Installing Manager Availability: Installation Instruction

INSTALLATION
1/1531-ANF
16
06
2014
G3 901 INSTRUCTION
15
Installing Manager Availability

Tero Silvennoinen
EMIWALL
BES/DDC
EBC
INSTALLATION INSTRUCTION
INSTALLING MANAGER AVAILABILITY
Copyright
© Copyright Aastra Technologies Limited, 2014. All rights reserved.
Disclaimer
No part of this document may be reproduced in any form without the
written permission of the copyright owner.
The contents of this document are subject to revision without notice due
to continued progress in methodology, design and manufacturing.
Aastra shall have no liability for any error or damage of any kind resulting
from the use of this document.
2 1/1531-ANF 901 15 Uen G3 2014-06-16

GENERAL
1 General
This document describes the installation of Manager Availability.

Besides this document you should also study the Release Notes espe-
cially the part describing known problems.
Supporting components for Manager Availability are installed on all
MX-ONE servers. Manager Availability is based on BMC PATROL.
Manager Availability” is installed as an “add-on” to a server. It is
assumed that the servers and the management framework server (if
any) to be used are installed and set up before the installation of
Manager Availability.
The supporting components for Manager Availability are installed locally
on each server.
2 Aids
2.1 Preparation for the installation

It is assumed that you have basic knowledge on how to use and run
BMC PATROL.
You should have basic knowledge of how to use and run the manage-
ment framework application if SNMP integration is to be used.
You should plan the installation of Manager Availability:
• Know if to use SNMP integration or not. See Integration into a
Management Framework below.
• The components of “Manager Availability“ may be installed in
different ways depending on the size of the installation (how many
servers etc) and how the network looks like (firewalls etc). See
“Deployment” below.
During the installation of “Manager Availability” some questions will be
asked. You should be prepared by knowing:
• The root password of each Telephony Server and the administrator
password of each Windows server.
• Where to install PATROL Common Services (PATROL Console
Server, RTserver etc), on a dedicated management server
(Windows 2003 and Windows 2008). See “Deployment” below.
1/1531-ANF 901 15 Uen G3 2014-06-16 3

• Know the IP addresses (or names) of the servers.

• PATROL Central Web Edition uses HTTPS. This means that a
certificate (for IIS) must be installed on the server running PATROL
Central Web Edition.
2.2 Security Level 2

All components in Manager Availability must be installed with PATROL
Security Level 2. This means that all PATROL traffic run in encrypted
SSL tunnels.
The PATROL security components are installed with trial keys and certif-
icates from BMC. It is recommended to replace those trial keys and
certificates with your own keys and certificates. For information on how
to do this, see PATROL Security User Guide .
Note: Security Level 2 will work even if the certificate expires since the
certificate is ignored for Security Level 2.
3 Delivery
Manager Availability is delivered on one Distribution CD that contains:

• All BMC PATROL and MX-ONE software for Manager Availability
to be installed on the Telephony Server and supporting Windows
servers.
• The most important BMC PATROL manuals as PDF files.
4 1/1531-ANF 901 15 Uen G3 2014-06-16

4 Installing Manager Availability
Note: When installing Manager Availability on a Windows server, close

all Windows application before starting the installation.
Never run two Windows installations (with different partition) on
the same server. Always install on the disk where Windows is
installed.
Note: On the Microsoft Windows Server, Manager Availability is
installed on C-drive. The Manager Availability installation
requires that Windows is also installed on C-drive.
4.1 Using a Management Server or not

The components of Manager Availability can be installed in different
ways, depending on the size of the installation (number of servers and
so on), and how the network is set up (firewalls and so on), 9 Deploy-
ment on page 82 .
Manager Availability can be installed on the same server as Manager
Device or on a dedicated management server that holds PATROL
Common Services, see 1 Using a Dedicated Management Server on
page 14figure 3.
4.2 Linux Linux Patrol Agent

Note: Before creating a user patrol, be sure that the Encryption Type is
temporary set to DES (Linux default).
How to find the encryption type:
• Start yast2: select User Management under Security and
Users.
• Under User and Group Administration, click on expert option
Before the installation, uninstall earlier installation and manually
delete all under /home/patrol/. Also manually delete the applica-
tion /etc./init.d/BMCPatrol.
1/1531-ANF 901 15 Uen G3 2014-06-16 5

The installation consists of two major parts:

• Create a user, patrol
• Install PATROL Agent, Knowledge Modules (KMs), and the adap-
tations for Telephony Server
4.2.1 Installing Linux Patrol Agent
1. Create a user, patrol:

– Log on as root on Telephony Server.
– Create a user, patrol , belonging to group snlev5 . Home direc-
tory of the user patrol should be /home/patrol . May be done
with useradd -d /home/patrol -g snlev5 -m patrol
– Set a password for user patrol with the following command:
passwd patrol
Note: The length of the password must be eight characters or more.
2. Install PATROL Agent, KMs, and Telephony Server adapta-tions:
Insert the distribution CD in the CD-ROM drive.
Note: If there is no CD-ROM drive on the Embedded Telephony Server.
The file mx_patrol_install must be copied (for example using scp)
from an external disk to a temporary directory on the Telephony
Server.
3. Mount the CD-ROM by typing
mkdir /tmp/cdrom mount /dev/cdrom /tmp/cdrom
4. Log off and log on as user patrol. Start the installation by typing sh
/tmp/cdrom/Linux/mx_patrol_install and follow the instructions. In
the Configuration Dialog enter:
– The name or IP address of the first RTserver. If a second
RTserver is used, enter name or IP address of the second
RTserver.
– The password of the user patrol
– The password of root
6 1/1531-ANF 901 15 Uen G3 2014-06-16

5. Follow the below screens
1/1531-ANF 901 15 Uen G3 2014-06-16 7

6. Enter RTServer IP address and click OK
7. Click Skip if you do not have a second RTServer IP address
8 1/1531-ANF 901 15 Uen G3 2014-06-16

8. Enter root password and patrol password, click OK and the instal-
lation starts.
1/1531-ANF 901 15 Uen G3 2014-06-16 9

9. After successful installation, check for PatrolAgent service in

current running processes.
ps -ef | grep patrol
10. If the PatrolAgent agent is not running, then run the service manu-
ally. See chapter 4.2.2 Running PatrolAgent service manually on
page 11.
10 1/1531-ANF 901 15 Uen G3 2014-06-16

4.2.2 Running PatrolAgent service manually

cd /etc/init.d/
./BMCPatrol [ start | restart ]
Execute the below 4 steps with root privileges:

1. Go to the Patrol installation directory (/home/patrol/bmc/Patrol3/)
and execute:
cd /home/patrol/bmc/Patrol3
./set_default_account.sh
Enter account name, password, confirm password and enter "." for
Patrol installation directory. i.e. current directory.
Example:
./set_default_account.sh
Use this script to set the default account for a PatrolAgent.
Do you want to continue (y/n)? [y]> y
Enter username of default account > patrol
Enter password of default account >
Enter password again to verify >
Enter PATROL Install directory > .
set default account success
2. ./agent_configure.sh -d
This script is used to set permissions and ownership of PATROL
binaries (PatrolAgent & snmpmagt) .It is located in the Patrol3
directory (BMC_ROOT/Patrol3) and has replaced configure.sh,
used in previous versions of PATROL for UNIX.
1/1531-ANF 901 15 Uen G3 2014-06-16 11

