Netcool Security Manager Installation Guide 1.3 - e IBM Tivoli ...
Netcool Security Manager Installation Guide 1.3 - e IBM Tivoli ...
Netcool Security Manager Installation Guide 1.3 - e IBM Tivoli ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
frontmatter.fm May 17, 2006<br />
<strong>Netcool</strong>® <strong>Security</strong> <strong>Manager</strong><br />
<strong>1.3</strong><br />
<strong>Installation</strong> <strong>Guide</strong>
© 2007 Micromuse Inc., Micromuse Ltd.<br />
All rights reserved. No part of this work may be reproduced in any form or by any<br />
person without prior written permission of the copyright owner. This document is<br />
proprietary and confidential to Micromuse, and is subject to a confidentiality<br />
agreement, as well as applicable common and statutory law.<br />
Micromuse Disclaimer of Warranty and Statement of Limited Liability<br />
Micromuse provides this document "as is", without warranty of any kind, either<br />
express or implied, including, but not limited to, the implied warranties of<br />
merchantability, fitness for a particular purpose or non-infringement. This<br />
document may contain technical inaccuracies or typographical errors. Micromuse<br />
may make improvements and changes to the programs described in this document<br />
or this document at any time without notice. Micromuse assumes no responsibility<br />
for the use of the programs or this document except as expressly set forth in the<br />
applicable Micromuse agreement(s) and subject to terms and conditions set forth<br />
therein. Micromuse does not warrant that the functions contained in the programs<br />
will meet your requirements, or that the operation of the programs will be<br />
uninterrupted or error-free. Micromuse shall not be liable for any indirect,<br />
consequential or incidental damages arising out of the use or the ability to use the<br />
programs or this document.<br />
Micromuse specifically disclaims any express or implied warranty of fitness for high<br />
risk activities.<br />
Micromuse programs and this document are not certified for fault tolerance, and<br />
are not designed, manufactured or intended for use or resale as on-line control<br />
equipment in hazardous environments requiring fail-safe performance, such as in<br />
the operation of nuclear facilities, aircraft navigation or communication systems,<br />
air traffic control, direct life support machines, or weapons systems ("High Risk<br />
Activities") in which the failure of programs could lead directly to death, personal<br />
injury, or severe physical or environmental damage.<br />
Compliance with Applicable Laws; Export Control Laws<br />
Use of Micromuse programs and documents is governed by all applicable federal,<br />
state and local laws. All information therein is subject to U.S. export control laws<br />
and may also be subject to the laws of the country where you reside.<br />
All Micromuse programs and documents are commercial in nature. Use,<br />
duplication or disclosure by the United States Government is subject to the<br />
restrictions set forth in DFARS 252.227-7015 and FAR 52.227-19.<br />
Trademarks and Acknowledgements<br />
Micromuse and <strong>Netcool</strong> are registered trademarks of Micromuse.<br />
Other Micromuse trademarks include but are not limited to: <strong>Netcool</strong>/OMNIbus,<br />
<strong>Netcool</strong>/OMNIbus for Voice Networks, <strong>Netcool</strong>/Reporter, <strong>Netcool</strong>/Internet<br />
Service Monitors, <strong>Netcool</strong>/ISM, <strong>Netcool</strong>/ISM Global Perspective, <strong>Netcool</strong>/NT<br />
Service Monitors, <strong>Netcool</strong>/Wireless Service Monitors, <strong>Netcool</strong>/WSM,<br />
<strong>Netcool</strong>/Usage Service Monitors, <strong>Netcool</strong>/USM, <strong>Netcool</strong>/Telco Service<br />
Monitors, <strong>Netcool</strong>/TSM, <strong>Netcool</strong>/Fusion, <strong>Netcool</strong>/Data Center Monitors,<br />
<strong>Netcool</strong> DCM, <strong>Netcool</strong>/Impact, <strong>Netcool</strong>/Visionary, <strong>Netcool</strong>/Precision, <strong>Netcool</strong><br />
Probes & Monitors, <strong>Netcool</strong> Desktops, <strong>Netcool</strong> Gateways, <strong>Netcool</strong> Impact/Data<br />
Source Adaptors, <strong>Netcool</strong> EventList, <strong>Netcool</strong> Map, <strong>Netcool</strong> Virtual Operator,<br />
<strong>Netcool</strong>/Precision for IP Networks, <strong>Netcool</strong>/Precision for Transmission<br />
Networks, <strong>Netcool</strong>/Firewall, <strong>Netcool</strong>/Wave, <strong>Netcool</strong>/Webtop, <strong>Netcool</strong> TopoViz,<br />
<strong>Netcool</strong>/SM Operations, <strong>Netcool</strong>/SM Configuration, <strong>Netcool</strong>/OpCenter,<br />
<strong>Netcool</strong>/System Service Monitors, <strong>Netcool</strong>/SSM, <strong>Netcool</strong>/Application Service<br />
Monitors, <strong>Netcool</strong>/ASM, <strong>Netcool</strong>/ISM WAM, <strong>Netcool</strong>/SM Reporter, <strong>Netcool</strong><br />
for Asset Management, <strong>Netcool</strong>/Realtime Active Dashboards,<br />
<strong>Netcool</strong>/Dashboards, <strong>Netcool</strong>/RAD, <strong>Netcool</strong> for Voice over IP, <strong>Netcool</strong> for<br />
<strong>Security</strong> Management, <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, <strong>Netcool</strong>/Portal 2.0 Premium<br />
Edition, <strong>Netcool</strong> ObjectServer, <strong>Netcool</strong>/RAD, <strong>Netcool</strong> GUI Foundation,<br />
<strong>Netcool</strong> Installer, <strong>Netcool</strong> Licensing, <strong>Netcool</strong>/Software Developers Kit, NGF,<br />
Micromuse Alliance Program, Micromuse Channel Partner, Authorized <strong>Netcool</strong><br />
Reseller, <strong>Netcool</strong> Ready, <strong>Netcool</strong> Solutions, <strong>Netcool</strong> Certified, <strong>Netcool</strong> Certified<br />
Consultant, <strong>Netcool</strong> Certified Trainer, <strong>Netcool</strong> CCAI Methodology, Micromuse<br />
University, Microcorrelation, Acronym, Micromuse Design, Integration Module<br />
for <strong>Netcool</strong>, The <strong>Netcool</strong> Company, VISIONETCOOL, Network Slice.<br />
Micromuse acknowledges the use of I/O Concepts Inc. X-Direct 3270 terminal<br />
emulators and hardware components and documentation in <strong>Netcool</strong>/Fusion.<br />
X-Direct ©1989-1999 I/O Concepts Inc. X-Direct and Win-Direct are<br />
trademarks of I/O Concepts Inc.<br />
<strong>Netcool</strong>/Fusion contains <strong>IBM</strong> Runtime Environment for AIX®, Java<br />
Technology Edition Runtime Modules © Copyright <strong>IBM</strong> Corporation 1999. All<br />
rights reserved.<br />
<strong>Netcool</strong>/Precision IP includes software developed by the University of California,<br />
Berkeley and its contributors.<br />
Micromuse acknowledges the use of MySQL in <strong>Netcool</strong>/Precision for IP<br />
Networks. Copyright © 1995, 1996 TcX AB & Monty Program KB & Detron<br />
HB Stockholm SWEDEN, Helsingfors FINLAND and Uppsala SWEDEN. All<br />
rights reserved.<br />
Micromuse acknowledges the use of the UCD SNMP Library in <strong>Netcool</strong>/ISM and<br />
the <strong>Netcool</strong>/OMNIbus SNMP Writer Gateway. Copyright © 1989, 1991, 1992<br />
by Carnegie Mellon University. Derivative Work - Copyright © 1996, 1998,<br />
1999, 2000 The Regents of the University of California. All rights reserved.<br />
Permission to use, copy, modify and distribute this software and its documentation<br />
for any purpose and without fee is hereby granted, provided that the above<br />
copyright notice appears in all copies and that both that copyright notice and this<br />
permission notice appear in supporting documentation, and that the name of<br />
CMU and The Regents of the University of California not be used in advertising<br />
or publicity pertaining to distribution of the software without specific written<br />
permission.<br />
CMU AND THE REGENTS OF THE UNIVERSITY OF CALIFORNIA<br />
DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,<br />
INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY<br />
AND FITNESS. IN NO EVENT SHALL CMU OR THE REGENTS OF THE<br />
UNIVERSITY OF CALIFORNIA BE LIABLE FOR ANY SPECIAL,<br />
INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES<br />
WHATSOEVER RESULTING FROM THE LOSS OF USE, DATA OR<br />
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE<br />
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN<br />
CONNECTION WITH THE USE OR PERFORMANCE OF THIS<br />
SOFTWARE.<br />
Portions of the <strong>Netcool</strong>/OMNIbus code are copyright (C) 1989-95 GROUPE<br />
BULL.<br />
Permission is hereby granted, free of charge, to any person obtaining a copy of this<br />
software and associated documentation files (the "Software"), to deal in the<br />
Software without restriction, including without limitation the rights to use, copy,<br />
modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,<br />
and to permit persons to whom the Software is furnished to do so, subject to the<br />
following conditions:<br />
The above copyright notice and this permission notice shall be included in all<br />
copies or substantial portions of the Software.<br />
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF<br />
ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED<br />
TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A<br />
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT<br />
SHALL GROUPE BULL BE LIABLE FOR ANY CLAIM, DAMAGES OR<br />
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT<br />
OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION<br />
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br />
SOFTWARE.<br />
Portions of the <strong>Netcool</strong>/ISM code are copyright ©2001, Cambridge Broadband<br />
Ltd. All rights reserved.<br />
Portions of the <strong>Netcool</strong>/ISM code are copyright © 2001, Networks Associates<br />
Technology, Inc. All rights reserved.<br />
Micromuse acknowledges the use of Viador Inc. software and documentation for<br />
<strong>Netcool</strong>/Reporter. Viador © 1997-1999 is a trademark of Viador Inc.
Micromuse acknowledges the use of software developed by the Apache Group for<br />
use in the Apache HTTP server project. Copyright © 1995-1999 The Apache<br />
Group. Apache Server is a trademark of the Apache Software Foundation<br />
(http://www.apache.org/). All rights reserved.<br />
Micromuse acknowledges the use of software developed by Edge Technologies,<br />
Inc. 2003 Edge Technologies, Inc. and Edge enPortal are trademarks or registered<br />
trademarks of Edge Technologies Inc. All rights reserved.<br />
Micromuse acknowledges the use of Merant drivers. Copyright © MERANT<br />
Solutions Inc., 1991-1998.<br />
The following product names are trademarks of <strong>Tivoli</strong> Systems or <strong>IBM</strong><br />
Corporation: AIX, <strong>IBM</strong>, OS/2, RISC System/6000, <strong>Tivoli</strong> Management<br />
Environment, and TME10.<br />
<strong>IBM</strong>, NetView/6000, Domino, Lotus, Lotus Notes, and WebSphere are either<br />
trademarks or registered trademarks of <strong>IBM</strong> Corporation. VTAM is a trademark<br />
of <strong>IBM</strong> Corporation.<br />
Omegamon is a trademark of Candle Corporation.<br />
Netspy is a trademark of Computer Associates International Inc.<br />
The Sun logo, Sun Microsystems, SunOS, Solaris, SunNet <strong>Manager</strong>, Java are<br />
trademarks of Sun Microsystems Inc.<br />
SPARC is a registered trademark of SPARC International Inc. Programs bearing<br />
the SPARC trademark are based on an architecture developed by Sun<br />
Microsystems Inc. SPARCstation is a trademark of SPARC International Inc.,<br />
licensed exclusively to Sun Microsystems Inc.<br />
UNIX is a registered trademark of the X/Open Company Ltd.<br />
Sybase is a registered trademark of Sybase Inc. Adaptive Server is a trademark of<br />
Sybase Inc.<br />
Action Request System and Remedy are registered trademarks of Remedy<br />
Corporation.<br />
Peregrine System and ServiceCenter are registered trademarks of Peregrine Systems<br />
Inc.<br />
HP, HP-UX and OpenView are trademarks of Hewlett-Packard Company.<br />
InstallShield is a registered trademark of InstallShield Software Corporation.<br />
Microsoft, Windows 95/98/Me/NT/2000/XP are either registered trademarks or<br />
trademarks of Microsoft Corporation.<br />
Microsoft Internet Information Server/Services (IIS), Microsoft Exchange Server,<br />
Microsoft SQL Server, Microsoft perfmon, Windows Media, and Microsoft<br />
Cluster Service are either registered trademarks or trademarks of Microsoft<br />
Corporation in the United States and/or other countries.<br />
BEA and WebLogic are registered trademarks of BEA Systems Inc.<br />
FireWall-1 is a registered trademark of Check Point Software Technologies Ltd.<br />
Netscape and Netscape Navigator are registered trademarks of Netscape<br />
Communications Corporation in the United States and other countries.<br />
Netscape's logos and Netscape product and service names are also trademarks of<br />
Netscape Communications Corporation, which may be registered in other<br />
countries.<br />
Micromuse acknowledges the use of Xpm tool kit components.<br />
SentinelLM is a trademark of Rainbow Technologies Inc.<br />
GLOBEtrotter and FLEXlm are registered trademarks of Globetrotter Software<br />
Inc.<br />
Red Hat, the Red Hat "Shadow Man" logo, RPM, Maximum RPM, the RPM<br />
logo, Linux Library, PowerTools, Linux Undercover, RHmember, RHmember<br />
More, Rough Cuts, Rawhide and all Red Hat-based trademarks and logos are<br />
trademarks or registered trademarks of Red Hat Inc. in the United States and other<br />
countries.<br />
Linux is a registered trademark of Linus Torvalds.<br />
SUSE is a trademark of SUSE LINUX Products GmbH, a Novell business.<br />
Macromedia and Flash are trademarks or registered trademarks of Macromedia,<br />
Inc. in the United States and/or other countries.<br />
Nokia is a registered trademark of Nokia Corporation.<br />
WAP Forum and all trademarks, service marks and logos based on these<br />
designations (Trademarks) are marks of Wireless Application Protocol Forum Ltd.<br />
Micromuse acknowledges the use of InstallAnywhere software in <strong>Netcool</strong>/WAP<br />
Service Monitors. Copyright © Zero G Software Inc.<br />
Orbix is a registered trademark of IONA Technologies PLC. Orbix 2000 is a<br />
trademark of IONA Technologies PLC.<br />
NetCharts is a registered trademark of Visual Mining, Inc. and/or its affiliates.<br />
Micromuse acknowledges the use of Graph Layout Toolkit in <strong>Netcool</strong>/ Precision<br />
for IP Networks. Copyright © 1992 - 2001, Tom Sawyer Software, Berkeley,<br />
California. All rights reserved.<br />
Portions of <strong>Netcool</strong>/Precision for IP Networks are © TIBCO Software, Inc.<br />
1994-2003. All rights reserved. TIB and TIB/Rendezvous are trademarks of<br />
TIBCO Software, Inc.<br />
Portions of <strong>Netcool</strong>/Precision for IP Networks & <strong>Netcool</strong>/OMNIbus probes and<br />
monitors are copyright © 1996-2005, Daniel Stenberg, . All<br />
rights reserved. Permission to use, copy, modify, and distribute this software for<br />
any purpose with or without fee is hereby granted, provided that the above<br />
copyright notice and this permission notice appear in all copies.<br />
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF<br />
ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED<br />
TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A<br />
PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY<br />
RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT<br />
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER<br />
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR<br />
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH<br />
THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br />
SOFTWARE.<br />
Except as contained in this notice, the name of a copyright holder shall not be used<br />
in advertising or otherwise to promote the sale, use or other dealings in this<br />
Software without prior written authorization of the copyright holder.<br />
Portions of <strong>Netcool</strong>/SM Reporter are copyrighted by DataDirect Technologies<br />
Corp., 1991-2005.<br />
Portions of <strong>Netcool</strong>/SM Reporter are copyright (c) 1990-1999 Sleepycat Software.<br />
All rights reserved.<br />
Redistribution and use in source and binary forms, with or without modification,<br />
are permitted provided that the following conditions are met:<br />
1. Redistributions of source code must retain the above copyright notice, this list<br />
of conditions and the following disclaimer.<br />
2. Redistributions in binary form must reproduce the above copyright notice, this<br />
list of conditions and the following disclaimer in the documentation and/or other<br />
materials provided with the distribution.<br />
3. Redistributions in any form must be accompanied by information on how to<br />
obtain complete source code for the DB software and any accompanying software<br />
that uses the DB software. The source code must either be included in the<br />
distribution or be available for no more than the cost of distribution plus a nominal<br />
fee, and must be freely redistributable under reasonable conditions. For an<br />
executable file, complete source code means the source code for all modules it<br />
contains. It does not include source code for modules or files that typically<br />
accompany the major components of the operating system on which the executable<br />
file runs.<br />
THIS SOFTWARE IS PROVIDED BY SLEEPYCAT SOFTWARE ``AS IS''<br />
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT<br />
NOT LIMITED TO, THE IMPLIED WARRANTIES OF<br />
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR<br />
NON-INFRINGEMENT, ARE DISCLAIMED. IN NO EVENT SHALL<br />
SLEEPYCAT SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,<br />
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL<br />
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT<br />
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND<br />
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT<br />
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)<br />
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN<br />
IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
Sleepycat software is available from<br />
http://downloads.sleepycat.com/db-3.0.55.zip.<br />
Portions of <strong>Netcool</strong>/SM Reporter are copyright (c) 1990, 1993, 1994, 1995. The<br />
Regents of the University of California. All rights reserved.<br />
Redistribution and use in source and binary forms, with or without modification,<br />
are permitted provided that the following conditions are met:<br />
1. Redistributions of source code must retain the above copyright notice, this list<br />
of conditions and the following disclaimer.<br />
2. Redistributions in binary form must reproduce the above copyright notice, this<br />
list of conditions and the following disclaimer in the documentation and/or other<br />
materials provided with the distribution.<br />
3. Neither the name of the University nor the names of its contributors may be<br />
used to endorse or promote products derived from this software without specific<br />
prior written permission.<br />
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND<br />
CONTRIBUTORS ``AS IS'' AND* ANY EXPRESS OR IMPLIED<br />
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED<br />
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br />
