Netcool Security Manager Installation Guide 1.3 - e IBM Tivoli ...

frontmatter.fm May 17, 2006 

Netcool® Security Manager 

1.3 

Installation Guide

© 2007 Micromuse Inc., Micromuse Ltd. 

All rights reserved. No part of this work may be reproduced in any form or by any 

person without prior written permission of the copyright owner. This document is 

proprietary and confidential to Micromuse, and is subject to a confidentiality 

agreement, as well as applicable common and statutory law. 

Micromuse Disclaimer of Warranty and Statement of Limited Liability 

Micromuse provides this document "as is", without warranty of any kind, either 

express or implied, including, but not limited to, the implied warranties of 

merchantability, fitness for a particular purpose or non-infringement. This 

document may contain technical inaccuracies or typographical errors. Micromuse 

may make improvements and changes to the programs described in this document 

or this document at any time without notice. Micromuse assumes no responsibility 

for the use of the programs or this document except as expressly set forth in the 

applicable Micromuse agreement(s) and subject to terms and conditions set forth 

therein. Micromuse does not warrant that the functions contained in the programs 

will meet your requirements, or that the operation of the programs will be 

uninterrupted or error-free. Micromuse shall not be liable for any indirect, 

consequential or incidental damages arising out of the use or the ability to use the 

programs or this document. 

Micromuse specifically disclaims any express or implied warranty of fitness for high 

risk activities. 

Micromuse programs and this document are not certified for fault tolerance, and 

are not designed, manufactured or intended for use or resale as on-line control 

equipment in hazardous environments requiring fail-safe performance, such as in 

the operation of nuclear facilities, aircraft navigation or communication systems, 

air traffic control, direct life support machines, or weapons systems ("High Risk 

Activities") in which the failure of programs could lead directly to death, personal 

injury, or severe physical or environmental damage. 

Compliance with Applicable Laws; Export Control Laws 

Use of Micromuse programs and documents is governed by all applicable federal, 

state and local laws. All information therein is subject to U.S. export control laws 

and may also be subject to the laws of the country where you reside. 

All Micromuse programs and documents are commercial in nature. Use, 

duplication or disclosure by the United States Government is subject to the 

restrictions set forth in DFARS 252.227-7015 and FAR 52.227-19. 

Trademarks and Acknowledgements 

Micromuse and Netcool are registered trademarks of Micromuse. 

Other Micromuse trademarks include but are not limited to: Netcool/OMNIbus, 

Netcool/OMNIbus for Voice Networks, Netcool/Reporter, Netcool/Internet 

Service Monitors, Netcool/ISM, Netcool/ISM Global Perspective, Netcool/NT 

Service Monitors, Netcool/Wireless Service Monitors, Netcool/WSM, 

Netcool/Usage Service Monitors, Netcool/USM, Netcool/Telco Service 

Monitors, Netcool/TSM, Netcool/Fusion, Netcool/Data Center Monitors, 

Netcool DCM, Netcool/Impact, Netcool/Visionary, Netcool/Precision, Netcool 

Probes & Monitors, Netcool Desktops, Netcool Gateways, Netcool Impact/Data 

Source Adaptors, Netcool EventList, Netcool Map, Netcool Virtual Operator, 

Netcool/Precision for IP Networks, Netcool/Precision for Transmission 

Networks, Netcool/Firewall, Netcool/Wave, Netcool/Webtop, Netcool TopoViz, 

Netcool/SM Operations, Netcool/SM Configuration, Netcool/OpCenter, 

Netcool/System Service Monitors, Netcool/SSM, Netcool/Application Service 

Monitors, Netcool/ASM, Netcool/ISM WAM, Netcool/SM Reporter, Netcool 

for Asset Management, Netcool/Realtime Active Dashboards, 

Netcool/Dashboards, Netcool/RAD, Netcool for Voice over IP, Netcool for 

Security Management, Netcool Security Manager, Netcool/Portal 2.0 Premium 

Edition, Netcool ObjectServer, Netcool/RAD, Netcool GUI Foundation, 

Netcool Installer, Netcool Licensing, Netcool/Software Developers Kit, NGF, 

Micromuse Alliance Program, Micromuse Channel Partner, Authorized Netcool 

Reseller, Netcool Ready, Netcool Solutions, Netcool Certified, Netcool Certified 

Consultant, Netcool Certified Trainer, Netcool CCAI Methodology, Micromuse 

University, Microcorrelation, Acronym, Micromuse Design, Integration Module 

for Netcool, The Netcool Company, VISIONETCOOL, Network Slice. 

Micromuse acknowledges the use of I/O Concepts Inc. X-Direct 3270 terminal 

emulators and hardware components and documentation in Netcool/Fusion. 

X-Direct ©1989-1999 I/O Concepts Inc. X-Direct and Win-Direct are 

trademarks of I/O Concepts Inc. 

Netcool/Fusion contains IBM Runtime Environment for AIX®, Java 

Technology Edition Runtime Modules © Copyright IBM Corporation 1999. All 

rights reserved. 

Netcool/Precision IP includes software developed by the University of California, 

Berkeley and its contributors. 

Micromuse acknowledges the use of MySQL in Netcool/Precision for IP 

Networks. Copyright © 1995, 1996 TcX AB & Monty Program KB & Detron 

HB Stockholm SWEDEN, Helsingfors FINLAND and Uppsala SWEDEN. All 

rights reserved. 

Micromuse acknowledges the use of the UCD SNMP Library in Netcool/ISM and 

the Netcool/OMNIbus SNMP Writer Gateway. Copyright © 1989, 1991, 1992 

by Carnegie Mellon University. Derivative Work - Copyright © 1996, 1998, 

1999, 2000 The Regents of the University of California. All rights reserved. 

Permission to use, copy, modify and distribute this software and its documentation 

for any purpose and without fee is hereby granted, provided that the above 

copyright notice appears in all copies and that both that copyright notice and this 

permission notice appear in supporting documentation, and that the name of 

CMU and The Regents of the University of California not be used in advertising 

or publicity pertaining to distribution of the software without specific written 

permission. 

CMU AND THE REGENTS OF THE UNIVERSITY OF CALIFORNIA 

DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 

INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 

AND FITNESS. IN NO EVENT SHALL CMU OR THE REGENTS OF THE 

UNIVERSITY OF CALIFORNIA BE LIABLE FOR ANY SPECIAL, 

INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 

WHATSOEVER RESULTING FROM THE LOSS OF USE, DATA OR 

PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 

OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 

CONNECTION WITH THE USE OR PERFORMANCE OF THIS 

SOFTWARE. 

Portions of the Netcool/OMNIbus code are copyright (C) 1989-95 GROUPE 

BULL. 

Permission is hereby granted, free of charge, to any person obtaining a copy of this 

software and associated documentation files (the "Software"), to deal in the 

Software without restriction, including without limitation the rights to use, copy, 

modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, 

and to permit persons to whom the Software is furnished to do so, subject to the 

following conditions: 

The above copyright notice and this permission notice shall be included in all 

copies or substantial portions of the Software. 

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF 

ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 

TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 

PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT 

SHALL GROUPE BULL BE LIABLE FOR ANY CLAIM, DAMAGES OR 

OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT 

OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 

WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 

SOFTWARE. 

Portions of the Netcool/ISM code are copyright ©2001, Cambridge Broadband 

Ltd. All rights reserved. 

Portions of the Netcool/ISM code are copyright © 2001, Networks Associates 

Technology, Inc. All rights reserved. 

Micromuse acknowledges the use of Viador Inc. software and documentation for 

Netcool/Reporter. Viador © 1997-1999 is a trademark of Viador Inc.

Micromuse acknowledges the use of software developed by the Apache Group for 

use in the Apache HTTP server project. Copyright © 1995-1999 The Apache 

Group. Apache Server is a trademark of the Apache Software Foundation 

(http://www.apache.org/). All rights reserved. 

Micromuse acknowledges the use of software developed by Edge Technologies, 

Inc. 2003 Edge Technologies, Inc. and Edge enPortal are trademarks or registered 

trademarks of Edge Technologies Inc. All rights reserved. 

Micromuse acknowledges the use of Merant drivers. Copyright © MERANT 

Solutions Inc., 1991-1998. 

The following product names are trademarks of Tivoli Systems or IBM 

Corporation: AIX, IBM, OS/2, RISC System/6000, Tivoli Management 

Environment, and TME10. 

IBM, NetView/6000, Domino, Lotus, Lotus Notes, and WebSphere are either 

trademarks or registered trademarks of IBM Corporation. VTAM is a trademark 

of IBM Corporation. 

Omegamon is a trademark of Candle Corporation. 

Netspy is a trademark of Computer Associates International Inc. 

The Sun logo, Sun Microsystems, SunOS, Solaris, SunNet Manager, Java are 

trademarks of Sun Microsystems Inc. 

SPARC is a registered trademark of SPARC International Inc. Programs bearing 

the SPARC trademark are based on an architecture developed by Sun 

Microsystems Inc. SPARCstation is a trademark of SPARC International Inc., 

licensed exclusively to Sun Microsystems Inc. 

UNIX is a registered trademark of the X/Open Company Ltd. 

Sybase is a registered trademark of Sybase Inc. Adaptive Server is a trademark of 

Sybase Inc. 

Action Request System and Remedy are registered trademarks of Remedy 

Corporation. 

Peregrine System and ServiceCenter are registered trademarks of Peregrine Systems 

Inc. 

HP, HP-UX and OpenView are trademarks of Hewlett-Packard Company. 

InstallShield is a registered trademark of InstallShield Software Corporation. 

Microsoft, Windows 95/98/Me/NT/2000/XP are either registered trademarks or 

trademarks of Microsoft Corporation. 

Microsoft Internet Information Server/Services (IIS), Microsoft Exchange Server, 

Microsoft SQL Server, Microsoft perfmon, Windows Media, and Microsoft 

Cluster Service are either registered trademarks or trademarks of Microsoft 

Corporation in the United States and/or other countries. 

BEA and WebLogic are registered trademarks of BEA Systems Inc. 

FireWall-1 is a registered trademark of Check Point Software Technologies Ltd. 

Netscape and Netscape Navigator are registered trademarks of Netscape 

Communications Corporation in the United States and other countries. 

Netscape's logos and Netscape product and service names are also trademarks of 

Netscape Communications Corporation, which may be registered in other 

countries. 

Micromuse acknowledges the use of Xpm tool kit components. 

SentinelLM is a trademark of Rainbow Technologies Inc. 

GLOBEtrotter and FLEXlm are registered trademarks of Globetrotter Software 

Inc. 

Red Hat, the Red Hat "Shadow Man" logo, RPM, Maximum RPM, the RPM 

logo, Linux Library, PowerTools, Linux Undercover, RHmember, RHmember 

More, Rough Cuts, Rawhide and all Red Hat-based trademarks and logos are 

trademarks or registered trademarks of Red Hat Inc. in the United States and other 

countries. 

Linux is a registered trademark of Linus Torvalds. 

SUSE is a trademark of SUSE LINUX Products GmbH, a Novell business. 

Macromedia and Flash are trademarks or registered trademarks of Macromedia, 

Inc. in the United States and/or other countries. 

Nokia is a registered trademark of Nokia Corporation. 

WAP Forum and all trademarks, service marks and logos based on these 

designations (Trademarks) are marks of Wireless Application Protocol Forum Ltd. 

Micromuse acknowledges the use of InstallAnywhere software in Netcool/WAP 

Service Monitors. Copyright © Zero G Software Inc. 

Orbix is a registered trademark of IONA Technologies PLC. Orbix 2000 is a 

trademark of IONA Technologies PLC. 

NetCharts is a registered trademark of Visual Mining, Inc. and/or its affiliates. 

Micromuse acknowledges the use of Graph Layout Toolkit in Netcool/ Precision 

for IP Networks. Copyright © 1992 - 2001, Tom Sawyer Software, Berkeley, 

California. All rights reserved. 

Portions of Netcool/Precision for IP Networks are © TIBCO Software, Inc. 

