating
IP addresses to hosts.
database server
The database management software running on one or more servers in a LAN. The
database server provides services for users' applications. These services include query,
update, event management, index, cache, query optimization, security, and multiuser
access control.
digital signature
A message signed with a sender's private key that can be verified by anyone who has
access to the sender's public key. Digital signature gives the receiver the reason to
believe the message was sent by the claimed sender. A proper implementation of
digital signature is computing a message digest for the message sent from the sender
to the receiver, and then signing the message digest. The result is called digital
signature and is sent to the receiver together with the original message.
disk group (DG)
An aggregation of hard disks of the same physical type in the storage pool. This
aggregation defines the faulty area where disk reconstruction occurs and the scope of
hard disks that can be allocated.
domain name service
(DNS)
A hierarchical naming system for computers, services, or any resource connected to
the Internet or a private network. It associates various information with domain names
assigned to each of the participants. The DNS distributes the responsibility of
assigning domain names and mapping those names to IP addresses by designating
authoritative name servers for each domain.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
178
eSight
Single-Node System Software Installation Guide
(Windows)
A Glossary
E
ESN
See equipment serial number.
Ethernet
A LAN technology that uses the carrier sense multiple access with collision detection
(CSMA/CD) media access control method. The Ethernet network is highly reliable
and easy to maintain. The speed of an Ethernet interface can be 10 Mbit/s, 100 Mbit/s,
1000 Mbit/s, or 10,000 Mbit/s.
encryption
A function used to transform data so as to hide its information content to prevent it's
unauthorized use.
equipment serial
number (ESN)
A string of characters that identify a piece of equipment and ensures correct allocation
of a license file to the specified equipment. It is also called "equipment fingerprint".
F
FTP
File Transfer Protocol
firewall
A combination of a series of components set between different networks or network
security domains. By monitoring, limiting, and changing the data traffic across the
firewall, it masks the interior information, structure and running state of the network
as much as possible to protect the network security.
G
GE
Gigabit Ethernet
GMT
Greenwich Mean Time
GUI
graphical user interface
H
HTTP
See Hypertext Transfer Protocol.
HTTPS
See Hypertext Transfer Protocol Secure.
Hypertext Transfer
Protocol (HTTP)
An application-layer protocol used for communications between web servers and
browsers or other programs. HTTP adopts the request-response mode. A client sends a
request to the server. The request consists of two parts: request header and MIME-like
message. The request header contains request method, uniform resource locator
(URL), and protocol version. The MIME-like message contains request modifiers,
client information, and possible body content. Upon receiving the request, the server
responds with a status line. The status line includes the message's protocol version, a
success or error code, and a MIME-like message, which contains server information,
entity meta-information, and possible entity-body content. For details about HTTP, see
RFC2616.
Hypertext Transfer
Protocol Secure
(HTTPS)
An HTTP protocol that runs on top of transport layer security (TLS) and Secure
Sockets Layer (SSL). It is used to establish a reliable channel for encrypted
communication and secure identification of a network web server. For details, see
RFC2818.
I
I/O
Issue 01 (2016-04-30)
input/output
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
179
eSight
Single-Node System Software Installation Guide
(Windows)
A Glossary
ID
See identity.
IE
Internet Explorer
IIS
See Internet Information Services.
IO
See Input Output.
IP
Internet Protocol
IP address
A 32-bit (4-byte) binary number that uniquely identifies a host connected to the
Internet. An IP address is expressed in dotted decimal notation, consisting of the
decimal values of its 4 bytes, separated with periods; for example, 127.0.0.1. The first
three bytes of the IP address identify the network to which the host is connected, and
the last byte identifies the host itself.
IPMI
See Intelligent Platform Management Interface.
IPS
intelligent protection switching
IPv4
See Internet Protocol version 4.
IPv6
See Internet Protocol version 6.
ISO
International Organization for Standardization
Input Output (IO)
refers to the communication between an information processing system (such as a
computer), and the outside world – possibly a human, or another information
processing system
Intelligent Platform
A specification, developed by Dell, HP, Intel and NEC, for the purpose of improving
Management Interface serviceability of servers. The IPMI provides servers with device management, sensor
(IPMI)
and event management, user management, fan box and power supply management,
and remote maintenance.
