System Release 7.14 ASTRO 25 INTEGRATED VOICE AND DATA PRIVATE NETWORK MANAGEMENT CLIENT November 2013 6871025P07-A 2013 Motorola Solutions, Inc. All rights reserved
Copyrights The Motorola products described in this document may include copyrighted Motorola computer programs. Laws in the United States and other countries preserve for Motorola certain exclusive rights for copyrighted computer programs. Accordingly, any copyrighted Motorola computer programs contained in the Motorola products described in this document may not be copied or reproduced in any manner without the express written permission of Motorola. 2013 Motorola Solutions, Inc. All Rights Reserved No part of this document may be reproduced, transmitted, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, without the prior written permission of Motorola Solutions, Inc. Furthermore, the purchase of Motorola products shall not be deemed to grant either directly or by implication, estoppel or otherwise, any license under the copyrights, patents or patent applications of Motorola, except for the normal non-exclusive, royalty-free license to use that arises by operation of law in the sale of a product. Disclaimer Please note that certain features, facilities, and capabilities described in this document may not be applicable to or licensed for use on a particular system, or may be dependent upon the characteristics of a particular mobile subscriber unit or configuration of certain parameters. Please refer to your Motorola contact for further information. Trademarks MOTOROLA, MOTO, MOTOROLA SOLUTIONS, and the Stylized M Logo are trademarks or registered trademarks of Motorola Trademark Holdings, LLC and are used under license. All other trademarks are the property of their respective owners. European Union (EU) Waste of Electrical and Electronic Equipment (WEEE) directive The European Union's WEEE directive requires that products sold into EU countries must have the crossed out trash bin label on the product (or the package in some cases). As defined by the WEEE directive, this cross-out trash bin label means that customers and end-users in EU countries should not dispose of electronic and electrical equipment or accessories in household waste. Customers or end-users in EU countries should contact their local equipment supplier representative or service centre for information about the waste collection system in their country. 6871025P07-A November 2013 Send Feedback
Contact Us Motorola Solution Support Center The Solution Support Center (SSC) is the primary Motorola Solutions support contact. Call: Prior to any software reload. To confirm troubleshooting results and analysis prior to removing and replacing a Field Replaceable Unit (FRU) and Field Replaceable Entity (FRE) to repair the system. For... Phone Domestic Calls 800-221-7144 International Calls 302-444-9800 North America Parts Organization For assistance in ordering replacement parts or identifying a part number, contact the Motorola Parts organization. Your first response when troubleshooting your system is to call the Motorola SSC. For... Phone Orders Phone 800-422-4210 (US and Canada Orders) For help identifying an item or part number: select choice 3 from the menu. 302-444-9842 (International Orders) includes help for identifying an item or part number and for translation as needed Fax Orders 800-622-6210 (US and Canada Orders) Comments Send questions and comments regarding user documentation to documentation@motorolasolutions.com. Provide the following information when reporting a documentation error: The document title and part number The page number with the error A description of the error We welcome your feedback on this and other Motorola manuals. To take a short, confidential survey on Motorola Customer Documentation, go to docsurvey.motorolasolutions.com or scan the following QR code with your mobile device to access the survey. 6871025P07-A November 2013 Send Feedback
Document History Version Description Date 6871025P07-A Original release of the Private Network Management Client manual. November 2013 6871025P07-A November 2013 Send Feedback
Contents 9 Contents Copyrights... 3 Contact Us... 5 Document History...7 List of Figures... 13 List of Tables... 15 List of Procedures... 17 List of Processes... 19 About Private Network Management Client... 21 What Is Covered In This Manual?... 21 Helpful Background Information... 21 Related Information...21 Chapter 1: PNM Client Description...25 Windows-Based PNM Clients...25 PNM Client Applications Overview... 25 Motorola PRNM Suite Applications... 25 Applications Launched with the Web Browser...26 HP Z400/Z420 Hardware... 27 HP Z400 Workstation Specifications...28 HP Z420 Workstation Specifications...28 Operating Frequencies and Voltages...29 Chapter 2: PNM Client Theory of Operations...31 Windows Remote Desktop Connection... 31 McAfee Anti-Malware... 31 Chapter 3: PNM Client Installation... 33 PNM Client Installation Prerequisites...33 IP Addresses and Login Information...33 Installing the PNM Client...34 Importing PNM Client Virtual Machines...35 Configuring the PNM Client Virtual Machine...37 PNM Client Windows OS Installation... 37 Windows OS Software Media...37 Windows Installation by MOSI...38 Installing the Motorola PRNM Suite of Applications...38 Centralized Event Logging Client and Backup and Restore Client Installation... 39 Unified Event Manager Operations...39 Clearing a Cached Copy of the UEM...39 Downloading the UEM Software on the PNM Client...40 ASTRO 25 System Release Documentation Set Installation...40 Rebooting the PNM Client...40 Chapter 4: PNM Client Configuration... 41 Configuring TCP/IP on Windows... 41 Configuring DNS Settings on Windows... 41
10 Contents Configuring Primary DNS Suffix...42 Time Sources...42 Windows Login Warning Banners...43 Printer Installation... 43 MOTOPATCH for Windows... 43 Common Windows Procedures...43 Changing Password for Windows User Account...44 PTP Certificates...44 Installing PTP Certificates on PNM Client for Each PTP Radio...44 Chapter 5: PNM Client Operations...47 Creating a PRNM Suite Application Shortcut... 47 Creating an Application Shortcut...47 Opening an Application from the Explorer Window... 48 Opening an Application from the Start Menu...49 Displaying System-Level Applications...49 Displaying Zone-Level Applications... 49 Checking the User Identity...50 Run Command...50 Centralized Backup and Recovery for PNM Clients...50 PNM Client Backup on the Backup and Recovery Server...50 Restoring Critical Data to a PNM Client from the Backup and Recovery Server... 51 Chapter 6: PNM Client Maintenance... 53 Uninstalling the PRNM Suite of Applications...53 Chapter 7: PNM Client Troubleshooting... 55 Embedded Passwords...55 Chapter 8: PNM Client FRU Information...57 PNM Client Field Replaceable Units... 57 Chapter 9: PNM Client Disaster Recovery...59 Recovering the PNM Client... 59 Appendix A: Local Backup/Restore of PNM Client SSH Data... 61 Backing Up the PNM Client SSH Data...61 Restoring the PNM Client SSH Data... 61 Appendix B: PNM Printer Security Configuration... 63 Configuring the PNM Printer Security...63 Accessing PNM Printer Web Administration Panel... 63 Disabling Printer SNMP Management and Unnecessary PNM Printer Services... 64 Configuring PNM Printer Static IP Address... 66 Disabling PNM Printer Management Protocols (Except for HTTPS)... 67 Disabling PNM Printer Firmware Upgrade Sent as Print Jobs... 69 Restricting PNM Printer Print Services to Port 9100 and LPD (port 515)... 70 Restricting PNM Printer Configuration Access to Administrators Only...70 PNM Printer Periodical Maintenance...72