3. ./b1config*.sh
This script is located in the Patrol3 directory (BMC_ROOT/Patrol3)
and configures the Perform bgscollect collector to work with the
kernel.
4. Go to BMC_ROOT/common/security/config_v3.0/ directory and
execute:
./sec_configure.sh <path to the Patrol3 directory> <security
level>
Note: This script is only needed if "NO" was selected for the "Overwrite
current security configuration" question during the install.The
script places the security level, files, and policy in "/etc/patrol.d"
directory. For PATROL for UNIX and Linux versions prior to
9.2.10, the script is located in $BMC_ROOT/common/secu-
rity/config directory.
For Basic Security the value is "0" and for Advance Level2 the
value is "2".
5. Restart PatrolAgent service
– Go to /etc/init.d/
– cd /etc/init.d/
– ./BMCPatrol restart
6. When the installation is finished, log off and log on as root and
unmount the CD-ROM by typing:
umount /dev/cdrom
4.2.3 Modifying/Reloading RT Server IP address

Note: Usefull if RT Server has wrong IP adress and needs modification.
1. Go to BMC_ROOT/Patrol3/ directory and Execute below command

– $ cd /home/patrol/bmc/
– $ ./patrolrc.sh
2. Create a file "rtserver.txt"
– $ vi rtserver.txt
– Press "i" on the keyboard for inserting text.
– Copy and paste the below content into the rtserver.txt file
Note: Replace "RTSERVER" with correct RT server IP address in the
below content before placing it into the rtserver.txt file
PATROL_CONFIG
"/AgentSetup/rtServers" = { REPLACE = "tcp:RTSERVER:2059" }
12 1/1531-ANF 901 15 Uen G3 2014-06-16

3. Save and exit the file by following the below commands

– Press ESC button on the keyboard,
– type $:wq!
– press ENTER button on the keyboard.
4. Execute the below command to reload the new RT server IP
address.
$ pconfig +Reload rtserver.txt
Note: If you get any Connection host errors. Please contact your admin
to check the host namespaces and try again.
5. Restart PatrolAgent
– $ cd /etc/init.d/
– $ ./BMCPatrol restart
1/1531-ANF 901 15 Uen G3 2014-06-16 13

4.3 Installing on a Dedicated Management

Server
Figure 1: Using a Dedicated Management Server

On the management server (Windows 2003 and Windows 2008) are
normally (see Figure 1) installed
• PATROL Common Services
• PATROL for Windows Servers
• SNMP Bridge (if used)
• MX-ONE adaptations.
PATROL Common Services contains the RTserver (for “communica-
tion”), the Console Server (holding info for the PATROL consoles and
users), and PATROL Central Web Edition – the Web GUI of PATROL.
• Create a user, patrol .
• Install PATROL Common Services, PATROL Agent, KMs
(including all patches), and the MX-ONE adaptations for Windows
servers.
Note: Microsoft IIS must be installed on the management server.
Note: PATROL Central Web Edition uses HTTPS. This means that a
certificate (for IIS) must be installed on the management server.
14 1/1531-ANF 901 15 Uen G3 2014-06-16

The recommendation is to install the certificate before installing

Manager Availability. For more information, see PATROL Central
Operator - Web Edition Getting Started.
Figure 2: Configuration Dialog on Windows

Note: The instruction below assumes that the PATROL components are
installed as in Figure 1. For another type of installation, some
components (features) have to be excluded, for example the
RTserver.
1. Create a user, patrol

Log in on as Administrator on the server. Create a user, patrol ,
belonging to the Administrators group.
2. Install PATROL Common Services, PATROL Agent, KMs, and
MX-ONE adaptations:
Log off and log on as user patrol. Insert the distribution CD in the
CD-ROM drive.
4.3.1 Supported Operating Systems

• Windows 2003 (Enterprise / Standard) - SP2
• Windows 2008 (Enterprise) - SP1
1/1531-ANF 901 15 Uen G3 2014-06-16 15

4.3.2 IIS installation
4.3.2.1 Windows 2003 Server
1. Install IIS 6(Application Server) from Add/remove Programs

Add/Remove Windows Components
2. Select Application Server and Click on Details to choose other
required components.
Figure 3: Sample screenshot to insrll IIS with required components.
16 1/1531-ANF 901 15 Uen G3 2014-06-16

4.3.2.2 Windows 2008 Server
Install IIS from Server Manager ' Add Roles ' Web Server (IIS).
Install required component as shown below.
4.3.3 Certificate Server Installation
4.3.3.1 Windows 2003
1. Install Certificate services from Add/remove Programs

Add/Remove Windows Components
1/1531-ANF 901 15 Uen G3 2014-06-16 17

2. Select “Certificate Services” and Click on Details to choose other

required components.
3. Click OK
4. Click Next
Sample screen shot to install IIS with the required components
4.3.3.2 Windows 2008
Install Certificate Server as shown below.
Sample screen shots
18 1/1531-ANF 901 15 Uen G3 2014-06-16

Sample screen shots
4.3.4 Installation of self signed Certificates
4.3.4.1 Windows 2003
Using MS Certificate Services to generate Certificates for Patrol Web

Edition.
Note: This how-to assumes that you have already installed MS Certifi-
cate Service.
1. Open the Internet Information Services (IIS) Manager
1/1531-ANF 901 15 Uen G3 2014-06-16 19

2. Browse to "Default Web Site"
3. Right click on "Default Web Site and choose properties"
20 1/1531-ANF 901 15 Uen G3 2014-06-16

4. Choose "Directory Security" tab. Under "Secure Communication"

choose "Server Certificate" and "Next"
5. Choose "Create a new certificate" and "Next"
1/1531-ANF 901 15 Uen G3 2014-06-16 21

6. Choose "Prepare the request now, but send it later" and "Next"
7. Be sure that "Select cryptographic service …." is chosen, and

choose "Next"
22 1/1531-ANF 901 15 Uen G3 2014-06-16

8. Choose "Microsoft RSA SChannel Cryptographic Provider" and

"Next"
9. Fill up the "Organization" and "Organizational unit" and "Next"
1/1531-ANF 901 15 Uen G3 2014-06-16 23

10. Fill the "Common Name". This is usually the DNS name of the
computer.
11. Choose the "Country" and write the "City" ( optional )
24 1/1531-ANF 901 15 Uen G3 2014-06-16

12. Save the request file to some directory and choose a name for this
file. This file will be used in next stage to create a certificate.
Choose "Next" and go thru all the way
13. Generate a certificate with the request which is created in previous

stage.
Note: Make sure that the certificate authority is installed on your system.
Choose Settings -> Control Panel -> Add or Remove Programs
-> Add/Remove Windows Components and choose Certificate
Services (In case it is not already installed).
Proceed with the Installation as instructed and when asked to
temporarily disable IIS service accep.
1/1531-ANF 901 15 Uen G3 2014-06-16 25

14. Open the Certificate web page on the server by http://local-

host/CertSrv. Choose the "Request a certificate" and choose
"advanced certificate request"
26 1/1531-ANF 901 15 Uen G3 2014-06-16

15. Choose "Submit a certificate request ….."
16. You will be presented with the page shown in the below picture.
1/1531-ANF 901 15 Uen G3 2014-06-16 27

17. Open the certificate request that is created in step 12. Open the file
using Notepad, and copy the certificate request part of the file as
text.
18. Return to web pages for request certificate in step 15 and paste the
text there, and push the "Submit".
19. You will be presented with information that your certificate has been
received and is in pending stage.
28 1/1531-ANF 901 15 Uen G3 2014-06-16