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE<br />
REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,<br />
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR<br />
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,<br />
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF<br />
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER<br />
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN<br />
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING<br />
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE<br />
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF<br />
SUCH DAMAGE.<br />
Portions of <strong>Netcool</strong>/SM Reporter are copyright (c) 1995, 1996. The President and<br />
Fellows of Harvard University. All rights reserved.<br />
Redistribution and use in source and binary forms, with or without modification,<br />
are permitted provided that the following conditions are met:<br />
1. Redistributions of source code must retain the above copyright notice, this list<br />
of conditions and the following disclaimer.<br />
2. Redistributions in binary form must reproduce the above copyright notice, this<br />
list of conditions and the following disclaimer in the documentation and/or other<br />
materials provided with the distribution.<br />
3. Neither the name of the University nor the names of its contributors may be<br />
used to endorse or promote products derived from this software without specific<br />
prior written permission.<br />
THIS SOFTWARE IS PROVIDED BY HARVARD AND ITS<br />
CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED<br />
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED<br />
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br />
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL<br />
HARVARD OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,<br />
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR<br />
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,<br />
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF<br />
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER<br />
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN<br />
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING<br />
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE<br />
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF<br />
SUCH DAMAGE.<br />
Copyright 2006 Micromuse. Portions of <strong>Netcool</strong>/WSM are licensed under the<br />
Apache License, Version 2.0 (the "License"); you may not use this file except in<br />
compliance with the License. You may obtain a copy of the License at<br />
http://www.apache.org/licenses/LICENSE-2.0. Unless required by applicable law<br />
or agreed to in writing, software distributed under the License is distributed on an<br />
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY<br />
KIND, either express or implied. See the License for the specific language<br />
governing permissions and limitations under the License.<br />
Micromuse acknowledges the use of Digital X11 in <strong>Netcool</strong>/Precision for IP<br />
Networks. Copyright 1987, 1988 by Digital Equipment Corporation, Maynard,<br />
Massachusetts, All Rights Reserved. DIGITAL DISCLAIMS ALL<br />
WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL<br />
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN<br />
NO EVENT SHALL DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT<br />
OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER<br />
RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN<br />
AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS<br />
ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR<br />
PERFORMANCE OF THIS SOFTWARE.<br />
Micromuse acknowledges the use of functionality within the <strong>Netcool</strong>/OMNIbus<br />
Probe for Ping that was developed by Stanford University.<br />
<strong>Netcool</strong>/SM Operations, <strong>Netcool</strong>/SM Configuration, and <strong>Netcool</strong>/OMNIbus<br />
probes and monitors include software developed by the OpenSSL Project for use<br />
in the OpenSSL Toolkit (http://www.openssl.org/. Copyright (c) 1998-2005 The<br />
OpenSSL Project. All rights reserved. Redistribution and use in source and binary<br />
forms, with or without modification, are permitted provided that the following<br />
conditions are met:<br />
1. Redistributions of source code must retain the above copyright notice, this list<br />
of conditions and the following disclaimer.<br />
2. Redistributions in binary form must reproduce the above copyright notice, this<br />
list of conditions and the following disclaimer in the documentation and/or other<br />
materials provided with the distribution.<br />
3. All advertising materials mentioning features or use of this software must display<br />
the following acknowledgment:"This product includes software developed by the<br />
OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)"<br />
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to<br />
endorse or promote products derived from this software without prior written<br />
permission. For written permission, please contact openssl-core@openssl.org.<br />
5. Products derived from this software may not be called "OpenSSL" nor may<br />
"OpenSSL" appear in their names without prior written permission of the<br />
OpenSSL Project.<br />
6. Redistributions of any form whatsoever must retain the following<br />
acknowledgment: "This product includes software developed by the OpenSSL<br />
Project for use in the OpenSSL Toolkit (http://www.openssl.org/)"<br />
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS''<br />
AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT<br />
NOT LIMITED TO, THE IMPLIED WARRANTIES OF<br />
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE<br />
ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR<br />
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,<br />
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL<br />
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT<br />
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR<br />
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND<br />
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT<br />
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)<br />
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN<br />
IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
This product includes cryptographic software written by Eric Young<br />
(eay@cryptsoft.com). This product includes software written by Tim Hudson<br />
(tjh@cryptsoft.com).<br />
Original SSLeay License Copyright (C) 1995-1998 Eric Young<br />
(eay@cryptsoft.com). All rights reserved.
This package is an SSL implementation written by Eric Young<br />
(eay@cryptsoft.com). The implementation was written so as to conform with<br />
Netscapes SSL. This library is free for commercial and non-commercial use as long<br />
as the following conditions are adhered to. The following conditions apply to all<br />
code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not<br />
just the SSL code. The SSL documentation included with this distribution is<br />
covered by the same copyright terms except that the holder is Tim Hudson<br />
(tjh@cryptsoft.com). Copyright remains Eric Young's, and as such any Copyright<br />
notices in the code are not to be removed. If this package is used in a product, Eric<br />
Young should be given attribution as the author of the parts of the library used.<br />
This can be in the form of a textual message at program startup or in<br />
documentation (online or textual) provided with the package. Redistribution and<br />
use in source and binary forms, with or without modification, are permitted<br />
provided that the following conditions are met:<br />
1. Redistributions of source code must retain the copyright notice, this list of<br />
conditions and the following disclaimer.<br />
2. Redistributions in binary form must reproduce the above copyright notice, this<br />
list of conditions and the following disclaimer in the documentation and/or other<br />
materials provided with the distribution.<br />
3. All advertising materials mentioning features or use of this software must display<br />
the following acknowledgement: "This product includes cryptographic software<br />
written by Eric Young (eay@cryptsoft.com)".<br />
4. If you include any Windows specific code (or a derivative thereof) from the apps<br />
directory (application code) you must include an acknowledgement: "This<br />
product includes software written by Tim Hudson (tjh@cryptsoft.com)"<br />
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY<br />
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT<br />
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY<br />
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN<br />
NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE<br />
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,<br />
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED<br />
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS<br />
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)<br />
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br />
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT<br />
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY<br />
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE<br />
POSSIBILITY OF SUCH DAMAGE.<br />
The licence and distribution terms for any publically available version or derivative<br />
of this code cannot be changed, i.e. this code cannot simply be copied and put<br />
under another distribution licence [including the GNU Public Licence.]<br />
Micromuse acknowledges the use of software developed by ObjectPlanet. ©2003<br />
ObjectPlanet, Inc., Ovre Slottsgate, 0157 Oslo, Norway.<br />
Micromuse acknowledges the use of Expat in <strong>Netcool</strong>/ASM. Copyright 1998,<br />
1999, 2000 Thai Open Source Software Center Ltd. and Clark Cooper. Copyright<br />
2001, 2002 Expat maintainers. THE EXPAT SOFTWARE IS PROVIDED<br />
HEREUNDER "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS<br />
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES<br />
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND<br />
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR<br />
COPYRIGHT HOLDERS OF THE EXPAT SOFTWARE BE LIABLE FOR<br />
ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN<br />
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,<br />
OUT OF OR IN CONNECTION WITH THE EXPAT SOFTWARE OR<br />
THE USE OR OTHER DEALINGS IN THE SOFTWARE. Expat explicitly<br />
grants its permission to any person obtaining a copy of any Expat software and<br />
associated documentation files (the "Expat Software") to deal in the Expat<br />
Software without restriction, including without limitation the rights to use, copy,<br />
modify, merge, publish, distribute, sublicense, and/or sell copies of the Expat<br />
Software. Expat's permission is subject to the following conditions: The above<br />
copyright notice and this permission notice shall be included in all copies or<br />
substantial portions of the Expat Software. Except as set forth hereunder, all<br />
software provided by Micromuse hereunder is subject to the applicable license<br />
agreement.<br />
Micromuse acknowledges that <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> includes Hypersonic<br />
SQL. Copyright (c) 2001-2002, The HSQL Development Group. All rights<br />
reserved.<br />
JABBER® is a registered trademark and its use is granted under a sublicense from<br />
the Jabber Software Foundation.<br />
Micromuse acknowledges the use of MySQL in <strong>Netcool</strong>/Precision for IP<br />
Networks and in <strong>Netcool</strong>/Precision for Transmission Networks. Copyright ©<br />
1995, 1996 TcX AB & Monty Program KB & Detron.<br />
Micromuse acknowledges the use of Cryptix in <strong>Netcool</strong>/Precision IP. Copyright<br />
(c) 1995-2004 The Cryptix Foundation Limited. All rights reserved.<br />
Redistribution and use in source and binary forms, with or without modification,<br />
are permitted provided that the following conditions are met:<br />
1. Redistributions of source code must retain the copyright notice, this list of<br />
conditions and the following disclaimer.<br />
2. Redistributions in binary form must reproduce the above copyright notice, this<br />
list of conditions and the following disclaimer in the documentation and/or other<br />
materials provided with the distribution.<br />
THIS SOFTWARE IS PROVIDED BY THE CRYPTIX FOUNDATION<br />
LIMITED AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR<br />
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE<br />
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br />
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE<br />
CRYPTIX FOUNDATION LIMITED OR CONTRIBUTORS BE LIABLE<br />
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,<br />
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED<br />
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS<br />
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)<br />
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br />
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT<br />
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY<br />
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE<br />
POSSIBILITY OF SUCH DAMAGE.<br />
Micromuse acknowledges the use of PCRE in <strong>Netcool</strong>/Precision. Copyright<br />
©1997-2005 University of Cambridge. All rights reserved. Redistribution and use<br />
in source and binary forms, with or without modification, are permitted provided<br />
that the following conditions are met:<br />
1. Redistributions of source code must retain the above copyright notice, this list<br />
of conditions and the following disclaimer.<br />
2. Redistributions in binary form must reproduce the above copyright notice, this<br />
list of conditions and the following disclaimer in the documentation and/or other<br />
materials provided with the distribution.<br />
3. Neither the name of the University of Cambridge nor the name of Google Inc.<br />
nor the names of their contributors may be used to endorse or promote products<br />
derived from this software without specific prior written permission.<br />
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND<br />
CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED<br />
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED<br />
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br />
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE<br />
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY<br />
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR<br />
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,<br />
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF<br />
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER<br />
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN<br />
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING<br />
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE<br />
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE<br />
POSSIBILITY OF SUCH DAMAGE.<br />
Micromuse acknowledges the use of Net-SNMP in <strong>Netcool</strong>/ISM and
<strong>Netcool</strong>/OMNIbus probes & monitors.<br />
Part 1: CMU/UCD copyright notice: (BSD like) Copyright 1989, 1991, 1992 by<br />
Carnegie Mellon University Derivative Work - 1996, 1998-2000. Copyright<br />
1996, 1998-2000 The Regents of the University of California. All Rights<br />
Reserved. Permission to use, copy, modify and distribute this software and its<br />
documentation for any purpose and without fee is hereby granted, provided that<br />
the above copyright notice appears in all copies and that both that copyright notice<br />
and this permission notice appear in supporting documentation, and that the<br />
name of CMU and The Regents of the University of California not be used in<br />
advertising or publicity pertaining to distribution of the software without specific<br />
written permission.<br />
CMU AND THE REGENTS OF THE UNIVERSITY OF CALIFORNIA<br />
DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,<br />
INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY<br />
AND FITNESS. IN NO EVENT SHALL CMU OR THE REGENTS OF THE<br />
UNIVERSITY OF CALIFORNIA BE LIABLE FOR ANY SPECIAL,<br />
INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES<br />
WHATSOEVER RESULTING FROM THE LOSS OF USE, DATA OR<br />
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE<br />
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN<br />
CONNECTION WITH THE USE OR PERFORMANCE OF THIS<br />
SOFTWARE.<br />
Part 2: Networks Associates Technology, Inc copyright notice (BSD) Copyright<br />
(c) 2001-2003, Networks Associates Technology, Inc. All rights reserved.<br />
Redistribution and use in source and binary forms, with or without modification,<br />
are permitted provided that the following conditions are met:<br />
- Redistributions of source code must retain the above copyright notice, this list of<br />
conditions and the following disclaimer.<br />
- Redistributions in binary form must reproduce the above copyright notice, this<br />
list of conditions and the following disclaimer in the documentation and/or other<br />
materials provided with the distribution.<br />
- Neither the name of the Networks Associates Technology, Inc nor the names of<br />
its contributors may be used to endorse or promote products derived from this<br />
software without specific prior written permission.<br />
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND<br />
CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED<br />
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED<br />
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br />
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE<br />
COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY<br />
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR<br />
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,<br />
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF<br />
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER<br />
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN<br />
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING<br />
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE<br />
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF<br />
SUCH DAMAGE.<br />
Part 3: Cambridge Broadband Ltd. copyright notice (BSD) Portions of this code<br />
are copyright (c) 2001-2003, Cambridge Broadband Ltd. All rights reserved.<br />
Redistribution and use in source and binary forms, with or without modification,<br />
are permitted provided that the following conditions are met:<br />
- Redistributions of source code must retain the above copyright notice, this list of<br />
conditions and the following disclaimer.<br />
- Redistributions in binary form must reproduce the above copyright notice, this<br />
list of conditions and the following disclaimer in the documentation and/or other<br />
materials provided with the distribution.<br />
- The name of Cambridge Broadband Ltd. may not be used to endorse or promote<br />
products derived from this software without specific prior written permission.<br />
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER "AS IS"<br />
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT<br />
NOT LIMITED TO, THE IMPLIED WARRANTIES OF<br />
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE<br />
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER<br />
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,<br />