Contents 11 Applying PNM Printer Firmware...72 Reviewing Event and Job Logs...72
12 Contents
List of Figures 13 List of Figures Figure 1: HP Z400 Workstation Front View... 27 Figure 2: HP Z420 Workstation Front View... 27 Figure 3: PNM Printer Device Status... 64 Figure 4: PNM Printer Network Settings... 65 Figure 5: PNM Printer Other Settings... 65 Figure 6: PNM Printer TCP/IP(v4) Settings...66 Figure 7: PNM Printer TCP/IP(v6) Settings...66 Figure 8: PNM Printer Management Protocols Web Management...67 Figure 9: PNM Printer Management Protocols Other... 68 Figure 10: PNM Printer Device Announcement Agent...68 Figure 11: PNM Printer General Security... 69 Figure 12: PNM Printer General Security Set Password...70 Figure 13: PNM Printer Permission Policies...71 Figure 14: PNM Printer Device User Accounts... 71
14 List of Figures
List of Tables 15 List of Tables Table 1: Motorola PRNM Suite Applications... 25 Table 2: Applications Not Available from the PRNM Suite...26 Table 3: HP Z400/Z420 Physical Specifications...27 Table 4: HP Z400 Workstation Specifications*... 28 Table 5: HP Z420 Workstation Specifications... 28 Table 6: PNM Client Software Installation Media... 33 Table 7: Media Software Required for Installation... 37 Table 8: PNM Client Field Replaceable Units... 57
16 List of Tables
List of Procedures Importing PNM Client Virtual Machines... 35 Configuring the PNM Client Virtual Machine... 37 Installing the Motorola PRNM Suite of Applications... 38 Clearing a Cached Copy of the UEM... 39 Downloading the UEM Software on the PNM Client... 40 Rebooting the PNM Client... 40 Configuring DNS Settings on Windows...41 Configuring Primary DNS Suffix...42 Changing Password for Windows User Account... 44 Installing PTP Certificates on PNM Client for Each PTP Radio... 44 Creating a PRNM Suite Application Shortcut...47 Creating an Application Shortcut... 47 Opening an Application from the Explorer Window...48 Opening an Application from the Start Menu... 49 Displaying System-Level Applications... 49 Displaying Zone-Level Applications...49 Checking the User Identity... 50 Restoring Critical Data to a PNM Client from the Backup and Recovery Server...51 Uninstalling the PRNM Suite of Applications... 53 Backing Up the PNM Client SSH Data...61 Restoring the PNM Client SSH Data...61 Accessing PNM Printer Web Administration Panel...63 Disabling Printer SNMP Management and Unnecessary PNM Printer Services...64 Configuring PNM Printer Static IP Address... 66 Disabling PNM Printer Management Protocols (Except for HTTPS)...67 Disabling PNM Printer Firmware Upgrade Sent as Print Jobs...69 Restricting PNM Printer Print Services to Port 9100 and LPD (port 515)...70 Restricting PNM Printer Configuration Access to Administrators Only... 70 Applying PNM Printer Firmware... 72 Reviewing Event and Job Logs... 72 6871025P07-A November 2013 Send Feedback
List of Processes Installing the PNM Client...34 Configuring TCP/IP on Windows... 41 Recovering the PNM Client...59 Configuring the PNM Printer Security... 63 6871025P07-A November 2013 Send Feedback
About Private Network Management Client This manual provides an introduction to the hardware and software components associated with the Private Network Management (PNM) client. Included are the detailed procedures for installation, configuration, and replacing Field Replaceable Units (FRUs). This manual is intended to be used by field service managers and field service technicians after they have attended the Motorola formal training for the PNM Client. What Is Covered In This Manual? This manual contains the following chapters: PNM Client Description on page 25 contains an overview of the PC client hardware, PNM Client, and the software applications for McAfee Anti-Malware, as well as specifications and requirements. PNM Client Theory of Operations on page 31 provides a list of software installed on the PNM Client. PNM Client Installation on page 33 describes the software installation instructions for the PC client. PNM Client Configuration on page 41 provides the configuration instructions for setting up the PC client hardware and PNM Client after the software is installed. PNM Client Operations on page 47 provides information on how to start, create, display, and exit applications. PNM Client Maintenance on page 53 provides instructions for uninstalling the Private Radio Network Manager (PRNM) suite of applications from the PNM Client. PNM Client Troubleshooting on page 55 is a reference for where to find operating system or applicationspecific troubleshooting information. PNM Client FRU Information on page 57 lists the Field Replaceable Units (FRUs). PNM Client Disaster Recovery on page 59 provides disaster recovery procedures pertaining to PNM Client. Local Backup/Restore of PNM Client SSH Data on page 61 contains information on Windows Vista PNM Client SSH Data local backup and restore. PNM Printer Security Configuration on page 63 describes configuration of the PNM printer. Helpful Background Information Motorola offers various courses designed to assist in learning about the system. For information, go to http:// www.motorolasolutions.com/training to view the current course offerings and technology paths. Related Information Related Information Standards and Guidelines for Communication Sites Purpose Provides standards and guidelines that should be followed when setting up a Motorola communications site. Also known as R56 manual. This may be purchased on CD 9880384V83, by calling the North America Parts Organization at 800-422-4210 (or the international number: 302-444-9842). Table continued 6871025P07-A November 2013 Send Feedback
22 About Private Network Management Client Related Information System Documentation Overview Virtual Management Server Software Virtual Management Server Hardware Historical Reports Windows Supplemental Configuration Core Security Management Server Securing Protocols with SSH Unified Event Manager Backup and Restore Services Authentication Services MAC Port Lockdown Purpose For an overview of the ASTRO 25 system documentation, open the graphical user interface for the ASTRO 25 system documentation set and select the System Documentation Overview link. This opens a file that includes: ASTRO 25 system release documentation descriptions ASTRO 25 system diagrams ASTRO 25 system glossary For an additional overview of the system, review the architecture and descriptive information in the manuals that apply to your system configuration. Provides procedures for implementing and managing VMware ESXi-based virtual server hosts on the common Hewlett-Packard hardware platform in an ASTRO 25 system. Includes common procedures for virtual machines/virtual appliances on the virtual server host. Provides information for implementing, maintaining, and replacing common Hewlett-Packard hardware for servers in an ASTRO 25 system. Covers the use of the Historical Reports software application to generate reports that show system-wide and zone-level historical data for an ASTRO 25 IV&D system. Provides additional procedures that must be performed on all Windows -based devices in an ASTRO 25 system, and additional procedures that are performed only for specific Windows -based devices. Provides information relating to implementation and management of basic network security software components in an ASTRO 25 IV&D system. This includes server functions and client functions that support multi-factor RADIUS authentication for remote users accessing the system through a modem and terminal server. Information is also included about the server and client functions for managing system-wide anti-malware protection (including anti-virus and anti-spyware). Provides