For issuing the certificate open the "Certificate Authority" in "Admin-

istrative Tools". Go to "Pending Requests" and there should be the
request you have applied. Right click on "Request ID" (here is 4)
and go to "All Tasks" and "Issue".
20. Once you issued the request, the certificate will be moved to
"Issued Certificate".
1/1531-ANF 901 15 Uen G3 2014-06-16 29

21. Go back to main page of certificate server by http://local-

host/certsrv/ and choose "View the status of a pending certificate
request
22. Choose "Saved-Request …."
30 1/1531-ANF 901 15 Uen G3 2014-06-16

23. Choose "Download certificate"…
24. Save the certificate in some directory
1/1531-ANF 901 15 Uen G3 2014-06-16 31

25. Go back and repeat step 1 - 4. After welcome message form

wizard. Choose "Process the pending request and install the certif-
icate" and "Next"
26. Browse to the certificate file, that you saved in step 23 and "Next"
32 1/1531-ANF 901 15 Uen G3 2014-06-16

27. Choose the SSL port ( default is 443 ) and "Next"
Sample screen shot to install IIS with the required componentsGo thru wizard and finish it. Now you should have a valid certificate for the web server.
28. Go thru wizard and finish it. Now you should have a valid certificate
for the web server.
4.3.4.2 Windows 2008
Microsoft's new server platform, Windows Server 2008 uses Internet

Information Services (IIS) 7.0. This new version makes big changes in
the way that SSL certificates are generated, primarily making it much
easier than previous versions of IIS.
Create the Certificate Request
1. Click on the Start menu, go to Administrative Tools, and click on
Internet Information Services (IIS) Manager.
1/1531-ANF 901 15 Uen G3 2014-06-16 33

2. Click on the name of the server in the Connections column on the

left. Double-click on "Server Certificates" as shown in the below
picture.
34 1/1531-ANF 901 15 Uen G3 2014-06-16

3. In the Actions column on the right, click on Create Certificate

Request...
4. Enter all of the following information about your company and the
domain you are securing and then click Next.
1/1531-ANF 901 15 Uen G3 2014-06-16 35

Name Explanation Example

Common Name The fully qualified domain name (FQDN) of www.mitel.com
your server. This must match exactly what
you type in your web browser or you will
receive a name mismatch error.
Organization The legal name of your organization. This Aastra Telecom
should not be abbreviated and should
include suffixes such as Inc, Corp, or LLC.
Organizational Unit The division of your organization handling R&D, IT
the certificate. (Most CAs don't validate this
field)
City/Locality The city where your organization is located. Mountain View
State/province The state/region where your organization is California
located. This shouldn't be abbreviated.
Country/Region The two-letter ISO code for the country US, GB.
where your organization is location.
5. Select the default Microsoft RSA SChannel Cryptographic Provider

and set the Bit length to 2048 bit or higher and Click Next.
36 1/1531-ANF 901 15 Uen G3 2014-06-16

6. Click the button with the three dots and enter a location and file-
name where you want to save the CSR file and click Finish button
7. Open the Certificate web page on the server by http://local-

host/CertSrv.
Choose the "Request a certificate" task
1/1531-ANF 901 15 Uen G3 2014-06-16 37

8. Choose "advanced certificate request"
9. Next, Choose "Submit a certificate request ….."
38 1/1531-ANF 901 15 Uen G3 2014-06-16

10. After selecting the above option, you will be presented with the
page shown in the below picture.
11. Open the certificate request file that is created in step 6. Open the
file using Notepad, and copy the certificate request part of the file
as text.
1/1531-ANF 901 15 Uen G3 2014-06-16 39

12. Return to web page for request certificate in step 8 and paste the
text there, and push the "Submit" button
You will be presented with information that your certificate has been
received and is in pending stage.
13. Issue the certificate
– Open the "Certificate Authority" in "Administrative Tools".
– Select "Pending Requests" and there should be the request
which is created in the earlier steps.
– Right click on "Request ID" which was created in earlier steps
and click "All Tasks" option and then click "Issue".
40 1/1531-ANF 901 15 Uen G3 2014-06-16

14. Once you issued the request, the certificate will be moved to
"Issued Certificate"
1/1531-ANF 901 15 Uen G3 2014-06-16 41

15. Go back to main page of certificate server by http://local-

host/CertSrv and choose "View the status of a pending certificate
request"
16. Choose "Saved-Request …."
42 1/1531-ANF 901 15 Uen G3 2014-06-16

17. Choose "Download certificate"…
18. Save the certificate in some directory
Install the certficate

left.
1/1531-ANF 901 15 Uen G3 2014-06-16 43

3. Double-click on Server Certificates icon.
4. In the Actions column on the right side, click on Complete Certifi-

cate Request...
5. Click the browse button (…) and select the server certificate that
was received from the earlier steps.
6. Enter any friendly name in the Friendly Name text box using which,
can keep track of the certificate on this server.
44 1/1531-ANF 901 15 Uen G3 2014-06-16

7. Click OK.
8. If successful, you will see your newly installed certificate in the list.
If you receive an error stating that the request or private key cannot
be found, make sure you are using the correct certificate and that
you are installing it to the same server that you generated the CSR
on. If you are sure of those two things, you may just need to create
a new Certificate Request and reissue/replace the certificate.
Contact your certificate authority if you have problems with this.
1/1531-ANF 901 15 Uen G3 2014-06-16 45

Bind the Certificate to a website

left, expand the sites folder and click on the website (Default Web
Site) that is to be bind with the certificate.
3. Click on Bindings...option in the right column as shown in the below
picture.
4. Click on the Add... button.
5. Change the Type to https and then select the SSL certificate that
was just installed in the earlier steps.
46 1/1531-ANF 901 15 Uen G3 2014-06-16

6. Click OK.
7. Binding for port 443 will be listed.

8. Click Close button.
4.3.5 Manager Availability Package Installation

Note: Uninstall all installed Manager Availability packages in order to
proceed with the new installation.
4.3.5.1 Create a patrol user
Note: Ignore this step if the "patrol" user is already created.
1. Create a user called, "patrol" with any password.

Newly created "patrol" user should belong to Administrator group.
2. Click on the Start menu, Click on Control Panel, click on Adminis-
trative Tools, and click on Computer Management.
1/1531-ANF 901 15 Uen G3 2014-06-16 47

3. Click "Local Users and Groups" and expand the tree.

4. Right click on teh “Users” and select “New User” option.
5. Enter the values in the text boxes as
User name : "patrol"
Full name : "Patrol User"
Description:"Patrol user for MA"
Password: - anything
Note: Newly created "patrol" user should belong to Administrator group.
48 1/1531-ANF 901 15 Uen G3 2014-06-16

4.3.5.2 Manager Availability Package Installation steps
1. Copy the WebCentral folder from the CD Drive to any of the drives
(C-Drive Or D-Drive) in the local system. Example: C:\WebCentral
1/1531-ANF 901 15 Uen G3 2014-06-16 49

2. Go to the folder WebCentral and Click on setup.exe to proceed with

installation which gives the below picture.
50 1/1531-ANF 901 15 Uen G3 2014-06-16

3. Select the option "Complete" and click on Next as shown below.
4. Click on Install button to begin with Installation.
1/1531-ANF 901 15 Uen G3 2014-06-16 51

5. Progressing of the Installation is shown as below picture
6. Enter the RT Server IP address and Password for "patrol" User and
then click on OK.
52 1/1531-ANF 901 15 Uen G3 2014-06-16

