Cisco Systems OL-11390-01 User's Manual
Contents
1. NMSROOT bin pdcmd u DfmServer User Guide for Device Fault Manager Pili E OL 11390 01 Chapter11 Administering DFM Advanced Device Support Hi c Re register the DfmServer process with all the flags found in Step a and the following sm_server flags as needed port port Specifies port for example on a firewall on which DfmServer will run privopen protocol port Specifies privileged port to which DfmServer has access for example UDP 162 NMSROOT bin pdemd r DfmServer e NMSROOT objects smarts bin sm_server output n DFM c icf privopen UDP 162 bootstrap DFM_bootstrap conf subscribe default Use the following command to list all sm_server flags NMSROOT objects smarts bin sm_server help Step2 Configure the established connection keyword in the firewall to be automatic For additional information on using the privopen option see Example 2 Configuring the DFM Server to Use a Privileged Port page 11 19 Device Support When support for new devices becomes available for DFM minor releases will be announced on the planner page for DFM on Cisco com Visit the planner page for announcements downloads and installation instructions for these releases as they become available When a new minor release becomes available you can download it from Cisco com by going to http www cisco com cgi bin tablebuild pl cw2000 dfm You will be prompted to log into Cisco com System Administra2. CHAPTER Administering DFM Advanced These topics are intended for system administrators who will perform Device Fault Manager DFM administrative functions The topics include Security Considerations page 11 1 Device Support page 11 3 System Administration page 11 3 Security Considerations These topics address some important DFM security issues File Ownership and Protection page 11 1 Secure Socket Layer SSL page 11 2 SNMPv3 page 11 2 Working with Firewalls page 11 2 File Ownership and Protection Security for DFM files is based on the same standards used for CiscoWorks A Caution Do not change the protection of any file or directory to be less restrictive You may if you wish make the protections more restrictive All DFM files are installed with owner CASUSER Only CASUSER can create delete or modify the files installed in NUSROOT NMSROOT is the directory where CiscoWorks is installed on your system If you selected the default directory during installation on Windows it is C Program Files CSCOpx On Solaris it is opt CSCOpx When typing the Windows default installation directory enter C Progra 1 CSCOpx Note File protections are not enforced on FAT partitions User Guide for Device Fault M anager OL 11390 01 o Chapter 11 Administering DFM Advanced HM Security Considerations Secure Socket Layer SSL SSL is an application level protocol that en
3. e NMSROOT objects smarts bin sm_server d DfmBroker f bootstrap DFM_bootstrap conf privopen IP 1 UDP 162 output name DFM Step4 Reregister any processes that depend on DfmServer NMSROOT bin pdemd r DfmFileNotifier d DfmServer e NMSROOT objects smarts bin sm_notify f adapter filelog output sm_file_notifier NMSROOT bin pdcemd r DfmMailNotifier d DfmServer e NMSROOT objects smarts bin sm_notify f adapter mail output sm_mail_notifier NMSROOT bin pdemd r DfmTrapNotifier d DfmServer e NMSROOT objects smarts bin sm_notify f adapter trap output sm_trap_notifier If you also want DFM to accept only specific client connections you must specify the accept option when registering the DfmServer process you do not have to do this for the adapter processes The following example registers the DfmServer process to use UDP port 162 and IP protocol 1 and specifies that DFM can accept connections from hostnames lucy and ethel NMSROOT bin pdemd r DfmServer e NMSROOT objects smarts bin sm_server d DfmBroker f bootstrap DFM_bootstrap conf accept lucy ethel privopen IP 1 UDP 162 output name DFM User Guide for Device Fault M anager OL 11390 01 EH 11 19 Chapter 11 Administering DFM Advanced MH System Administration User Guide for Device Fault M anager P1120 E OL 11390 01