information relating to the implementation and management of the Secure Shell (SSH) protocol for secure transmission of data between devices in an ASTRO 25 system. Includes configuration sequences that minimize downtime when adding this feature to a system that is already in operation. Covers the use of Unified Event Manager (UEM), the application that provides reliable fault management services for devices in the ASTRO 25 IV&D radio system. Provides information relating to the implementation and management of a backup service for supported devices in an ASTRO 25 system. This manual addresses server and client functions required for these services, and provides information relating to the implementation and replacement of the Network Attached Storage (NAS) hardware/software component. Provides information relating to the implementation and management of the Active Directory (AD) service, Remote Authentication Dial-In User Service (RADIUS), and Domain Name Service (DNS) in ASTRO 25 systems. Provides information relating to the implementation and management of MAC Port Lockdown for standard Ethernet ports on Hewlett-Packard switches and on the internal switch of GCP 8000 site controllers and GPB 8000 Reference Distribution Modules (RDMs), in an ASTRO 25 system. Also provides Send Feedback November 2013 6871025P07-A
About Private Network Management Client 23 Related Information Purpose information required for supplemental Ethernet port security, including the implementation of fiber optic ports on Hewlett-Packard switches. 6871025P07-A November 2013 Send Feedback
Chapter 1 PNM Client Description The Private Network Manager (PNM or NM) client workstations are commercial personal computers that run the Microsoft Windows operating system for network computers. Authorized system managers or network administrator personnel use the client PC workstations to start and run the software applications for configuring, viewing equipment operational status, and monitoring network utilization and performance. Windows-Based PNM Clients The new PNM architecture distributes most of the user application processing to the client PC workstations. This approach yields important benefits: Application performance is less dependent on the number of concurrent users and open applications. Personnel typically responsible for managing a radio system or computer network are already familiar with, or easily trained to use, the GUI of PNM applications that conforms to Windows Operating System conventions. Remote operation performance over a limited bandwidth link (for example, a telephone line used for accessing the network remotely through dial-up modems) is improved. PNM Client Applications Overview For the list of the PNM Client applications, see the following sections: For applications launched from the Motorola Private Radio Network Management (PRNM) Suite, see Motorola PRNM Suite Applications on page 25. For applications launched using the web browser, see Applications Launched with the Web Browser on page 26. Motorola PRNM Suite Applications Note: FCAPS is a Network Management model intended to maximize the available resources and minimize system downtime and maintenance costs. It consists of five functional areas: Fault Management, Configuration Management, Accounting, Performance Management, and Security Management. Table 1: Motorola PRNM Suite Applications Application FCAPS Purpose System-Level Applications: System Profile Performance A tool that allows you to track license usage at the system level. Shows the number of applications open, who is using the application, and the number of available licenses. System Historical Reports Accounting, Performance A tool that uses predefined reports to show data from archived information. System Historical Reports spans the system level. Table continued 6871025P07-A November 2013 Send Feedback
26 PNM Client Description Application FCAPS Purpose Zone-Level Applications: Note: For details on the Custom Historical Reports application, see the Historical Reports manual. Affiliation Display Performance A tool to monitor radio, talkgroup, and site use. Affiliation Display spans zone, site, and radio unit levels. Air Traffic Information Access (ATIA) Log Viewer Dynamic Reports Zone Historical Reports Performance Accounting, Performance Accounting, Performance A tool that allows you to view radio events occurring in the zone in a raw data format from the Air Traffic Router Server (ATR) application. A tool that provides predefined reports using data taken dynamically from the database. A tool that uses predefined reports to show data from archived information. Zone Historical Reports spans zone, site, and unit levels. Note: For details on the Custom Historical Reports application, see the Historical Reports manual. Radio Control Manager Reports Radio Control Manager Accounting, Performance Configuration, Security A tool that provides reports on radio activity. A primary tool used in controlling and monitoring radio activity, which has configuration capability in the Dynamic regrouping feature. Radio Control Manager spans zone, site, and unit levels. Zone Profile Performance A tool to track license usage at a zone level. It shows the number of applications open, who is using the application, and the number of available licenses. ZoneWatch Fault, Performance Applications Launched with the Web Browser A tool that monitors call processing resource assignments, including channels, sites, and any hardware assigned to a call. ZoneWatch spans zone, site, and unit levels. The Unified Network Configurator (UNC), Unified Event Manager (UEM), and the Provisioning Manager applications are launched using browser shortcuts. For more information, see Creating a PRNM Suite Application Shortcut on page 47. Table 2: Applications Not Available from the PRNM Suite Application FCAPS Purpose UEM Fault A tool that provides reliable fault management services, such as service discovery, fault management, supervision, and synchronization. UNC Configuration An advanced network configuration tool that provides controlled and validated configuration management of system devices. It includes VoyenceControl and Unified Network Configurator Wizards (UNCW). Note: The names EMC Smarts and VoyenceControl are used interchangeably for this product. Provisioning Manager Configuration A management application used to enter and maintain configuration information for the User Configuration Server (UCS). The Provisioning Send Feedback November 2013 6871025P07-A
PNM Client Description 27 Application FCAPS Purpose Manager configures Consoles, CCGWs, AuC, MGEGs, System, Subscribers, Security, and applications (such as ZoneWatch). HP Z400/Z420 Hardware Figure 1: HP Z400 Workstation Front View Figure 2: HP Z420 Workstation Front View The PC manufacturer, model, and specifications vary, depending on the customer specification. For the hardware used in the Virtual Management Server environment, see the Virtual Management Server Software manual. Table 3: HP Z400/Z420 Physical Specifications Device Dimensions (H x W x D) Weight HP Z400 Workstation HP Z420 Workstation 6.6 x 17.9 x 17.7 in (16.79 x 45.53 x 45.02 cm) 33.3 lb (15.1 kg) 17.6 x 7.0 x 17.5 in (44.76 x 17.78 x 44.52 cm) 29.2 lb (13.2 kg) 6871025P07-A November 2013 Send Feedback