7. Installation is completed successfully as shown below, Click Finish.
8. Open the command prompt and go to the folder "WebCentral" and

run the "install.bat" batch file.
Wait to proceed to the next step as it will take some time of around 8
minutes as all the WebCentral software will be installed.
There will be message of "Installation completed successfully" be
displayed on the command prompt to proceed with the next step .
9. Run the "RunPostInstall.exe" by double clicking the exe file from
"WebCentral" folder.
1/1531-ANF 901 15 Uen G3 2014-06-16 53

10. Run the "RemoveInstalled.exe" by double clicking the exe file from
"WebCentral" folder. This operation will remove the installation
files under the "C:\Program Files\AastraMA\BMC"
11. Instalation is comptleted.
4.3.5.3 Post Install Configuration
Windows 2003
1. Allow ISAPI and CGI Extensions if disabled.
2. Go to Web Service Extensions and allow All Unknown CGI Exten-
sions and All Unknown ISAPI Extensions.
Windows 2008
Add ISAPI and CGI Restrictions:
1. Open IIS manager.
2. Select server name in LHS tree.
3. In features view click on 'ISAPI and CGI Restrictions'
54 1/1531-ANF 901 15 Uen G3 2014-06-16

4. In RHS tree click on Add.

5. Enter the details for ISAPI or CGI restriction.
ISAPI or CGI path should be pointing to ISAPI_REDIRECT.dll in
\apache-tomcat\bin\ directory
Give the description as 'PATROLCentralWebEdition'. Similar to
name under default web site in LHS tee
6. Make sure the 'Allow extension path to execute' is selected (i.e
True)
1/1531-ANF 901 15 Uen G3 2014-06-16 55

Add ISAPI Filters for default web site

1. In LHS tree select 'Default Web Site'
2. In Features view double click on ISAPI filter.
3. In RHS pane click on Add

4. Enter the details for ISAPI filter.
56 1/1531-ANF 901 15 Uen G3 2014-06-16

Edit permissions for 'PATROLCentralWebSite'

1. Select 'PATROLCentralWebEdition' in LHS tree
2. Right click on it, select 'Edit Permissions'
3. Select Secutiy tab.
4. Make sure the 'Users' group is added and having permissions for
'Read & Execute, List folder contents, Read' permissions. If it not
then please add the group and give the permissions.
Checking 'Handler Mapping' Settings.
1. In IIS manager, select 'PATROLCentralWebEdition' in LHS tree
2. In features view double click on 'Handler Mappings'
3. Make sure the ISAPI-dll is listed and enabled for 'ISAPI Module'
4. If it's not there then please click on 'Add Module Mapping' in RHS
pane of IIS manager.
5. Enter the details for 'Module Mappings'
Request Path = *.dll
Module = IsapiModule
Executable(optional)='Point to ISAPI.dll in
'apache-tomacat\bin\isapi_redirect.dll
Name=ISAPI-dll
1/1531-ANF 901 15 Uen G3 2014-06-16 57

Request Restrictions should be as follows:
Figure 4: Mapping tab
58 1/1531-ANF 901 15 Uen G3 2014-06-16

Figure 5: Verbs tab
Figure 6: Access tab
1/1531-ANF 901 15 Uen G3 2014-06-16 59

Note: Make sure the ISAPI-dll is enabled.
Extra permission setting on Virtual directory and PCOWEB instal-

lation files
1. Grant WRITE permissions to IIS_IUSRS on Virtual directory
i.e.'inetpub\wwwroot'
2. Grant Read permissions to IIS_IUSERS on \apache-tomcat\bin\
directory
3. Grant Read, Execute permissions to IIS_IUSRS on isapi_redirect
dll. (ie. apache-tomcat\bin\win32\isapi_redirect.dll)
Setting for default page
1. Please copy <install-dir>\webcen-
tral\apache-tomcat\webapps\patrol\index.html to
<install-dir>\webcentral\apache-tomcat\bin\
2. In IIS manager select 'PATROLCentralWebEdition'
3. In features view double click on 'Default Document'
4. Click on 'Add' in Actions Pane.
5. Type the name as 'index.html' and then click on OK.
60 1/1531-ANF 901 15 Uen G3 2014-06-16

Once the above configurations are done launch the patrol webcentral by,
opening Internet explorer and, typing: http://localhost/patrol/
If prompted with the below screen and if JDK is not installed already then
by clicking the link "here" as show in the below screen shot it will install
the JDK that is needed to load the login screen.
1/1531-ANF 901 15 Uen G3 2014-06-16 61

Once the JDK is installed as suggested in the above screen, it will launch
the browser and prompt for the for user name and password as shown
below. Provide proper credentials of "patrol" user.
If the configuration is proper & supplied "patrol" user credentials are

correct, you will be redirected to below page:
62 1/1531-ANF 901 15 Uen G3 2014-06-16

4.4 Installing on a Messaging Server and other

servers
On this type of server, the following components are installed:
• PATROL for Windows Servers
• MX-ONE adaptations
Note: This description is valid for any Windows server, like a MX-ONE
Messaging Fax Mail server.
• Create a user, patrol
• Install PATROL Agent, KMs (including all patches), and the
MX-ONE adaptations for Windows servers
Installation procedure:
1. Create a user, patrol:
Log on as Administrator on the server.
Create a user, patrol, belonging to the Administrators group.
1/1531-ANF 901 15 Uen G3 2014-06-16 63

2. Install PATROL Agent, KMs, and MX-ONE Adaptations:

Uninstall if there is any previous installation. Delete the directory
named BMCSotware and Ericsson (if any) or AastraMA(if any).
Log off and log on as user patrol. Insert the distribution CD in the
CD-ROM drive.
3. Copy Windows Patrol Agent folder containing:
– ins_WINDOWS_7564.zip,
– VAB_WINDOWS_7810.zip,
– PIA_WINDOWS_9020.zip,
– PSX_ALL_4610.zip,
– Windows Patrol Agent.doc
from CD Drive to the drive (C-Drive or D-Drive) in the local system.
4. Go to the "Windows Patrol Agent" folder.
5. Extract ins_WINDOWS_7564.zip file to "Windows Patrol Agent"
folder and it will extract "bmc_products" folder into the same loca-
tion.
6. Extract VAB_WINDOWS_7810.zip to "Windows Patrol Agent"
folder.
7. Extract the below mentioned zip files in the same order to
"Windows Patrol Agent" folder.
– PIA_WINDOWS_9020.zip (Windows KM's).
– PSX_ALL_4610.zip
Note: All packages will be extracted to the same folder "bmc_products"
(Click Yes to All if prompted while extracting)
8. Go to bmc_products folder and run setup.exe and follow the
instructions on the screen
64 1/1531-ANF 901 15 Uen G3 2014-06-16

9. Enter the path as "C:\Program Files\BMC Software" and Click Next
10. Select the option "Install products on this computer now" and click
Next
1/1531-ANF 901 15 Uen G3 2014-06-16 65

11. Select the option "Custom" and click Next
12. Select the option "Managed System" and click Next
66 1/1531-ANF 901 15 Uen G3 2014-06-16

13. Select all check boxes and Click Next
14. Enter the BMC Products Installation Directory path as "C:\Program

Files\BMC Software"
15. Enter the PATROL 3.x Product Directory as "Patrol3" and Click
Next.
1/1531-ANF 901 15 Uen G3 2014-06-16 67

16. Enter the PATROL Default Account Login Name as "patrol" and
password as created for the patrol user and Click Next
17. Select the Security option as "Advanced security options" and click
Next
68 1/1531-ANF 901 15 Uen G3 2014-06-16