4. complete Application name of the domain manager Hostname where the domain manager is running TCP port at which the HTTP server is listening When a client needs to connect to the domain manager it first connects to the broker to determine the hostname and TCP port where that server s HTTP service is listening It then disconnects from the broker and establishes a connection to the domain manager The DfmBroker log file is located at NMSROOT objects smarts local logs brstart log None DFMLogServer Controls DFM logs None DFMMultiProcLogger Handles processes with multiple threads None DFMOGSServer DFM Object Grouping Service Server evaluates group membership CmfDbEngine ESS DfmServer Infrastructure device domain manager a program that provides backend services for DFM Services include SNMP data retrieval and event analysis The DfmServer log is NMSROOT objects smarts logs DFM log Note If there are two instances of the DfmServer running each will have a log file DFM log and DFM1 log DfmBroker DFMCTMsStartup Handles interprocess communication None EPMDbEngine Event Promulgation Module EPM database engine Repository for the EPM module None EPMDbMonitor EPM database monitor EPMDbEngine EPMServer Sends events to notification services EPMDbEngine FHDbEngine Fault History database engine Repository for alerts and
5. events None FHDbMonitor Fault History database monitor FHDbEngine FHPurgeTask Fault History purge task None m User Guide for Device Fault Manager OL 11390 01 Chapter 11 Administering DFM Advanced System Administration il Table 11 3 DFM Related CiscoWorks Processes continued Name Description Dependency FHServer Fault History server a program that runs EPMServer backend services for Fault History EPMDbEngine FHDBEngine FHDbMonitor Interactor Provides inventory and device information to the InventoryCollector Detailed Device View DDV updates the DDV with events InventoryCollector Synchronizes voice device inventory with ESS TISServer infrastructure device inventory Handles all DFMOGSServer inventory events such as adding and deleting devices INVDbEngine Inventory database engine Repository for None devices INVDbMonitor Inventory database monitor INVDbEngine NOSServer Notification Server monitors alerts and sends EPMDbEngine notifications based on subscriptions EPMServer INVDbEngine DFMOGSServer PTMServer Polling and thresholds server DFMOGSServer TISServer Inventory server EssMonitor INVDbEngine Registering and Unregistering DFM Processes You can use pdcmd to manually unregister and reregister DFM processes with the CiscoWorks daemon manager This is useful when you want to do any of the following Specify clie
6. installed on the server If you selected the default directory during installation it is C Program Files CSCOpx on Windows and opt CSCOpx on Solaris Enter ChangeDfmDbPasswd pl providing a new password as input For example ChangeDfmDbPasswd pl newpassword Restart the daemon manager by entering the following command On Windows net start crmdmgmt On Solaris etc init d dmgtd stop Configuring Logging Step 1 Step 2 DFM writes application log files for all major functional modules By default DFM writes only error and fatal messages to these log files DFM saves the previous three logs as backups You cannot disable logging However you can Collect more data when needed by increasing the logging level Return to the default logging level as the norm This task can be performed by a user logged in to DFM in any of the following roles System Administrator Network Administrator e Network Operator After selecting the DFM Configuration tab select Logging The Logging Level Configuration page is displayed amp Note You cannot disable logging DFM will always write error and fatal messages to application log files For each DFM functional module the Error check box is always selected you cannot deselect it To set all modules to Error the default logging level a Click the Default button A confirmation page is displayed User Guide for Device Fault M anager irio g OL 113
7. 90 01 Chapter11 Administering DFM Advanced System Administration il b Click OK To change the logging level for individual modules a Foreach module that you want to change select one or deselect all of the following logging levels Warning Log error messages and warning messages Informational Log error warning and informational messages Debug Log error warning informational and debug messages S Note Deselecting all check boxes for a module returns it to Error the default logging level b Review your changes To cancel your changes click the Cancel button Otherwise click the Apply button Clicking the Apply button starts immediately resetting the changed logging levels for the DFM functional modules Viewing and Maintaining Log Files L Each DFM module writes log files to its own folder within the NUSROOT log dfmLogs folder Table 11 2 lists each DFM module the name of the folder where the log files are stored the related log files the maximum log size and the number of backup logs that are saved Note NMSROOT is the folder where DFM is installed on the server If you selected the default directory during installation it is C Program Files CSCOpx On Solaris it is opt CSCOpx When a log file reaches its maximum size the module backs up the file and starts writing to a new log file The module appends a number to the backup file until it reaches the maxim