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT<br />
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR<br />
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS<br />
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF<br />
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT<br />
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY<br />
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE<br />
POSSIBILITY OF SUCH DAMAGE.<br />
Part 4: Sun Microsystems, Inc. copyright notice (BSD) Copyright © 2003 Sun<br />
Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, USA.<br />
All rights reserved. Use is subject to license terms below. This distribution may<br />
include materials developed by third parties. Sun, Sun Microsystems, the Sun logo<br />
and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in<br />
the U.S. and other countries. Redistribution and use in source and binary forms,<br />
with or without modification, are permitted provided that the following<br />
conditions are met:<br />
- Redistributions of source code must retain the above copyright notice, this list of<br />
conditions and the following disclaimer.<br />
- Redistributions in binary form must reproduce the above copyright notice, this<br />
list of conditions and the following disclaimer in the documentation and/or other<br />
materials provided with the distribution.<br />
- Neither the name of the Sun Microsystems, Inc. nor the names of its contributors<br />
may be used to endorse or promote products derived from this software without<br />
specific prior written permission.<br />
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND<br />
CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED<br />
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED<br />
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br />
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE<br />
COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY<br />
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR<br />
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,<br />
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF<br />
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER<br />
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN<br />
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING<br />
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE<br />
USE OF THIS SOFTWARE, EVEN IF DVISED OF THE POSSIBILITY OF<br />
SUCH DAMAGE.<br />
Part 5: Sparta, Inc copyright notice (BSD) Copyright (c) 2003-2004, Sparta, Inc.<br />
All rights reserved. Redistribution and use in source and binary forms, with or<br />
without modification, are permitted provided that the following conditions are<br />
met:<br />
- Redistributions of source code must retain the above copyright notice, this list of<br />
conditions and the following disclaimer.<br />
- Redistributions in binary form must reproduce the above copyright notice, this<br />
list of conditions and the following disclaimer in the documentation and/or other<br />
materials provided with the distribution.<br />
- Neither the name of Sparta, Inc nor the names of its contributors may be used<br />
to endorse or promote products derived from this software without specific prior<br />
written permission.<br />
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND<br />
CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED<br />
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED<br />
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br />
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE<br />
COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY<br />
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR<br />
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF<br />
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER<br />
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN<br />
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING<br />
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE<br />
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF<br />
SUCH DAMAGE.<br />
Part 6: Cisco/BUPTNIC copyright notice (BSD) Copyright (c) 2004, Cisco, Inc<br />
and Information Network, Center of Beijing University of Posts and<br />
Telecommunications. All rights reserved. Redistribution and use in source and<br />
binary forms, with or without modification, are permitted provided that the<br />
following conditions are met:<br />
- Redistributions of source code must retain the above copyright notice, this list of<br />
conditions and the following disclaimer.<br />
- Redistributions in binary form must reproduce the above copyright notice, this<br />
list of conditions and the following disclaimer in the documentation and/or other<br />
materials provided with the distribution.<br />
- Neither the name of Cisco, Inc, Beijing University of Posts and<br />
Telecommunications, nor the names of their contributors may be used to endorse<br />
or promote products derived from this software without specific prior written<br />
permission.<br />
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND<br />
CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED<br />
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED<br />
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br />
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE<br />
COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY<br />
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR<br />
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,<br />
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF<br />
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER<br />
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN<br />
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING<br />
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE<br />
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF<br />
SUCH DAMAGE.<br />
Micromuse acknowledges the use of STLport in <strong>Netcool</strong> Probes & Monitors.<br />
Copyright 1999, 2000 Boris Fomitchev This material is provided "as is", with<br />
absolutely no warranty expressed or implied. Any use is at your own risk.<br />
Permission to use or copy this software for any purpose is hereby granted without<br />
fee, provided the above notices are retained on all copies. Permission to modify the<br />
code and to distribute modified code is granted, provided the above notices are<br />
retained, and a notice that the code was modified is included with the above<br />
copyright notice.<br />
The Licensee may distribute binaries compiled with STLport (whether original or<br />
modified) without any royalties or restrictions.<br />
The Licensee may distribute original or modified STLport sources, provided that:<br />
The conditions indicated in the above permission notice are met;<br />
The following copyright notices are retained when present, and conditions<br />
provided in accompanying permission notices are met:<br />
Copyright 1994 Hewlett-Packard Company,<br />
Copyright 1996, 97 Silicon Graphics Computer Systems, Inc.<br />
Copyright 1997 Moscow Center for SPARC Technology.<br />
Permission to use, copy, modify, distribute and sell this software and its<br />
documentation for any purpose is hereby granted without fee, provided that the<br />
above copyright notice appear in all copies and that both that copyright notice and<br />
this permission notice appear in supporting documentation. Hewlett-Packard<br />
Company makes no representations about the suitability of this software for any<br />
purpose. It is provided "as is" without express or implied warranty.<br />
Permission to use, copy, modify, distribute and sell this software and its<br />
documentation for any purpose is hereby granted without fee, provided that the<br />
above copyright notice appear in all copies and that both that copyright notice and<br />
this permission notice appear in supporting documentation. Silicon Graphics<br />
makes no representations about the suitability of this software for any purpose. It<br />
is provided "as is" without express or implied warranty.<br />
Permission to use, copy, modify, distribute and sell this software and its<br />
documentation for any purpose is hereby granted without fee, provided that the<br />
above copyright notice appear in all copies and that both that copyright notice and<br />
this permission notice appear in supporting documentation. Moscow Center for<br />
SPARC Technology makes no representations about the suitability of this<br />
software for any purpose. It is provided "as is" without express or implied warranty.<br />
All other trademarks, registered trademarks and logos are the property of their<br />
respective owners.<br />
Micromuse Inc., 650 Townsend Street, San Francisco, USA CA 94103<br />
www.micromuse.com<br />
Document Version Number: 1.1
Contents<br />
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1<br />
Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2<br />
About this <strong>Guide</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3<br />
Associated Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4<br />
<strong>Netcool</strong>® GUI Foundation Administration <strong>Guide</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4<br />
<strong>Netcool</strong>® Licensing Administration <strong>Guide</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4<br />
<strong>Netcool</strong>® <strong>Security</strong> <strong>Manager</strong> <strong>Installation</strong> <strong>Guide</strong>. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4<br />
Typographical Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5<br />
Note, Tip, and Warning Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6<br />
Syntax and Example Subheadings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7<br />
Operating System Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8<br />
Chapter 1: Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9<br />
Contents<br />
About the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10<br />
What Is the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10<br />
What Are the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Authentication Types? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10<br />
How Does the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Work?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11<br />
How Do I Set Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11<br />
How Do I Administer the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>Installation</strong> Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12<br />
Standard <strong>Installation</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12<br />
Compatibility Mode <strong>Installation</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13<br />
Shared Mode <strong>Installation</strong>. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong> i
Contents<br />
ii<br />
Setting Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16<br />
Installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16<br />
Licensing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16<br />
Configuring the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16<br />
Setting Up External Authentication Sources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16<br />
Setting Up SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17<br />
Setting Up Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17<br />
Managing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18<br />
Running the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18<br />
Backing Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18<br />
Viewing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18<br />
Chapter 2: Setting Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . 19<br />
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20<br />
Platform Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20<br />
Java Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20<br />
License Server Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20<br />
<strong>Netcool</strong> GUI Foundation Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20<br />
<strong>Netcool</strong> Component Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21<br />
External Authentication Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21<br />
Hardware Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21<br />
About the <strong>Netcool</strong> Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22<br />
<strong>Netcool</strong> Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22<br />
<strong>Netcool</strong> Installer Command Line Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23<br />
<strong>Netcool</strong> <strong>Installation</strong> User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23<br />
<strong>Netcool</strong> Home Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
Contents<br />
Installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25<br />
Unpacking the Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25<br />
Setting the <strong>Netcool</strong> Environment Variable (UNIX Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25<br />
Running the <strong>Netcool</strong> Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26<br />
Installer Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27<br />
Viewing the <strong>Installation</strong> Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Administration User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28<br />
Upgrading the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29<br />
Installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29<br />
Stopping the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29<br />
Copying the Database Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29<br />
Starting the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30<br />
Editing the Micromuse Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30<br />
Configuring External Authentication Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30<br />
Uninstalling the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31<br />
Uninstalling on UNIX Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31<br />
Uninstalling on Windows Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31<br />
Chapter 3: Managing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>. . . . . . . . . . . . . . . . . . . . . . . . . . 33<br />
Starting and Stopping the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34<br />
Starting the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34<br />
Stopping the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on UNIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34<br />
Viewing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Status on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34<br />
Starting the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34<br />
Stopping the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35<br />
Backing Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36<br />
Restoring the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36<br />
Viewing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong> iii
Contents<br />
iv<br />
Chapter 4: External Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39<br />
About External Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40<br />
Single Source Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40<br />
Multiple Source Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40<br />
Adding an External Authentication Source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42<br />
Running the Configuration Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42<br />
Configuration Utility Prompts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42<br />
Appendix A: Supplementary Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45<br />
Registry Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46<br />
Authentication Refresh Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48<br />
Setting Up <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Failover. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48<br />
Running the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> in a Failover Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51<br />
SSL and the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52<br />
Setting Up SSL Between the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and <strong>Netcool</strong> Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52<br />
Setting Up SSL Between the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and an LDAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56<br />
Encryption Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58<br />
Contact Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
preface.fm May 17, 2006<br />
Preface<br />
This preface contains the following sections:<br />
• Audience on page 2<br />
About this <strong>Guide</strong> on page 3<br />
Associated Publications on page 4<br />
Typographical Notation on page 5<br />
Operating System Considerations on page 8<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong> 1
Preface<br />
Audience<br />
2<br />
This guide is intended for <strong>Netcool</strong> administrators and other users who are responsible for installing the<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
About this <strong>Guide</strong><br />
This book has the following chapters:<br />
Chapter 1: Getting Started on page 9<br />
Chapter 2: Setting Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on page 19<br />
Chapter 3: Managing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on page 33<br />
Chapter 4: External Authentication on page 39<br />
Appendix A: Supplementary Information on page 45<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
About this <strong>Guide</strong><br />
3
Preface<br />
Associated Publications<br />
4<br />
This section provides a description of the documentation that accompanies the <strong>Netcool</strong> GUI Foundation.<br />
<strong>Netcool</strong>® GUI Foundation Administration <strong>Guide</strong><br />
This guide describes how to administer the <strong>Netcool</strong> GUI Foundation, the central server application that<br />
runs GUIs from different <strong>Netcool</strong> products. This guide describes how to configure the <strong>Netcool</strong> GUI<br />
Foundation server, manage users, create and provision pages, and administer security permissions.<br />
<strong>Netcool</strong>® Licensing Administration <strong>Guide</strong><br />
This guide is intended for <strong>Netcool</strong> administrators who need to install and administer <strong>Netcool</strong> Licensing. It<br />
provides an overview of the generic <strong>Netcool</strong> Licensing component, as well as instructions for installing,<br />
upgrading, and configuring license servers to dispense licenses to <strong>Netcool</strong> clients.<br />
<strong>Netcool</strong>® <strong>Security</strong> <strong>Manager</strong> <strong>Installation</strong> <strong>Guide</strong><br />
This guide describes how to install and configure the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server. The <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong> provides user management, authorization, and authentication for <strong>Netcool</strong> products.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
Typographical Notation<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
Typographical Notation<br />
Table 1 shows the typographical notation and conventions used to describe commands, SQL syntax, and<br />