1994-2003. All rights reserved. TIB and TIB/Rendezvous are trademarks of 

TIBCO Software, Inc. 

Portions of Netcool/Precision for IP Networks & Netcool/OMNIbus probes and 

monitors are copyright © 1996-2005, Daniel Stenberg, . All 

rights reserved. Permission to use, copy, modify, and distribute this software for 

any purpose with or without fee is hereby granted, provided that the above 

copyright notice and this permission notice appear in all copies. 

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF 

ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 

TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 

PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY 

RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 

HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 

LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 

OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH 

THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 

SOFTWARE. 

Except as contained in this notice, the name of a copyright holder shall not be used 

in advertising or otherwise to promote the sale, use or other dealings in this 

Software without prior written authorization of the copyright holder. 

Portions of Netcool/SM Reporter are copyrighted by DataDirect Technologies 

Corp., 1991-2005. 

Portions of Netcool/SM Reporter are copyright (c) 1990-1999 Sleepycat Software. 

All rights reserved. 

Redistribution and use in source and binary forms, with or without modification, 

are permitted provided that the following conditions are met: 

1. Redistributions of source code must retain the above copyright notice, this list 

of conditions and the following disclaimer. 

2. Redistributions in binary form must reproduce the above copyright notice, this 

list of conditions and the following disclaimer in the documentation and/or other 

materials provided with the distribution. 

3. Redistributions in any form must be accompanied by information on how to 

obtain complete source code for the DB software and any accompanying software 

that uses the DB software. The source code must either be included in the 

distribution or be available for no more than the cost of distribution plus a nominal 

fee, and must be freely redistributable under reasonable conditions. For an 

executable file, complete source code means the source code for all modules it 

contains. It does not include source code for modules or files that typically 

accompany the major components of the operating system on which the executable 

file runs. 

THIS SOFTWARE IS PROVIDED BY SLEEPYCAT SOFTWARE `ÀS IS'' 

AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT 

NOT LIMITED TO, THE IMPLIED WARRANTIES OF 

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR 

NON-INFRINGEMENT, ARE DISCLAIMED. IN NO EVENT SHALL 

SLEEPYCAT SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, 

INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 

DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 

OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 

ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 

LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 

ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 

IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 

Sleepycat software is available from 

http://downloads.sleepycat.com/db-3.0.55.zip. 

Portions of Netcool/SM Reporter are copyright (c) 1990, 1993, 1994, 1995. The 

Regents of the University of California. All rights reserved. 








3. Neither the name of the University nor the names of its contributors may be 

used to endorse or promote products derived from this software without specific 

prior written permission. 

THIS SOFTWARE IS PROVIDED BY THE REGENTS AND 

CONTRIBUTORS `ÀS IS'' AND* ANY EXPRESS OR IMPLIED 

WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 

WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 

PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 

REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 

INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 

CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 

PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 

USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 

CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 

CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 

NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 

USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 

SUCH DAMAGE. 

Portions of Netcool/SM Reporter are copyright (c) 1995, 1996. The President and 

Fellows of Harvard University. All rights reserved. 








3. Neither the name of the University nor the names of its contributors may be 

used to endorse or promote products derived from this software without specific 

prior written permission. 

THIS SOFTWARE IS PROVIDED BY HARVARD AND ITS 

CONTRIBUTORS `ÀS IS'' AND ANY EXPRESS OR IMPLIED 



PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 

HARVARD OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 

INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 








SUCH DAMAGE. 

Copyright 2006 Micromuse. Portions of Netcool/WSM are licensed under the 

Apache License, Version 2.0 (the "License"); you may not use this file except in 

compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0. Unless required by applicable law 

or agreed to in writing, software distributed under the License is distributed on an 

"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 

KIND, either express or implied. See the License for the specific language 

governing permissions and limitations under the License. 

Micromuse acknowledges the use of Digital X11 in Netcool/Precision for IP 

Networks. Copyright 1987, 1988 by Digital Equipment Corporation, Maynard, 

Massachusetts, All Rights Reserved. DIGITAL DISCLAIMS ALL 

WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL 

IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN 

NO EVENT SHALL DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT 

OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER 

RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 

AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS 

ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 

PERFORMANCE OF THIS SOFTWARE. 

Micromuse acknowledges the use of functionality within the Netcool/OMNIbus 

Probe for Ping that was developed by Stanford University. 

Netcool/SM Operations, Netcool/SM Configuration, and Netcool/OMNIbus 

probes and monitors include software developed by the OpenSSL Project for use 

in the OpenSSL Toolkit (http://www.openssl.org/. Copyright (c) 1998-2005 The 

OpenSSL Project. All rights reserved. Redistribution and use in source and binary 

forms, with or without modification, are permitted provided that the following 

conditions are met: 






3. All advertising materials mentioning features or use of this software must display 

the following acknowledgment:"This product includes software developed by the 

OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 

endorse or promote products derived from this software without prior written 

permission. For written permission, please contact openssl-core@openssl.org. 

5. Products derived from this software may not be called "OpenSSL" nor may 

"OpenSSL" appear in their names without prior written permission of the 

OpenSSL Project. 

6. Redistributions of any form whatsoever must retain the following 

acknowledgment: "This product includes software developed by the OpenSSL 

Project for use in the OpenSSL Toolkit (http://www.openssl.org/)" 

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT `ÀS IS'' 

AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT 


MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 

ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 

ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 

INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 

DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 

OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 

PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 

ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 

LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 

ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 

IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 

This product includes cryptographic software written by Eric Young 

(eay@cryptsoft.com). This product includes software written by Tim Hudson 

(tjh@cryptsoft.com). 

Original SSLeay License Copyright (C) 1995-1998 Eric Young 

(eay@cryptsoft.com). All rights reserved.

This package is an SSL implementation written by Eric Young 

(eay@cryptsoft.com). The implementation was written so as to conform with 

Netscapes SSL. This library is free for commercial and non-commercial use as long 

as the following conditions are adhered to. The following conditions apply to all 

code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not 

just the SSL code. The SSL documentation included with this distribution is 

covered by the same copyright terms except that the holder is Tim Hudson 

(tjh@cryptsoft.com). Copyright remains Eric Young's, and as such any Copyright 

notices in the code are not to be removed. If this package is used in a product, Eric 

Young should be given attribution as the author of the parts of the library used. 

This can be in the form of a textual message at program startup or in 

documentation (online or textual) provided with the package. Redistribution and 

use in source and binary forms, with or without modification, are permitted 

provided that the following conditions are met: 

1. Redistributions of source code must retain the copyright notice, this list of 

conditions and the following disclaimer. 




3. All advertising materials mentioning features or use of this software must display 

the following acknowledgement: "This product includes cryptographic software 

written by Eric Young (eay@cryptsoft.com)". 

4. If you include any Windows specific code (or a derivative thereof) from the apps 

directory (application code) you must include an acknowledgement: "This 

product includes software written by Tim Hudson (tjh@cryptsoft.com)" 

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG `ÀS IS'' AND ANY 

EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 

LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 

AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN 

NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 

FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 

OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 

TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 

OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 

HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 

WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 

(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 

OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 

POSSIBILITY OF SUCH DAMAGE. 

The licence and distribution terms for any publically available version or derivative 

of this code cannot be changed, i.e. this code cannot simply be copied and put 

under another distribution licence [including the GNU Public Licence.] 

Micromuse acknowledges the use of software developed by ObjectPlanet. ©2003 

ObjectPlanet, Inc., Ovre Slottsgate, 0157 Oslo, Norway. 

Micromuse acknowledges the use of Expat in Netcool/ASM. Copyright 1998, 

1999, 2000 Thai Open Source Software Center Ltd. and Clark Cooper. Copyright 

2001, 2002 Expat maintainers. THE EXPAT SOFTWARE IS PROVIDED 

HEREUNDER "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 

OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES 

OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 

NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 

COPYRIGHT HOLDERS OF THE EXPAT SOFTWARE BE LIABLE FOR 

ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 

ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 

OUT OF OR IN CONNECTION WITH THE EXPAT SOFTWARE OR 

THE USE OR OTHER DEALINGS IN THE SOFTWARE. Expat explicitly 

grants its permission to any person obtaining a copy of any Expat software and 

associated documentation files (the "Expat Software") to deal in the Expat 

Software without restriction, including without limitation the rights to use, copy, 

modify, merge, publish, distribute, sublicense, and/or sell copies of the Expat 

Software. Expat's permission is subject to the following conditions: The above 

copyright notice and this permission notice shall be included in all copies or 

substantial portions of the Expat Software. Except as set forth hereunder, all 

software provided by Micromuse hereunder is subject to the applicable license 

agreement. 

Micromuse acknowledges that Netcool Security Manager includes Hypersonic 

SQL. Copyright (c) 2001-2002, The HSQL Development Group. All rights 

reserved. 

JABBER® is a registered trademark and its use is granted under a sublicense from 

the Jabber Software Foundation. 

Micromuse acknowledges the use of MySQL in Netcool/Precision for IP 

Networks and in Netcool/Precision for Transmission Networks. Copyright © 

1995, 1996 TcX AB & Monty Program KB & Detron. 

Micromuse acknowledges the use of Cryptix in Netcool/Precision IP. Copyright 

(c) 1995-2004 The Cryptix Foundation Limited. All rights reserved. 



1. Redistributions of source code must retain the copyright notice, this list of 





THIS SOFTWARE IS PROVIDED BY THE CRYPTIX FOUNDATION 

LIMITED AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 

IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 

IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 


CRYPTIX FOUNDATION LIMITED OR CONTRIBUTORS BE LIABLE 

FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 

OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 

TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 

OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 

HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 

WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 




Micromuse acknowledges the use of PCRE in Netcool/Precision. Copyright 

©1997-2005 University of Cambridge. All rights reserved. Redistribution and use 

in source and binary forms, with or without modification, are permitted provided 

that the following conditions are met: 






3. Neither the name of the University of Cambridge nor the name of Google Inc. 

nor the names of their contributors may be used to endorse or promote products 

derived from this software without specific prior written permission. 

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 

CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED 




COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY 

DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 







USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 


Micromuse acknowledges the use of Net-SNMP in Netcool/ISM and

Netcool/OMNIbus probes & monitors. 

Part 1: CMU/UCD copyright notice: (BSD like) Copyright 1989, 1991, 1992 by 

Carnegie Mellon University Derivative Work - 1996, 1998-2000. Copyright 

1996, 1998-2000 The Regents of the University of California. All Rights 

Reserved. Permission to use, copy, modify and distribute this software and its 

documentation for any purpose and without fee is hereby granted, provided that 

the above copyright notice appears in all copies and that both that copyright notice 

and this permission notice appear in supporting documentation, and that the 

name of CMU and The Regents of the University of California not be used in 

advertising or publicity pertaining to distribution of the software without specific 

written permission. 

CMU AND THE REGENTS OF THE UNIVERSITY OF CALIFORNIA 

DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 

INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 

AND FITNESS. IN NO EVENT SHALL CMU OR THE REGENTS OF THE 

UNIVERSITY OF CALIFORNIA BE LIABLE FOR ANY SPECIAL, 

INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 

WHATSOEVER RESULTING FROM THE LOSS OF USE, DATA OR 

PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 

OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 

CONNECTION WITH THE USE OR PERFORMANCE OF THIS 

SOFTWARE. 

Part 2: Networks Associates Technology, Inc copyright notice (BSD) Copyright 

(c) 2001-2003, Networks Associates Technology, Inc. All rights reserved. 



- Redistributions of source code must retain the above copyright notice, this list of 


- Redistributions in binary form must reproduce the above copyright notice, this 



- Neither the name of the Networks Associates Technology, Inc nor the names of 

its contributors may be used to endorse or promote products derived from this 

software without specific prior written permission. 






COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY 









SUCH DAMAGE. 

Part 3: Cambridge Broadband Ltd. copyright notice (BSD) Portions of this code 

are copyright (c) 2001-2003, Cambridge Broadband Ltd. All rights reserved. 








- The name of Cambridge Broadband Ltd. may not be used to endorse or promote 

products derived from this software without specific prior written permission. 