18. Select Advanced Level of Security as "Level 2" and click Next
19. Enter the PATROL Agent Port Number as "3181" and click Next
1/1531-ANF 901 15 Uen G3 2014-06-16 69

20. Select the option as "No" for the Use Fully Qualified Domain Name
(FQDN) for monitored device and click Next
21. Enter the values as mentioned below in the screen shot and click
Next
70 1/1531-ANF 901 15 Uen G3 2014-06-16

22. Enter RT Server IP address and click Next
23. Select option "Automatically add the Selected Component(s) to the

Firewall Exception list and click Next
1/1531-ANF 901 15 Uen G3 2014-06-16 71

24. Click the button "Start Install"
25. Progress of the installation is shown as below and once it is 100%

then installation is completed
72 1/1531-ANF 901 15 Uen G3 2014-06-16

Below screen represents the Installation Results.
1/1531-ANF 901 15 Uen G3 2014-06-16 73

Once the above screen is visible, installation of Windows Patrol Agent is

completed.
Login to the Web Central Edition and try to access the Windows patrol
Agent.
74 1/1531-ANF 901 15 Uen G3 2014-06-16

ACTIONS AFTER THE INSTALLATION
5 Actions After the Installation
5.1 Running the PATROL Central Operator - Web

Edition
5.1.1 Patrol Central Web Edition

During installation inside services.msc Patrol Central Web Edition
startup type is set to manual. After successful installation the status of
Patrol Central Web Edition should be changed from manual to automatic
by the user.
5.1.2 Running the Web GUI (PATROL Central Operator – Web

Edition)
The Web GUI towards PATROL Central Operator is run via a Web
browser (Internet Explorer or Netscape). More details may be found in
“PATROL Central Operator – Web Edition Getting Started”. The GUI is
launched from the Web browser via a link http://ip-address/patrol where
ip-address is the IP address where PATROL Console Server is installed.
You may login as the default patrol user patrol but this should be avoided
for security reasons. You should instead define additional users and
management profiles to differentiate between users and rights. When
PATROL Common Services are installed a set of Windows user security
groups are created: patwatch, patop, patpop, patadm, and patscadm.
The example below describes a simple way to get started with three
PATROL users: mypatadm (for administration), mypatpop (power oper-
ator for monitoring), and mypatwatch (just watch). Also create a user
mybridge (of group patpop) in case the SNMP Bridge is used. No extra
management profile is required for this user.
Example: Create a Windows user mypatadm (via e.g. Active Directory
Users and Computers) and let it belong to group patscadm and patadm.
Also create a user mypatpop and let it belong to group patpop. Also
create a user mypatwatch and let it belong to group patwatch.
Log on to PATROL Central as user mypatadm . You must now (for more
information see PATROL Central Operator – Web Edition Getting
Started or online help):
1. Create a management profile.
2. Add the servers to the profile.
1/1531-ANF 901 15 Uen G3 2014-06-16 75

3. You may have different passwords for the user patrol on the
managed servers and your login user is not the default user patrol.
This means that you have to create Alias and Impersonation Rules.
This is done under Administration/Impersonation. Create an Alias
for each password of user patrol. Create a rule for each server or
use wildcards to reduce the number of impersonation rules. Use *
(i.e. any) for “When the user named”. Use the name of the server
as displayed in the tree view of PATROL_Main_Map. Use the Alias
corresponding to the password.
4. Load KMs for each server. This is done by loading (Note: kml – that
is, KM list):
For Telephony server: ERILinux.kml
For Windows server: ERIWIN.kml SNMP_Brigde.km (only if the SNMP
Bridge is installed on the server)
Create also a management profile to be used by the user mypatwatch
because this user is not allowed to create a profile. Execute steps 1, 2,
and 4 described above (or create a copy of the current profile with a new
name). The user mypatwatch must have the right to use the new profile.
This is done from the tabs Administration and Rights . Select under
Management Profiles the proper profile and Allow or deny rights and
Allow descendants .... Add group patwatch, allow Read and deny
Write .
Log off and log on to PATROL Central as user mypatop . Execute steps
1, 2, and 4 described above.
The next time you log on, you have to load the proper management
profile but for the following logons the management profile is loaded
automatically, holding information on servers and KMs.
5.1.3 Version of Manager Availability

The InfoBox command of the KMs EETS, MESSAGING, FAX, etc.,
displays the Manager Availability version and date within brackets ().
5.1.4 On Telephony Server

From PATROL Central Operator connect to the Telephony Server.
Verify that the EETS KM, TREND and the following expected PATROL
KMs are visible in the tree view:
• DISK
• FILESYSTEM
• NETWORK
• DCM
76 1/1531-ANF 901 15 Uen G3 2014-06-16

ACTIONS AFTER THE INSTALLATION
• CPU
• HISTORY_Propagator
• MEMORY
• PATROLAGENT
• PROCESS
• USERS
If NETWORK is missing, it can be activated from UNIX OS -> KM
Commands -> KM Admin -> NETWORK Application -> Activate
Monitoring
Specify the password of the user patrol from (right mouse button) EETS
-> KM Commands -> Admin -> Specify Password . If the password is
not specified, alarms from Telephony Server are not sent to PATROL. It
can take some minutes for the alarm handling function to start after the
password is specified.
Verify that the alarms from the Telephony Server are visible in the Event
Manager window (EETS -> Event Manager using right mouse button).
Initiate Traffic Recording for IP traffic (IPXBRD), or voice extensions
(EXTENS), TRUNKS, and ROUTES of interest from EETS -> KM
Commands -> Traffic Recording -> Start Traffic Recording .
5.1.5 On Windows Server

From PATROL Central Operator connect to the Windows Server. Verify
that one or more application icons (MESSAGING, FAX), and the
following expected PATROL KMs are visible in the tree view:
• Agent Health (PATROL_NT)
• HISTORY_Propagator
• Logical Disks (NT_LOGICAL_DISKS)
• Memory (NT_MEMORY)
• Performance Monitor Wizard (NT_PERFMON_WIZARD)
• Physical Disks (NT_PHYSICAL_DISKS)
• Processors (NT_CPU)
• System (NT_SYSTEM)
• Windows Events (NT_EVENTLOG)
Which application icons are visible depend on which telephony applica-
tions are installed on the server.
1/1531-ANF 901 15 Uen G3 2014-06-16 77

5.1.6 Multi-LIM System

More than one multi-LIM MX-ONE System can be managed from
Manager Availability. MX-ONE servers belonging to a multi-LIM system
can be indicated in the tree view of PATROL Central Operator in the
following way:
• Create a folder with a proper name
• Drag and drop the MX-ONE servers belonging to the multi-LIM
system to this folder.
5.2 PATROL Licenses

A 30-day temporary trial license is installed on each server. This license
must be updated with a permanent user license within 30 days, other-
wise PATROL will stop running after a restart.
The permanent license must be copied to the following files:
Linux (Telephony Server)

$PATROL_HOME/lib/license (that is, normally
/home/patrol/bmc/Patrol3/lib/license)
Windows
%PATROL_HOME%\lib\license
The new license will be used at the next restart of the PATROL Agent.
78 1/1531-ANF 901 15 Uen G3 2014-06-16

REINSTALLING MANAGER AVAILABILITY
6 Reinstalling Manager Availability
Reinstalling Manager Availability on a server means that you first unin-

stall and then install Manager Availability.
1/1531-ANF 901 15 Uen G3 2014-06-16 79