graphical user interface (GUI) features. This notation is used throughout this book and other <strong>Netcool</strong> ®<br />
publications.<br />
Table 1: Typographical Notation and Conventions (1 of 2)<br />
Example Description<br />
Monospace The following are described in a monospace font:<br />
Commands and command line options<br />
Screen representations<br />
Source code<br />
Object names<br />
Program names<br />
SQL syntax elements<br />
File, path, and directory names<br />
Italicized monospace text indicates a variable that the user must populate. For example, -password<br />
password.<br />
Bold The following application characteristics are described in a bold font style:<br />
Buttons<br />
Frames<br />
Text fields<br />
Menu entries<br />
A bold arrow symbol indicates a menu entry selection. For example, File→Save.<br />
Italic The following are described in an italic font style:<br />
An application window name; for example, the Login window<br />
Information that the user must enter<br />
The introduction of a new term or definition<br />
Emphasized text<br />
[1] Code or command examples are occasionally prefixed with a line number in square brackets. For<br />
example:<br />
[1] First command...<br />
[2] Second command...<br />
[3] Third command...<br />
{ a | b } In SQL syntax notation, curly brackets enclose two or more required alternative choices, separated by<br />
vertical bars.<br />
5
Preface<br />
6<br />
Table 1: Typographical Notation and Conventions (2 of 2)<br />
Example Description<br />
[ ] In SQL syntax notation, square brackets indicate an optional element or clause. Multiple elements or<br />
clauses are separated by vertical bars.<br />
| In SQL syntax notation, vertical bars separate two or more alternative syntax elements.<br />
... In SQL syntax notation, ellipses indicate that the preceding element can be repeated. The repetition is<br />
unlimited unless otherwise indicated.<br />
,... In SQL syntax notation, ellipses preceded by a comma indicate that the preceding element can be<br />
repeated, with each repeated element separated from the last by a comma. The repetition is unlimited<br />
unless otherwise indicated.<br />
a In SQL syntax notation, an underlined element indicates a default option.<br />
( ) In SQL syntax notation, parentheses appearing within the statement syntax are part of the syntax and<br />
should be typed as shown unless otherwise indicated.<br />
Many <strong>Netcool</strong> commands have one or more command line options that can be specified following a hyphen<br />
(-).<br />
Command line options can be string, integer, or BOOLEAN types:<br />
A string can contain alphanumeric characters. If the string has spaces in it, enclose it in quotation<br />
(") marks.<br />
An integer must contain a positive whole number or zero (0).<br />
A BOOLEAN must be set to TRUE or FALSE.<br />
SQL keywords are not case-sensitive, and may appear in uppercase, lowercase, or mixed case. Names of<br />
ObjectServer objects and identifiers are case-sensitive.<br />
Note, Tip, and Warning Information<br />
The following types of information boxes are used in the documentation:<br />
Note: Note is used for extra information about the feature or operation that is being described. Essentially,<br />
this is for extra data that is important but not vital to the user.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
!<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
Typographical Notation<br />
Tip: Tip is used for additional information that might be useful for the user. For example, when describing<br />
an installation process, there might be a shortcut that could be used instead of following the standard<br />
installation instructions.<br />
Warning: Warning is used for highlighting vital instructions, cautions, or critical information. Pay close<br />
attention to warnings, as they contain information that is vital to the successful use of our products.<br />
Syntax and Example Subheadings<br />
The following types of constrained subheading are used in the documentation:<br />
Syntax<br />
Syntax subheadings contain examples of ObjectServer SQL syntax commands and their usage. For example:<br />
CREATE DATABASE database_name;<br />
Example<br />
Example subheadings describe typical or generic scenarios, or samples of code. For example:<br />
[1] <br />
[2] <br />
[6] <br />
7
Preface<br />
Operating System Considerations<br />
8<br />
All command line formats and examples are for the standard UNIX shell. UNIX is case-sensitive. You must<br />
type commands in the case shown in the book.<br />
Unless otherwise specified, command files are located in the $NCHOME/bin directory, where $NCHOME<br />
is the UNIX environment variable that contains the path to the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> home directory.<br />
On Microsoft Windows platforms, replace $NCHOME with %NCHOME% and the forward slash (/) with a<br />
backward slash (\).<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
01_Getting_Started.fm May 17, 2006<br />
Chapter 1: Getting Started<br />
This chapter contains overview information about the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
It contains the following sections:<br />
About the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on page 10<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>Installation</strong> Types on page 12<br />
Setting Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on page 16<br />
Managing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on page 18<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong> 9
Chapter 1: Getting Started<br />
1.1 About the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
10<br />
This section contains overview information about the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
It contains the following topics:<br />
What Is the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>?<br />
What Are the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Authentication Types?<br />
How Does the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Work?<br />
How Do I Set Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
How Do I Administer the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>?<br />
What Is the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>?<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is a component of the <strong>Netcool</strong> suite that provides user authentication for<br />
applications like <strong>Netcool</strong>/Webtop, <strong>Netcool</strong>/Impact, <strong>Netcool</strong>/RAD and <strong>Netcool</strong>/Precision. The <strong>Netcool</strong><br />
<strong>Security</strong> <strong>Manager</strong> is a standalone, runnable server application designed for integration with these products<br />
and the <strong>Netcool</strong> GUI Foundation.<br />
What Are the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Authentication Types?<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> provides support for the following types of authentication:<br />
Native authentication<br />
External authentication<br />
Native Authentication<br />
Native authentication is an authentication scheme in which user and group information is stored locally in<br />
the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> database and logins to <strong>Netcool</strong> products are authenticated against this<br />
internally-stored authentication information.<br />
External Authentication<br />
External authentication is an authentication scheme in which user and group information is stored externally<br />
in one or more authentication sources and logins to <strong>Netcool</strong> products are brokered through the <strong>Netcool</strong><br />
<strong>Security</strong> <strong>Manager</strong> during runtime. The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> supports ObjectServer, LDAP and NIS<br />
as external authentication sources.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
About the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
The <strong>Netcool</strong> Installer automatically adds an ObjectServer authentication source during installation of the<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>. You can manually add additional authentication sources after installation by<br />
following the instructions in 4.2 Adding an External Authentication Source on page 42.<br />
Note: When you configure the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> to authenticate against LDAP or NIS<br />
authentication sources, it directly accesses the specified LDAP or NIS repository and does not require use of<br />
the ObjectServer PAM authentication feature as a proxy for authentication requests. The <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong> can directly connect to all supported LDAP and NIS authentication sources, including Microsoft<br />
Active Directory.<br />
How Does the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Work?<br />
When a user logs into a <strong>Netcool</strong> product, the product passes the login request to the <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong>. The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> checks its database for information on that user.<br />
If the user is an internally-defined, native authentication user, the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> uses the<br />
internal information to authenticate the login. If the user is not a native authentication user, the <strong>Netcool</strong><br />
<strong>Security</strong> <strong>Manager</strong> connects to each configured external source and authenticates the login against the<br />
externally-stored user information. The priority of external authentication sources is determined by the<br />
order in which they were added to the system. When the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> finds a matching user,<br />
it uses that information to authenticate the login.<br />
If the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is able to match the supplied username and password to valid internal or<br />
external login information, it returns a positive authentication state to the <strong>Netcool</strong> product. If the <strong>Netcool</strong><br />
<strong>Security</strong> <strong>Manager</strong> is unable to match the supplied username and password, it returns an error condition.<br />
How Do I Set Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>?<br />
For overview information about setting up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, see <strong>1.3</strong> Setting Up the <strong>Netcool</strong><br />
<strong>Security</strong> <strong>Manager</strong> on page 16.<br />
How Do I Administer the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>?<br />
You administer <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> users, groups and roles using one of the web interfaces provided<br />
by the application. You can access the web interfaces through the <strong>Netcool</strong> GUI Foundation or the<br />
<strong>Netcool</strong>/Impact GUI Server. All administration of users, groups and roles must be performed using one of<br />
the web interfaces.<br />
For information on administering the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> using the <strong>Netcool</strong> GUI Foundation, see<br />
the NGF Administration <strong>Guide</strong>. For information on administering the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> using the<br />
<strong>Netcool</strong>/Impact GUI, see the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 1.2 Administration <strong>Guide</strong>.<br />
11
Chapter 1: Getting Started<br />
1.2 <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>Installation</strong> Types<br />
12<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> supports the following installation types:<br />
Standard<br />
Compatibility mode<br />
Shared mode<br />
Standard <strong>Installation</strong><br />
A standard installation consists of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> running with the <strong>Netcool</strong> GUI<br />
Foundation. In this scenario, you install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, configure the <strong>Netcool</strong> GUI<br />
Foundation to use the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and then perform administration tasks by logging into the<br />
<strong>Netcool</strong> GUI Foundation using a web browser.<br />
A standard installation is required for situations where you want to use the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> with<br />
applications like <strong>Netcool</strong>/RAD 3.0 or <strong>Netcool</strong>/Webtop 2.0 that work with the <strong>Netcool</strong> GUI Foundation.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
Figure 1 shows the architecture of a typical standard installation.<br />
<strong>Netcool</strong>/<br />
Webtop<br />
Figure 1: Standard <strong>Installation</strong><br />
<strong>Netcool</strong>/<br />
RAD<br />
<strong>Netcool</strong> GUI<br />
Foundation<br />
<strong>Netcool</strong><br />
<strong>Security</strong><br />
<strong>Manager</strong><br />
Compatibility Mode <strong>Installation</strong><br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
Other<br />
<strong>Netcool</strong><br />
Products<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>Installation</strong> Types<br />
A compatibility mode installation consists of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server running with the<br />
<strong>Netcool</strong>/Impact GUI server. In this scenario, you install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, configure the<br />
<strong>Netcool</strong>/Impact GUI server to run with the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and then perform administration<br />
tasks by logging into the <strong>Netcool</strong>/Impact GUI server using a web browser.<br />
A compatibility mode installation is required for situations where you want to use the <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong> with <strong>Netcool</strong>/Impact 3.1.<br />
13
Chapter 1: Getting Started<br />
14<br />
Figure 2 shows the architecture of a compatibility mode installation.<br />
<strong>Netcool</strong>/<br />
Impact<br />
3.1<br />
<strong>Netcool</strong><br />
<strong>Security</strong><br />
<strong>Manager</strong><br />
Figure 2: Compatibility Mode <strong>Installation</strong><br />
Shared Mode <strong>Installation</strong><br />
<strong>Netcool</strong>/<br />
Impact GUI<br />
Server<br />
A shared mode installation consists of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server running with both the <strong>Netcool</strong><br />
GUI Foundation and the <strong>Netcool</strong>/Impact GUI server. In this scenario, you install the <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong>, and then configure the <strong>Netcool</strong> GUI Foundation and the <strong>Netcool</strong>/Impact GUI server to run with<br />
the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>. You can then perform administration tasks by logging into the either the<br />
<strong>Netcool</strong> GUI Foundation or the <strong>Netcool</strong>/Impact GUI server using a web browser.<br />
A shared mode installation is required for situations in which you want to use the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
with <strong>Netcool</strong>/Impact 3.1 and with applications that use <strong>Netcool</strong> GUI Foundation.<br />
Figure 3 shows the architecture of a shared mode installation.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
<strong>Netcool</strong>/<br />
Webtop<br />
<strong>Netcool</strong>/<br />
Impact<br />
3.1<br />
<strong>Netcool</strong>/<br />
RAD<br />
<strong>Netcool</strong> GUI<br />
Foundation<br />
<strong>Netcool</strong><br />
<strong>Security</strong><br />
<strong>Manager</strong><br />
Figure 3: Shared Mode <strong>Installation</strong><br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
<strong>Netcool</strong>/<br />
Impact GUI<br />
Server<br />
Other<br />
<strong>Netcool</strong><br />
Products<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>Installation</strong> Types<br />
15
Chapter 1: Getting Started<br />
<strong>1.3</strong> Setting Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
16<br />
This section contains overview information about setting up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
It contains the following topics:<br />
Installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
Licensing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
Configuring the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
Setting Up External Authentication Sources<br />
Setting Up SSL<br />
Setting Up Failover<br />
Installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
To install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, you run the <strong>Netcool</strong> Installer on the target system and follow the<br />
on-screen prompts. The <strong>Netcool</strong> Installer copies the program files to the file system and sets basic<br />
configuration options. For more information, see Installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on page 25.<br />
Licensing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
This version of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> does not require licenses from Micromuse. You do not have<br />
to perform any tasks related to licensing when you install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
Configuring the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is configured automatically during installation. You can change the rate at<br />
which the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> refreshes information from external data sources, as described in<br />
Authentication Refresh Interval on page 47.<br />
Setting Up External Authentication Sources<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> automatically configures one default external authentication source during<br />
installation. If you want to use one or more additional external authentication sources with the <strong>Netcool</strong><br />
<strong>Security</strong> <strong>Manager</strong>, you must run the configuration utility as described in External Authentication on page 39.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
Setting Up SSL<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
Setting Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> supports the use of Secure Socket Layers (SSL) for communication with the<br />
<strong>Netcool</strong> GUI Foundation and with the <strong>Netcool</strong>/Impact GUI server when running in compatibility mode.<br />
For information on using SSL with the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, see SSL and the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
on page 52. Use of SSL with the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is optional.<br />
Setting Up Failover<br />
Failover is a feature that helps you manage uptime and availability for the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>. In a<br />
failover configuration, you install primary and secondary instances of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on<br />
different systems in your environment. You then configure them in such a way that if the primary server<br />
fails, the secondary server takes over the role as primary. When the original primary server is restarted, it<br />
assumes the new secondary role.<br />
For more information, see <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Failover on page 48.<br />
17
Chapter 1: Getting Started<br />
1.4 Managing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