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER "AS IS" 

AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT 


MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 

ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER 

BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 

EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 

NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 

SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 

INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 

LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 




Part 4: Sun Microsystems, Inc. copyright notice (BSD) Copyright © 2003 Sun 

Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, USA. 

All rights reserved. Use is subject to license terms below. This distribution may 

include materials developed by third parties. Sun, Sun Microsystems, the Sun logo 

and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in 

the U.S. and other countries. Redistribution and use in source and binary forms, 

with or without modification, are permitted provided that the following 

conditions are met: 






- Neither the name of the Sun Microsystems, Inc. nor the names of its contributors 

may be used to endorse or promote products derived from this software without 

specific prior written permission. 














USE OF THIS SOFTWARE, EVEN IF DVISED OF THE POSSIBILITY OF 

SUCH DAMAGE. 

Part 5: Sparta, Inc copyright notice (BSD) Copyright (c) 2003-2004, Sparta, Inc. 

All rights reserved. Redistribution and use in source and binary forms, with or 

without modification, are permitted provided that the following conditions are 

met: 






- Neither the name of Sparta, Inc nor the names of its contributors may be used 

to endorse or promote products derived from this software without specific prior 

written permission. 








CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,







SUCH DAMAGE. 

Part 6: Cisco/BUPTNIC copyright notice (BSD) Copyright (c) 2004, Cisco, Inc 

and Information Network, Center of Beijing University of Posts and 

Telecommunications. All rights reserved. Redistribution and use in source and 

binary forms, with or without modification, are permitted provided that the 

following conditions are met: 






- Neither the name of Cisco, Inc, Beijing University of Posts and 

Telecommunications, nor the names of their contributors may be used to endorse 

or promote products derived from this software without specific prior written 

permission. 















SUCH DAMAGE. 

Micromuse acknowledges the use of STLport in Netcool Probes & Monitors. 

Copyright 1999, 2000 Boris Fomitchev This material is provided "as is", with 

absolutely no warranty expressed or implied. Any use is at your own risk. 

Permission to use or copy this software for any purpose is hereby granted without 

fee, provided the above notices are retained on all copies. Permission to modify the 

code and to distribute modified code is granted, provided the above notices are 

retained, and a notice that the code was modified is included with the above 

copyright notice. 

The Licensee may distribute binaries compiled with STLport (whether original or 

modified) without any royalties or restrictions. 

The Licensee may distribute original or modified STLport sources, provided that: 

The conditions indicated in the above permission notice are met; 

The following copyright notices are retained when present, and conditions 

provided in accompanying permission notices are met: 

Copyright 1994 Hewlett-Packard Company, 

Copyright 1996, 97 Silicon Graphics Computer Systems, Inc. 

Copyright 1997 Moscow Center for SPARC Technology. 

Permission to use, copy, modify, distribute and sell this software and its 

documentation for any purpose is hereby granted without fee, provided that the 

above copyright notice appear in all copies and that both that copyright notice and 

this permission notice appear in supporting documentation. Hewlett-Packard 

Company makes no representations about the suitability of this software for any 

purpose. It is provided "as is" without express or implied warranty. 




this permission notice appear in supporting documentation. Silicon Graphics 

makes no representations about the suitability of this software for any purpose. It 

is provided "as is" without express or implied warranty. 




this permission notice appear in supporting documentation. Moscow Center for 

SPARC Technology makes no representations about the suitability of this 

software for any purpose. It is provided "as is" without express or implied warranty. 

All other trademarks, registered trademarks and logos are the property of their 

respective owners. 

Micromuse Inc., 650 Townsend Street, San Francisco, USA CA 94103 

www.micromuse.com 

Document Version Number: 1.1

Contents 

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 

Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 

About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 

Associated Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 

Netcool® GUI Foundation Administration Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 

Netcool® Licensing Administration Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 

Netcool® Security Manager Installation Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 

Typographical Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 

Note, Tip, and Warning Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 

Syntax and Example Subheadings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 

Operating System Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 

Chapter 1: Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

Contents 

About the Netcool Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 

What Is the Netcool Security Manager? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 

What Are the Netcool Security Manager Authentication Types? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 

How Does the Netcool Security Manager Work?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 

How Do I Set Up the Netcool Security Manager? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 

How Do I Administer the Netcool Security Manager?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 

Netcool Security Manager Installation Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 

Standard Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 

Compatibility Mode Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 

Shared Mode Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 

Netcool Security Manager 1.3 Installation Guide i

Contents 

ii 

Setting Up the Netcool Security Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 

Installing the Netcool Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 

Licensing the Netcool Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 

Configuring the Netcool Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 

Setting Up External Authentication Sources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 

Setting Up SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 

Setting Up Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 

Managing the Netcool Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 

Running the Netcool Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 

Backing Up the Netcool Security Manager Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 

Viewing the Netcool Security Manager Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 

Chapter 2: Setting Up the Netcool Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . 19 

System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 

Platform Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 

Java Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 

License Server Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 

Netcool GUI Foundation Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 

Netcool Component Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 

External Authentication Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 

Hardware Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 

About the Netcool Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 

Netcool Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 

Netcool Installer Command Line Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 

Netcool Installation User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 

Netcool Home Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 

Netcool Security Manager Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 

Netcool Security Manager 1.3 Installation Guide

Contents 

Installing the Netcool Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 

Unpacking the Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 

Setting the Netcool Environment Variable (UNIX Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 

Running the Netcool Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 

Installer Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 

Viewing the Installation Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 

Netcool Security Manager Administration User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 

Upgrading the Netcool Security Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 

Installing the Netcool Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 

Stopping the Netcool Security Manager Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 

Copying the Database Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 

Starting the Netcool Security Manager 1.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 

Editing the Micromuse Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 

Configuring External Authentication Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 

Uninstalling the Netcool Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 

Uninstalling on UNIX Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 

Uninstalling on Windows Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 

Chapter 3: Managing the Netcool Security Manager. . . . . . . . . . . . . . . . . . . . . . . . . . 33 

Starting and Stopping the Netcool Security Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 

Starting the Netcool Security Manager on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 

Stopping the Netcool Security Manager on UNIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 

Viewing the Netcool Security Manager Status on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 

Starting the Netcool Security Manager on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 

Stopping the Netcool Security Manager on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 

Backing Up the Netcool Security Manager Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 

Restoring the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 

Viewing the Netcool Security Manager Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 

Netcool Security Manager 1.3 Installation Guide iii

Contents 

iv 

Chapter 4: External Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 

About External Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 

Single Source Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 

Multiple Source Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 

Adding an External Authentication Source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 

Running the Configuration Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 

Configuration Utility Prompts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 

Appendix A: Supplementary Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 

Registry Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 

Authentication Refresh Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 

Netcool Security Manager Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 

Setting Up Netcool Security Manager Failover. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 

Running the Netcool Security Manager in a Failover Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 

SSL and the Netcool Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 

Setting Up SSL Between the Netcool Security Manager and Netcool Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 

Setting Up SSL Between the Netcool Security Manager and an LDAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 

Encryption Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 

Contact Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 


preface.fm May 17, 2006 

Preface 

This preface contains the following sections: 

• Audience on page 2 

About this Guide on page 3 

Associated Publications on page 4 

Typographical Notation on page 5 

Operating System Considerations on page 8 

Netcool Security Manager 1.3 Installation Guide 1

Preface 

Audience 

2 

This guide is intended for Netcool administrators and other users who are responsible for installing the 

Netcool Security Manager. 


About this Guide 

This book has the following chapters: 

Chapter 1: Getting Started on page 9 

Chapter 2: Setting Up the Netcool Security Manager on page 19 

Chapter 3: Managing the Netcool Security Manager on page 33 

Chapter 4: External Authentication on page 39 

Appendix A: Supplementary Information on page 45 

Netcool Security Manager 1.3 Installation Guide 

About this Guide 

3

Preface 

Associated Publications 

4 

This section provides a description of the documentation that accompanies the Netcool GUI Foundation. 

Netcool® GUI Foundation Administration Guide 

This guide describes how to administer the Netcool GUI Foundation, the central server application that 

runs GUIs from different Netcool products. This guide describes how to configure the Netcool GUI 

Foundation server, manage users, create and provision pages, and administer security permissions. 

Netcool® Licensing Administration Guide 

This guide is intended for Netcool administrators who need to install and administer Netcool Licensing. It 

provides an overview of the generic Netcool Licensing component, as well as instructions for installing, 

upgrading, and configuring license servers to dispense licenses to Netcool clients. 

Netcool® Security Manager Installation Guide 

This guide describes how to install and configure the Netcool Security Manager server. The Netcool Security 

Manager provides user management, authorization, and authentication for Netcool products. 


Typographical Notation 



Table 1 shows the typographical notation and conventions used to describe commands, SQL syntax, and 

graphical user interface (GUI) features. This notation is used throughout this book and other Netcool ® 

publications. 

Table 1: Typographical Notation and Conventions (1 of 2) 

Example Description 

Monospace The following are described in a monospace font: 

Commands and command line options 

Screen representations 

Source code 

Object names 

Program names 

SQL syntax elements 

File, path, and directory names 

Italicized monospace text indicates a variable that the user must populate. For example, -password 

password. 

Bold The following application characteristics are described in a bold font style: 

Buttons 

Frames 

Text fields 

Menu entries 

A bold arrow symbol indicates a menu entry selection. For example, File→Save. 

Italic The following are described in an italic font style: 

An application window name; for example, the Login window 

Information that the user must enter 

The introduction of a new term or definition 

Emphasized text 

[1] Code or command examples are occasionally prefixed with a line number in square brackets. For 

example: 

[1] First command... 

[2] Second command... 

[3] Third command... 

{ a | b } In SQL syntax notation, curly brackets enclose two or more required alternative choices, separated by 

vertical bars. 

5

Preface 

6 

Table 1: Typographical Notation and Conventions (2 of 2) 

Example Description 

[ ] In SQL syntax notation, square brackets indicate an optional element or clause. Multiple elements or 

clauses are separated by vertical bars. 

| In SQL syntax notation, vertical bars separate two or more alternative syntax elements. 

... In SQL syntax notation, ellipses indicate that the preceding element can be repeated. The repetition is 

unlimited unless otherwise indicated. 

,... In SQL syntax notation, ellipses preceded by a comma indicate that the preceding element can be 

repeated, with each repeated element separated from the last by a comma. The repetition is unlimited 

unless otherwise indicated. 

a In SQL syntax notation, an underlined element indicates a default option. 

( ) In SQL syntax notation, parentheses appearing within the statement syntax are part of the syntax and 

should be typed as shown unless otherwise indicated. 

Many Netcool commands have one or more command line options that can be specified following a hyphen 

(-). 

Command line options can be string, integer, or BOOLEAN types: 

A string can contain alphanumeric characters. If the string has spaces in it, enclose it in quotation 

(") marks. 

An integer must contain a positive whole number or zero (0). 

A BOOLEAN must be set to TRUE or FALSE. 

SQL keywords are not case-sensitive, and may appear in uppercase, lowercase, or mixed case. Names of 

ObjectServer objects and identifiers are case-sensitive. 

Note, Tip, and Warning Information 

The following types of information boxes are used in the documentation: 

Note: Note is used for extra information about the feature or operation that is being described. Essentially, 

this is for extra data that is important but not vital to the user. 


! 



Tip: Tip is used for additional information that might be useful for the user. For example, when describing 

an installation process, there might be a shortcut that could be used instead of following the standard 

installation instructions. 

Warning: Warning is used for highlighting vital instructions, cautions, or critical information. Pay close 

attention to warnings, as they contain information that is vital to the successful use of our products. 

Syntax and Example Subheadings 

The following types of constrained subheading are used in the documentation: 

Syntax 

Syntax subheadings contain examples of ObjectServer SQL syntax commands and their usage. For example: 

CREATE DATABASE database_name; 

Example 

Example subheadings describe typical or generic scenarios, or samples of code. For example: 

[1] 

[2] 

[6] 

7

Preface 

Operating System Considerations 

8 

All command line formats and examples are for the standard UNIX shell. UNIX is case-sensitive. You must 

type commands in the case shown in the book. 