8. DfmServer Note To view the default settings for a process enter NMSROOT bin pdreg l1 process Note If you specify registration options using pdcmd you must rerun your command whenever the daemon manager restarts The ports and protocols used by CiscoWorks are listed in the Installation and Getting Started Guide for LAN Management Solution 3 0 Table 11 4 Options to pdcmd Option Description and Arguments u process Unregister process The processes are listed in Table 11 3 on page 11 13 T process Register process to CiscoWorks daemon manager and start process whenever the dependent parent process starts as described in the d depends option The processes are listed in Table 11 3 on page 11 13 e path Process binary path path should be DFM broker NMSROOT objects smarts bin brstart DFM server NMSROOT objects smarts bin sm_server d depends Process dependency For DfmServer depends should be DfmBroker User Guide for Device Fault Manager mag OL 11390 01 Chapter 11 Administering DFM Advanced System Administration il Table 11 4 Options to pdcmd continued Option Description and Arguments T process f arguments continued from previous page DFM specific arguments enclosed in one set of quotes arguments can be the following accept Optional Comma separated list of hostnames or IP hostl host2 addresses specifying clients which can conn
9. M This example shows how to configure DFM to only accept client connections from the hostnames lucy and ethel In this case you must unregister and reregister the DFM broker server and notification adapter processes Note To allow connections from processes running on the same host specify the host s name do not use localhost This is because connections made using the DFM Broker will appear to come from the DFM Broker s host Only connections that explicitly specify localhost as the target address will appear to come from localhost Such target addresses may result in configurations that forward incoming connections such as through software that provides an encrypted tunnel Step1 Unregister the processes a Unregister the DFM notification adapters NMSROOT bin pdemd u DfmFileNotifier NMSROOT bin pdemd u DfmMailNotifier NMSROOT bin pdemd u DfmTrapNotifier b Unregister the DFM server process NMSROOT bin pdcmd u DfmServer c Unregister the DFM broker process NMSROOT bin pdcemd u DfmBroker Step2 Reregister the processes specifying the clients that can connect to the broker and server a For the DFM broker the following command is one line NMSROOT bin pdemd r DfmBroker e NMSROOT objects smarts bin brstart f output port 9002 accept lucy ethel restore NMSROOT objects smarts conf broker rps b For the DFM server the following command is one line NMSROOT bin pdemd r DfmS
10. ables secure transactions of data through privacy authentication and data integrity It relies upon certificates public keys and private keys You can enable or disable SSL depending on the need to use secure access DFM supports SSL between clients and the server By default DFM is not SSL enabled For information on enabling SSL refer to the Common Services online help SNM Pv3 Like CiscoWorks Common Services DFM supports SNMPv3 authentication and access control but no data encryption between server and devices to eliminate leakage of confidential info This provides packet level security integrity protection and replay protection but does not encrypt the packets Working with Firewalls DFM will work across firewalls but you must perform the following two tasks Configure the DFM server to use a specific port outgoing connection Configure the firewall to use an automatic established connection incoming connection Step1 Configure the DfmServer process so it binds to a privileged port using the pdcmd port option see Table 11 4 on page 11 16 for more pdreg options amp Note The ports and protocols used by CiscoWorks are listed in the Installation and Getting Started Guide for LAN Management Solution 3 0 a Check the flags that are currently set for the DfmServer process and write them down you will need to reset them later NMSROOT bin pdreg 1 DfmServer b Unregister the DfmServer process