28 PNM Client Description HP Z400 Workstation Specifications Table 4: HP Z400 Workstation Specifications* Specification Processor Chipset Hard Drive Hard Disk Controller System Memory LAN Optical Storage Devices (such as CD-ROM) Keyboard Mouse Graphics Requirement Intel Xeon W3503 2.4 GHz 1066 MHz Dual Core Intel X58 Express 160 GB 7200 rpm SATA 3.0 Gb/s NCQ Integrated serial ATA controller (ICH9R) 3 Gb/s (NCQ with 5 SATA connectors) with RAID 0,1,5 and 10 capability; removable boot drive option 3 GB Total memory (3 x 1 GB DDR3 1066 MHz ECC) 10/100/1000 Mbit; Broadcom NetXtreme Gigabit Ethernet 16X Max SATA DVD+/-RW Drive HP PS/2 Standard Keyboard US Microsoft Wheel Optical 3-button USB Mouse NVIDIA Quadro NVS 295 256MB Dual Head Expansion Slots 2 PCIe Gen2 x 16 1 PCIe Gen2 x 8 mechanical (x4 electrical) 1 PCIe Gen1 x 8 mechanical (x4 electrical) 2 PCI (full-height/length) 1 22-in-1 Media Card Reader (optional) Built-in I/O Ports USB 2.0 Power supply Power consumption 475 W (85% efficient power supply; wide ranging, Active Power Factor Correction) max 475 W *Workstation specification represent recommended specifications to meet appropriate performance levels for each system release. While the availability of workstation components changes, the recommended workstation specifications should be maintained to meet or exceed performance levels associated with the initial, recommended workstation specifications for your system release. HP Z420 Workstation Specifications Table 5: HP Z420 Workstation Specifications Specification Processor Chipset Hard Drive Hard Disk Controller Requirement Intel Xeon E5-1603, 2.8 GHz,1066 Mhz memory, Quad Core Intel C602 500 GB 7200 rpm SATA 3.0 Gb/s NCQ Integrated SATA controller Table continued Send Feedback November 2013 6871025P07-A
PNM Client Description 29 Specification System Memory LAN Optical Storage Devices (such as CD-ROM) Keyboard Mouse Graphics Requirement 4 GB Total memory (1 x 4 GB DDR3 1600 MHz ECC) Integrated Intel 82579LM PCIe GbE Controller 16X SuperMulti DVDRW SATA HP USB Standard Keyboard Microsoft Wheel Optical 3-button USB Mouse NVIDIA Quadro NVS 310 512 MB Dual Head Expansion Slots 2 PCI Express Gen3 x 16 mechanical/electrical 1 PCI Express Gen3 x 8 mechanical/electrical 1 PCI Express Gen2 x 8 mechanical/x4 electrical 1 PCI Express Gen2 x 4 mechanical/x1 electrical 1 Legacy PCI Built-in I/O Ports 5 USB 2.0 4 USB 3.0 2 IEEE 1394 Power supply Power consumption 600 W (90% efficient power supply) max 600 W Operating Frequencies and Voltages The various pieces of equipment used with the PC client hardware can operate with the following AC line voltages and frequencies: 120 VAC at 60 Hz 240 VAC at 60 Hz 120 VAC at 50 Hz 240 VAC at 50 Hz 6871025P07-A November 2013 Send Feedback
Chapter 2 PNM Client Theory of Operations This chapter provides a list of the Motorola Private Radio Network Manager (PRNM) Suite software installed on the PNM Client. Windows Remote Desktop Connection PNM Client is a remote control software application. You can use it to remotely manage Windows systems. In the ASTRO 25 system, the default version of Microsoft Windows Remote Desktop including Remote Desktop for Administration and Remote Desktop Connection that are included with Microsoft Windows OS by default are supported. For supplemental remote desktop procedures that may be required depending on policies in your organization, see the Windows Supplemental Configuration manual. McAfee Anti-Malware The McAfee anti-malware server is located on the Core Security Management Server (CSMS). It performs the following functions: Manages and deploys agents on Windows and Red Hat Linux devices Manages, deploys, and enforces McAfee epo* product policies Distributes updates to McAfee clients for new McAfee products, upgrades, and patches Provides status for the McAfee implementation and manages clients through predefined or customized reports * McAfee epolicy Orchestrator (epo) is the McAfee anti-malware server software. For more information, see the Core Security Management Server manual. 6871025P07-A November 2013 Send Feedback
Chapter 3 PNM Client Installation This chapter details installation procedures relating to the PNM Client. Note: After the initial installation, all procedures assume that you are already accessing PNM Client. For procedures and related information in the virtual environment, see the Virtual Management Server Software manual. PNM Client Installation Prerequisites Table 6: PNM Client Software Installation Media Software/Optical Media Description/Version Provided with: Microsoft Windows Operating System Installation DVD MOSI Recovery CD Windows 7 SP1 Motorola OS Installer Z400 Z420 Virtual Machine (VM) PNM Client Virtual Appliance DVD Private Network Management (PRNM) Suite Client Application CD Windows Supplemental CD MOTOPATCH for Windows DVD MOTOPATCH for Windows 3PP CD Current certified version Current certified version Current certified version Current certified version Current certified version For additional prerequisites specific to the virtual environment, see the Virtual Management Server Software manual. IP Addresses and Login Information Before performing procedures from this manual, locate the following information pertaining to the PNM Client (see your system documentation or contact your system administrator): 6871025P07-A November 2013 Send Feedback
34 PNM Client Installation IP address Subnet mask Gateway Primary DNS Alternate DNS Administrative login and password Installing the PNM Client Process: 1 Perform one of the following actions, depending on your installation hardware/environment: If If you are installing the PNM Client on the Z400/ Z420 workstation, If you are installing the PNM Client as a Virtual Machine on an ESXibased Virtual Server, Then perform the following actions: 1 Turn on the HP Z400/Z420 workstation. 2 Install Windows using MOSI. See Windows Installation by MOSI on page 38. 3 Go to the next step. perform the following actions: 1 Make sure that the installation/configuration process for virtual server host has been completed. See the Virtual Management Server Hardware and Virtual Management Server Software manuals. 2 Import PNM Client Virtual Machine. See Importing PNM Client Virtual Machines on page 35. 3 Turn on the PNM Client Virtual Machine you imported. See the Turning On an Individual Virtual Machine section in the Virtual Management Server Software manual. 4 Configure PNM Client Virtual Machine. See Configuring the PNM Client Virtual Machine on page 37. 5 Go to the next step. 2 Configure TCP/IP. See Configuring TCP/IP on Windows on page 41. 3 Reconfigure the VMware tools for Windows-based virtual machine. See Reconfiguring VMware Tools on Windows-Based Virtual Machine in the Virtual Management Server Software manual. 4 Change the Windows login warning banner and title. See the Changing Logon Banners Locally section in the Windows Supplemental Configuration manual. 5 Optional: If a printer (local or network) is present in your system, install it. See the printer's vendor documentation. 6 Into the optical drive insert the latest Windows Supplemental CD and install the needed common software. See the Windows Supplemental CD Contents section in the Windows Supplemental Configuration manual. Common software: Network Management Client (NETWORK_MANAGEMENT_CLIENT.xml) Backup and Restore Client * (Motorola Windows Bar Client.xml) Centralized Event Logging Client * (Motorola Windows Logging Client.xml) * Optional features Send Feedback November 2013 6871025P07-A