Unless otherwise specified, command files are located in the $NCHOME/bin directory, where $NCHOME 

is the UNIX environment variable that contains the path to the Netcool Security Manager home directory. 

On Microsoft Windows platforms, replace $NCHOME with %NCHOME% and the forward slash (/) with a 

backward slash (\). 


01_Getting_Started.fm May 17, 2006 

Chapter 1: Getting Started 

This chapter contains overview information about the Netcool Security Manager. 

It contains the following sections: 

About the Netcool Security Manager on page 10 

Netcool Security Manager Installation Types on page 12 

Setting Up the Netcool Security Manager on page 16 

Managing the Netcool Security Manager on page 18 



1.1 About the Netcool Security Manager 

10 

This section contains overview information about the Netcool Security Manager. 

It contains the following topics: 

What Is the Netcool Security Manager? 

What Are the Netcool Security Manager Authentication Types? 

How Does the Netcool Security Manager Work? 

How Do I Set Up the Netcool Security Manager 

How Do I Administer the Netcool Security Manager? 

What Is the Netcool Security Manager? 

The Netcool Security Manager is a component of the Netcool suite that provides user authentication for 

applications like Netcool/Webtop, Netcool/Impact, Netcool/RAD and Netcool/Precision. The Netcool 

Security Manager is a standalone, runnable server application designed for integration with these products 

and the Netcool GUI Foundation. 

What Are the Netcool Security Manager Authentication Types? 

The Netcool Security Manager provides support for the following types of authentication: 

Native authentication 

External authentication 

Native Authentication 

Native authentication is an authentication scheme in which user and group information is stored locally in 

the Netcool Security Manager database and logins to Netcool products are authenticated against this 

internally-stored authentication information. 

External Authentication 

External authentication is an authentication scheme in which user and group information is stored externally 

in one or more authentication sources and logins to Netcool products are brokered through the Netcool 

Security Manager during runtime. The Netcool Security Manager supports ObjectServer, LDAP and NIS 

as external authentication sources. 



About the Netcool Security Manager 

The Netcool Installer automatically adds an ObjectServer authentication source during installation of the 

Netcool Security Manager. You can manually add additional authentication sources after installation by 

following the instructions in 4.2 Adding an External Authentication Source on page 42. 

Note: When you configure the Netcool Security Manager to authenticate against LDAP or NIS 

authentication sources, it directly accesses the specified LDAP or NIS repository and does not require use of 

the ObjectServer PAM authentication feature as a proxy for authentication requests. The Netcool Security 

Manager can directly connect to all supported LDAP and NIS authentication sources, including Microsoft 

Active Directory. 

How Does the Netcool Security Manager Work? 

When a user logs into a Netcool product, the product passes the login request to the Netcool Security 

Manager. The Netcool Security Manager checks its database for information on that user. 

If the user is an internally-defined, native authentication user, the Netcool Security Manager uses the 

internal information to authenticate the login. If the user is not a native authentication user, the Netcool 

Security Manager connects to each configured external source and authenticates the login against the 

externally-stored user information. The priority of external authentication sources is determined by the 

order in which they were added to the system. When the Netcool Security Manager finds a matching user, 

it uses that information to authenticate the login. 

If the Netcool Security Manager is able to match the supplied username and password to valid internal or 

external login information, it returns a positive authentication state to the Netcool product. If the Netcool 

Security Manager is unable to match the supplied username and password, it returns an error condition. 

How Do I Set Up the Netcool Security Manager? 

For overview information about setting up the Netcool Security Manager, see 1.3 Setting Up the Netcool 

Security Manager on page 16. 

How Do I Administer the Netcool Security Manager? 

You administer Netcool Security Manager users, groups and roles using one of the web interfaces provided 

by the application. You can access the web interfaces through the Netcool GUI Foundation or the 

Netcool/Impact GUI Server. All administration of users, groups and roles must be performed using one of 

the web interfaces. 

For information on administering the Netcool Security Manager using the Netcool GUI Foundation, see 

the NGF Administration Guide. For information on administering the Netcool Security Manager using the 

Netcool/Impact GUI, see the Netcool Security Manager 1.2 Administration Guide. 

11


1.2 Netcool Security Manager Installation Types 

12 

The Netcool Security Manager supports the following installation types: 

Standard 

Compatibility mode 

Shared mode 

Standard Installation 

A standard installation consists of the Netcool Security Manager running with the Netcool GUI 

Foundation. In this scenario, you install the Netcool Security Manager, configure the Netcool GUI 

Foundation to use the Netcool Security Manager and then perform administration tasks by logging into the 

Netcool GUI Foundation using a web browser. 

A standard installation is required for situations where you want to use the Netcool Security Manager with 

applications like Netcool/RAD 3.0 or Netcool/Webtop 2.0 that work with the Netcool GUI Foundation. 


Figure 1 shows the architecture of a typical standard installation. 

Netcool/ 

Webtop 

Figure 1: Standard Installation 


RAD 

Netcool GUI 

Foundation 

Netcool 

Security 

Manager 

Compatibility Mode Installation 


Other 


Products 

Netcool Security Manager Installation Types 

A compatibility mode installation consists of the Netcool Security Manager server running with the 

Netcool/Impact GUI server. In this scenario, you install the Netcool Security Manager, configure the 

Netcool/Impact GUI server to run with the Netcool Security Manager and then perform administration 

tasks by logging into the Netcool/Impact GUI server using a web browser. 

A compatibility mode installation is required for situations where you want to use the Netcool Security 

Manager with Netcool/Impact 3.1. 

13


14 

Figure 2 shows the architecture of a compatibility mode installation. 


Impact 

3.1 




Figure 2: Compatibility Mode Installation 

Shared Mode Installation 


Impact GUI 

Server 

A shared mode installation consists of the Netcool Security Manager server running with both the Netcool 

GUI Foundation and the Netcool/Impact GUI server. In this scenario, you install the Netcool Security 

Manager, and then configure the Netcool GUI Foundation and the Netcool/Impact GUI server to run with 

the Netcool Security Manager. You can then perform administration tasks by logging into the either the 

Netcool GUI Foundation or the Netcool/Impact GUI server using a web browser. 

A shared mode installation is required for situations in which you want to use the Netcool Security Manager 

with Netcool/Impact 3.1 and with applications that use Netcool GUI Foundation. 

Figure 3 shows the architecture of a shared mode installation. 



Webtop 


Impact 

3.1 


RAD 

Netcool GUI 

Foundation 




Figure 3: Shared Mode Installation 



Impact GUI 

Server 

Other 


Products 

Netcool Security Manager Installation Types 

15


1.3 Setting Up the Netcool Security Manager 

16 

This section contains overview information about setting up the Netcool Security Manager. 


Installing the Netcool Security Manager 

Licensing the Netcool Security Manager 

Configuring the Netcool Security Manager 

Setting Up External Authentication Sources 

Setting Up SSL 

Setting Up Failover 


To install the Netcool Security Manager, you run the Netcool Installer on the target system and follow the 

on-screen prompts. The Netcool Installer copies the program files to the file system and sets basic 

configuration options. For more information, see Installing the Netcool Security Manager on page 25. 

Licensing the Netcool Security Manager 

This version of the Netcool Security Manager does not require licenses from Micromuse. You do not have 

to perform any tasks related to licensing when you install the Netcool Security Manager. 

Configuring the Netcool Security Manager 

The Netcool Security Manager is configured automatically during installation. You can change the rate at 

which the Netcool Security Manager refreshes information from external data sources, as described in 

Authentication Refresh Interval on page 47. 

Setting Up External Authentication Sources 

The Netcool Security Manager automatically configures one default external authentication source during 

installation. If you want to use one or more additional external authentication sources with the Netcool 

Security Manager, you must run the configuration utility as described in External Authentication on page 39. 


Setting Up SSL 


Setting Up the Netcool Security Manager 

The Netcool Security Manager supports the use of Secure Socket Layers (SSL) for communication with the 

Netcool GUI Foundation and with the Netcool/Impact GUI server when running in compatibility mode. 

For information on using SSL with the Netcool Security Manager, see SSL and the Netcool Security Manager 

on page 52. Use of SSL with the Netcool Security Manager is optional. 

Setting Up Failover 

Failover is a feature that helps you manage uptime and availability for the Netcool Security Manager. In a 

failover configuration, you install primary and secondary instances of the Netcool Security Manager on 

different systems in your environment. You then configure them in such a way that if the primary server 

fails, the secondary server takes over the role as primary. When the original primary server is restarted, it 

assumes the new secondary role. 

For more information, see Netcool Security Manager Failover on page 48. 

17


1.4 Managing the Netcool Security Manager 

18 

This section contains information on managing a Netcool Security Manager installation. 


Running the Netcool Security Manager 

Backing Up the Netcool Security Manager Database 

Viewing the Netcool Security Manager Log 

Running the Netcool Security Manager 

The Netcool Security Manager provides a set of startup and shutdown scripts that you can use to start and 

stop the application. You can also run the Netcool Security Manager under process control as a "non-pa 

aware" application. For more information, see Managing the Netcool Security Manager on page 33. 

Backing Up the Netcool Security Manager Database 

Micromuse recommends that you periodically back up the Netcool Security Manager database using the 

instructions in Backing Up the Netcool Security Manager Database on page 36. 


The Netcool Security Manager provides a log file that contains a record of activities performed by the 

application, as well as a record of application status and system error conditions. For more information, see 

Viewing the Netcool Security Manager Log on page 37. 


02_Installing.fm May 17, 2006 

Chapter 2: Setting Up the Netcool Security 


This chapter contains information on setting up the Netcool Security Manager. 


System Requirements on page 20 

About the Netcool Installer on page 22 

Installing the Netcool Security Manager on page 25 

Upgrading the Netcool Security Manager on page 29 

Uninstalling the Netcool Security Manager on page 31 


Chapter 2: Setting Up the Netcool Security Manager 

2.1 System Requirements 

20 

Make sure that the target system fulfills these requirements before installing the Netcool Security Manager. 

Platform Requirements 

The Netcool Security Manager is supported on the following platforms: 

Sun Microsystems Solaris 7, 8, 9, and 10 

Red Hat Linux 9.0 and Enterprise Server 3.0 

Microsoft Windows 2000 Server, Windows XP, and Windows 2003 Server 

IBM AIX 5L (5.2) 

Hewlett-Packard HP-UX 11.11 

Note: Micromuse recommends that you patch your operating system to the most current levels before 

installing the Netcool Security Manager. 

Java Support 

The Netcool Security Manager uses version 1.4.2 of the Java Runtime Environment (JRE). The JRE is 

installed automatically when you install the Netcool Security Manager. You do not need to install the JRE 

separately or configure the Netcool Security Manager to use the appropriate JRE installation. 

License Server Support 

This version of the Netcool Security Manager does not require licenses from Micromuse. You do not have 

to perform any tasks related to licensing when you install the Netcool Security Manager. 

Netcool GUI Foundation Support 

The Netcool Security Manager is compatible with products in the Netcool suite that work with the Netcool 

GUI Foundation. This includes Netcool/RAD 3.0, Netcool/Webtop 2.0 and other applications. The 

Netcool Security Manager also runs in compatibility mode for use with Netcool/Impact 3.1 and the 

Netcool/Impact GUI server. 


Netcool Component Support 


System Requirements 

The Netcool Security Manager is compatible with products in the Netcool suite that work with the Netcool 

GUI Foundation. This includes Netcool/RAD 3.0, Netcool/Webtop 2.0 and other applications. The 

Netcool Security Manager is also runs in compatibility mode for use with Netcool/Impact 3.1 and the 

Netcool/Impact GUI server. 

External Authentication Support 

The Netcool Security Manager supports the following external authentication sources: 

Netcool/OMNIbus 3.5, 3.6, and v7 

LDAP directory servers that support LDAP (Lightweight Directory Access Protocol) versions 2 or 3, 

for example, Microsoft Active Directory, Novell eDirectory, Sun ONE Directory Server, Netscape 

Directory Server, or OpenLDAP 

Network Information System (NIS) version 2 (on Solaris and Linux platforms only) 

Hardware Requirements 

Hardware requirements for the Netcool Security Manager vary depending on your environment. For 

recommendations on hardware sizing for the Netcool Security Manager, contact your Micromuse account 

manager or Micromuse Technical Support. 