Internet Information
Services (IIS)
Microsoft's brand of a Web server software, utilizing the Hypertext Transfer Protocol
(HTTP) to deliver World Wide Web documents. It incorporates various functions for
security, allows for CGI programs, and also provides Gopher and FTP services.
Internet Protocol
version 4 (IPv4)
The current version of the Internet Protocol (IP). IPv4 utilizes a 32bit address which is
assigned to hosts. An address belongs to one of five classes (A, B, C, D, or E) and is
written as 4 octets separated by periods and may range from 0.0.0.0 through to
255.255.255.255. Each IPv4 address consists of a network number, an optional
subnetwork number, and a host number. The network and subnetwork numbers
together are used for routing, and the host number is used to address an individual host
within the network or subnetwork.
Internet Protocol
version 6 (IPv6)
An update version of IPv4, which is designed by the Internet Engineering Task Force
(IETF) and is also called IP Next Generation (IPng). It is a new version of the Internet
Protocol. The difference between IPv6 and IPv4 is that an IPv4 address has 32 bits
while an IPv6 address has 128 bits.
identity (ID)
The collective aspect of the set of characteristics by which a thing is definitively
recognizable or known.
J
JRE
See Java runtime environment.
Java runtime
environment (JRE)
A Java platform on which applications can run, be tested, or be transferred. JRE
includes Java virtual machines (JVMs), Java platform core classes, and support files.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
180
eSight
Single-Node System Software Installation Guide
(Windows)
A Glossary
K
KVM
See keyboard, video, and mouse.
keyboard, video, and
mouse (KVM)
A hardware device installed in the integrated configuration cabinet. KVM serves as
the input and output device for the components inside the cabinet. It consists of a
screen, a keyboard, and a mouse.
L
LDP
Label Distribution Protocol
license file
The license file is an authorization for the capacity, functions, and validity period of
the installed software. The license file is a .dat file that is generated using the special
encryption tool according to the contract, and is delivered electronically. The customer
(e.g. carrier) needs to load the license on the device or software before the functions
supported by the license are applicable.
M
MAC
See Media Access Control.
MIB
See management information base.
Media Access Control
(MAC)
A protocol at the media access control sublayer. The protocol is at the lower part of
the data link layer in the OSI model and is mainly responsible for controlling and
connecting the physical media at the physical layer. When transmitting data, the MAC
protocol checks whether to be able to transmit data. If the data can be transmitted,
certain control information is added to the data, and then the data and the control
information are transmitted in a specified format to the physical layer. When receiving
data, the MAC protocol checks whether the information is correct and whether the
data is transmitted correctly. If the information is correct and the data is transmitted
correctly, the control information is removed from the data and then the data is
transmitted to the LLC layer.
management
information base
(MIB)
A type of database used for managing the devices in a communications network. It
comprises a collection of objects in a (virtual) database used to manage entities (such
as routers and switches) in a network.
N
NAT
See Network Address Translation.
NE
network element
NIC
network interface card
NTFS
See New Technology File System.
NTP
Network Time Protocol
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
181
eSight
Single-Node System Software Installation Guide
(Windows)
A Glossary
Network Address
Translation (NAT)
An IETF standard that allows an organization to present itself to the Internet with far
fewer IP addresses than there are nodes on its internal network. The NAT technology,
which is implemented in a router, firewall or PC, converts private IP addresses (such
as in the 192.168.0.0 range) of the machine on the internal private network to one or
more public IP addresses for the Internet. It changes the packet headers to the new
address and keeps track of them via internal tables that it builds. When packets come
back from the Internet, NAT uses the tables to perform the reverse conversion to the IP
address of the client machine.
New Technology File
System (NTFS)
An advanced file system designed for use specifically with the Windows NT operating
system. It supports long filenames, full security access control, file system recovery,
extremely large storage media, and various features for the Windows NT POSIX
subsystem. It also supports object-oriented applications by treating all files as objects
with user-defined and system-defined attributes.
O
O&M
operation and maintenance
P
PC
personal computer
PDB
power distribution box
PID
process identification
patch
An independent software unit used for fixing the bugs in software.