PNM Client Installation 35 For additional information, see Centralized Event Logging Client and Backup and Restore Client Installation on page 39. a) Open the Command Prompt. On the Windows Supplemental CD, navigate to the wif folder. b) To install the components, enter: WindowsInstallFramework.exe /e /i <feature name>.xml You can include one, two, or three <feature name>.xml parameters separated with a space. c) The xml components are in the Supplemental CD/wif folder. From the Supplemental CD/wif location, open the xml file for a device in the Notepad and, within it, search for <AppName>. Step result: The success window appears. 7 Optional: If the PNM Client is used to access an ESXi Server and other virtual elements of the system, install a vsphere Client application. For installing the VMware vsphere, see Installing the VMware vsphere Client in the Virtual Management Server Software manual. 8 Install the PRNM suite of applications. See Installing the Motorola PRNM Suite of Applications on page 38. 9 Configure the PNM Client for UEM operation. See Unified Event Manager Operations on page 39. 10 Install the ASTRO 25 system documentation set. See ASTRO 25 System Release Documentation Set Installation on page 40. 11 Install patches for the operating system. See MOTOPATCH for Windows on page 43. 12 Perform Joining and Rejoining a Windows-Based Device to an Active Directory Domain with a Script from the Windows Supplemental Configuration manual. 13 Complete all procedures from the Common Windows Procedures chapter in the Windows Supplemental Configuration manual, including: Boot Order for Windows Devices (Not for Virtual Machines) Configuration Using the ASTRO 25 System Windows Supplemental CD User Interface Deploying McAfee Anti-Malware From the CSMS Changing Logon Banners Through a Domain Controller 14 Perform Changing Password for Windows User Account on page 44. 15 If your organization can generate Point-to-Point (PTP) certificates (such as a valid certificate authority), install them now. See Installing PTP Certificates on PNM Client for Each PTP Radio on page 44. Importing PNM Client Virtual Machines Importing a virtual machine may take approximately 1 hour depending on network traffic and disk usage. For information about the Direct Attached Storage device, see the Virtual Management Server Software manual. Prerequisites: Motorola Virtual Appliance DVD Virtual Server host (ESXi-based server) IP address ESXi-based server root account password Hostname for the server Zone network for the Virtual Machine Procedure: 1 Launch the VMware vsphere Client from the Windows-based device where it resides (a desktop shortcut was created during installation). Step result: A dialog box appears prompting for an IP address, user name, and password. 6871025P07-A November 2013 Send Feedback
36 PNM Client Installation 2 Log on to the server by entering the ESXi servers IP address, root in the user name field, and the appropriate password in the password field. Step result: The vsphere Client Inventory window appears. 3 Perform one of the following actions: a) If you are installing the PNM Clientfrom the DVD, insert themotorola Virtual Appliance DVD in the DVD drive of the device where the vsphere Client resides. b) If you are not installing from the DVD, determine the location of the NMCLIENT.ovf file. 4 From the File menu, select Deploy OVF Template. Step result: The Deploy OVF Template window appears. 5 Click Browse. Step result: A window displays file directories. 6 Perform the following actions: a) Select NMCLIENT.ovf. b) Open the file. c) Click Next. Step result: The OVF Template Details window appears. 7 Click Next. Step result: The Name and Location window appears in the Deploy OVF Template window. 8 Perform the following actions: a) In the Name field, enter the appropriate hostname of the PNM Client. b) Click Next. Step example: Enter: z001nmc01 Step result: The DataStore List appears. 9 Perform one of the following actions: If the Thick Provision Eager Zeroed format an available option, select it. If that option is not available, select Thick Provision. 10 Click Next. Step result: The Network Mapping window appears in the Deploy OVF Template window. 11 In the Network Mapping window, select the appropriate Destination Network mapping for each entry is correct. Step example: For the zone-level PNM Client, select znm0 12 Click Next. Step result: The Ready to Complete window appears in the Deploy OVF Template window. 13 Verify the deployment settings. Click Finish. Step result: Import starts. 14 When the process completes successfully, verify that the left pane of the vsphere Client main window displays the application server virtual machine name. You may need to expand the list in the left pane to locate the virtual machine name. 15 In the Deployment Completed Successful window, click Close. 16 Optional: If you used the DVD, remove it from the DVD drive. For information about disconnecting DVD drives from virtual machines, see the Virtual Management Server Software manual. Send Feedback November 2013 6871025P07-A
PNM Client Installation 37 Configuring the PNM Client Virtual Machine Procedure: 1 After powering on the PNM Client, select the appropriate PNM Client virtual machine in the navigation pane on the left side of the screen, and then select Console on the right side of the screen. Step result: The console tab for the Network Management Client displays the Set Up Windows wizard. 2 Perform the following steps: a) Make appropriate selections in the following drop-down lists: Country or region:, Time and the currency:, and Keyboard layout:. b) Click Next. Step result: The Set Up Windows wizard advances to the next step. 3 Enter a user name and the correct hostname as the computer name. Click Next. Step example: A correct hostname example is <z001nmc01>. For specific IP addresses, see the System IP Plan. Step result: The Set Up Windows wizard advances to the next step. 4 Enter a password and re-enter it as instructed on the screen. Click Next. Step result: The Set Up Windows wizard advances to the next step. 5 Enter your Windows product key. 6 Select the I accept this agreement check box. Click Next. 7 For automatic windows upgrades, select Use recommended settings. Step result: The Set Up Windows wizard advances to the next step. 8 Make appropriate selections in the Time zone:, Date:, and Time: fields. Click Next. Step result: The Set Up Windows wizard advances to the next step. 9 In the Select your computer's current location window, click Work network. Step result: The Set Up Windows wizard exits and Windows starts. PNM Client Windows OS Installation This section covers the installation of the Windows operating system. Important: The activation must be done within 30 days. Failure to do so may lock up the operating system and the entire procedure may have to be repeated. After the installation, see the Activating Windows: frequently asked questions section in the online help on how to activate the newly installed Windows operating system. Activating by phone is preferred so that no other additional changes to the system are required. Windows OS Software Media Table 7: Media Software Required for Installation Required Media Motorola OS Installer Microsoft Windows OS Description Boot media used prior to OS installation Installs the Windows 7 Professional operating system. 6871025P07-A November 2013 Send Feedback