21


2.2 About the Netcool Installer 

22 

This section contains overview information about the Netcool Installer. 


Netcool Installer 

Netcool Installer 

Netcool Installer Command Line Options 

Netcool Installation User 

Netcool Home Directory 

Netcool Security Manager Directories 

Netcool Security Manager System Users 

The Netcool Installer is a program that you use to install the Netcool Security Manager and other products 

in the Netcool suite. 

The Netcool Installer replaces previous installation programs and provides a single mechanism for installing, 

viewing, and uninstalling Netcool products on a system. The Netcool Installer registers each installed 

product or product component as a discrete software package that you can track and manage using the 

Netcool Installer maintenance wizard. 

When you use the Netcool Installer to install the Netcool Security Manager, you start the program using 

the setup.sh script (on UNIX platforms) or the Setup.exe script (on Windows platforms). During 

installation, the Netcool Installer copies the Netcool Security Manager program files to the Netcool home 

directory ($NCHOME) and configures the product using information you supply. 

After installing the Netcool Security Manager, the Netcool Installer then attempts to copy its maintenance 

wizard to the Netcool home directory. If no instance of the wizard exists on the target system or if an existing 

instance is older than the version packaged with the Netcool Security Manager, the Netcool Installer copies 

this program to the $NCHOME/install. The wizard executable is named ncisetup. 


Netcool Installer Command Line Options 


About the Netcool Installer 

Table 2 describes the options available when starting the Netcool Installer from the command line. On 

Windows, the Netcool Installer must be started from a command prompt in order to use the command line 

options. All command line options are optional. 

Table 2: Netcool Installer Command Line Options 

Parameter Description 

-console Runs the Netcool Installer in console mode. This mode uses a text-only user interface to 

present installation options, and does not provide descriptions or explanations. Running the 

Netcool Installer in console mode is only recommended for expert users. 

-errorlevel Defines the level of detail in the error messages written to the Netcool Installer log. 

Netcool Installation User 

The Netcool installation user is the system user that you use to install products in the Netcool suite. You 

must install every Netcool product as the same system user. Once you have installed a Netcool product 

using a certain user account, you must use this account to install, uninstall, or modify every subsequent 

Netcool product on that system. 

On UNIX platforms, the Netcool installation user can be any user on the system, including root. If you 

choose to install the Netcool Security Manager or other products as the root user, you should be aware of 

security issues related to the use of root when installing software on UNIX systems. Micromuse 

recommends that you install and run Netcool products as a non-root user. 

On Windows platforms, the Netcool installation user can be any user on the system that is a member of the 

Administrators group. 

Netcool Home Directory 

This command line option takes one of three values: 

debug - detailed logging for debug purposes 

info - logs warning and informational messages 

warning - logs warning messages only 

The Netcool Installer log file is located here: 

$NCHOME/log/install/ncisetup.log 

The Netcool home directory is the shared directory where the Netcool Installer installs program files for all 

products in the Netcool suite. By default, this directory is /opt/netcool. Before you run the Netcool 

Installer on UNIX systems, you should set the $NCHOME environment variable on the target system to this 

directory, as described in Setting the Netcool Environment Variable (UNIX Only) on page 25. 

23


Netcool Security Manager Directories 

24 

The Netcool Security Manager installation has the following directories: 

Table 3: Netcool Security Manager Directories 

Directory Description 

$NCHOME/security/bin Contains Netcool Security Manager administration scripts and utilities, 

including ncsm_server, ncsm_shutdown and ncsm_status. 

$NCHOME/security/etc Contains Netcool Security Manager properties files. 

$NCHOME/security/log Contains Netcool Security Manager log files. 

Other directories Contain Netcool Security Manager software libraries, data storage files and 

other internal files. 


2.3 Installing the Netcool Security Manager 

To install the Netcool Security Manager, you do the following: 

Unpack the Security Manager archive 

Set the Netcool environment variable (UNIX only) 

Run the Netcool Installer 



After you have installed the Netcool Security Manager, you can view the installation log to make sure that 

the installation was successful. 

Unpacking the Archive 

The Netcool Security Manager archive file is named nscm-1.3-platform-build.tar.gz for 

UNIX platforms and ncsm-1.3-win32-build.zip for Windows platforms, where platform is 

the name of the operating system and build is the build number. This archive contains the Netcool 

Security Manager installer and program files. 

To unpack the archive on UNIX systems: 

Enter the following at a command prompt: 

1. At a command prompt, enter the following: 

gunzip ncsm-1.3-platform-build.tar.gz 

2. Enter the following: 

tar -xvf ncsm-1.3-platform-build.tar 

To unpack the archive on Windows systems, use WinZip or another decompression utility. 

Setting the Netcool Environment Variable (UNIX Only) 

After you have run the Netcool Security Manager installer on a UNIX platform, you must set the NCHOME 

environment variable to the location on the file system where Netcool applications are installed. The default 

is /opt/netcool. 

25


26 

To set NCHOME in sh, bash, or ksh, enter the following at a command prompt: 

NCHOME=/opt/netcool; export NCHOME 

To set NCHOME in csh, enter the following at a command prompt: 

setenv NCHOME /opt/netcool 

Running the Netcool Installer 

The Netcool Installer copies the Netcool Security Manager program files to the target system and sets the 

basic configuration options. 

Running the Netcool Installer on UNIX Platforms 

On UNIX platforms, the Netcool Installer is launched by a script named setup.sh located in the 

root-level directory of the Netcool Security Manager tar file. This script is a Korn shell (ksh) script. You 

must have ksh installed on the target system in order to run the installer. 

You can run the Netcool Installer in GUI mode or in console mode. In GUI mode, the program presents a 

series of windows that guide you through the installation process. In console mode, the program prompts 

you for required information from the command line. If you are installing the Netcool Security Manager 

remotely using telnet or another command line application, you must run the program in console mode. 

GUI mode is not supported on AIX or HP-UX platforms. 

To run the Netcool Installer on UNIX platforms: 

1. At a command prompt, change the current directory to the location where the Netcool Installer is 

located. 

2. To run the program in GUI mode, enter the following: 

./setup.sh 

To run the program in console mode, enter the following: 

./setup.sh -console 

3. Follow the on-screen prompts as described in Installer Prompts on page 27. 

Running the Netcool Installer on Windows Platforms 

On Windows platforms, the installer is named Setup.exe and is located in the root-level directory of the 

installation zip file. 


To run the Netcool Installer on Windows platforms: 



1. Using Windows Explorer, open the folder where you unpacked the Netcool Security Manager 

archive. 

2. Double-click the Setup.exe file. 

3. Follow the on-screen prompts as described in Installer Prompts below. 

Installer Prompts 

The Netcool Installer prompts you for the information in Table 4. 

Table 4: Netcool Security Manager Installer Prompts 

Prompt Description 

Netcool default folder Enter the name of the directory where Netcool products are to be installed on the 

system. The default on UNIX platforms is /opt/netcool. The default on Windows 

platforms is: C:\Program Files\Micromuse\netcool. 

Feature Select Security Manager Server from the Feature Selection list. 

Server host Enter the hostname of the system where you are installing the Netcool Security 

Manager. The default is localhost. 

Server port Enter the communication port used by the Netcool Security Manager. The default is 

1275. 

Server HTTP port Enter the HTTP port that you want the Netcool Security Manager to use. The default is 

8077. 

Server DB port Enter the port that you want the Netcool Security Manager database to use. The default 

is 5600. 

Authentication source Select an external authentication source for the Netcool Security Manager. The default is 

a Netcool/OMNIbus ObjectServer. 

Authentication source 

configuration properties 

Enter the authentication source configuration properties as described in External 

Authentication on page 39. These properties are used by the Netcool Security Manager 

in order to connect to the authentication source and to obtain the required 

authentication information. 

Application registry If you are running the Netcool Security Manager in compatibility mode or shared mode, 

enter registry configuration properties as described in Registry Configuration on 

page 46. Compatibility mode and shared mode allow the Netcool Security Manager to 

be used with Netcool/Impact 3.1. If you are installing the Netcool Security Manager for 

use with the Netcool GUI Foundation only, you do not need to specify registry 

information. 

27


Viewing the Installation Log 

28 

The Netcool Installer creates an installation log file that you can use to view error messages and other 

information about the installation process. This file is named ncisetup.log and is created in the 

$NCHOME/log/install directory during installation. You can view this file using any text editor or 

using the Netcool Installer utility. 

To view the installation log using the Netcool Installer utility on UNIX platforms: 

1. Enter the following at a command prompt: 

$NCHOME/install/ncisetup 

2. Select Installer Log in the Welcome dialog box that opens and then click Next. 

3. The Installer Log dialog box opens and displays the contents of the log. 

To view the installation log using the Netcool Installer utility on Windows platforms: 

1. From the Windows Start menu, select Netcool Suite → Maintenance Wizard 

2. Select Installer Log in the Welcome dialog box that opens and then click Next. 

3. The Installer Log dialog box opens and displays the contents of the log. 

Netcool Security Manager Administration User 

When you install the Netcool Security Manager, the Netcool Installer defines a system-level user named 

admin that you can use to log in for the first time and perform administrative tasks with the Netcool 

Security Manager and Netcool GUI Foundation. The password for the admin user is netcool. 


2.4 Upgrading the Netcool Security Manager 


Upgrading the Netcool Security Manager 

You can upgrade to this version of the Netcool Security Manager from version 1.2. If you want to upgrade 

from a previous version, you must first upgrade that version to 1.2 and then follow the procedures for 

upgrading to version 1.3. 

To upgrade from version 1.2 to version 1.3 of the Netcool Security Manager, you do the following: 

Install Netcool Security Manager 1.3 

Stop Netcool Security Manager 1.2 and 1.3 

Copy the database script between versions of the Netcool Security Manager 

Start Netcool Security Manager 1.3 

Edit the Micromuse domain in Netcool Security Manager 1.3 

Configure external authentication in Netcool Security Manager 1.3 

Start Netcool Security Manager 1.3 


The first step in upgrading the Netcool Security Manager is to install version 1.3 on the target system. You 

can install the new version of the Netcool Security Manager as described in Installing the Netcool Security 

Manager on page 25 with no special considerations. Make sure that you install this new version in a separate 

directory from the previous version. Do not remove the previous installation until you have completed the 

upgrade process. 

Stopping the Netcool Security Manager Instances 

You must make sure that both Netcool Security Manager 1.2 and 1.3 are shut down in order to perform the 

remainder of the upgrade process. To stop version 1.2, use the shutdown script located at 

$NCSM_HOME/bin/ncsm_shutdown. NCSM is the environment variable you set when you install 

Netcool Security Manager 1.2. To stop version 1.3, use the shutdown script located at 

$NCHOME/security/bin/ncsm_shutdown. 

Copying the Database Script 

When you shut down version 1.2 of the Netcool Security Manager, the application creates a database script 

that contains all of the information stored in the Netcool Security Manager database. This script is named 

security.script and is located in the $NCSM_HOME/db directory. 

29


30 

After you have shut down the Netcool Security Manager instances, you must copy this script to the 

corresponding directory in the version 1.3 installation, which is 

$NCHOME/security/db/security.script. 

When you next start up the version 1.3 instance of the Netcool Security Manager, the stored information 

will be loaded into the Netcool Security Manager 1.3 database. 

Starting the Netcool Security Manager 1.3 

After you copy the database script from Netcool Security Manager 1.2 to1.3, you must restart the version 

1.3 instance. To start this version, use the startup script located at 

$NCHOME/security/bin/ncsm_server. 

Editing the Micromuse Domain 

In Netcool Security Manager 1.3, you must edit the Micromuse Netcool Applications domain 

and remove any existing external authentication sources before you can complete the upgrade. This includes 

the default authentication source configured automatically during installation of the Netcool Security 

Manager. 