18<br />
This section contains information on managing a <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> installation.<br />
It contains the following topics:<br />
Running the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
Backing Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Database<br />
Viewing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Log<br />
Running the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> provides a set of startup and shutdown scripts that you can use to start and<br />
stop the application. You can also run the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> under process control as a "non-pa<br />
aware" application. For more information, see Managing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on page 33.<br />
Backing Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Database<br />
Micromuse recommends that you periodically back up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> database using the<br />
instructions in Backing Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Database on page 36.<br />
Viewing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Log<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> provides a log file that contains a record of activities performed by the<br />
application, as well as a record of application status and system error conditions. For more information, see<br />
Viewing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Log on page 37.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
02_Installing.fm May 17, 2006<br />
Chapter 2: Setting Up the <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong><br />
This chapter contains information on setting up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
It contains the following sections:<br />
System Requirements on page 20<br />
About the <strong>Netcool</strong> Installer on page 22<br />
Installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on page 25<br />
Upgrading the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on page 29<br />
Uninstalling the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on page 31<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong> 19
Chapter 2: Setting Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
2.1 System Requirements<br />
20<br />
Make sure that the target system fulfills these requirements before installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
Platform Requirements<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is supported on the following platforms:<br />
Sun Microsystems Solaris 7, 8, 9, and 10<br />
Red Hat Linux 9.0 and Enterprise Server 3.0<br />
Microsoft Windows 2000 Server, Windows XP, and Windows 2003 Server<br />
<strong>IBM</strong> AIX 5L (5.2)<br />
Hewlett-Packard HP-UX 11.11<br />
Note: Micromuse recommends that you patch your operating system to the most current levels before<br />
installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
Java Support<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> uses version 1.4.2 of the Java Runtime Environment (JRE). The JRE is<br />
installed automatically when you install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>. You do not need to install the JRE<br />
separately or configure the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> to use the appropriate JRE installation.<br />
License Server Support<br />
This version of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> does not require licenses from Micromuse. You do not have<br />
to perform any tasks related to licensing when you install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
<strong>Netcool</strong> GUI Foundation Support<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is compatible with products in the <strong>Netcool</strong> suite that work with the <strong>Netcool</strong><br />
GUI Foundation. This includes <strong>Netcool</strong>/RAD 3.0, <strong>Netcool</strong>/Webtop 2.0 and other applications. The<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> also runs in compatibility mode for use with <strong>Netcool</strong>/Impact 3.1 and the<br />
<strong>Netcool</strong>/Impact GUI server.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
<strong>Netcool</strong> Component Support<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
System Requirements<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is compatible with products in the <strong>Netcool</strong> suite that work with the <strong>Netcool</strong><br />
GUI Foundation. This includes <strong>Netcool</strong>/RAD 3.0, <strong>Netcool</strong>/Webtop 2.0 and other applications. The<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is also runs in compatibility mode for use with <strong>Netcool</strong>/Impact 3.1 and the<br />
<strong>Netcool</strong>/Impact GUI server.<br />
External Authentication Support<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> supports the following external authentication sources:<br />
<strong>Netcool</strong>/OMNIbus 3.5, 3.6, and v7<br />
LDAP directory servers that support LDAP (Lightweight Directory Access Protocol) versions 2 or 3,<br />
for example, Microsoft Active Directory, Novell eDirectory, Sun ONE Directory Server, Netscape<br />
Directory Server, or OpenLDAP<br />
Network Information System (NIS) version 2 (on Solaris and Linux platforms only)<br />
Hardware Requirements<br />
Hardware requirements for the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> vary depending on your environment. For<br />
recommendations on hardware sizing for the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, contact your Micromuse account<br />
manager or Micromuse Technical Support.<br />
21
Chapter 2: Setting Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
2.2 About the <strong>Netcool</strong> Installer<br />
22<br />
This section contains overview information about the <strong>Netcool</strong> Installer.<br />
It contains the following topics:<br />
<strong>Netcool</strong> Installer<br />
<strong>Netcool</strong> Installer<br />
<strong>Netcool</strong> Installer Command Line Options<br />
<strong>Netcool</strong> <strong>Installation</strong> User<br />
<strong>Netcool</strong> Home Directory<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Directories<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> System Users<br />
The <strong>Netcool</strong> Installer is a program that you use to install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and other products<br />
in the <strong>Netcool</strong> suite.<br />
The <strong>Netcool</strong> Installer replaces previous installation programs and provides a single mechanism for installing,<br />
viewing, and uninstalling <strong>Netcool</strong> products on a system. The <strong>Netcool</strong> Installer registers each installed<br />
product or product component as a discrete software package that you can track and manage using the<br />
<strong>Netcool</strong> Installer maintenance wizard.<br />
When you use the <strong>Netcool</strong> Installer to install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, you start the program using<br />
the setup.sh script (on UNIX platforms) or the Setup.exe script (on Windows platforms). During<br />
installation, the <strong>Netcool</strong> Installer copies the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> program files to the <strong>Netcool</strong> home<br />
directory ($NCHOME) and configures the product using information you supply.<br />
After installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, the <strong>Netcool</strong> Installer then attempts to copy its maintenance<br />
wizard to the <strong>Netcool</strong> home directory. If no instance of the wizard exists on the target system or if an existing<br />
instance is older than the version packaged with the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, the <strong>Netcool</strong> Installer copies<br />
this program to the $NCHOME/install. The wizard executable is named ncisetup.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
<strong>Netcool</strong> Installer Command Line Options<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
About the <strong>Netcool</strong> Installer<br />
Table 2 describes the options available when starting the <strong>Netcool</strong> Installer from the command line. On<br />
Windows, the <strong>Netcool</strong> Installer must be started from a command prompt in order to use the command line<br />
options. All command line options are optional.<br />
Table 2: <strong>Netcool</strong> Installer Command Line Options<br />
Parameter Description<br />
-console Runs the <strong>Netcool</strong> Installer in console mode. This mode uses a text-only user interface to<br />
present installation options, and does not provide descriptions or explanations. Running the<br />
<strong>Netcool</strong> Installer in console mode is only recommended for expert users.<br />
-errorlevel Defines the level of detail in the error messages written to the <strong>Netcool</strong> Installer log.<br />
<strong>Netcool</strong> <strong>Installation</strong> User<br />
The <strong>Netcool</strong> installation user is the system user that you use to install products in the <strong>Netcool</strong> suite. You<br />
must install every <strong>Netcool</strong> product as the same system user. Once you have installed a <strong>Netcool</strong> product<br />
using a certain user account, you must use this account to install, uninstall, or modify every subsequent<br />
<strong>Netcool</strong> product on that system.<br />
On UNIX platforms, the <strong>Netcool</strong> installation user can be any user on the system, including root. If you<br />
choose to install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> or other products as the root user, you should be aware of<br />
security issues related to the use of root when installing software on UNIX systems. Micromuse<br />
recommends that you install and run <strong>Netcool</strong> products as a non-root user.<br />
On Windows platforms, the <strong>Netcool</strong> installation user can be any user on the system that is a member of the<br />
Administrators group.<br />
<strong>Netcool</strong> Home Directory<br />
This command line option takes one of three values:<br />
debug - detailed logging for debug purposes<br />
info - logs warning and informational messages<br />
warning - logs warning messages only<br />
The <strong>Netcool</strong> Installer log file is located here:<br />
$NCHOME/log/install/ncisetup.log<br />
The <strong>Netcool</strong> home directory is the shared directory where the <strong>Netcool</strong> Installer installs program files for all<br />
products in the <strong>Netcool</strong> suite. By default, this directory is /opt/netcool. Before you run the <strong>Netcool</strong><br />
Installer on UNIX systems, you should set the $NCHOME environment variable on the target system to this<br />
directory, as described in Setting the <strong>Netcool</strong> Environment Variable (UNIX Only) on page 25.<br />
23
Chapter 2: Setting Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Directories<br />
24<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> installation has the following directories:<br />
Table 3: <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Directories<br />
Directory Description<br />
$NCHOME/security/bin Contains <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> administration scripts and utilities,<br />
including ncsm_server, ncsm_shutdown and ncsm_status.<br />
$NCHOME/security/etc Contains <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> properties files.<br />
$NCHOME/security/log Contains <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> log files.<br />
Other directories Contain <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> software libraries, data storage files and<br />
other internal files.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
2.3 Installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
To install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, you do the following:<br />
Unpack the <strong>Security</strong> <strong>Manager</strong> archive<br />
Set the <strong>Netcool</strong> environment variable (UNIX only)<br />
Run the <strong>Netcool</strong> Installer<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
Installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
After you have installed the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, you can view the installation log to make sure that<br />
the installation was successful.<br />
Unpacking the Archive<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> archive file is named nscm-<strong>1.3</strong>-platform-build.tar.gz for<br />
UNIX platforms and ncsm-<strong>1.3</strong>-win32-build.zip for Windows platforms, where platform is<br />
the name of the operating system and build is the build number. This archive contains the <strong>Netcool</strong><br />
<strong>Security</strong> <strong>Manager</strong> installer and program files.<br />
To unpack the archive on UNIX systems:<br />
Enter the following at a command prompt:<br />
1. At a command prompt, enter the following:<br />
gunzip ncsm-<strong>1.3</strong>-platform-build.tar.gz<br />
2. Enter the following:<br />
tar -xvf ncsm-<strong>1.3</strong>-platform-build.tar<br />
To unpack the archive on Windows systems, use WinZip or another decompression utility.<br />
Setting the <strong>Netcool</strong> Environment Variable (UNIX Only)<br />
After you have run the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> installer on a UNIX platform, you must set the NCHOME<br />
environment variable to the location on the file system where <strong>Netcool</strong> applications are installed. The default<br />
is /opt/netcool.<br />
25
Chapter 2: Setting Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
26<br />
To set NCHOME in sh, bash, or ksh, enter the following at a command prompt:<br />
NCHOME=/opt/netcool; export NCHOME<br />
To set NCHOME in csh, enter the following at a command prompt:<br />
setenv NCHOME /opt/netcool<br />
Running the <strong>Netcool</strong> Installer<br />
The <strong>Netcool</strong> Installer copies the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> program files to the target system and sets the<br />
basic configuration options.<br />
Running the <strong>Netcool</strong> Installer on UNIX Platforms<br />
On UNIX platforms, the <strong>Netcool</strong> Installer is launched by a script named setup.sh located in the<br />
root-level directory of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> tar file. This script is a Korn shell (ksh) script. You<br />
must have ksh installed on the target system in order to run the installer.<br />
You can run the <strong>Netcool</strong> Installer in GUI mode or in console mode. In GUI mode, the program presents a<br />
series of windows that guide you through the installation process. In console mode, the program prompts<br />
you for required information from the command line. If you are installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
remotely using telnet or another command line application, you must run the program in console mode.<br />
GUI mode is not supported on AIX or HP-UX platforms.<br />
To run the <strong>Netcool</strong> Installer on UNIX platforms:<br />
1. At a command prompt, change the current directory to the location where the <strong>Netcool</strong> Installer is<br />
located.<br />
2. To run the program in GUI mode, enter the following:<br />
./setup.sh<br />
To run the program in console mode, enter the following:<br />
./setup.sh -console<br />
3. Follow the on-screen prompts as described in Installer Prompts on page 27.<br />
Running the <strong>Netcool</strong> Installer on Windows Platforms<br />
On Windows platforms, the installer is named Setup.exe and is located in the root-level directory of the<br />
installation zip file.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
To run the <strong>Netcool</strong> Installer on Windows platforms:<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
Installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
1. Using Windows Explorer, open the folder where you unpacked the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
archive.<br />
2. Double-click the Setup.exe file.<br />
3. Follow the on-screen prompts as described in Installer Prompts below.<br />
Installer Prompts<br />
The <strong>Netcool</strong> Installer prompts you for the information in Table 4.<br />
Table 4: <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Installer Prompts<br />
Prompt Description<br />
<strong>Netcool</strong> default folder Enter the name of the directory where <strong>Netcool</strong> products are to be installed on the<br />
system. The default on UNIX platforms is /opt/netcool. The default on Windows<br />
platforms is: C:\Program Files\Micromuse\netcool.<br />
Feature Select <strong>Security</strong> <strong>Manager</strong> Server from the Feature Selection list.<br />
Server host Enter the hostname of the system where you are installing the <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong>. The default is localhost.<br />
Server port Enter the communication port used by the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>. The default is<br />
1275.<br />
Server HTTP port Enter the HTTP port that you want the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> to use. The default is<br />
8077.<br />
Server DB port Enter the port that you want the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> database to use. The default<br />
is 5600.<br />
Authentication source Select an external authentication source for the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>. The default is<br />
a <strong>Netcool</strong>/OMNIbus ObjectServer.<br />
Authentication source<br />
configuration properties<br />
Enter the authentication source configuration properties as described in External<br />
Authentication on page 39. These properties are used by the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
in order to connect to the authentication source and to obtain the required<br />
authentication information.<br />
Application registry If you are running the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> in compatibility mode or shared mode,<br />
enter registry configuration properties as described in Registry Configuration on<br />
page 46. Compatibility mode and shared mode allow the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> to<br />
be used with <strong>Netcool</strong>/Impact 3.1. If you are installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> for<br />
use with the <strong>Netcool</strong> GUI Foundation only, you do not need to specify registry<br />
information.<br />
27
Chapter 2: Setting Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
Viewing the <strong>Installation</strong> Log<br />
28<br />
The <strong>Netcool</strong> Installer creates an installation log file that you can use to view error messages and other<br />
information about the installation process. This file is named ncisetup.log and is created in the<br />
$NCHOME/log/install directory during installation. You can view this file using any text editor or<br />
using the <strong>Netcool</strong> Installer utility.<br />
To view the installation log using the <strong>Netcool</strong> Installer utility on UNIX platforms:<br />
1. Enter the following at a command prompt:<br />
$NCHOME/install/ncisetup<br />
2. Select Installer Log in the Welcome dialog box that opens and then click Next.<br />
3. The Installer Log dialog box opens and displays the contents of the log.<br />