38 PNM Client Installation Windows Installation by MOSI During OS installation by MOSI, two equal partitions should be created C: and D:. To equally divide the drive on the PNM Client, follow default MOSI settings. To install the Windows Operating System (OS), use the Motorola Operating System Installer media that came with your system (see Windows OS Software Media on page 37), or use an updated version of this installation media, if appropriate. The MOSI media supports Windows OS installation and configuration (local or over-the-network) by minimizing the amount of wait time normally experienced to install. The MOSI media is updated periodically to provide continual support for installation. Information on using MOSI for installation is available on the Motorola Online (MOL) web portal. See the MOSI media label or readme.txt for information regarding access to Motorola Online (MOL). Installing the Motorola PRNM Suite of Applications The Motorola PRNM Suite is typically installed on a PNM Client when shipped from Motorola. To re-install or upgrade the PRNM Suite of applications, first uninstall the PRNM Suite of applications. Prerequisites: Perform all steps in Installing the PNM Client on page 34. Motorola PRNM Suite Client Application CD Procedure: 1 Log on to the PNM Client using the account that needs to be changed. If you use a domain account to log on Windows, make sure that the Active Directory domain is entered before the user name in the format <domain>\<user name>. If you are logging on to Windows with a local administrative account, make sure to enter the host name before the user name in the format <host name>\<user name>. 2 Insert the Motorola PRNM Suite Client Application CD into the optical drive of the client. To learn how to use CD/DVD drive in virtual environment, see the Installing or Transferring Files to a Virtual Machine section in the Virtual Management Server Software manual. 3 Navigate to the CD and double-click the PrnmSuite_install.bat file. If a User Account Control dialog box displays, click Allow, Yes, or Continue. Step result: The WIF execution log window appears. Installation of software prerequisites starts. The WIF execution log presents status of prerequisites installation. The Motorola PRNM Suite InstallShield Wizard dialog box appears. 4 Click Next. 5 At License Agreement, select I accept the terms in the license agreement. Click Next. 6 At Ready to Install the Program, click Install. 7 Perform one of the following actions: If If the critical data backup is detected, If the critical backup is not detected, Then you are asked if you would like the InstallShield to restore the data. Go to the next step. go to step 9. 8 Perform one of the following actions: Send Feedback November 2013 6871025P07-A
PNM Client Installation 39 If If you want to restore the critical data, If you want to skip restoring the data, Then click Yes. Result: The Installing Motorola Private Radio Network Management Suite dialog box appears. The progress bar on the dialog box indicates installation progress. When completed, the InstallShield Wizard Completed dialog box appears. click No. 9 Click Finish. 10 Click OK to close the WIF execution log. 11 Remove the Motorola PRNM Suite Client Application CD from the optical drive. If installing in virtual environment, disconnect the CD-DVD drive. See the Installing or Transferring Files to a Virtual Machine section in the Virtual Management Server Software manual. 12 Reboot the PNM Client. See Rebooting the PNM Client on page 40. Centralized Event Logging Client and Backup and Restore Client Installation For information on installing the Centralized Event Logging client and the Backup and Restore client, see Installing Components Located on the Windows Supplemental CD in the Windows Supplemental Configuration manual and use their respective parameters. Unified Event Manager Operations You can clear a cached copy of the Unified Event Manager (UEM) and download the UEM software on the PNM Client. Clearing a Cached Copy of the UEM Procedure: 1 In the Run dialog box, enter: C:\Program Files (x86)\java\jre7\bin\javaws.exe -viewer See Run Command on page 50. Step result: The Java Cache Viewer window appears. 2 In the Java Cache Viewer window, under the Show: drop-down list, select Applications. 3 If the Unified Event Manager application appears in the window, select it and click the X (Remove selected items) button on the toolbar. Step result: The UEM application is removed from the window and cache. 4 In the Java Cache Viewer window, under the Show: drop-down list, select Deleted Applications. 5 If the Unified Event Manager application appears in the window, select it and click the X (Remove selected items) button on the toolbar. Step result: The UEM application is removed from the window and cache. 6 Close the Internet Explorer browser to ensure that the cached copy of the UEM is not used. Post requisites: Perform Downloading the UEM Software on the PNM Client on page 40. 6871025P07-A November 2013 Send Feedback
40 PNM Client Installation Downloading the UEM Software on the PNM Client Prerequisites: The 32-bit version of Internet Explorer must be used for UEM and UNC. The UEM server application must be operational. When and where to use: Perform this procedure when launching the PNM Client for the first time or after clearing a cached copy. Procedure: 1 Open Internet Explorer. 2 In the Address field, enter: https://uem<core_id>.zone<id>:9090 If the Dynamic System Resilience feature is enabled, the <core_id> parameter is for a primary and backup core, 01 and 02, respectively. If the Dynamic System Resilience feature is disabled or in non-dsr systems, the <core_id> parameter is 01. The zone <id> parameter is the valid ID of the zones that have the UEM server. Step result: The UEM client launch page opens. 3 Click OK. 4 Click Launch Client. 5 Optional: If prompted, click Run. 6 Log on to the UEM application with the appropriate user name and password. Click Connect. Step result: The UEM Main window appears. Result: After successfully launching UEM Client for the first time, a desktop shortcut is created. You can use it to access UEM Client the next time. Post requisites: Installation of the UEM Client is for the current user only. If you log in as another user, the UEM shortcut will not be available. In that case perform this procedure again for the current user. ASTRO 25 System Release Documentation Set Installation ASTRO 25 system documentation from Motorola is delivered on a USB drive or other media when the system is commissioned. Follow the instructions provided with the media to install the documentation on the network management client workstation. Your system must have Adobe Reader and a web browser installed to access the documentation. If your system does not have Adobe Reader, install the application using the option provided during the installation procedure. Rebooting the PNM Client Procedure: 1 From the taskbar, select Start Shut Down. 2 Select Restart. Step result: The PNM Client reboots. Send Feedback November 2013 6871025P07-A
Chapter 4 PNM Client Configuration After the initial configuration, all procedures assume that you are already accessing PNM Client. For procedures and related information on virtual environment, see the Virtual Management Server Software manual. Configuring TCP/IP on Windows If TCP/IP appears to be already configured as some fields are filled in, make sure that all fields have correct settings. Process: 1 Configure DNS settings. See Configuring DNS Settings on Windows on page 41. 2 Configure the Primary DNS Suffix. See Configuring Primary DNS Suffix on page 42. Configuring DNS Settings on Windows Prerequisites: IP address Subnet mask Default gateway Preferred DNS server Alternate DNS server Procedure: 1 In the Run dialog box, enter: ncpa.cpl Step result: The Network Connections window opens. 2 Right-click the Local Area Connection. Select Properties. If a User Account Control dialog box displays, select Allow, Yes, or Continue. Step result: The Local Area Connection Properties dialog box appears. 3 Select Internet Protocol Version 4(TCP/IPv4) Properties. 4 At Internet Protocol Version 4(TCP/IPv4) Properties, select Use the following IP address Use the following DNS Server address and complete all fields (contact your system administrator or consult your system documentation for credentials). Some fields may already be filled in. If so, make sure that the values are correct. 5 Click Advanced. Step result: The Advanced TCP/IP Settings dialog box appears. 6 Click the DNS tab and select the Append these DNS Suffixes (in order) check box. 7 Click Add. In the TCP/IP Domain Suffix dialog box that appears (where X is the current zone, default is zone1), enter the Zone Domain Name: zonex 6871025P07-A November 2013 Send Feedback