11. al Mode By default the CiscoWorks server uses CiscoWorks Local mode or non ACS mode In CiscoWorks Local mode CiscoWorks assigns roles along with privileges associated with those roles as described in the Common Services Permission Report You can generate a Permission Report from the LMS portal by selecting Server gt Reports gt Permission Report and clicking Help For more information refer to Configuring Users Using CiscoWorks Local Mode page 11 5 User Guide for Device Fault Manager 1714 g OL 11390 01 I Chapter 11 Administering DFM Advanced System Administration il CiscoSecure Access Control Server ACS Mode ACS specifies the privileges associated with roles however ACS also allows you to perform device based filtering so that users only see authorized devices Using ACS which is called ACS mode is supported when ACS is installed on your network and DFM is registered with ACS For more information refer to Configuring Users Using ACS Mode page 11 5 If Common Services is using ACS mode DFM must also use ACS mode otherwise DFM users will not have any permissions However if another instance of DFM is already integrated with ACS the new DFM will also be integrated with ACS You can also use the CiscoWorks Assistant Server Setup workflow to set the server login mode to ACS mode as described in User Guide for CiscoWorks Assistant 1 0 Configuring Users Using CiscoWorks Local Mode To add a user
12. and specify their user role using CiscoWorks Local Mode select Server gt Security gt Single Server Management gt Local User Setup from the LMS portal Click the Help button for information on the configuration steps Use the CiscoWorks Permission Report to understand how each user role relates to tasks in DFM From the LMS portal select Server gt Reports gt Permission Report and scroll down until you find Device Fault Manager Configuring Users Using ACS Mode Step 1 Step 2 Step 3 To use this mode for DFM Cisco Secure ACS must be installed on your network and DFM must be registered with ACS Verify which mode the CiscoWorks server is using From the LMS portal select Server gt Security gt AAA Mode Setup and check what is listed in the Current Settings table Either CiscoWorks Local or TACACS ACS will be displayed Verify whether DFM is registered with ACS if ACS Mode is being used by checking the ACS server To modify ACS roles Refer to the ACS online help on the ACS server for information on modifying roles Refer to the Common Services online help for information on the implications of ACS on the DCR specifically role dependencies amp Note If you modify DFM roles using ACS your changes will be propagated to all other instances of DFM that are using Common Services servers which are registered with the same ACS server See the following for other information related to ACS To registe
13. cality Name of your city or Use two character city or town code or complete name of town city or town OL 11390 01 User Guide for Device Fault Manager gy Chapter 11 Administering DFM Advanced W System Administration Step 3 Field Description Usage Notes Organization Name of your Use complete name or abbreviation for your organization Name organization Organization Name of department in Use complete name or abbreviation for your department Unit Name your organization Host Name Name of server on Use the DNS name of the server Which DEM is nstalled Note Use the proper domain name which should already be displayed in the Host Name field Email Address Your e mail address Click Apply Backing Up and Restoring DFM Data Step 1 Step 2 Step 3 Step 4 Use the LMS portal to perform immediate backups or schedule backups of DFM data Common Services provides a command line script that restores data including data from previous versions of Common Services and DFM For backing up data select Server gt Admin gt Backup click Help and follow the instructions For restoring data select Server gt Admin gt Backup click Help and click the Help link to the Restoring Data topic If you are restoring data from DFM 1 2 x or earlier you will see a warning message and should follow the instructions in the message On the DFM 1 2 x or earlier server run the follow
14. d upon DFM restart Select Shared Profile Components gt DFM and click on the DFM roles that you want to modify Select or deselect any of the DFM tasks that suit your business workflow and needs Click Submit Device Based Filtering In ACS you can create and modify users who can perform certain tasks on certain devices The devices listed for you are based on your roles defined in CiscoSecure ACS See User Guide for CiscoSecure ACS for more information Creating Self Signed Security Certificates Yearly Step 1 Step 2 When you install DFM DFM creates a self signed security certificate on the server Users on some client systems must install the certificate see Responding to Security Alerts page 2 7 Self signed security certificates expire one year from the date of creation Create a new self signed security certificate yearly before the certificate expires You can also do so after the certificate expires however users might not be able to access DFM until you complete this task From the LMS portal select Server gt Security gt Single Server Management gt Certificate Setup The Create Certificates page appears Enter the values for the fields described in the following table Field Description Usage Notes Country Name Name of your country Use two character country code State or Name of your state or Use two character state or province code or complete name Province province of state or province Lo