7 Upgrading Manager Availability
7.1 Windows Server

Uninstall the old version of Manager Availability before installing the new
version of Manager Availability. Install the new version of Manager Avail-
ability, do a normal installation (see Installation of Manager Availability).
7.2 Telephony Server

Before installing at the Telephony Server login on the Telephony Server
and stop the PATROL Agent by typing /etc/init.d/BMCPatrol stop. Unin-
stall earlier installation and manually delete all under /home/patrol/.
Also manually delete the application /etc/init.d/BMCPatrol. After that do
a normal installation (see Installation on Telephony Server).
80 1/1531-ANF 901 15 Uen G3 2014-06-16

UNINSTALLING MANAGER AVAILABILITY
8 Uninstalling Manager Availability
Uninstalling Manager Availability must be done locally on each server.
8.1 Uninstalling on a Telephony Server

1. Log on as patrol on the Telephony Server. Stop the PATROL
Agent by typing
/etc/init.d/BMCPatrol stop
2. Uninstalling PATROL Agent and KMs
Start the uninstallation by starting the uninstall.sh script from the
Uninstall directory. Normally this is done by typing:
/home/patrol/bmc/Uninstall/uninstall.sh
Note: The uninstallation runs from a Web browser. It is possible to run
through an external Web browser.
Follow the instructions. Check that Installation Directory is
/home/patrol/bmc . All PATROL products are to be uninstalled.
3. Log on as root on the Telephony Server.
Uninstall the Patrol Agent as a system service by typing
/sbin/chkconfig –d BMCPatrol
rm /etc/init.d/BMCPatrol
4. Remove installation directory by typing:
cd /home/patrol
rm -rf bmc
Note: Removing the installation directory will also remove history data.
8.2 Uninstalling on a Windows Server

Log on as patrol . From Settings -> Control Panel -> Add/Remove
Programs select BMC Software Tools and Change/Remove . Select
the products to remove from the Installation Utility.
1/1531-ANF 901 15 Uen G3 2014-06-16 81

9 Deployment
PATROL Console Server and RTserver, Getting Started describes

deployment related things, for example, how to use PATROL in an envi-
ronment with firewalls.
A separate Windows server to hold PATROL Common Services may be
needed, 1 Using a Dedicated Management Server on page 14 . The
network topology may also require that more than one RTserver compo-
nent have to be installed.
9.1 More than one RTserver

In large networks, for performance or redundancy reasons, you can
have one Console Server supporting more than one RTserver. One
RTserver as such supports a rather large number of Managed Systems
(around 300 assuming that the RTserver is running alone on the server).
For redundancy reasons, you can set each Managed System (MX-ONE
server) with two RTservers. If the Managed System cannot connect to
the first RTserver, it will try to connect to the next one.
82 1/1531-ANF 901 15 Uen G3 2014-06-16

DEPLOYMENT
9.2 Behind Firewalls
Figure 7: A large installation

If the Console Server and all Managed Systems are inside the firewall
and just the Web browser is outside there is normally no problem. But if
there are firewalls between the PATROL components the firewalls must
be configured to accept the PATROL traffic. To have a simple setup
“PATROL Console Server and RTserver. Getting Started” recommends
(for a larger network) putting one RTserver on each side of the firewall
(see Fig 3). There is one central RTserver. The other RTservers points
to the central RTserver forming an RTcloud. The TCP port 2059 must be
open for the RTserver in the firewalls. The RT clients (Managed Systems
and Console Server) should always connect to the RTserver inside of
their firewall.
The distribution CD only supports installation of the RTserver compo-
nent on a Windows 2003 server.
1/1531-ANF 901 15 Uen G3 2014-06-16 83

10 Integrating with a Management

Framework
10.1 Overview
Figure 8: SNMP Bridge Overview

The SNMP Bridge facility makes Manager Availability prepared for inte-
gration into management frameworks. SNMP Integration means that
SNMP traps are sent to the SNMP Manager of the management frame-
work. SNMP Integration does not require the SNMP agent on the
MX-ONE server to be active. PATROL components do the work. The
traps sent are described in an MX-ONE specific Manager Availability
MIB.
The SNMP Bridge consists of two main components:
• The SNMP Bridge KM
• PATROL Web Service
It is assumed that these components are already installed on the server
holding PATROL Common Services, for a description 4 Installing
Manager Availability on page 5 . The components are installed by
selecting the SNMP Bridge feature at installation time.
To have the SNMP Bridge up and running, you must do the following:
84 1/1531-ANF 901 15 Uen G3 2014-06-16

INTEGRATING WITH A MANAGEMENT FRAMEWORK
• Set up the SNMP Manager

• Configure and activate the SNMP Bridge on the server holding the
SNMP Bridge
10.2 Setting Up SNMP Manager - HP OpenView

NNM
The following instruction is valid for HP OpenView NNM but can be
applied to any SNMP Manager.
When the setup is completed, a new Alarm Category Manager Avail-
ability Alarms is added to the Alarms Browser of NNM. To view the
Manager Availability Alarms (Telephony Server alarms and so on), press
the Manager Availability Alarms button in the Alarm Categories
window.
If more information is needed (for troubleshooting), the PATROL Central
Web GUI can be launched from the same desktop as running the OV
NNM GUI.
Perform the following steps:
1. Import the Manager Availability MIB
The Manager Availability MIB is located on the top directory of the
distribution CD. Import the file into OV NNM through Options ->
Load/Unload MIBs:SNMP . Select Load and browse the MIB file.
On the Load TRAP-TYPE/NOTIFICATION-TYPE macro? ques-
tion select OK .
2. Add Alarm Category "Manager Availability Alarms"
This is done through Options -> Event Configuration . Select Edit
-> Alarm Categories… . Add category Manager Availability
Alarms .
3. Configure the Manager Availability events
This is done through Options -> Event Configuration . Select
ManagerAvailability under Enterprises . Double-click on each
Manager Availability trap (in Events for Enterprise ManagerA-
vailability ) and under the Event Message tab define the
following:
1/1531-ANF 901 15 Uen G3 2014-06-16 85

Table 1 Event Message Definitions
Log and
Manager Availability display in
Trap/Event category Severity Event log message
maSNMPBridgeStart Manager Normal SNMPBridgeStart: $1
Availability
Alarms
maSNMPBridgeStop Manager Warning SNMPBridgeStop: $1
Availability
Alarms
maSNMPBridgeError Manager Major SNMPBridgeError: $1
Availability
Alarms
maSNMPBridgeHeart Manager Normal SNMPBridgeHeartBeat: $1
Beat Availability
Alarms
maPATROLInfo Manager Normal PATROLInfo: $3 $4 $2 $1
Availability
Alarms
maPATROLWarning Manager Warning PATROLWarning: $3 $4 $2 $1
Availability
Alarms
maPATROLAlarm Manager Major PATROLAlarm: $3 $4 $2 $1
Availability
Alarms
Example of a message in the Alarms Browser of NNM:

... PATROLWarning: WBM1 26161 CPU.CPU.CPUCpuUtil Alarm #1
of ...
where
WBM1
Server where the event occurred.
26161
PATROL event ID. The server name and event ID can be used to
locate the event in PATROL Event Manager.
CPU.CPU ....
Event origin. PATROL object that created the event.
Alarm #1 ...
Event description.
86 1/1531-ANF 901 15 Uen G3 2014-06-16