42 PNM Client Configuration 8 To add the DNS suffix zonex, click Add. Step result: The TCP/IP Domain Suffix dialog box closes. 9 Repeat steps step 7 and step 8 to add the DNS suffixes: ucs 10 To close the Advanced TCP/IP Settings dialog box, click OK. Step result: The Advanced TCP/IP Settings dialog box closes. 11 To close the Internet Protocol 4(TCP/IPv4) Properties dialog box, click OK. 12 To save changes, click OK. Step result: The Local Area Connection Properties dialog box closes. Configuring Primary DNS Suffix Procedure: 1 In the Run dialog box, enter sysdm.cpl See Run Command on page 50. If a User Account Control dialog box displays, select Allow Yes Continue. Step result: The System Properties dialog box appears. 2 On the Computer Name tab, click Change. Step result: The Computer Name/Domain Changes dialog box appears. 3 Click More. Step result: The DNS Suffix and NetBIOS Computer Name dialog box appears. 4 In Primary DNS Suffix of this computer, enter your domain name (for example, Step example: Enter: UCS.ASTRO Click OK. Step result: The DNS Suffix and NetBIOS Computer Name dialog box closes. 5 Click OK. Step result: Information about a required restart appears. 6 Select OK Close. 7 When the restart prompt appears, click Restart Now. Time Sources The Domain Controllers are time sources for Windows-based devices that are joined to the Active Directory domain. Whenever a device that is part of a Windows Active Directory domain interacts with a Domain Controller, the time from the device is included in the messages. If the time the device supplies in the message differs by a certain amount of time compared to the time on the DC, that message is considered invalid. The Domain Controllers get their time from the ASTRO 25 system Network Time Protocol (NTP) servers. The hostnames of the NTP servers for the Domain Controllers depends on whether Dynamic System Resilience (DSR) is implemented: Domain Controllers in non-dsr systems, and Domain Controllers in a DSR primary core, use ntp02.zonez as the primary NTP server, and ntp03.zonez as the secondary NTP server (where Z is the zone to which the DC belongs). Send Feedback November 2013 6871025P07-A
PNM Client Configuration 43 Domain Controllers in a DSR backup core use ntp05.zonez as the primary NTP server, and ntp06.zonez as the secondary NTP server (where Z is the zone to which the DC belongs). The Domain Controller configuration script specifies the NTP servers that Domain Controllers use (you do not need to enter this information when installing and configuring Domain Controllers.) For more information about NTP configuration in an ASTRO 25 system, see the following ASTRO 25 system manuals: Network Time Protocol Server Virtual Management Server Software Note: If the time source needs to be configured before configuring RADIUS, see the Network Time Protocol Server manual and the appropriate manual for the configured device. Windows Login Warning Banners Change the Windows Login Warning Banner only if it is required by your organization s policies. For information on how to change the Windows Login Warning Banner using Windows, see the Changing Logon Banners Locally section in the Windows Supplemental Configuration manual. Printer Installation If a printer (local or network) is present in your system, follow the printer's vendor documentation to install it on PNM Client instead. MOTOPATCH for Windows The MOTOPATCH for Windows DVD may contain patches applicable to your system. Be sure to thoroughly review the README.txt file on the MOTOPATCH media as it contains information on system preparation and operating instructions for MOTOPATCH installation. Before installing in the virtual environment, connect the virtual machine to the DVD drive where you will insert the software media. For information about connecting DVD drives to virtual machines, see the Virtual Management Server Software manual. The MOTOPATCH for Windows DVD is a dynamic product, which changes each month in response to new security vulnerabilities. Your system was shipped with the latest version of the MOTOPATCH for Windows DVD available at that time. Use its latest version and review the README.txt file as it may include new information pertaining to your specific system. For information on obtaining the latest version, contact the Motorola Solution Support Center (SSC). Common Windows Procedures Follow the procedures in the Common Windows Procedures chapter of the Windows Supplemental Configuration manual. 6871025P07-A November 2013 Send Feedback
44 PNM Client Configuration Changing Password for Windows User Account Procedure: 1 Log on to the PNM Client using the account that needs its password changed. If you use a domain account to log on Windows, make sure that the Active Directory domain is entered before the user name in the format <domain>\<user name>. If you use a local account to log on Windows, make sure that the hostname is entered before the username in the format <hostname>\<user name>. 2 Perform the following actions: a) Press CTRL + ALT + DELETE. b) Click Change Password. If you are accessing a Windows-based virtual machine using VMware vsphere Client, be aware that pressing CTRL + ALT + DELETE displays the Windows Security dialog box for the Windows-based device hosting the vsphere application, even if the cursor is in the console for the Windows-based virtual machine. For more information about interacting with virtual machines, see the Virtual Management Server Software manual. Step result: The Change Password window appears. 3 Perform the following actions: a) In the Old Password field, enter: <old password> b) In the New Password field, enter: <new password> c) In the Confirm Password field, enter: <new password> again. Step result: A confirmation message appears. 4 To exit, click OK. PTP Certificates You can launch the PTP web management application from the UEM within each PNM Client. However, first install the valid certificates into each PNM Client. Follow Installing PTP Certificates on PNM Client for Each PTP Radio on page 44 to install those certificates. Currently, there is a set of default certificates that have been installed as part of PNM Client installation to enable users to launch PTP web management application successfully: root_cert astro-ca.crt is a default PTP ASTRO 25 system root certificate installed to allow the browser to validate the default PTP public certificate. Without it, the browser displays an untrusted certificate warning every time a user launches PTP web application. public_cert ptp-astro.der is the default PTP public certificate for use in ASTRO 25 systems. It is not tied to a specific device, so a web browser indicates an invalid certificate. It is not secure and is used for a bootstrapping purpose only. If full IA capabilities are available (example: users have a valid Certificate Authority), then a unique certificate should be generated for each PTP radio. Example: you can create a PTP ASTRO 25 Root Certificate (one for all PNM Clients) along with a PTP public certificate for each PTP radio. Installing PTP Certificates on PNM Client for Each PTP Radio Procedure: 1 Generate the root certificate and PTP public certificate through a valid Certificate Authority (CA) and place them into PNM Client. Send Feedback November 2013 6871025P07-A