To view the installation log using the <strong>Netcool</strong> Installer utility on Windows platforms:<br />
1. From the Windows Start menu, select <strong>Netcool</strong> Suite → Maintenance Wizard<br />
2. Select Installer Log in the Welcome dialog box that opens and then click Next.<br />
3. The Installer Log dialog box opens and displays the contents of the log.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Administration User<br />
When you install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, the <strong>Netcool</strong> Installer defines a system-level user named<br />
admin that you can use to log in for the first time and perform administrative tasks with the <strong>Netcool</strong><br />
<strong>Security</strong> <strong>Manager</strong> and <strong>Netcool</strong> GUI Foundation. The password for the admin user is netcool.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
2.4 Upgrading the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
Upgrading the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
You can upgrade to this version of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> from version 1.2. If you want to upgrade<br />
from a previous version, you must first upgrade that version to 1.2 and then follow the procedures for<br />
upgrading to version <strong>1.3</strong>.<br />
To upgrade from version 1.2 to version <strong>1.3</strong> of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, you do the following:<br />
Install <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong><br />
Stop <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 1.2 and <strong>1.3</strong><br />
Copy the database script between versions of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
Start <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong><br />
Edit the Micromuse domain in <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong><br />
Configure external authentication in <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong><br />
Start <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong><br />
Installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
The first step in upgrading the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is to install version <strong>1.3</strong> on the target system. You<br />
can install the new version of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> as described in Installing the <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong> on page 25 with no special considerations. Make sure that you install this new version in a separate<br />
directory from the previous version. Do not remove the previous installation until you have completed the<br />
upgrade process.<br />
Stopping the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Instances<br />
You must make sure that both <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 1.2 and <strong>1.3</strong> are shut down in order to perform the<br />
remainder of the upgrade process. To stop version 1.2, use the shutdown script located at<br />
$NCSM_HOME/bin/ncsm_shutdown. NCSM is the environment variable you set when you install<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 1.2. To stop version <strong>1.3</strong>, use the shutdown script located at<br />
$NCHOME/security/bin/ncsm_shutdown.<br />
Copying the Database Script<br />
When you shut down version 1.2 of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, the application creates a database script<br />
that contains all of the information stored in the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> database. This script is named<br />
security.script and is located in the $NCSM_HOME/db directory.<br />
29
Chapter 2: Setting Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
30<br />
After you have shut down the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> instances, you must copy this script to the<br />
corresponding directory in the version <strong>1.3</strong> installation, which is<br />
$NCHOME/security/db/security.script.<br />
When you next start up the version <strong>1.3</strong> instance of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, the stored information<br />
will be loaded into the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> database.<br />
Starting the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong><br />
After you copy the database script from <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 1.2 to<strong>1.3</strong>, you must restart the version<br />
<strong>1.3</strong> instance. To start this version, use the startup script located at<br />
$NCHOME/security/bin/ncsm_server.<br />
Editing the Micromuse Domain<br />
In <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong>, you must edit the Micromuse <strong>Netcool</strong> Applications domain<br />
and remove any existing external authentication sources before you can complete the upgrade. This includes<br />
the default authentication source configured automatically during installation of the <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong>.<br />
You can edit the domain by logging into the <strong>Netcool</strong> GUI Foundation as an administrator or by logging<br />
into the <strong>Netcool</strong>/Impact 3.1 GUI Server and selecting the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> as the current<br />
application. For information on editing the domain in the <strong>Netcool</strong> GUI Foundation, see the <strong>Netcool</strong> GUI<br />
Foundation Administration <strong>Guide</strong>. For information on editing the domain in the <strong>Netcool</strong>/Impact 3.1 GUI<br />
Server, see the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 1.2 Administration <strong>Guide</strong>.<br />
Configuring External Authentication Sources<br />
After you remove any existing authentication sources from the domain, you must enable each type of<br />
external authentication source that is to be used in the upgraded instance of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
For more information, see Chapter 4: External Authentication on page 39. After you have enabled a type of<br />
authentication source, you can configure the Micromuse <strong>Netcool</strong> Applications domain to use<br />
authentication sources following the instructions in the <strong>Netcool</strong> GUI Foundation Administration <strong>Guide</strong> or<br />
the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 1.2 Administration <strong>Guide</strong>.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
2.5 Uninstalling the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
Uninstalling the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
You uninstall the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> using the <strong>Netcool</strong> Installer maintenance wizard. You cannot<br />
completely uninstall the product by manually removing the installation directory from the system.<br />
You can run the maintenance wizard in GUI mode or in console mode. In GUI mode, the wizard presents<br />
a series of windows that guide you through the uninstallation process. In console mode, the wizard prompts<br />
you for required information from the command line. If you are uninstalling the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
remotely using telnet or another command line application, you must run the wizard in console mode. GUI<br />
mode is not supported on AIX and HP-UX platforms.<br />
Uninstalling on UNIX Platforms<br />
To uninstall the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on UNIX platforms:<br />
1. At a command prompt, change the current directory to $NCHOME/install.<br />
2. To run the wizard in GUI mode, enter the following:<br />
./ncisetup<br />
To run the wizard in console mode, enter the following:<br />
./ncisetup -console<br />
3. Select Product View/Remove in the Welcome dialog box that opens and then click Next.<br />
4. The Product View/Remove dialog box opens and displays a list of installed <strong>Netcool</strong> products.<br />
5. Right-click on <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> in the list of products and select Remove from<br />
the context menu.<br />
6. Click Next.<br />
7. Click Remove in the Remove Product dialog box that opens.<br />
The maintenance wizard removes the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> from the system.<br />
Uninstalling on Windows Platforms<br />
To remove the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on Windows platforms:<br />
1. From the Windows Start menu, select <strong>Netcool</strong> Suite → Maintenance Wizard.<br />
2. Follow the on-screen prompts to complete uninstallation.<br />
3. Select Product View/Remove in the Welcome dialog box that opens and then click Next.<br />
4. The Product View/Remove dialog box opens and displays a list of installed <strong>Netcool</strong> products.<br />
31
Chapter 2: Setting Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
32<br />
5. Right-click on <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> in the list of products and select Remove from<br />
the context menu.<br />
6. Click Next.<br />
7. Click Remove in the Remove Product dialog box that opens.<br />
The maintenance wizard removes the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> from the system.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
03_Running.fm May 17, 2006<br />
Chapter 3: Managing the <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong><br />
This chapter contains information on starting and stopping the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server. It also<br />
contains information on backing up the database and viewing the server log.<br />
It contains the following chapters:<br />
Starting and Stopping the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on page 34<br />
Backing Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Database on page 36<br />
Viewing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Log on page 37<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong> 33
Chapter 3: Managing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
3.1 Starting and Stopping the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
34<br />
You start and stop the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on UNIX platforms using a set of administration scripts.<br />
On Windows platforms, you use the Windows services administration utilities.<br />
Starting the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on UNIX<br />
You can start the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server and database by running the server startup script. This<br />
script is named ncsm_server and is located in the $NCHOME/security/bin directory.<br />
To start the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server, enter the following at a command prompt:<br />
$NCHOME/security/bin/ncsm_server<br />
Stopping the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on UNIX<br />
You can stop the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server and database by running the server shutdown script. This<br />
script is named ncsm_shutdown and is located in the $NCHOME/security/bin directory.<br />
To stop the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server, enter the following at a command prompt:<br />
$NCHOME/security/bin/ncsm_shutdown<br />
Viewing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Status on UNIX<br />
You can view the status of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server and the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> database<br />
by running the status script. This script is named ncsm_status and is located in the<br />
$NCHOME/security/bin directory.<br />
To run the status script, enter the following at a command prompt:<br />
$NCHOME/security/bin/ncsm_status<br />
The following example shows typical output from the status script:<br />
<strong>Netcool</strong>/<strong>Security</strong><strong>Manager</strong> license server is running (pid= )<br />
<strong>Netcool</strong>/<strong>Security</strong><strong>Manager</strong> database is running (pid=3487 )<br />
<strong>Netcool</strong>/<strong>Security</strong><strong>Manager</strong> Server is running<br />
Starting the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on Windows<br />
To start the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on Windows platforms:<br />
1. In the Start Menu, select Control Panel → Administrative Tools → Services.<br />
2. In the Services window, right-click on <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and select Start.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
Stopping the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on Windows<br />
To stop the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on Windows platforms:<br />
1. In the Start Menu, select Control Panel → Administrative Tools → Services.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
Starting and Stopping the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
2. In the Services window, right-click on <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and select Stop.<br />
35
Chapter 3: Managing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
3.2 Backing Up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Database<br />
36<br />
Micromuse recommends that you regularly back up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> database. You must stop<br />
the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server before you back up or restore the database.<br />
To back up the database:<br />
1. Stop the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> by entering the following at a command prompt:<br />
$NCHOME/security/bin/ncsm_shutdown<br />
2. Back up the database by entering the following:<br />
$NCHOME/security/bin/ncsm_db backup -backupfile filename<br />
In this command, filename is the name of the file you want to use to store the backup data.<br />
3. Restart the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server by entering the following:<br />
$NCHOME/security/bin/ncsm_server<br />
Restoring the Database<br />
To restore the database:<br />
1. Stop the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> by entering the following at a command prompt:<br />
$NCHOME/security/bin/ncsm_shutdown<br />
2. Restore the database by entering the following:<br />
$NCHOME/security/bin/ncsm_db restore -backupfile filename<br />
In this command, filename is the name of the file that contains the backup data.<br />
3. Restart the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server by entering the following:<br />
$NCHOME/security/bin/ncsm_server<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
3.3 Viewing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Log<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
Viewing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Log<br />
You can monitor the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> by reading the server log files. The server log files contain<br />
system messages and other information that can help you track the status of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
and troubleshoot any problems that might arise. Server log files are named SM_server.log.n, where<br />
n is a number that identifies the log file. The server log files are located in the $NCHOME/security/log<br />
directory.<br />
37
Chapter 3: Managing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
38<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
04_External Authentication.fm May 17, 2006<br />
Chapter 4: External Authentication<br />
This chapter contains information on external authentication in the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
About External Authentication on page 40<br />
Adding an External Authentication Source on page 42<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong> 39
Chapter 4: External Authentication<br />
4.1 About External Authentication<br />
40<br />
External authentication is the scheme under which the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> uses authentication data<br />
stored in one or more instances of the <strong>Netcool</strong>/OMNIbus ObjectServer, an LDAP server or NIS to<br />
authenticate user logins.<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> supports the following external authentication configurations:<br />
Single source authentication<br />
Multiple source authentication<br />
Single Source Authentication<br />
Single source authentication is a configuration where the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> uses a single instance of<br />
the ObjectServer, an LDAP server or NIS as the source of authentication data.<br />
In this configuration, each time a user logs into a <strong>Netcool</strong> application, the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> checks<br />
its database for information on that user. If the user is an internally-defined, native authentication user, the<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> uses the internal information to authenticate the login. If the user is not a native<br />
authentication user, the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> connects to the configured external source and<br />
authenticates the login against the externally-stored user information.<br />
During installation, the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> installer requires you to specify connection information<br />
for the default external authentication source. This default source can be an instance of the<br />
<strong>Netcool</strong>/OMNIbus ObjectServer, an LDAP server or NIS. If you only wish to use one external<br />
authentication source, you can set the connection information at this time. No additional configuration is<br />
required.<br />
Multiple Source Authentication<br />
Multiple source authentication is a configuration where the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> uses more than one<br />
instance of the ObjectServer, LDAP server and/or NIS as the source of authentication data.<br />
In this configuration, each time a user logs into a <strong>Netcool</strong> application, the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> checks<br />
its database for information on that user. If the user is an internally-defined, native authentication user, the<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> uses the internal information to authenticate the login. If the user is not a native<br />
authentication user, the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> connects to each external source in order of priority until<br />
it finds a user that matches the username specified at login. The priority of external authentication sources<br />
is determined by the order in which they were added to the system. When the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
finds a matching user, it uses that information to authenticate the login.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
About External Authentication<br />
To add additional external authentication sources to the default source configured during installation, you<br />
must run the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> configuration script once for each authentication source. For more<br />
information, see Adding an External Authentication Source on page 42.<br />
41
Chapter 4: External Authentication<br />
4.2 Adding an External Authentication Source<br />
42<br />
To add an external authentication source, you run the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> configuration utility and<br />
follow the on-screen prompts. This utility is launched by a script named ncsm_config located in the<br />
$NCHOME/security/install directory.<br />