INTEGRATING WITH A MANAGEMENT FRAMEWORK
10.3 Configure and Activate SNMP Bridge

The SNMP Bridge must be configured and activated on the MX-ONE
server holding the SNMP Bridge. This is done from the Manager Avail-
ability Web GUI .
Configure SNMP Bridge
The configuration is done through a KM command SNMP_Bridge -> KM
Commands -> Configure . Do the following in the SNMP Bridge
Configuration dialog:
1. Enter IP address or name of the SNMP Manager.
2. Modify Trap Port or Trap Community if needed. (Trap Port is by
default 162, Trap Community is by default "public").
3. Select whether to use local IP address as Agent address or not
(normally used). If local IP address is used, the IP address of the
server where the SNMP Bridge is running is always used as the
agent address in the trap PDU. If local IP address is not used, the
IP address of the MX-ONE server sending the PATROL event is
used as the Agent address in the trap PDU. Requires that the
MX-ONE server is defined in DNS.
4. Set Period of heartbeat traps (In seconds). 0 means no heart-
beat. Use 0 (no heartbeat traps), unless there is a mechanism
defined in the management framework handling the heartbeat
traps. A possible mechanism (defined as a trap action for the heart-
beat trap) could be to let the heartbeat trap first remove a sched-
uled framework job, and then schedule a framework job within 5
minutes (depends on the heartbeat period) creating a trap SNMP
Bridge is down .
5. Enter PATROL_CSERVER_host as PATROL Console Server Id
, where host is the host name of the server where the PATROL
Console Server is installed. (Normally this is the server running the
SNMP Bridge).
6. Modify PATROL Web Service URL to https://1.2.3.4:3030/pcen-
tral , where 1.2.3.4 is the IP address where the PATROL Web
Service is installed. (Normally this is the server running the SNMP
Bridge).
7. Enter the name of the management profile to be used. See Running
the Web GUI. The management profile tells what MX-ONE servers
to catch events from. The SNMP Bridge can reuse (share) the
management profile of a PATROL Central user.
8. Enter SNMP_Bridge as the event filter of PATROL Central Web
Edition. The event filter tells what PATROL events to catch.
1/1531-ANF 901 15 Uen G3 2014-06-16 87

9. Enter User name and Password for the user defined for SNMP
Bridge.
Activate SNMP Bridge
SNMP Bridge is activated through a KM command SNMP_Bridge -> KM
Commands -> Start . Verify that the SNMP Bridge is started and
running (indicated by the Status parameter of the SNMP Bridge). Check
the System Output window for any error messages.
Verify that the SNMP traps are visible on the alarm console of the
management framework (SNMP Bridge start etc.).
Update the management profile
If the SNMP Bridge is going to pick up the events from an additional
MX-ONE server, the management profile used by the SNMP Bridge
must be updated. Normally the SNMP Bridge and PATROL Central user
share a management profile.
Updating the management profile can be done in the following way (it is
assumed that the user sharing the profile, runs PATROL Central):
1. Update the management profile through Add Managed System .
2. Stop the SNMP Bridge using the Stop KM command.
3. Open the System Output window and wait for the messages Exit
from event listener and Stopping heartbeat SNMP traps (if
heartbeat is used).
4. Log off and log on again to PATROL Central.
5. Start the SNMP Bridge using the Start KM command.
88 1/1531-ANF 901 15 Uen G3 2014-06-16

VIEWING IMPORTANT EVENTS FOR ALL SERVERS
11 Viewing Important Events for All

Servers
To view important events for all servers (the same events as the SNMP
Bridge will receive), select Event Manager in the menu bar. Select filter
SNMP_Bridge and select Execute Filter . A popup window appears
displaying important events from all servers.
1/1531-ANF 901 15 Uen G3 2014-06-16 89

12 SNMP Access via PATROL
12.1 Introduction
By activating the SNMP interface of the PATROL Agent it is possible to
access PATROL parameters on the Telephony Server via SNMP: For
example parameters for Traffic Recording.
The SNMP interface of PATROL is not by default activated in Manager
Availability. This instruction describes one way to set up this interface.
(There can be a lot of variations.)
HP OpenView NNM is used as an example on how to set up an SNMP
Manager.
When using the SNMP interface it is recommended to install and use the
central part of Manager Availability (PATROL Central, the Web GUI) but
not the SNMP Bridge. In this way there is a complete GUI for trouble
shooting, online help et cetera.
The configured solution is described in on page 91fig 6. With this setup
(it is assumed that the default setup of Net-SNMP is not modified):
• All SNMP traps are sent by the PATROL SNMP subagent as
PATROL traps (described in the PATROL MIB).
• SNMP traps are sent for PATROL events corresponding to TS
alarms (active, op_cleared, sys_cleared) and for all PATROL
parameters with threshold values (threshold exceeded, alarm
condition on threshold is gone).
• The Net-SNMP agent handles the requests for all MIBs except the
PATROL MIB.
• PATROL SNMP subagent handles the requests for the PATROL
MIB.
• PATROL SNMP subagent supports SNMP v1.
90 1/1531-ANF 901 15 Uen G3 2014-06-16

SNMP ACCESS VIA PATROL
SNMP
Manager
Telephony Server (SLES)
SNMP get (port 161)
SNMP traps (port 162)

Net-SNMP MIB-2 and other
Master Agent
SMUX (TCP port 199)
PATROL Agent
------------------- Only PATROL
PATROL SNMP MIB
Subagent
M0000248A
Figure 9: PATROL SNMP Overview
12.2 Properties of PATROL SNMP

The SNMP interface of PATROL is described in “PATROL Agent Refer-
ence Manual” (see the user guide for PATROL AGENT - REFERENCE
MANUAL). The PATROL agent on SLES works as a SMUX SNMP
subagent under the master agent Net-SNMP. The PATROL parameters
are possible to access via SNMP.
The SNMP objects of PATROL are described with the PATROL MIB.
The PATROL MIB may be found on SLES in $PATROL_HOME/lib.
The SNMP interface to the PATROL objects is partly dynamic, that is,
the object identifier (OID) may vary between PATROL agent restarts.
This means that more than one SNMP request is required to get a value.
This way of access may not be useful for SNMP data collection, MIB
applications et cetera.
For SNMP data collector and similar functions, the SNMP objects may
have to be accessed the “name space” way (it is static).
1/1531-ANF 901 15 Uen G3 2014-06-16 91

12.3 Setup of Telephony Server

The SNMP interface of PATROL is activated via configuration of
Net-SNMP and the PATROL Agent.
1. First the configuration of Net-SNMP has to be modified. Run as
root. Edit snmpd.conf according to the directions in Alex. Add
the line
smuxpeer .1.3.6.1.4.1.1031.1.1
Run /etc/init.d/snmpd reload to make Net-SNMP read the
configuration file.
2. Then the configuration of the PATROL Agent has to be modified.
Run as patrol.
cd /home/patrol/bmc/Patrol3 . ./patrolrc.sh(sets up
the environment)
Then create a file, for example, myconf with the following contents
(replace 1.2.3.4 with the IP address of the SNMP Manager):
PATROL_CONFIG "/snmp/masteragent_auto_start" = {
REPLACE = "no" }, "/snmp/piV1m_list" = { REPLACE
= "1.2.3.4/162/public" }, "/snmp/support" = {
REPLACE = "yes" }, "/snmp/trapConfTable" = {
REPLACE = "no" }, "/snmp/trapMibTable" = { REPLACE
= "yes" }, "/snmp/trap_port" = { REPLACE = "162" }
Then run pconfig –p 1500 myconf (modifies the configuration
of the PATROL Agent) and /etc/init.d/BMCPatrol restart
to restart the PATROL agent.
Net-SNMP has to be started before the PATROL Agent starts so
the PATROL SNMP Subagent can connect to the Master Agent
(Net-SNMP) via SMUX. This is normally no problem but if
Net-SNMP is stopped and started manually the PATROL SNMP
Subagent must be forced to reconnect. One way to do this is to
restart the PATROL Agent by /etc/init.d/BMCPatrol
restart.
12.4 Setup of SNMP Manager (HP OV NNM)

The PATROL MIB has to be imported into NNM and the traps has to be
configured as events. Following steps have to be done:
1. Import the PATROL MIB
92 1/1531-ANF 901 15 Uen G3 2014-06-16

The PATROL MIB may be found on SLES in $PATROL_HOME/lib.