15. ect to the server The DFM server does not use reverse lookups to determine names of connecting hosts If you specify a client as hostname be sure the hostname is in DNS especially if you are using DHCP If you want to specify localhost use the hostname or IP address not localhost refer to Example 1 Specifying Clients that Can Connect to DFM page 11 18 privopen open list Optional Specify the privileged ports and protocol which DfmBroker or DfmServer may open see Working with Firewalls page 11 2 for an example open list can be a comma separated list of the following IP protocol is always required TCP port UDP port IP protocol The defaults for open list depend on whether DFM is using a reserved port privopen IP 1 Default if reserved port is not being used privopen IP 1 Default if reserved port is UDP reserved_port being used normally 162 ouptut file Required Name of process output file For DfmServer file should be DFM port port DfmBroker only DFM broker port port should always be 9002 restore file DfmBroker only Restore broker state from backup file file should always be restore NMSROOT objects smarts conf broker rps Do not restart process when DfmServer is stopped and restarted OL 11390 01 User Guide for Device FaultManager gy Chapter 11 Administering DFM Advanced MH System Administration Example 1 Specifying Clients that Can Connect to DF
16. erver e NMSROOT objects smarts bin sm_server d DfmBroker f bootstrap DFM_bootstrap conf accept lucy ethel output name DFM When specifying other options such as privopen for DfmServer use one pdcmd instance See Example 2 Configuring the DFM Server to Use a Privileged Port page 11 19 c For DFM notification adapters the following commands are each one line NMSROOT bin pdemd r DfmFileNotifier d DfmServer e NMSROOT objects smarts bin sm_notify f adapter filelog output sm_file_notifier NMSROOT bin pdemd r DfmMailNotifier d DfmServer e NMSROOT objects smarts bin sm_notify f adapter mail output sm_mail_notifier NMSROOT bin pdemd r DfmTrapNotifier d DfmServer e NMSROOT objects smarts bin sm_notify f adapter trap output sm_trap_notifier User Guide for Device Fault Manager mg a Chapter11 Administering DFM Advanced System Administration i Example 2 Configuring the DFM Server to Use a Privileged Port This example shows how to configure DFM to use a privileged port Step1 Unregister any processes that depend on the DfmServer such as the notification adapters NMSROOT bin pdemd u DfmFileNotifier NMSROOT bin pdcmd u DfmMailNotifier NMSROOT bin pdemd u DfmTrapNotifier Step2 Unregister the DfmServer process NMSROOT bin pdcmd u DfmServer Step3 Reregister the DfmServer process to use UDP port 162 and the IP protocol 1 NMSROOT bin pdemd r DfmServer
17. fault the CiscoWorks server authentication scheme has six roles They are listed here from least privileged to most privileged Help Desk User with this role has the privileges to access network status information from the persisted data User does not have the privilege to contact any device or schedule a job that will reach the network Approver User with this role has the privilege to approve all DFM tasks User can also perform all the Help Desk tasks Network User with this role has the privilege to perform all tasks that involve collecting data Operator from the network User does not have write access on the network User can also perform all the Approver tasks Network User with this role has the privilege to change the network User can also perform Administrator Network Operator tasks System User with this role has the privilege to perform all CiscoWorks system administration Administrator tasks See the Permission Report on the CiscoWorks server Common Services gt Server gt Reports gt Permission Report Super Admin User with this role has full access rights to perform any CiscoWorks tasks including administration and approval tasks When you integrate your CiscoWorks server with your ACS server you just need to do the following 1 Create a System Identity User in ACS 2 Assign the Super Admin role to the user for all CiscoWorks applications You need not create a custom role with all the priv