You can run the configuration utility in GUI mode or in console mode. In GUI mode, the utility presents<br />
a series of wizards that guide you through the installation process. In console mode, it prompts you for<br />
required information from the command line. If you are running the utility remotely using telnet or another<br />
command line application, you must run it in console mode.<br />
After you have run the configuration utility, the external authentication source is enabled in the <strong>Netcool</strong><br />
<strong>Security</strong> <strong>Manager</strong>. There is no need to perform additional configuration steps.<br />
Running the Configuration Utility<br />
Before you run the configuration utility, you should stop the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server. If you do<br />
not stop the server, the utility will stop it automatically during execution.<br />
To run the configuration utility:<br />
1. At a command prompt, change the current directory to the location where the utility is located.<br />
2. To run the utility in GUI mode, enter the following:<br />
./ncsm_config<br />
To run the utility in console mode, enter the following:<br />
./ncsm_config -console<br />
3. Follow the on-screen prompts as described in Configuration Utility Prompts below.<br />
After you run the configuration utility, you must manually restart the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server.<br />
Configuration Utility Prompts<br />
The information required by the configuration utility varies depending on the type of external<br />
authentication source you want to add.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
ObjectServer Authentication Sources<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
Adding an External Authentication Source<br />
For an ObjectServer authentication source, the configuration utility prompts you for the information in<br />
Table 5.<br />
Table 5: Configuration Utility Prompts: ObjectServer Authentication Sources<br />
Prompt Description<br />
Host Hostname or IP address of the system where the ObjectServer is running. The default is<br />
localhost.<br />
Port Port used by the ObjectServer. The default is 4100.<br />
Username ObjectServer user name. This user must have ObjectServer SuperUser privileges. The<br />
default is root.<br />
Password ObjectServer password.<br />
The ObjectServer username and password that you specify are used to establish connections to the<br />
ObjectServer database. Micromuse recommends that you restrict access to the <strong>Netcool</strong> GUI Foundation<br />
(NGF) for this user. You can restrict NGF access by removing all <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> roles from this<br />
user and removing the user from any groups that you have assigned <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> roles.<br />
LDAP Authentication Sources<br />
For LDAP authentication sources, the configuration utility prompts you for the information in Table 6.<br />
Supported LDAP authentication sources include Microsoft Active Directory, Novell eDirectory, Sun ONE<br />
Directory Server, Netscape Directory Server, and OpenLDAP.<br />
Table 6: Configuration Utility Prompts: LDAP Authentication Sources<br />
Prompt Description<br />
Host Hostname or IP address of the system where the LDAP server is running.<br />
Port Port used by the LDAP server.<br />
Username Fully qualified dn of an LDAP user that has permission to browse the directory for<br />
users and groups.<br />
Password Password for the LDAP user.<br />
LDAP user ID Name of the LDAP attribute defined as a unique user ID in the LDAP schema.<br />
Default is uid.<br />
Base context users Base context for LDAP users in the directory.<br />
LDAP group name Name of the LDAP attribute to use as a group in the authentication model. The<br />
default is cn.<br />
Base context groups Base context for LDAP groups in the directory.<br />
43
Chapter 4: External Authentication<br />
44<br />
Table 6: Configuration Utility Prompts: LDAP Authentication Sources<br />
Prompt Description<br />
Group Filter LDAP filter that specifies which group a user belongs to.<br />
Novell or Microsoft Active<br />
Directory<br />
NIS Authentication Sources<br />
Enter true if the LDAP server is a Novell eDirectory or Microsoft Active Directory<br />
server. The default is false.<br />
For NIS authentication sources, the configuration utility prompts you for an NIS domain name. This is the<br />
name of a domain served by NIS whose associated authentication data you want to use. NIS authentication<br />
is only supported on Solaris and Linux platforms.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
99_Appendix.fm May 17, 2006<br />
Appendix A: Supplementary Information<br />
This appendix contains supplementary information related to <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> installation and<br />
configuration.<br />
It contains the following sections:<br />
Registry Configuration on page 46<br />
Authentication Refresh Interval on page 47<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Failover on page 48<br />
SSL and the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on page 52<br />
Encryption Script on page 58<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong> 45
Appendix A: Supplementary Information<br />
A.1 Registry Configuration<br />
46<br />
When you install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> in compatibility mode for use with <strong>Netcool</strong>/Impact 3.1, the<br />
installer prompts you for connection information for the <strong>Netcool</strong> Application Registry. Table A1 shows the<br />
installer prompts.<br />
Table A1: <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>Installation</strong> Prompts: Registry Configuration<br />
Prompt Description<br />
<strong>Security</strong> <strong>Manager</strong> Registry Name Name used to identify the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> in the <strong>Netcool</strong> Application<br />
Registry.<br />
Registry Host Hostname or IP address where the registry is located.<br />
Registry Port Communication port used by the registry.<br />
Registry Location Path where the application registry is located. If you are using the application<br />
registry that is installed with the <strong>Netcool</strong>/Impact GUI server, the default is<br />
/registry/services.<br />
Registry Username Name of the registry administration user. If you are using the application<br />
registry that is installed with the <strong>Netcool</strong>/Impact GUI server, the default is<br />
admin.<br />
Registry Password Password for the registry admin user. If you are using the application registry<br />
that is installed with the <strong>Netcool</strong>/Impact GUI server, the default is netcool.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
A.2 Authentication Refresh Interval<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
Authentication Refresh Interval<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> allows you to configure the interval at which user, group, and role<br />
information is refreshed from the database.<br />
You configure the refresh interval by setting properties in the server properties file. This file is named<br />
SM_server.props and is located in the $NCHOME/security/etc directory.<br />
The following table shows the refresh interval configuration properties:<br />
Table A2: Refresh Interval Configuration Properties<br />
Property Definition<br />
security.refresh.timeinsec Number of seconds between each attempt to refresh from the<br />
authentication source. Default is 30.<br />
security.refresh.maxretries Maximum number of times to retry a refresh after failing to connect<br />
to the authentication source. Default is 10.<br />
47
Appendix A: Supplementary Information<br />
A.3 <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Failover<br />
48<br />
Failover is a feature that helps you manage uptime and availability for the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
In a failover configuration, you install primary and secondary servers of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on<br />
different systems in your environment. You then configure them in such a way that if the primary server<br />
fails, the secondary server takes over the role as primary. When the original primary server is restarted, is<br />
assumes the new secondary role.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> user and group data is replicated and synchronized at startup and during run<br />
time.<br />
Setting Up <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Failover<br />
To set up <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> failover, you do the following:<br />
Install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> instances<br />
Synchronize data between the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> instances<br />
Configure <strong>Netcool</strong> applications to use the failover configuration<br />
Configure <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> database properties<br />
Configure <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> primary and secondary type properties<br />
Configure <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server properties<br />
Installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Instances<br />
The first step in setting up failover is to install primary and secondary instances of the <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong> on different systems in your environment. To install the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, you can run<br />
the install script and follow the on-screen prompts as described in Installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> on<br />
page 25. There are no special considerations when installing the instances for failover.<br />
Synchronizing Data Between <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Instances<br />
After you have installed the primary and secondary instances of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, you must<br />
make sure that the product configuration information stored in the respective databases is identical. The best<br />
way to make sure that this information is identical is to export the contents of the database from the primary<br />
instance and import it into that of the secondary instance.<br />
You must repeat this step every time you add a new product that uses the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> to your<br />
environment. This is because, at install time, the <strong>Netcool</strong> Installer only configures the primary instance of<br />
the <strong>Security</strong> <strong>Manager</strong> for use with the product.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Failover<br />
You do not need to manually synchronize other <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> information (for example, users<br />
and groups) during runtime. The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> automatically replicates this information<br />
between instances.<br />
To synchronize data between <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> instances:<br />
1. If the primary instance is running, stop it by entering the following at a command prompt:<br />
$NCHOME/security/bin/ncsm_shutdown<br />
When you shut down the primary instance, it exports the contents of its database in the form of a file<br />
called security.script. This file is located in the $NCHOME/security/db directory by<br />
default.<br />
2. Copy the output file to $NCHOME/bin/security on the system where the secondary instance is<br />
installed.<br />
3. If the secondary instance is running, stop it by entering the following at a command prompt:<br />
$NCHOME/security/bin/ncsm_shutdown<br />
4. Import the data into the secondary instance by entering the following:<br />
$NCHOME/security/bin/ncsm_db restore -backupfile security.script<br />
When you import the data using ncsm_db, the script reports the status of the database. The<br />
message The database is not running is not an error message and can be disregarded.<br />
Configuring the <strong>Netcool</strong> Applications<br />
You must manually configure the <strong>Netcool</strong> applications that use the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> (for example,<br />
<strong>Netcool</strong>/Impact and the <strong>Netcool</strong>/Impact GUI Server, or the <strong>Netcool</strong> GUI Foundation) so that they are able<br />
to locate both instances of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server. You configure them by setting properties<br />
in their respective server properties files. This file is named server.props or<br />
servername_server.props and is located in the etc directory of the product installation. For<br />
example, the default <strong>Netcool</strong>/Impact server properties file is<br />
$IMPACT_HOME/etc/NCI_server.props.<br />
To configure the applications, set the following in each server properties file:<br />
security.backup.host.1=hostname<br />
security.backup.port.1=port<br />
impact.security.backup.host.1=hostname<br />
impact.security.backup.port.1=port<br />
49
Appendix A: Supplementary Information<br />
50<br />
In these properties, hostname is the hostname of the system where the secondary <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong> is running and port is the port. The default port is 8077. The location of the primary <strong>Netcool</strong><br />
<strong>Security</strong> <strong>Manager</strong> is described by other configuration properties that you set when you install the <strong>Netcool</strong><br />
application.<br />
Configuring the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Databases<br />
You must also configure the primary and secondary instances of the database so that they do not use<br />
localhost as the default server address. The server address property is located in the<br />
$NCHOME/security/etc/db.properties file.<br />
To configure the databases, comment out the server.address property in each db.properties<br />
file by inserting the # character at the beginning of the line. The resulting line should look like the following:<br />
# server.address=localhost<br />
Configuring Primary and Secondary Type Properties<br />
You must configure both primary and secondary type properties. The properties files are located in the<br />
$NCHOME/security/etc/smParentType.type file. You must modify these properties in order<br />
to enable data replication between the primary and secondary <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> instances.<br />
You must add or modify the contents of the primary type file so that it contains the following lines:<br />
smParentType.SQL.NUMDBPROPERTIES=1<br />
smParentType.SQL.DBPROPERTY.1.NAME=IMPACT_REPLICATE_CHANGES<br />
smParentType.SQL.DBPROPERTY.1.VALUE=true<br />
You must also modify the smParentType.sql.urls property. This property contains a set of JDBC<br />
connection strings. Each connection string is separated by the pipe character (|).<br />
For the primary server, add the following connection string to the property:<br />
jdbc:hsqldb:hsql://secondary_host:secondary_port/security<br />
In this property, secondary_host is the hostname of the system where the primary <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong> is running and secondary_port is the port used by the database. The default port is 5600.<br />
The resulting property should resemble the following:<br />
smParentType.SQL.URLS=jdbc:hsqldb:hsql://host_primary:5600/security|<br />
jdbc:hsqldb:hsql://host_secondary:5600/security<br />
In this property, host_primary is the hostname of the primary instance and host_secondary is<br />
the hostname of the secondary instance.<br />
For the secondary server, add a connection string representing the primary to the property in the same way.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
The resulting property should resemble the following:<br />
smParentType.SQL.URLS=jdbc:hsqldb:hsql://host_secondary:5600/security|<br />
jdbc:hsqldb:hsql://host_primary:5600/security<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Failover<br />
In this property, host_primary is the hostname of the primary instance and host_secondary is<br />
the hostname of the secondary instance.<br />
Configuring the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Server<br />
The final step in setting up failover is to configure the primary and secondary server instances. You configure<br />
each server by modifying the $NCHOME/security/etc/SM_server.props file.<br />
To configure the primary server, add the following lines to the file:<br />
impact.security.failover=true<br />
impact.security.controlport=port_primary_control<br />
impact.security.failover.other.host=host_secondary<br />
impact.security.failover.other.port=port_secondary_control<br />
impact.security.failover.ResyncRateInSec=10<br />
In these properties, port_primary_control is the control port for the primary server,<br />
host_secondary is the hostname of the system where the secondary server is running and<br />
port_secondary_control is the control port for the secondary server. The control port is used for<br />
communication between the primary and secondary server instances. You can specify any unused port for<br />
this property.<br />
To configure the secondary server, add the following lines to the file:<br />
impact.security.failover=true<br />
impact.security.controlport=port_secondary_control<br />
impact.security.failover.other.host=host_primary<br />
impact.security.failover.other.port=port_primary_control<br />
impact.security.failover.ResyncRateInSec=10<br />
Running the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> in a Failover Configuration<br />
To run the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> in a failover configuration you start the primary server and then the<br />
secondary server using the server startup script. This script is named ncsm_server and is located in the<br />
$NCHOME/security/bin directory. You start the server instances in the same way that you start a<br />
single server configuration with no special considerations. You can shut down the server instances using the<br />
ncsm_shutdown script.<br />
51
Appendix A: Supplementary Information<br />
A.4 SSL and the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
52<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> supports Secure Socket Layer (SSL) communication at the following levels:<br />
Between the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and the <strong>Netcool</strong> GUI Foundation, <strong>Netcool</strong>/RAD,<br />
<strong>Netcool</strong>/Impact 3.1, and the <strong>Netcool</strong>/Impact GUI Server<br />
Between the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and an LDAP server<br />
Setting Up SSL Between the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and <strong>Netcool</strong><br />
Applications<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> supports communication via SSL between the server and other components<br />
of the <strong>Netcool</strong> suite. When you enable SSL communication for the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>, all <strong>Netcool</strong><br />
applications that use it for authentication must also be set up to use SSL.<br />
To set up SSL for use with the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and <strong>Netcool</strong> applications, you do the following:<br />
Create a server certificate<br />
Create client certificates<br />
Configure the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> servlet service<br />