The file should be imported into OV NNM via
“Options->Load/Unload MIBs: SNMP”. Select “Load” and browse
to the MIB file.
On the “Load TRAP-TYPE/NOTIFICATION-TYPE macro?” ques-
tion select “OK”.
2. Add Alarm Category “Manager Availability Alarms”
This is done via “Options->Event Configuration”. Select
“Edit->Alarm Categories…”. Add category “Manager Availability
Alarms”.
3. Configure the Manager Availability events
This is done via “Options->Event Configuration”. Select “patrol-
Traps” under “Enterprises”. Double-click on each PATROL trap (in
Events for Enterprise patrolTraps
) and under the
Event Message
tab define the following:
Configure the Log and display in Severity Event log message

Manager category
Availability
eventsTrap/Eve
nt
patrolInformatio Manager Availability Normal PATROLInfo: $1 $2 $3
n Alarms
patrolWarning Manager Availability Warning PATROLWarning: $1 $2
Alarms $3
patrolAlarm Manager Availability Major PATROLAlarm: $1 $2
Alarms $3
12.5 Accessing PATROL parameters from an

SNMP Manager
When the PATROL Agent is restarted it takes a couple of minutes before
the PATROL parameters are possible to access.
When setting up data collection or similar in NNM it is very important to
differ between the instance part and the rest of the OID.
There are two ways to access the PATROL parameters:
1/1531-ANF 901 15 Uen G3 2014-06-16 93

• The dynamic way – the OID for a parameter value may vary
between PATROL Agent restarts
• The static way via the name space – here the OID always is the
same.
12.5.1 The Dynamic Way

Here you have to work your way down (for example, using the MIB
Browser) to the parameter level.
Table 2 Example: Access PATROL parameter /CPU/CPU/CPUCpuUtil
Table Find Gives (example)

applicationsTable applicationName = CPU 15
appllnstTable appllnstName = CPU 15.870
parametersTable parameterName = CPUCpuUtil 15.870.874
parameterIntValue.15.870.874 8
12.5.2 The Static Way

Here most PATROL SNMP objects are returned as STRING when it
actually should be a binary (INTEGER, GAUGE, or COUNTER). This
may be a problem for manager functions like graphing and data collec-
tion. A data conversion may be needed.
The instance part of the OID is created as <#chars><ASCII repre-
sentation of path to PATROL parameter>. There is a tool
SNMP_conv for creating the ASCII string and also some documentation
available on http://devcon.bmc.com/ under the topic “Accessing Patrol
MIB”. The tool SNMP_conv may be called from scripts or manually +
copy and paste when using the GUI of OV NNM to set up e.g. a data
collection.
Example: Access PATROL parameter /CPU/CPU/CPUCpuUtil.
Running snmp_conv /CPU/CPU/CPUCpuUtil/value returns
.1.3.6.1.4.1.1031.1.1.1.5.1.4.25.47.67.80.85.47.67.8
0.85.47.67.80.85.67.112.117.85.116.105.108.47.118.97
.108.117.101
This string may be used by snmpget.
.1.3.6.1.4.1.1031.1.1.1.5.1.4 is the OID (to vari-
ablesTable.variablesEntry.variablesValue) and
.25.47.67.80.85.47.67.
94 1/1531-ANF 901 15 Uen G3 2014-06-16

80.85.47.67.80.85.67.112.117.85.116.105.108.47.
118.97.108.117.101 is the instance.
These strings may be used when setting up a SNMP data collection in
the GUI of OV NNM.
Because the OID is the same (only the instance is different) for all
PATROL parameters all data collections are stored under the same label
in OV NNM.
1/1531-ANF 901 15 Uen G3 2014-06-16 95

Installing Manager Availability: Installation Instruction

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Installing Manager Availability: Installation Instruction

Uploaded by

Copyright:

Available Formats

INSTALLATION

Installing Manager Availability

2 1/1531-ANF 901 15 Uen G3 2014-06-16

This document describes the installation of Manager Availability.

2.1 Preparation for the installation

1/1531-ANF 901 15 Uen G3 2014-06-16 3

• Know the IP addresses (or names) of the servers.

2.2 Security Level 2

Manager Availability is delivered on one Distribution CD that contains:

4 1/1531-ANF 901 15 Uen G3 2014-06-16

4 Installing Manager Availability

Note: When installing Manager Availability on a Windows server, close

4.1 Using a Management Server or not

4.2 Linux Linux Patrol Agent

1/1531-ANF 901 15 Uen G3 2014-06-16 5

The installation consists of two major parts:

4.2.1 Installing Linux Patrol Agent

1. Create a user, patrol:

6 1/1531-ANF 901 15 Uen G3 2014-06-16

5. Follow the below screens

1/1531-ANF 901 15 Uen G3 2014-06-16 7

6. Enter RTServer IP address and click OK

7. Click Skip if you do not have a second RTServer IP address

8 1/1531-ANF 901 15 Uen G3 2014-06-16

1/1531-ANF 901 15 Uen G3 2014-06-16 9

9. After successful installation, check for PatrolAgent service in

10 1/1531-ANF 901 15 Uen G3 2014-06-16

4.2.2 Running PatrolAgent service manually

Execute the below 4 steps with root privileges:

1/1531-ANF 901 15 Uen G3 2014-06-16 11

4.2.3 Modifying/Reloading RT Server IP address

1. Go to BMC_ROOT/Patrol3/ directory and Execute below command

12 1/1531-ANF 901 15 Uen G3 2014-06-16

3. Save and exit the file by following the below commands

1/1531-ANF 901 15 Uen G3 2014-06-16 13

4.3 Installing on a Dedicated Management

Figure 1: Using a Dedicated Management Server

14 1/1531-ANF 901 15 Uen G3 2014-06-16

The recommendation is to install the certificate before installing

Figure 2: Configuration Dialog on Windows

1. Create a user, patrol

4.3.1 Supported Operating Systems

1/1531-ANF 901 15 Uen G3 2014-06-16 15

4.3.2 IIS installation

4.3.2.1 Windows 2003 Server

1. Install IIS 6(Application Server) from Add/remove Programs

Figure 3: Sample screenshot to insrll IIS with required components.

16 1/1531-ANF 901 15 Uen G3 2014-06-16

4.3.2.2 Windows 2008 Server

Install required component as shown below.

4.3.3 Certificate Server Installation

4.3.3.1 Windows 2003

1. Install Certificate services from Add/remove Programs

1/1531-ANF 901 15 Uen G3 2014-06-16 17

2. Select “Certificate Services” and Click on Details to choose other

Sample screen shot to install IIS with the required components

4.3.3.2 Windows 2008

Install Certificate Server as shown below.

Sample screen shots

18 1/1531-ANF 901 15 Uen G3 2014-06-16

Sample screen shots

4.3.4 Installation of self signed Certificates

4.3.4.1 Windows 2003