18. ileges and assign that role to the user You can assign this role to a user only on the CiscoSecure ACS server and only when the login module is set to ACS This role is not visible in CiscoWorks local mode and during the local user setup in the CiscoWorks server Cisco Secure ACS allows you to modify the privileges to these roles You can also create custom roles and privileges that help you customize Common Services client applications to best suit your business workflow and needs To modify the default CiscoWorks roles and privileges see Modifying CiscoWorks Roles and Privileges page 11 7 User Guide for Device Fault Manager 716 E a Chapter 11 Administering DFM Advanced amp System Administration W To create custom roles and privileges see the Cisco Secure ACS online help On Cisco Secure ACS click Online Documentation gt Shared Profile Components gt Command Authorization Sets to view the help page Note See the Common Services online help for important information on how ACS custom roles affect the DCR M odifying CiscoW orks Roles and Privileges Step 1 Step 2 Step 3 If another instance of DFM is registered with the same Cisco Secure ACS your instance of DFM will inherit those role settings Furthermore any changes you make to DFM roles will be propagated to other instances of DFM through Cisco Secure ACS If you reinstall DFM your Cisco Secure ACS settings will automatically be applie
19. ing command on Solaris VMSROOT is the folder where DFM is installed on the server If you selected the default directory during installation it is C Program Files CSCOpx on Windows and opt CSCOpx on Solaris NMSROOT objects smarts bin sm_tpmgr s DFM dump agents gt seedfile txt Run this command on Windows NMSROOT objects smarts bin sm_tpmgr exe s DFM dump agents gt seedfile txt Copy seedfile txt to a temporary location on your upgraded server Use the CiscoWorks pdshow command to verify that the daemon manager is running crmdmgtd on Windows and dmgtd on Solaris Import the DFM 1 2 x or earlier information using this command on Solaris NMSROOT bin dfmimport fn fullpath seedfile txt Run this command on Windows NMSROOT bin dfmimport exe fn fullpath seedfile txt User Guide for Device Fault Manager ris E OL 11390 01 Chapter 11 Administering DFM Advanced System Administration il Database files are stored using the backup directory structure described in Table 11 1 Format generation_number suite directory filename Example 1 dfm dfmFh db Table 11 1 DFM Backup Directory Structure Option Description Usage Notes generationNumber Backup For example 1 2 and 3 with 3 being the latest database backup number suite Application When you perform a backup data for all suites is backed up The function or CiscoWorks Common Services suite is cmf The DFM application m
20. llector log 1000 2 FHUL log Logging Services LogService DfmLogService log 500 2 Processes with multiple threads LogService MultiProcLogger log 10000 5 License device limit license licenseCheck log 100 2 Notification Services NOS nos log 5000 2 DFM Object Grouping Service Server N A DFMOGSServer log 300007 15 Polling and Threshold Manager PTM PTMClient log 1000 5 PTMServer log Polling and Threshold Manager PTM PTMDB log 1000 5 database Polling and Threshold Manager PTM PTMOGS log 1000 5 grouping services Polling and Threshold Manager Polling PTM PTMPTA log 1000 5 and Threshold Adapter Rediscovery Schedule Rediscovery Rediscovery log 100 Device and Credentials Repository TIS DCRAdapter log 1000 Adapter Device Management TIS DeviceManagement log 1000 2 Inventory Service TIS TISServer log 1000 2 View Group Management VGM vgm log 1000 3 1 The DFMOGSServer log file is not stored in NUSROOT log dfmLogs with the other DFM log files It is stored in NUSROOT log on Windows and var adm CSCOpx log on Solaris 2 On Windows there is no limit setting for the log size or number of backup log files for DFMOGSServer log MH User Guide for Device Fault Manager OL 11390 01 Chapter 11 Administering DFM Advanced System Administration Ml Starting and Stopping DFM Processes amp Note Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 You cannot stop or unregister a process if any process tha