Configure the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server<br />
Configure the <strong>Netcool</strong> applications<br />
When you create the client and server certificates, you are required to specify a password for the local<br />
keystore and the local truststore. Make sure to record the passwords that you specify. You will use them when<br />
you configure the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server and the <strong>Netcool</strong> applications for use with SSL.<br />
Creating the Server Certificate<br />
The first step in setting up SSL for use with the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is creating the server certificate.<br />
You create this certificate using the Java keytool utility. This utility is part of the Java Runtime<br />
Environment (JRE) and is located in the $NCHOME/security/platform/arch/J2RE/bin<br />
directory, where arch is the name of the operating system where the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is installed.<br />
For more information on keytool, see the Java Runtime Environment documentation at<br />
http://java.sun.com.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
To create the server certificate:<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
SSL and the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
1. At a command prompt, change the current directory to the location that you will use to store the<br />
server certificate and create a subdirectory named ssl as follows:<br />
cd $NCHOME/security<br />
mkdir ssl<br />
cd ssl<br />
2. Generate the server certificate using the keytool utility as follows:<br />
$NCHOME/common/platform/arch/jre/1.4.2/bin/keytool -genkey -alias sm_svr -keyalg<br />
RSA -keypass keypassword -storepass storepassword -keystore keystore.jks<br />
In this command, keypassword and storepassword are password strings of your choice.<br />
Passwords must be six characters or longer.<br />
The keytool utility prompts you for the information required to populate and sign the server<br />
certificate. You must enter the hostname of the system where the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is<br />
running in response to the first name and last name prompt.<br />
This command creates a file named keystore.jks in the current directory.<br />
3. Export the server certificate using the keytool utility as follows:<br />
$NCHOME/common/platform/arch/jre/1.4.2/bin/keytool -export -alias sm_svr<br />
-storepass storepassword -file server.cer -keystore keystore.jks<br />
This command creates a file named server.cer in the current directory. This file contains the<br />
exported certificate.<br />
4. Create a trust store file and add the server certificate to the file as follows:<br />
$NCHOME/common/platform/arch/jre/1.4.2/bin/keytool -import -v -trustcacerts -alias<br />
sm_svr -keypass keypassword -storepass storepassword -file server.cer -keystore<br />
cacerts.jks<br />
The keytool utility prompts you whether you want to trust this certificate. You must answer Yes.<br />
This command creates a file named cacerts.jks in the current directory.<br />
Creating Client Certificates<br />
After you have created the server certificate, you must create a client certificate for each <strong>Netcool</strong> application<br />
that uses the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> for authentication. This includes the <strong>Netcool</strong> GUI Foundation,<br />
<strong>Netcool</strong>/Impact 3.1, <strong>Netcool</strong>/RAD, and the <strong>Netcool</strong>/Impactg GUI Server.<br />
If you are configuring the <strong>Netcool</strong> GUI Foundation as your client application, please see the <strong>Netcool</strong> GUI<br />
Foundation Administration <strong>Guide</strong> for instructions on this task.<br />
53
Appendix A: Supplementary Information<br />
54<br />
You must also create a client certificate for the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server itself, in addition to the<br />
server certificate that you created in the previous step.<br />
As with the server certificate, you generate client certificates using the Java keytool utility. This utility is<br />
located in the platform/arch/jre/1.4.2/bin or platform/arch/J2RE/bin directory of<br />
each <strong>Netcool</strong> application installation, where arch is the name of the platform where the application is<br />
installed.<br />
You must create the client certificates on the system where each application is installed. For example, when<br />
you generate the certificate for <strong>Netcool</strong>/Impact, you must run the keytool utility on the system where<br />
<strong>Netcool</strong>/Impact is located.<br />
To create a client certificate:<br />
1. At a command prompt, create a new directory named ssl in the home directory for the <strong>Netcool</strong><br />
application. For example, if you are generating a client certificate for <strong>Netcool</strong>/Impact, create a new<br />
directory named $IMPACT_HOME/ssl. If you are generating a client certificate for the <strong>Netcool</strong><br />
Impact GUI Server, create a new directory called $GUI_HOME/ssl.<br />
2. Change the current directory to the ssl location you created above.<br />
3. Generate the client certificate using the keytool utility as follows:<br />
app_home/platform/arch/J2RE/bin/keytool -genkey -alias sm_clnt -keyalg RSA<br />
-keypass keypassword -storepass storepassword -keystore clntks.jks<br />
In this command, app_home is the home directory for the <strong>Netcool</strong> application (for example,<br />
$NCHOME/security, $IMPACT_HOME, $GUI_HOME or $RAD_HOME) and keypassword<br />
and storepassword are password strings of your choice. Passwords must be six characters or<br />
longer.<br />
The keytool utility prompts you for the information required to populate and sign the client<br />
certificate. You must enter the hostname of the system where the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is<br />
running in response to the first name and last name prompt.<br />
This command creates a file named clntks.jks in the current directory.<br />
4. Export the client certificate using the keytool utility as follows:<br />
app_home/platform/arch/J2RE/bin/keytool -export -alias sm_clnt -storepass<br />
storepassword -file client.cer -keystore clntks.jks<br />
This command creates a file named client.cer in the current directory. This file contains the<br />
exported certificate.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
5. Add the client certificate to the trust file as follows:<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
SSL and the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
app_home/platform/arch/J2RE/bin/keytool -import -v -trustcacerts -alias sm_clnt<br />
-keypass keypassword -storepass storepassword -file client.cer -keystore<br />
cacerts.jks<br />
The keytool utility prompts you whether you want to trust this certificate. You must answer Yes.<br />
Configuring the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Servlet Service<br />
The servlet service is an internal component of the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> that runs the <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong> GUI. To configure this service, you set configuration properties in the<br />
SM_servletservice.props file. This file is located in $NCHOME/security/etc.<br />
To configure the servlet service, set the following properties in the<br />
SM_servletservice.props file:<br />
impact.http.ssl.enable=true<br />
impact.ssl.keystore=ncsm_home/ssl/keystore.jks<br />
impact.ssl.keypass=keypass_encrypt<br />
In these properties, ncsm_home is the directory where the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is installed (for<br />
example, opt/netcool/security) and<br />
keypass_encrypt is the encrypted keystore password you specified when you created the<br />
keystore.jks file. You must use the ncsm_crypt tool to encrypt the keystore password. This tool<br />
is located in the $NCSM_HOME/bin directory.<br />
The following example shows typical values for these properties:<br />
impact.http.ssk.enable=true<br />
impact.ssl.keystore=/opt/netcool/security/ssl/keystore.jks<br />
impact.ssl.keypass=F7EA3A52059022B9F390AD2E9242E81A<br />
Configuring the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Server<br />
To configure the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server, set the following properties in the<br />
$NCHOME/security/etc/SM_server.props file:<br />
security.protocol=https<br />
security.keystore=ncsm_home/ssl/clntks.jks<br />
security.keypass=keypass_encrypt<br />
security.truststore=ncsm_home/ssl/cacerts.jks<br />
security.trustpass=trustpass_encrypt<br />
55
Appendix A: Supplementary Information<br />
56<br />
In these properties, ncsm_home is the directory where the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is installed and<br />
keypass_encrypt and trustpass_encrypt are the encrypted keystore and truststore passwords<br />
that you specified when you created the client certificate on the system where the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
resides. You must use the ncsm_crypt tool to encrypt the keystore password. This tool is located in the<br />
$NCHOME/security/bin directory.<br />
The following example shows typical values for these properties:<br />
security.protocol=https<br />
security.keystore=/opt/netcool/security/ssl/clntks.jks<br />
security.keypass=F7EA3A52059022B9F390AD2E9242E81A<br />
security.truststore=/opt/netcool/security/ssl/cacerts.jks<br />
security.trustpass=F7EA3A52059022B9F390AD2E9242E81A<br />
Configuring the <strong>Netcool</strong> Applications<br />
The final step in setting up SSL is configuring the <strong>Netcool</strong> applications. You must configure each<br />
application that uses the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> for authentication. This includes the <strong>Netcool</strong> GUI<br />
Foundation, <strong>Netcool</strong>/Impact 3.1, the <strong>Netcool</strong>/Impact GUI Server, and <strong>Netcool</strong>/RAD.<br />
If you are configuring the <strong>Netcool</strong> GUI Foundation as your client application, please see the <strong>Netcool</strong> GUI<br />
Foundation Administration <strong>Guide</strong> for instructions on this task.<br />
To configure other <strong>Netcool</strong> applications, set the properties specified in the above step in each server<br />
properties file. This file is named servername_server.props or server.props, where<br />
servername is the name of the server instance, and is located in the etc directory of the product<br />
installation. For example, the default server properties file for <strong>Netcool</strong>/Impact is named<br />
NCI_server.props and is located in the $IMPACT_HOME/etc directory.<br />
Make sure that you have created client certificates for each of the applications that communicate with the<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> as described in Creating Client Certificates on page 53.<br />
The following example shows typical values for SSL properties in the <strong>Netcool</strong>/Impact server properties file:<br />
security.protocol=https<br />
security.keystore=/opt/netcool/impact/ssl/clntks.jks<br />
security.keypass=F7EA3A52059022B9F390AD2E9242E81A<br />
security.truststore=/opt/netcool/impact/ssl/cacerts.jks<br />
security.trustpass=F7EA3A52059022B9F390AD2E9242E81A<br />
Setting Up SSL Between the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and an LDAP<br />
Server<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> supports communication via SSL between the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
server and an LDAP server that you are using as an authentication source.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong><br />
SSL and the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
To set up SSL for use with the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> and an LDAP server, you do the following:<br />
Configure the LDAP server for use with SSL<br />
Install the client certificate for the LDAP service in the keystore of the Java Runtime Environment<br />
(JRE) used by the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong><br />
Configure the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Server<br />
Configuring the LDAP Server<br />
The first step in setting up SSL communication is to configure the LDAP server. Instructions for configuring<br />
the LDAP server vary according by product. Typically, you first obtain a server certificate from a certificate<br />
authority (CA) and install it on the platform used by the LDAP server. Then, you use tools provided by the<br />
LDAP vendor to enable SSL communication. For more information, see the LDAP server documentation.<br />
Installing the Client Certificate<br />
You must install the SSL client certificate in the keystore of the JRE used by the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong>.<br />
You first obtain the client certificate from a CA according to the instructions provided by the LDAP server<br />
vendor. You then install the certificate using the Java keytool utility. This utility is located in the<br />
$NCSM_HOME/platform/arch/J2RE/bin directory, where arch is the name of the operating<br />
system where the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> is installed.<br />
To install the client certificate, enter the following at a command prompt:<br />
$NCSM_HOME/platform/arch/J2RE/bin/keytool -import -v -trustcacerts -alias aliasname<br />
-file certname -keystore $NCSM_HOME/platform/arch/lib/cacerts/keystorename<br />
In this command, aliasname is the alias of the server certificate, certname is the filename of the<br />
certificate file and keystorename is the name of the keystore file.<br />
Configuring the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> Server<br />
To configure the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> server, you edit the primary type properties file for the LDAP<br />
authentication source. This file is named smParentType_LDAP.type and is located in the<br />
$NCHOME/security/etc directory.<br />
You must make the following changes to the primary type properties file:<br />
Set the value of the smParentType_LDAP.PROVIDERURL property to the hostname and SSL<br />
port used by the LDAP server.<br />
Uncomment the smParentType_LDAP.LDAP.SECURITY.PROTOCOL property.<br />
57
Appendix A: Supplementary Information<br />
A.5 Encryption Script<br />
58<br />
The <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> provides a script that you can use to encrypt plaintext password strings. You<br />
can use this script to disguise user passwords that are stored in properties files for the <strong>Netcool</strong> <strong>Security</strong><br />
<strong>Manager</strong> and other <strong>Netcool</strong> products. This script is named ncsm_crypt and is located in the<br />
$NCHOME/security/bin directory.<br />
The ncsm_crypt script has the following syntax:<br />
ncsm_crypt password<br />
In this syntax, password is the password string that you want to encrypt.<br />
When you run ncsm_crypt, it prints the encrypted string to the standard output.<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
sm30instIX.fm May 17, 2006 3:27 pm<br />
Index<br />
A<br />
administration user 28<br />
authentication refresh intervals 47<br />
authentication types 10<br />
external 10<br />
native 10<br />
C<br />
compatibility mode installation 13<br />
D<br />
database<br />
backing up 36<br />
restoring 36<br />
E<br />
encryption script 58<br />
external authentication 10, 21, 40<br />
about 40<br />
single source 40<br />
external authentication requirements 21<br />
external authentication sources<br />
adding 42<br />
configuring 42<br />
F<br />
failover 48<br />
running <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 51<br />
setting up 48<br />
H<br />
hardware requirements 21<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong> 1<br />
I<br />
installation types 12<br />
compatibility mode 13<br />
shared mode 14<br />
standard 12<br />
installing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 25<br />
J<br />
Java support 20<br />
L<br />
LDAP authentication sources<br />
configuring 43<br />
support 21<br />
License server support 20<br />
log<br />
viewing 37<br />
M<br />
managing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 18<br />
N<br />
native authentication 10<br />
<strong>Netcool</strong> environment variable 25<br />
<strong>Netcool</strong> GUI Foundation requirements 20<br />
<strong>Netcool</strong> home directory 23<br />
<strong>Netcool</strong> installation user 23<br />
<strong>Netcool</strong> Installer 22<br />
log 28<br />
prompts 27<br />
running 26<br />
<strong>Netcool</strong> License Server 20<br />
Index
Index<br />
2<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 10<br />
installation directories 24<br />
NIS authentication sources<br />
configuring 44<br />
support 21<br />
O<br />
ObjectServer authentication sources<br />
configuring 43<br />
support 21<br />
operating system requirements 20<br />
P<br />
platform requirements 20<br />
R<br />
registry configuration 46<br />
S<br />
setting up the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 16<br />
shared mode installation 14<br />
single source authentication 40<br />
SSL 52<br />
setting up LDAP server connections 56<br />
setting up <strong>Netcool</strong> applications 52<br />
standard installation 12<br />
starting the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 34<br />
stopping the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 34<br />
system requirements 20<br />
U<br />
uninstalling <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 31<br />
upgrading <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> 29<br />
V<br />
viewing <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> status on UNIX 34<br />
viewing the installation log 28<br />
viewing the <strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> log 37<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>
ackmatter.fm May 17, 2006<br />
Contact Information<br />
Corporate<br />
Region Address Telephone Fax World Wide Web<br />
USA Micromuse Inc. (HQ)<br />
650 Townsend Street<br />
San Francisco<br />
CA 94103<br />
USA<br />
Europe Micromuse Ltd.<br />
Disraeli House<br />
90 Putney Bridge Road<br />
London SW18 1DA<br />
United Kingdom<br />
Asia-Pacific Micromuse Ltd.<br />
Level 25<br />
77 St Georges Terrace<br />
Perth WA 6000<br />
Australia<br />
Technical Support<br />
1-800-<strong>Netcool</strong> (638 2665)<br />
+1 415 568 9800<br />
Region Telephone Fax<br />
USA 1-800-<strong>Netcool</strong> (800 638 2665)<br />
+1 415 568 9800 (San Francisco)<br />
+1 415 568 9801 http://www.micromuse.com<br />
+44 (0) 20 8875 9500 +44 (0) 20 8875 9995 http://www.micromuse.co.uk<br />
+61 (0) 8 9213 3400 +61 (0) 8 9325 5030 http://www.micromuse.com.au<br />
+1 415 568 9801<br />
Europe +44 (0) 20 8877 0073 (London, UK) +44 (0) 20 8875 0991<br />
Asia-Pacific +61 (0) 8 9213 3470 (Perth, Australia)<br />
Online<br />
+10 800 852 1012 (North China)<br />
+10 800 152 1012 (South China)<br />
+61 (0) 8 9486 1116<br />
Team E-Mail World Wide Web<br />
Licensing Temporary Licenses: temp.licensing@micromuse.com<br />
Permanent Licenses: perm.licensing@micromuse.com<br />
support.micromuse.com/helpdesk/licenses<br />
Support support@micromuse.com support.micromuse.com<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong> 3
Contact Information<br />
4<br />
<strong>Netcool</strong> <strong>Security</strong> <strong>Manager</strong> <strong>1.3</strong> <strong>Installation</strong> <strong>Guide</strong>