You can edit the domain by logging into the Netcool GUI Foundation as an administrator or by logging 

into the Netcool/Impact 3.1 GUI Server and selecting the Netcool Security Manager as the current 

application. For information on editing the domain in the Netcool GUI Foundation, see the Netcool GUI 

Foundation Administration Guide. For information on editing the domain in the Netcool/Impact 3.1 GUI 

Server, see the Netcool Security Manager 1.2 Administration Guide. 

Configuring External Authentication Sources 

After you remove any existing authentication sources from the domain, you must enable each type of 

external authentication source that is to be used in the upgraded instance of the Netcool Security Manager. 

For more information, see Chapter 4: External Authentication on page 39. After you have enabled a type of 

authentication source, you can configure the Micromuse Netcool Applications domain to use 

authentication sources following the instructions in the Netcool GUI Foundation Administration Guide or 

the Netcool Security Manager 1.2 Administration Guide. 


2.5 Uninstalling the Netcool Security Manager 


Uninstalling the Netcool Security Manager 

You uninstall the Netcool Security Manager using the Netcool Installer maintenance wizard. You cannot 

completely uninstall the product by manually removing the installation directory from the system. 

You can run the maintenance wizard in GUI mode or in console mode. In GUI mode, the wizard presents 

a series of windows that guide you through the uninstallation process. In console mode, the wizard prompts 

you for required information from the command line. If you are uninstalling the Netcool Security Manager 

remotely using telnet or another command line application, you must run the wizard in console mode. GUI 

mode is not supported on AIX and HP-UX platforms. 

Uninstalling on UNIX Platforms 

To uninstall the Netcool Security Manager on UNIX platforms: 

1. At a command prompt, change the current directory to $NCHOME/install. 

2. To run the wizard in GUI mode, enter the following: 

./ncisetup 

To run the wizard in console mode, enter the following: 

./ncisetup -console 

3. Select Product View/Remove in the Welcome dialog box that opens and then click Next. 

4. The Product View/Remove dialog box opens and displays a list of installed Netcool products. 

5. Right-click on Netcool Security Manager in the list of products and select Remove from 

the context menu. 

6. Click Next. 

7. Click Remove in the Remove Product dialog box that opens. 

The maintenance wizard removes the Netcool Security Manager from the system. 

Uninstalling on Windows Platforms 

To remove the Netcool Security Manager on Windows platforms: 

1. From the Windows Start menu, select Netcool Suite → Maintenance Wizard. 

2. Follow the on-screen prompts to complete uninstallation. 

3. Select Product View/Remove in the Welcome dialog box that opens and then click Next. 

4. The Product View/Remove dialog box opens and displays a list of installed Netcool products. 

31


32 

5. Right-click on Netcool Security Manager in the list of products and select Remove from 

the context menu. 

6. Click Next. 

7. Click Remove in the Remove Product dialog box that opens. 

The maintenance wizard removes the Netcool Security Manager from the system. 


03_Running.fm May 17, 2006 

Chapter 3: Managing the Netcool Security 


This chapter contains information on starting and stopping the Netcool Security Manager server. It also 

contains information on backing up the database and viewing the server log. 

It contains the following chapters: 

Starting and Stopping the Netcool Security Manager on page 34 

Backing Up the Netcool Security Manager Database on page 36 

Viewing the Netcool Security Manager Log on page 37 


Chapter 3: Managing the Netcool Security Manager 

3.1 Starting and Stopping the Netcool Security Manager 

34 

You start and stop the Netcool Security Manager on UNIX platforms using a set of administration scripts. 

On Windows platforms, you use the Windows services administration utilities. 

Starting the Netcool Security Manager on UNIX 

You can start the Netcool Security Manager server and database by running the server startup script. This 

script is named ncsm_server and is located in the $NCHOME/security/bin directory. 

To start the Netcool Security Manager server, enter the following at a command prompt: 

$NCHOME/security/bin/ncsm_server 

Stopping the Netcool Security Manager on UNIX 

You can stop the Netcool Security Manager server and database by running the server shutdown script. This 

script is named ncsm_shutdown and is located in the $NCHOME/security/bin directory. 

To stop the Netcool Security Manager server, enter the following at a command prompt: 

$NCHOME/security/bin/ncsm_shutdown 

Viewing the Netcool Security Manager Status on UNIX 

You can view the status of the Netcool Security Manager server and the Netcool Security Manager database 

by running the status script. This script is named ncsm_status and is located in the 

$NCHOME/security/bin directory. 

To run the status script, enter the following at a command prompt: 

$NCHOME/security/bin/ncsm_status 

The following example shows typical output from the status script: 

Netcool/SecurityManager license server is running (pid= ) 

Netcool/SecurityManager database is running (pid=3487 ) 

Netcool/SecurityManager Server is running 

Starting the Netcool Security Manager on Windows 

To start the Netcool Security Manager on Windows platforms: 

1. In the Start Menu, select Control Panel → Administrative Tools → Services. 

2. In the Services window, right-click on Netcool Security Manager and select Start. 


Stopping the Netcool Security Manager on Windows 

To stop the Netcool Security Manager on Windows platforms: 

1. In the Start Menu, select Control Panel → Administrative Tools → Services. 


Starting and Stopping the Netcool Security Manager 

2. In the Services window, right-click on Netcool Security Manager and select Stop. 

35


3.2 Backing Up the Netcool Security Manager Database 

36 

Micromuse recommends that you regularly back up the Netcool Security Manager database. You must stop 

the Netcool Security Manager server before you back up or restore the database. 

To back up the database: 

1. Stop the Netcool Security Manager by entering the following at a command prompt: 


2. Back up the database by entering the following: 

$NCHOME/security/bin/ncsm_db backup -backupfile filename 

In this command, filename is the name of the file you want to use to store the backup data. 

3. Restart the Netcool Security Manager server by entering the following: 


Restoring the Database 

To restore the database: 

1. Stop the Netcool Security Manager by entering the following at a command prompt: 


2. Restore the database by entering the following: 

$NCHOME/security/bin/ncsm_db restore -backupfile filename 

In this command, filename is the name of the file that contains the backup data. 

3. Restart the Netcool Security Manager server by entering the following: 



3.3 Viewing the Netcool Security Manager Log 



You can monitor the Netcool Security Manager by reading the server log files. The server log files contain 

system messages and other information that can help you track the status of the Netcool Security Manager 

and troubleshoot any problems that might arise. Server log files are named SM_server.log.n, where 

n is a number that identifies the log file. The server log files are located in the $NCHOME/security/log 

directory. 

37


38 


04_External Authentication.fm May 17, 2006 

Chapter 4: External Authentication 

This chapter contains information on external authentication in the Netcool Security Manager. 

About External Authentication on page 40 

Adding an External Authentication Source on page 42 



4.1 About External Authentication 

40 

External authentication is the scheme under which the Netcool Security Manager uses authentication data 

stored in one or more instances of the Netcool/OMNIbus ObjectServer, an LDAP server or NIS to 

authenticate user logins. 

The Netcool Security Manager supports the following external authentication configurations: 

Single source authentication 

Multiple source authentication 

Single Source Authentication 

Single source authentication is a configuration where the Netcool Security Manager uses a single instance of 

the ObjectServer, an LDAP server or NIS as the source of authentication data. 

In this configuration, each time a user logs into a Netcool application, the Netcool Security Manager checks 

its database for information on that user. If the user is an internally-defined, native authentication user, the 

Netcool Security Manager uses the internal information to authenticate the login. If the user is not a native 

authentication user, the Netcool Security Manager connects to the configured external source and 

authenticates the login against the externally-stored user information. 

During installation, the Netcool Security Manager installer requires you to specify connection information 

for the default external authentication source. This default source can be an instance of the 

Netcool/OMNIbus ObjectServer, an LDAP server or NIS. If you only wish to use one external 

authentication source, you can set the connection information at this time. No additional configuration is 

required. 

Multiple Source Authentication 

Multiple source authentication is a configuration where the Netcool Security Manager uses more than one 

instance of the ObjectServer, LDAP server and/or NIS as the source of authentication data. 

In this configuration, each time a user logs into a Netcool application, the Netcool Security Manager checks 

its database for information on that user. If the user is an internally-defined, native authentication user, the 

Netcool Security Manager uses the internal information to authenticate the login. If the user is not a native 

authentication user, the Netcool Security Manager connects to each external source in order of priority until 

it finds a user that matches the username specified at login. The priority of external authentication sources 

is determined by the order in which they were added to the system. When the Netcool Security Manager 

finds a matching user, it uses that information to authenticate the login. 



About External Authentication 

To add additional external authentication sources to the default source configured during installation, you 

must run the Netcool Security Manager configuration script once for each authentication source. For more 

information, see Adding an External Authentication Source on page 42. 

41


4.2 Adding an External Authentication Source 

42 

To add an external authentication source, you run the Netcool Security Manager configuration utility and 

follow the on-screen prompts. This utility is launched by a script named ncsm_config located in the 

$NCHOME/security/install directory. 

You can run the configuration utility in GUI mode or in console mode. In GUI mode, the utility presents 

a series of wizards that guide you through the installation process. In console mode, it prompts you for 

required information from the command line. If you are running the utility remotely using telnet or another 

command line application, you must run it in console mode. 

After you have run the configuration utility, the external authentication source is enabled in the Netcool 

Security Manager. There is no need to perform additional configuration steps. 

Running the Configuration Utility 

Before you run the configuration utility, you should stop the Netcool Security Manager server. If you do 

not stop the server, the utility will stop it automatically during execution. 

To run the configuration utility: 

1. At a command prompt, change the current directory to the location where the utility is located. 

2. To run the utility in GUI mode, enter the following: 

./ncsm_config 

To run the utility in console mode, enter the following: 

./ncsm_config -console 

3. Follow the on-screen prompts as described in Configuration Utility Prompts below. 

After you run the configuration utility, you must manually restart the Netcool Security Manager server. 

Configuration Utility Prompts 

The information required by the configuration utility varies depending on the type of external 

authentication source you want to add. 


ObjectServer Authentication Sources 


Adding an External Authentication Source 

For an ObjectServer authentication source, the configuration utility prompts you for the information in 

Table 5. 

Table 5: Configuration Utility Prompts: ObjectServer Authentication Sources 


Host Hostname or IP address of the system where the ObjectServer is running. The default is 

localhost. 

Port Port used by the ObjectServer. The default is 4100. 

Username ObjectServer user name. This user must have ObjectServer SuperUser privileges. The 

default is root. 

Password ObjectServer password. 

The ObjectServer username and password that you specify are used to establish connections to the 

ObjectServer database. Micromuse recommends that you restrict access to the Netcool GUI Foundation 

(NGF) for this user. You can restrict NGF access by removing all Netcool Security Manager roles from this 

user and removing the user from any groups that you have assigned Netcool Security Manager roles. 

LDAP Authentication Sources 

For LDAP authentication sources, the configuration utility prompts you for the information in Table 6. 

Supported LDAP authentication sources include Microsoft Active Directory, Novell eDirectory, Sun ONE 

Directory Server, Netscape Directory Server, and OpenLDAP. 

Table 6: Configuration Utility Prompts: LDAP Authentication Sources 


Host Hostname or IP address of the system where the LDAP server is running. 

Port Port used by the LDAP server. 

Username Fully qualified dn of an LDAP user that has permission to browse the directory for 

users and groups. 

Password Password for the LDAP user. 

LDAP user ID Name of the LDAP attribute defined as a unique user ID in the LDAP schema. 

Default is uid. 

Base context users Base context for LDAP users in the directory. 

LDAP group name Name of the LDAP attribute to use as a group in the authentication model. The 

default is cn. 

Base context groups Base context for LDAP groups in the directory. 

43


44 

Table 6: Configuration Utility Prompts: LDAP Authentication Sources 


Group Filter LDAP filter that specifies which group a user belongs to. 

Novell or Microsoft Active 

Directory 

NIS Authentication Sources 

Enter true if the LDAP server is a Novell eDirectory or Microsoft Active Directory 

server. The default is false. 

For NIS authentication sources, the configuration utility prompts you for an NIS domain name. This is the 

name of a domain served by NIS whose associated authentication data you want to use. NIS authentication 

is only supported on Solaris and Linux platforms. 