21. n you use a remote version of DFM CiscoWorks will prompt you to reauthenticate yourself From the LMS portal select Common Services gt Server gt HomePage Admin gt Application Registration The Application Registration Status page appears Click Registration The Registration Location page opens Activate the Import from Other Servers radio button and click Next The Import Server s Attributes page opens In the Import Server s Attributes page enter the following information Server Name Host name or IP address Server Display Name A user specified name that will be displayed on the LMS portal and as the DFM home page title when you select that DFM instance Port 1741 Click Next CiscoWorks verifies that the remote server is reachable When you select the new DFM server instance from the LMS portal you will have to authenticate by entering a user name and password for the remote host Configuring Users ACS and Non ACS The CiscoWorks server provides the mechanism for authenticating and authorizing users for CiscoWorks applications What users can see and do is determined by their user role System Administrators can configure user roles by selecting Server gt Security gt Single Server Management gt Local User Setup From here you can add modify or delete users The CiscoWorks server provides two different mechanisms or modes for authenticating users for CiscoWorks applications CiscoWorks Loc
22. nts that can connect to DFM Configure adapters to restart automatically whenever the DFM server stops and restarts Configure the DFM server to use a privileged port Because these commands are complex be sure to refer to the examples in these sections Example 1 Specifying Clients that Can Connect to DFM page 11 18 Example 2 Configuring the DFM Server to Use a Privileged Port page 11 19 Before registering a process you must unregister the related processes in this order 1 Any processes that depend on the DfmServer process 2 The DfmServer process 3 The DfmBroker process Use the following syntax when unregistering DFM processes for Windows the command is pdcmd exe NMSROOT bin pdemd u process OL 11390 01 User Guide for Device FaultManager gy Chapter 11 Administering DFM Advanced MH System Administration When you reregister the process specify all options in the same command instance If you enter the pdcmd multiple times only the last instance is used Register the processes in the following order 1 The DfmBroker process 2 The DfmServer process 3 Any processes that depend on DfmServer Use the following syntax to reregister the DFM processes Refer to Table 11 4 for information about the options and arguments NMSROOT bin pdemd r DfmBroker e path f arguments NMSROOT bin pdemd r DfmServer e path d depends f arguments NMSROOT bin pdemd r dependent process d
23. odule suite is dfm directory What is Suite applications if applicable being stored filename Specific file Files include database db log log version DbVersion txt that has been manifest txt tar tar and data files datafiles txt backed up For DFM the following files are listed directly under generationNumber suite dfmEpm db dfmInv db dfmFh db filebackup tar The file backup tar contains the following directories and file NMSROOT objects smarts conf NMSROOT objects smarts local repos NMSROOT objects smarts local logs NMSROOT objects smarts local conf NMSROOT setup dfm info Changing the Password for DFM Databases Step 1 Before You Begin The procedure in this topic enables you to change the password for the following DFM databases All DFM databases must use the same password dfmEpm Event promulgation dfmFh Fault History dfmInv lInventory At the command prompt on the DFM server stop the daemon manager by entering the following command On Windows net stop crmdmgmt On Solaris etc init d dmgtd stop OL 11390 01 User Guide for Device FaultManager gy Chapter 11 Administering DFM Advanced MH System Administration Step 2 Step 3 Step 4 Change directory to NUSROOT conf dfmDb bin For example on Windows cd Program Files CSCOpx conf dfmDb bin On Solaris cd opt CSCOpx conf dfmDb bin AV Note NMSROOT is the folder where DFM is
24. r applications with ACS and for information on supported ACS versions refer to Installing and Getting Started with CiscoWorks LAN Management Solution 3 0 To understand CiscoSecure Groups Users and Command Authorization Sets see User Guide for CiscoSecure ACS For information on the implications of ACS custom roles on the DCR see the online help for Common Services OL 11390 01 User Guide for Device FaultManager gy Chapter 11 Administering DFM Advanced MH System Administration Using DFM in ACS Mode Before performing any tasks that are mentioned here you must ensure that you have successfully completed configuring Cisco Secure ACS with the CiscoWorks server If you have installed DFM after configuring the CiscoWorks Login Module to the ACS mode then DFM users are not granted any permissions However the DFM application is registered to Cisco Secure ACS CiscoWorks login modules allow you to add new users using a source of authentication other than the native CiscoWorks server mechanism that is the CiscoWorks Local login module You can use the Cisco Secure ACS services for this purpose You can integrate the CiscoWorks server with CiscoSecure ACS to provide improved access control using Authentication Authorization and Accounting The following topics provide information on how to use DFM in the ACS mode Modifying CiscoWorks Roles and Privileges page 11 7 Device Based Filtering page 11 7 By de