R
RADIUS
See Remote Authentication Dial In User Service.
RAID
redundant array of independent disks
Remote Authentication A security service that authenticates and authorizes dial-up users and is a centralized
Dial In User Service
access control mechanism. As a distributed server/client system, RADIUS provides
(RADIUS)
the AAA function.
S
SAS
serial attached SCSI
SATA
Serial Advanced Technology Attachment
SCSI
Small Computer System Interface
SDK
software development kit
SFTP
See Secure File Transfer Protocol.
SNMP
See Simple Network Management Protocol.
SSH
See Secure Shell.
SSL
See Secure Sockets Layer.
SSO
See single sign-on.
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
182
eSight
Single-Node System Software Installation Guide
(Windows)
A Glossary
Secure File Transfer
Protocol (SFTP)
A network protocol designed to provide secure file transfer over SSH.
Secure Shell (SSH)
A set of standards and an associated network protocol that allows establishing a secure
channel between a local and a remote computer. A feature to protect information and
provide powerful authentication function for a network when a user logs in to the
network through an insecure network. It prevents IP addresses from being deceived
and simple passwords from being captured.
Secure Sockets Layer
(SSL)
A security protocol that works at a socket level. This layer exists between the TCP
layer and the application layer to encrypt/decode data and authenticate concerned
entities.
Simple Network
Management Protocol
(SNMP)
A network management protocol of TCP/IP. It enables remote users to view and
modify the management information of a network element. This protocol ensures the
transmission of management information between any two points. The polling
mechanism is adopted to provide basic function sets. According to SNMP, agents,
which can be hardware as well as software, can monitor the activities of various
devices on the network and report these activities to the network console workstation.
Control information about each device is maintained by a management information
block.
security
Protection of a computer system and its data from harm or loss. A major focus of
computer security, especially on systems accessed by many people or through
communication lines, is preventing system access by unauthorized individuals.
security hardening
The process of identifying and fixing vulnerabilities on a system.
single sign-on (SSO)
A property of access control over multiple related but independent software systems.
With this property, a user logs in once and gains access to all systems without being
prompted to log in again at each of them.
T
TCP
See Transmission Control Protocol.
TCP/IP
Transmission Control Protocol/Internet Protocol
TFTP
See Trivial File Transfer Protocol.
TLS
Transport Layer Security
Transmission Control
Protocol (TCP)
The protocol within TCP/IP that governs the breakup of data messages into packets to
be sent using Internet Protocol (IP), and the reassembly and verification of the
complete messages from packets received by IP. A connection-oriented, reliable
protocol (reliable in the sense of ensuring error-free delivery), TCP corresponds to the
transport layer in the ISO/OSI reference model.
Trivial File Transfer
Protocol (TFTP)
A small and simple alternative to FTP for transferring files. TFTP is intended for
applications that do not need complex interactions between the client and server.
TFTP restricts operations to simple file transfers and does not provide authentication.
U
UDP
See User Datagram Protocol.
UID
user identity
UPS
uninterruptible power supply
Issue 01 (2016-04-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
183
eSight
Single-Node System Software Installation Guide
(Windows)
A Glossary
URL
See uniform resource locator.
USB
See Universal Serial Bus.
Universal Serial Bus
(USB)
A serial bus standard to interface devices. It was designed for computers such as PCs
and the Apple Macintosh, but its popularity has prompted it to also become
commonplace on video game consoles and PDAs.
User Datagram
Protocol (UDP)
A TCP/IP standard protocol that allows an application program on one device to send
a datagram to an application program on another. UDP uses IP to deliver datagrams.
UDP provides application programs with the unreliable connectionless packet delivery
service. That is, UDP messages may be lost, duplicated, delayed, or delivered out of
order. The destination device does not actively confirm whether the correct data
packet is received.
uniform resource
locator (URL)
An address that uniquely identifies a location on the Internet. A URL is usually
preceded by http://, as in http://www.microsoft.com. A URL can contain more details,
such as the name of a hypertext page, often with the file name extension .html or .htm.
V
VLAN
virtual local area network
VPN
virtual private network
W
WebUI
Issue 01 (2016-04-30)
web user interface
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
184