99_Appendix.fm May 17, 2006 

Appendix A: Supplementary Information 

This appendix contains supplementary information related to Netcool Security Manager installation and 

configuration. 


Registry Configuration on page 46 

Authentication Refresh Interval on page 47 

Netcool Security Manager Failover on page 48 

SSL and the Netcool Security Manager on page 52 

Encryption Script on page 58 



A.1 Registry Configuration 

46 

When you install the Netcool Security Manager in compatibility mode for use with Netcool/Impact 3.1, the 

installer prompts you for connection information for the Netcool Application Registry. Table A1 shows the 

installer prompts. 

Table A1: Netcool Security Manager Installation Prompts: Registry Configuration 


Security Manager Registry Name Name used to identify the Netcool Security Manager in the Netcool Application 

Registry. 

Registry Host Hostname or IP address where the registry is located. 

Registry Port Communication port used by the registry. 

Registry Location Path where the application registry is located. If you are using the application 

registry that is installed with the Netcool/Impact GUI server, the default is 

/registry/services. 

Registry Username Name of the registry administration user. If you are using the application 

registry that is installed with the Netcool/Impact GUI server, the default is 

admin. 

Registry Password Password for the registry admin user. If you are using the application registry 

that is installed with the Netcool/Impact GUI server, the default is netcool. 


A.2 Authentication Refresh Interval 


Authentication Refresh Interval 

The Netcool Security Manager allows you to configure the interval at which user, group, and role 

information is refreshed from the database. 

You configure the refresh interval by setting properties in the server properties file. This file is named 

SM_server.props and is located in the $NCHOME/security/etc directory. 

The following table shows the refresh interval configuration properties: 

Table A2: Refresh Interval Configuration Properties 

Property Definition 

security.refresh.timeinsec Number of seconds between each attempt to refresh from the 

authentication source. Default is 30. 

security.refresh.maxretries Maximum number of times to retry a refresh after failing to connect 

to the authentication source. Default is 10. 

47


A.3 Netcool Security Manager Failover 

48 

Failover is a feature that helps you manage uptime and availability for the Netcool Security Manager. 

In a failover configuration, you install primary and secondary servers of the Netcool Security Manager on 

different systems in your environment. You then configure them in such a way that if the primary server 

fails, the secondary server takes over the role as primary. When the original primary server is restarted, is 

assumes the new secondary role. 

Netcool Security Manager user and group data is replicated and synchronized at startup and during run 

time. 

Setting Up Netcool Security Manager Failover 

To set up Netcool Security Manager failover, you do the following: 

Install the Netcool Security Manager instances 

Synchronize data between the Netcool Security Manager instances 

Configure Netcool applications to use the failover configuration 

Configure Netcool Security Manager database properties 

Configure Netcool Security Manager primary and secondary type properties 

Configure Netcool Security Manager server properties 

Installing the Netcool Security Manager Instances 

The first step in setting up failover is to install primary and secondary instances of the Netcool Security 

Manager on different systems in your environment. To install the Netcool Security Manager, you can run 

the install script and follow the on-screen prompts as described in Installing the Netcool Security Manager on 

page 25. There are no special considerations when installing the instances for failover. 

Synchronizing Data Between Netcool Security Manager Instances 

After you have installed the primary and secondary instances of the Netcool Security Manager, you must 

make sure that the product configuration information stored in the respective databases is identical. The best 

way to make sure that this information is identical is to export the contents of the database from the primary 

instance and import it into that of the secondary instance. 

You must repeat this step every time you add a new product that uses the Netcool Security Manager to your 

environment. This is because, at install time, the Netcool Installer only configures the primary instance of 

the Security Manager for use with the product. 



Netcool Security Manager Failover 

You do not need to manually synchronize other Netcool Security Manager information (for example, users 

and groups) during runtime. The Netcool Security Manager automatically replicates this information 

between instances. 

To synchronize data between Netcool Security Manager instances: 

1. If the primary instance is running, stop it by entering the following at a command prompt: 


When you shut down the primary instance, it exports the contents of its database in the form of a file 

called security.script. This file is located in the $NCHOME/security/db directory by 

default. 

2. Copy the output file to $NCHOME/bin/security on the system where the secondary instance is 

installed. 

3. If the secondary instance is running, stop it by entering the following at a command prompt: 


4. Import the data into the secondary instance by entering the following: 

$NCHOME/security/bin/ncsm_db restore -backupfile security.script 

When you import the data using ncsm_db, the script reports the status of the database. The 

message The database is not running is not an error message and can be disregarded. 

Configuring the Netcool Applications 

You must manually configure the Netcool applications that use the Netcool Security Manager (for example, 

Netcool/Impact and the Netcool/Impact GUI Server, or the Netcool GUI Foundation) so that they are able 

to locate both instances of the Netcool Security Manager server. You configure them by setting properties 

in their respective server properties files. This file is named server.props or 

servername_server.props and is located in the etc directory of the product installation. For 

example, the default Netcool/Impact server properties file is 

$IMPACT_HOME/etc/NCI_server.props. 

To configure the applications, set the following in each server properties file: 

security.backup.host.1=hostname 

security.backup.port.1=port 

impact.security.backup.host.1=hostname 

impact.security.backup.port.1=port 

49


50 

In these properties, hostname is the hostname of the system where the secondary Netcool Security 

Manager is running and port is the port. The default port is 8077. The location of the primary Netcool 

Security Manager is described by other configuration properties that you set when you install the Netcool 

application. 

Configuring the Netcool Security Manager Databases 

You must also configure the primary and secondary instances of the database so that they do not use 

localhost as the default server address. The server address property is located in the 

$NCHOME/security/etc/db.properties file. 

To configure the databases, comment out the server.address property in each db.properties 

file by inserting the # character at the beginning of the line. The resulting line should look like the following: 

# server.address=localhost 

Configuring Primary and Secondary Type Properties 

You must configure both primary and secondary type properties. The properties files are located in the 

$NCHOME/security/etc/smParentType.type file. You must modify these properties in order 

to enable data replication between the primary and secondary Netcool Security Manager instances. 

You must add or modify the contents of the primary type file so that it contains the following lines: 

smParentType.SQL.NUMDBPROPERTIES=1 

smParentType.SQL.DBPROPERTY.1.NAME=IMPACT_REPLICATE_CHANGES 

smParentType.SQL.DBPROPERTY.1.VALUE=true 

You must also modify the smParentType.sql.urls property. This property contains a set of JDBC 

connection strings. Each connection string is separated by the pipe character (|). 

For the primary server, add the following connection string to the property: 

jdbc:hsqldb:hsql://secondary_host:secondary_port/security 

In this property, secondary_host is the hostname of the system where the primary Netcool Security 

Manager is running and secondary_port is the port used by the database. The default port is 5600. 

The resulting property should resemble the following: 

smParentType.SQL.URLS=jdbc:hsqldb:hsql://host_primary:5600/security| 

jdbc:hsqldb:hsql://host_secondary:5600/security 

In this property, host_primary is the hostname of the primary instance and host_secondary is 

the hostname of the secondary instance. 

For the secondary server, add a connection string representing the primary to the property in the same way. 


The resulting property should resemble the following: 

smParentType.SQL.URLS=jdbc:hsqldb:hsql://host_secondary:5600/security| 

jdbc:hsqldb:hsql://host_primary:5600/security 


Netcool Security Manager Failover 

In this property, host_primary is the hostname of the primary instance and host_secondary is 

the hostname of the secondary instance. 

Configuring the Netcool Security Manager Server 

The final step in setting up failover is to configure the primary and secondary server instances. You configure 

each server by modifying the $NCHOME/security/etc/SM_server.props file. 

To configure the primary server, add the following lines to the file: 

impact.security.failover=true 

impact.security.controlport=port_primary_control 

impact.security.failover.other.host=host_secondary 

impact.security.failover.other.port=port_secondary_control 

impact.security.failover.ResyncRateInSec=10 

In these properties, port_primary_control is the control port for the primary server, 

host_secondary is the hostname of the system where the secondary server is running and 

port_secondary_control is the control port for the secondary server. The control port is used for 

communication between the primary and secondary server instances. You can specify any unused port for 

this property. 

To configure the secondary server, add the following lines to the file: 

impact.security.failover=true 

impact.security.controlport=port_secondary_control 

impact.security.failover.other.host=host_primary 

impact.security.failover.other.port=port_primary_control 

impact.security.failover.ResyncRateInSec=10 

Running the Netcool Security Manager in a Failover Configuration 

To run the Netcool Security Manager in a failover configuration you start the primary server and then the 

secondary server using the server startup script. This script is named ncsm_server and is located in the 

$NCHOME/security/bin directory. You start the server instances in the same way that you start a 

single server configuration with no special considerations. You can shut down the server instances using the 

ncsm_shutdown script. 

51


A.4 SSL and the Netcool Security Manager 

52 

The Netcool Security Manager supports Secure Socket Layer (SSL) communication at the following levels: 

Between the Netcool Security Manager and the Netcool GUI Foundation, Netcool/RAD, 

Netcool/Impact 3.1, and the Netcool/Impact GUI Server 

Between the Netcool Security Manager and an LDAP server 

Setting Up SSL Between the Netcool Security Manager and Netcool 

Applications 

The Netcool Security Manager supports communication via SSL between the server and other components 

of the Netcool suite. When you enable SSL communication for the Netcool Security Manager, all Netcool 

applications that use it for authentication must also be set up to use SSL. 

To set up SSL for use with the Netcool Security Manager and Netcool applications, you do the following: 

Create a server certificate 

Create client certificates 

Configure the Netcool Security Manager servlet service 

Configure the Netcool Security Manager server 

Configure the Netcool applications 

When you create the client and server certificates, you are required to specify a password for the local 

keystore and the local truststore. Make sure to record the passwords that you specify. You will use them when 

you configure the Netcool Security Manager server and the Netcool applications for use with SSL. 

Creating the Server Certificate 

The first step in setting up SSL for use with the Netcool Security Manager is creating the server certificate. 

You create this certificate using the Java keytool utility. This utility is part of the Java Runtime 

Environment (JRE) and is located in the $NCHOME/security/platform/arch/J2RE/bin 

directory, where arch is the name of the operating system where the Netcool Security Manager is installed. 

For more information on keytool, see the Java Runtime Environment documentation at 

http://java.sun.com. 


To create the server certificate: 


SSL and the Netcool Security Manager 

1. At a command prompt, change the current directory to the location that you will use to store the 

server certificate and create a subdirectory named ssl as follows: 

cd $NCHOME/security 

mkdir ssl 

cd ssl 

2. Generate the server certificate using the keytool utility as follows: 

$NCHOME/common/platform/arch/jre/1.4.2/bin/keytool -genkey -alias sm_svr -keyalg 

RSA -keypass keypassword -storepass storepassword -keystore keystore.jks 

In this command, keypassword and storepassword are password strings of your choice. 

Passwords must be six characters or longer. 

The keytool utility prompts you for the information required to populate and sign the server 

certificate. You must enter the hostname of the system where the Netcool Security Manager is 

running in response to the first name and last name prompt. 

This command creates a file named keystore.jks in the current directory. 

3. Export the server certificate using the keytool utility as follows: 

$NCHOME/common/platform/arch/jre/1.4.2/bin/keytool -export -alias sm_svr 

-storepass storepassword -file server.cer -keystore keystore.jks 

This command creates a file named server.cer in the current directory. This file contains the 

exported certificate. 

4. Create a trust store file and add the server certificate to the file as follows: 

$NCHOME/common/platform/arch/jre/1.4.2/bin/keytool -import -v -trustcacerts -alias 

sm_svr -keypass keypassword -storepass storepassword -file server.cer -keystore 

cacerts.jks 

The keytool utility prompts you whether you want to trust this certificate. You must answer Yes. 

This command creates a file named cacerts.jks in the current directory. 

Creating Client Certificates 

After you have created the server certificate, you must create a client certificate for each Netcool application 

that uses the Netcool Security Manager for authentication. This includes the Netcool GUI Foundation, 

Netcool/Impact 3.1, Netcool/RAD, and the Netcool/Impactg GUI Server. 