25. t depends on it is running You must first stop or unregister all dependent processes and then stop or unregister the process Log in to DFM as a system administrator Select Server Configuration gt Adm gt Processes The Processes page appears amp Note Ifa process is not listed it has not yet been started On the Processes page select the process you want to stop in the Process list To stop the process click Stop To restart the process select Server Configuration gt Admin gt Processes The Processes page appears On the Processes page select the process you want to start in the Process list To start the process click Start Table 11 3 provides a complete list of DFM related CiscoWorks processes Logs for most of these processes are provided in Table 11 2 on page 11 11 Table 11 3 DFM Related CiscoWorks Processes Name Description Dependency AdapterServer Event adapter takes events from backend servers None DataPurge Data Purge Starts as scheduled in the GUI and jrm purges the Fault History database OL 11390 01 User Guide for Device FaultManager jg Chapter 11 Administering DFM Advanced MH System Administration Table 11 3 Name DFM Related CiscoWorks Processes continued Description Dependency DfmBroker DFM Broker maintains a registry about DFM domain managers which register the following information with the broker when its initialization is
26. tion DFM system administration can be performed only by the following types of users Users in a System Administrator role These users can perform system administration tasks that can be started from the CiscoWorks desktop These tasks include Configuring users Backing up and restoring data Configuring logging Starting and stopping CiscoWorks processes Users who log in as local administrator to the system where DFM is installed These users can view log files If the DFM server is using CiscoSecure Access Control Server ACS mode these CiscoWorks roles are mapped to ACS roles User Guide for Device Fault M anager OL 11390 01 TEEN Chapter 11 Administering DFM Advanced MH System Administration Registering Additional DFM Servers with the LMS Portal 2 Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 You can register additional DFM servers so that they appear on the LMS portal There is no limit to the number of servers you can register since device limits are enforced from the DFM server side the LMS portal is simply a portal for the different applications However you will probably want to limit your home page to two or three DFM servers The local DFM server name is always listed first on the LMS Portal If you have multiple instances of DFM on your home page you can always map a DFM instance to its Common Services instance by the server hostname DFM amp server CS server Whe
27. um allowed backups In the following example the oldest file is TISServer log 2 and TISServer log is the current log file 02 42 PM 4 481 607 TISServer log 10 22 AM 5 120 447 TISServer log 1 03 17 AM 5 120 105 TISServer log 2 By default DFM writes error messages only to log files You can change the logging level and thereby affect the amount of information stored in log files To do so see Configuring Logging page 11 10 If there are two instances of the DfmServer running each will have a log file DFM log and DFM1 log Table 11 2 DFM Log Files by Module No of Folder in Maximum Backup Function M odule NMSROOT log dfmLogs Log Files Size KB Files Alerts and Activities Display AAD AAD log 1000 3 Inventory Interactor cfi Interactor log 1000 5 Inventory Collector cfi InventoryCollector log 35000 5 Polling and Threshold Adapter cfi PollingThresholdAdapter log 10000 5 Detailed Device View DDV DDV log 1000 2 0L 11390 01 User Guide for Device FaultManager gy Chapter 11 Administering DFM Advanced W System Administration Table 11 2 DFM Log Files by Module continued No of Folder in Maximum Backup Function M odule NMSROOT log dfmLogs Log Files Size KB Files Daily Purging Schedule DPS DPS log 100 2 Event Processing Adapters epa adapterServer log 1000 5 dfmEvents log Event Promulgation Module EPM EPM log 15000 5 Fault History FH FHCo
Download Pdf Manuals
Related Search