If you are configuring the Netcool GUI Foundation as your client application, please see the Netcool GUI 

Foundation Administration Guide for instructions on this task. 

53


54 

You must also create a client certificate for the Netcool Security Manager server itself, in addition to the 

server certificate that you created in the previous step. 

As with the server certificate, you generate client certificates using the Java keytool utility. This utility is 

located in the platform/arch/jre/1.4.2/bin or platform/arch/J2RE/bin directory of 

each Netcool application installation, where arch is the name of the platform where the application is 

installed. 

You must create the client certificates on the system where each application is installed. For example, when 

you generate the certificate for Netcool/Impact, you must run the keytool utility on the system where 

Netcool/Impact is located. 

To create a client certificate: 

1. At a command prompt, create a new directory named ssl in the home directory for the Netcool 

application. For example, if you are generating a client certificate for Netcool/Impact, create a new 

directory named $IMPACT_HOME/ssl. If you are generating a client certificate for the Netcool 

Impact GUI Server, create a new directory called $GUI_HOME/ssl. 

2. Change the current directory to the ssl location you created above. 

3. Generate the client certificate using the keytool utility as follows: 

app_home/platform/arch/J2RE/bin/keytool -genkey -alias sm_clnt -keyalg RSA 

-keypass keypassword -storepass storepassword -keystore clntks.jks 

In this command, app_home is the home directory for the Netcool application (for example, 

$NCHOME/security, $IMPACT_HOME, $GUI_HOME or $RAD_HOME) and keypassword 

and storepassword are password strings of your choice. Passwords must be six characters or 

longer. 

The keytool utility prompts you for the information required to populate and sign the client 

certificate. You must enter the hostname of the system where the Netcool Security Manager is 

running in response to the first name and last name prompt. 

This command creates a file named clntks.jks in the current directory. 

4. Export the client certificate using the keytool utility as follows: 

app_home/platform/arch/J2RE/bin/keytool -export -alias sm_clnt -storepass 

storepassword -file client.cer -keystore clntks.jks 

This command creates a file named client.cer in the current directory. This file contains the 

exported certificate. 


5. Add the client certificate to the trust file as follows: 



app_home/platform/arch/J2RE/bin/keytool -import -v -trustcacerts -alias sm_clnt 

-keypass keypassword -storepass storepassword -file client.cer -keystore 

cacerts.jks 

The keytool utility prompts you whether you want to trust this certificate. You must answer Yes. 

Configuring the Netcool Security Manager Servlet Service 

The servlet service is an internal component of the Netcool Security Manager that runs the Netcool Security 

Manager GUI. To configure this service, you set configuration properties in the 

SM_servletservice.props file. This file is located in $NCHOME/security/etc. 

To configure the servlet service, set the following properties in the 

SM_servletservice.props file: 

impact.http.ssl.enable=true 

impact.ssl.keystore=ncsm_home/ssl/keystore.jks 

impact.ssl.keypass=keypass_encrypt 

In these properties, ncsm_home is the directory where the Netcool Security Manager is installed (for 

example, opt/netcool/security) and 

keypass_encrypt is the encrypted keystore password you specified when you created the 

keystore.jks file. You must use the ncsm_crypt tool to encrypt the keystore password. This tool 

is located in the $NCSM_HOME/bin directory. 

The following example shows typical values for these properties: 

impact.http.ssk.enable=true 

impact.ssl.keystore=/opt/netcool/security/ssl/keystore.jks 

impact.ssl.keypass=F7EA3A52059022B9F390AD2E9242E81A 


To configure the Netcool Security Manager server, set the following properties in the 

$NCHOME/security/etc/SM_server.props file: 

security.protocol=https 

security.keystore=ncsm_home/ssl/clntks.jks 

security.keypass=keypass_encrypt 

security.truststore=ncsm_home/ssl/cacerts.jks 

security.trustpass=trustpass_encrypt 

55


56 

In these properties, ncsm_home is the directory where the Netcool Security Manager is installed and 

keypass_encrypt and trustpass_encrypt are the encrypted keystore and truststore passwords 

that you specified when you created the client certificate on the system where the Netcool Security Manager 

resides. You must use the ncsm_crypt tool to encrypt the keystore password. This tool is located in the 


The following example shows typical values for these properties: 


security.keystore=/opt/netcool/security/ssl/clntks.jks 

security.keypass=F7EA3A52059022B9F390AD2E9242E81A 

security.truststore=/opt/netcool/security/ssl/cacerts.jks 

security.trustpass=F7EA3A52059022B9F390AD2E9242E81A 

Configuring the Netcool Applications 

The final step in setting up SSL is configuring the Netcool applications. You must configure each 

application that uses the Netcool Security Manager for authentication. This includes the Netcool GUI 

Foundation, Netcool/Impact 3.1, the Netcool/Impact GUI Server, and Netcool/RAD. 

If you are configuring the Netcool GUI Foundation as your client application, please see the Netcool GUI 

Foundation Administration Guide for instructions on this task. 

To configure other Netcool applications, set the properties specified in the above step in each server 

properties file. This file is named servername_server.props or server.props, where 

servername is the name of the server instance, and is located in the etc directory of the product 

installation. For example, the default server properties file for Netcool/Impact is named 

NCI_server.props and is located in the $IMPACT_HOME/etc directory. 

Make sure that you have created client certificates for each of the applications that communicate with the 

Netcool Security Manager as described in Creating Client Certificates on page 53. 

The following example shows typical values for SSL properties in the Netcool/Impact server properties file: 


security.keystore=/opt/netcool/impact/ssl/clntks.jks 

security.keypass=F7EA3A52059022B9F390AD2E9242E81A 

security.truststore=/opt/netcool/impact/ssl/cacerts.jks 

security.trustpass=F7EA3A52059022B9F390AD2E9242E81A 

Setting Up SSL Between the Netcool Security Manager and an LDAP 

Server 

The Netcool Security Manager supports communication via SSL between the Netcool Security Manager 

server and an LDAP server that you are using as an authentication source. 




To set up SSL for use with the Netcool Security Manager and an LDAP server, you do the following: 

Configure the LDAP server for use with SSL 

Install the client certificate for the LDAP service in the keystore of the Java Runtime Environment 

(JRE) used by the Netcool Security Manager 

Configure the Netcool Security Manager Server 

Configuring the LDAP Server 

The first step in setting up SSL communication is to configure the LDAP server. Instructions for configuring 

the LDAP server vary according by product. Typically, you first obtain a server certificate from a certificate 

authority (CA) and install it on the platform used by the LDAP server. Then, you use tools provided by the 

LDAP vendor to enable SSL communication. For more information, see the LDAP server documentation. 

Installing the Client Certificate 

You must install the SSL client certificate in the keystore of the JRE used by the Netcool Security Manager. 

You first obtain the client certificate from a CA according to the instructions provided by the LDAP server 

vendor. You then install the certificate using the Java keytool utility. This utility is located in the 

$NCSM_HOME/platform/arch/J2RE/bin directory, where arch is the name of the operating 

system where the Netcool Security Manager is installed. 

To install the client certificate, enter the following at a command prompt: 

$NCSM_HOME/platform/arch/J2RE/bin/keytool -import -v -trustcacerts -alias aliasname 

-file certname -keystore $NCSM_HOME/platform/arch/lib/cacerts/keystorename 

In this command, aliasname is the alias of the server certificate, certname is the filename of the 

certificate file and keystorename is the name of the keystore file. 


To configure the Netcool Security Manager server, you edit the primary type properties file for the LDAP 

authentication source. This file is named smParentType_LDAP.type and is located in the 

$NCHOME/security/etc directory. 

You must make the following changes to the primary type properties file: 

Set the value of the smParentType_LDAP.PROVIDERURL property to the hostname and SSL 

port used by the LDAP server. 

Uncomment the smParentType_LDAP.LDAP.SECURITY.PROTOCOL property. 

57


A.5 Encryption Script 

58 

The Netcool Security Manager provides a script that you can use to encrypt plaintext password strings. You 

can use this script to disguise user passwords that are stored in properties files for the Netcool Security 

Manager and other Netcool products. This script is named ncsm_crypt and is located in the 


The ncsm_crypt script has the following syntax: 

ncsm_crypt password 

In this syntax, password is the password string that you want to encrypt. 

When you run ncsm_crypt, it prints the encrypted string to the standard output. 


sm30instIX.fm May 17, 2006 3:27 pm 

Index 

A 

administration user 28 

authentication refresh intervals 47 

authentication types 10 

external 10 

native 10 

C 

compatibility mode installation 13 

D 

database 

backing up 36 

restoring 36 

E 

encryption script 58 

external authentication 10, 21, 40 

about 40 

single source 40 

external authentication requirements 21 

external authentication sources 

adding 42 

configuring 42 

F 

failover 48 

running Netcool Security Manager 51 

setting up 48 

H 

hardware requirements 21 

Netcool Security Manager 1.3 Installation Guide 1 

I 

installation types 12 

compatibility mode 13 

shared mode 14 

standard 12 

installing the Netcool Security Manager 25 

J 

Java support 20 

L 

LDAP authentication sources 


support 21 

License server support 20 

log 

viewing 37 

M 

managing the Netcool Security Manager 18 

N 

native authentication 10 

Netcool environment variable 25 

Netcool GUI Foundation requirements 20 

Netcool home directory 23 

Netcool installation user 23 

Netcool Installer 22 

log 28 

prompts 27 

running 26 

Netcool License Server 20 

Index

Index 

2 

Netcool Security Manager 10 

installation directories 24 

NIS authentication sources 


support 21 

O 

ObjectServer authentication sources 


support 21 

operating system requirements 20 

P 

platform requirements 20 

R 

registry configuration 46 

S 

setting up the Netcool Security Manager 16 

shared mode installation 14 

single source authentication 40 

SSL 52 

setting up LDAP server connections 56 

setting up Netcool applications 52 

standard installation 12 

starting the Netcool Security Manager 34 

stopping the Netcool Security Manager 34 

system requirements 20 

U 

uninstalling Netcool Security Manager 31 

upgrading Netcool Security Manager 29 

V 

viewing Netcool Security Manager status on UNIX 34 

viewing the installation log 28 

viewing the Netcool Security Manager log 37 


ackmatter.fm May 17, 2006 

Contact Information 

Corporate 

Region Address Telephone Fax World Wide Web 

USA Micromuse Inc. (HQ) 

650 Townsend Street 

San Francisco 

CA 94103 

USA 

Europe Micromuse Ltd. 

Disraeli House 

90 Putney Bridge Road 

London SW18 1DA 

United Kingdom 

Asia-Pacific Micromuse Ltd. 

Level 25 

77 St Georges Terrace 

Perth WA 6000 

Australia 

Technical Support 

1-800-Netcool (638 2665) 

+1 415 568 9800 

Region Telephone Fax 

USA 1-800-Netcool (800 638 2665) 

+1 415 568 9800 (San Francisco) 

+1 415 568 9801 http://www.micromuse.com 

+44 (0) 20 8875 9500 +44 (0) 20 8875 9995 http://www.micromuse.co.uk 

+61 (0) 8 9213 3400 +61 (0) 8 9325 5030 http://www.micromuse.com.au 

+1 415 568 9801 

Europe +44 (0) 20 8877 0073 (London, UK) +44 (0) 20 8875 0991 

Asia-Pacific +61 (0) 8 9213 3470 (Perth, Australia) 

Online 

+10 800 852 1012 (North China) 

+10 800 152 1012 (South China) 

+61 (0) 8 9486 1116 

Team E-Mail World Wide Web 

Licensing Temporary Licenses: temp.licensing@micromuse.com 

Permanent Licenses: perm.licensing@micromuse.com 

support.micromuse.com/helpdesk/licenses 

Support support@micromuse.com support.micromuse.com 


Contact Information 

4

Netcool Security Manager Installation Guide 1.3 - e IBM Tivoli ...

Create successful ePaper yourself

Delete template?

Save as template?