PNM Client Configuration 45 Step example: Save them on the Desktop of the PNM Client. Step result: The certificates for your organization are stored locally. 2 Right-click a certificate file and select Install certificate. 3 At the Certificate Import Wizard window, click Next. 4 At the Certificate Store window, select the Automatically select the certificate store based on the type of certificate option. Click Next. 5 At the Completing the Certificate Import Wizard window, click Finish. Note: The certificates should be installed under the following sections within the Certificates section under the Contents tab within the Internet Options window of the browser. <root certification file> Trusted Root Certificate Authorities section <public PTP certificate file> Intermediate Certificate Authorities section Step result: The Success window appears. Result: After the installation of certificates completes, you are able to access the PTP web application securely. For more information, see the Unified Event Manager manual. 6871025P07-A November 2013 Send Feedback
Chapter 5 PNM Client Operations This chapter details tasks that you perform once the PNM Client is installed and operational on your system. Creating a PRNM Suite Application Shortcut PRNM Suite application shortcuts are a starting point to access the Motorola Private Radio Network Management (PRNM) applications. Application shortcuts are generated for all installed PRNM Suite applications upon login to Windows, based on zones provided by Active Directory (depending on policies in your organization). The system manager assigns permissions to each user in the system. These permissions determine which applications, security groups, and objects you can access. However, each application shortcut can be opened by a user with different permissions (example: through the runas command). Procedure: 1 Double-click the PRNM Suite icon on your desktop. 2 From the Explorer window, select one of the following items: A system-level application from the content pane. A zone from the navigation pane, and then a zone-level application from the content pane. Open the Primary Master Site folder. Open the Primary Zone Core folder, and then open a zone folder. Only if the Dynamic System Resilience feature is enabled, open the Backup Master Site folder. Only if the Dynamic System Resilience feature is enabled, open the Backup Zone Core folder and then open a zone folder. 3 Drag the application icon where you want it to appear on the desktop. Note: Creating a desktop shortcut removes the application from the Explorer window. To leave the application icon in the window, copy the application icon to the desktop by holding down the CTRL key and dragging the icon to where you want it to appear. Step result: The application icon appears on the desktop. Creating an Application Shortcut Use this procedure to create a shortcut for Unified Network Configurator, Unified Event Manager, and Provisioning Manager. Procedure: 1 Right-click anywhere on the Windows desktop. Step result: A pop-up menu appears. 6871025P07-A November 2013 Send Feedback
48 PNM Client Operations 2 Select New Shortcut. 3 At the Create Shortcut window, in the Type the location of the item field, enter the specific URL of the application (server IP address and port number). Important: Do not use the Browse button to try to locate the server. Enter the URLs provided: Unified Network Configurator Wizard: http://ucs-unc01:9080/uncw Unified Event Manager: https://uem01.zone<zone_id>:9090 Unified Network Configurator: https://ucs-unc01.ucs Provisioning Manager: This URL is for Single Sign-On only: https://ucs01.ucs:49308/pm/pm.html https://ucs01.ucs:49309/pm/pm.html For systems with the Dynamic System Resilience feature enabled, in addition to the ones listed pertaining to a primary core, the URLs for a backup core are as follows: Unified Network Configurator Wizard: http://ucs-unc02:9080/uncw Unified Event Manager: https://uem02.zone<zone_id>:9090 Unified Network Configurator: https://ucs-unc02.ucs Provisioning Manager: This URL is for Single Sign-On only: https://ucs02.ucs:49308/pm/pm.html https://ucs02.ucs:49309/pm/pm.html 4 Click Next. 5 At the Create Shortcut window, in the Type a name for this shortcut field, enter a descriptive name for the shortcut. When creating shortcuts for the UEM, remember that each zone has a unique URL and should be named appropriately. 6 Click Finish. Step result: An icon for the shortcut appears on the desktop. Opening an Application from the Explorer Window Procedure: 1 Double-click the PRNM Suite icon on your desktop. 2 From the Windows Explorer window, perform one of the following steps: If you want to run a system-level application from the primary master site, open the Primary Master Site folder. If you want to launch a zone-level application, open the Primary Zone Core folder and then open a zone folder. If the Dynamic System Resilience feature is enabled and you want to run a system-level application from the backup master site, open the Backup Master Site folder. If the Dynamic System Resilience feature is enabled and you want to run a zone-level application from the backup master site, open the Backup Zone Core folder and then open a zone folder. Step result: The selected folder opens. 3 Double-click an icon of an application you want to run. Step result: The application opens. Send Feedback November 2013 6871025P07-A
PNM Client Operations 49 Opening an Application from the Start Menu Procedure: 1 From the taskbar, select Start All Programs Motorola Motorola PRNM Suite Applications. Step result: A submenu displays master site and zone core folders. If you have the Dynamic System Resilience feature enabled, it also displays master site and zone core folders for Backup Master Site and Backup Zone Core. 2 Perform one of the following actions: Select a system-level application from the submenu. Click a zone, and then select a zone-level application from the submenu. Click a Primary Master Site, and then select a system-level application from the submenu. Click a Primary Zone Core, then click the zone, and then select a zone-level application from the submenu. Only if the Dynamic System Resilience feature is enabled, click a Backup Master Site, and then select a system-level application. Only if the Dynamic System Resilience feature is enabled, click the zone, and then select a zone-level application from the submenu. Step result: The application opens. Displaying System-Level Applications You can have multiple sessions opened for each application, as well as different applications opened simultaneously. Procedure: 1 From the taskbar, select Start All Programs Motorola Motorola PRNM Suite Applications. Step result: A submenu displays master site and zone core folders. If you have the Dynamic System Resilience feature enabled, it also displays master site and zone core folders for Backup Master Site and Backup Zone Core. 2 Double-click the Primary Master Site folder. Note: Optionally, if the Dynamic System Resilience feature is enabled, you can also display a systemlevel application for Backup Master Site by clicking Backup Master Site folder. 3 Double-click the system-level application you want to open. Step result: The application opens. Displaying Zone-Level Applications The Explorer window displays zone-level applications under each zone folder. Your access permissions at the time you log on determine which applications are displayed for each zone. You can have multiple sessions opened for each application, as well as different applications opened simultaneously. Procedure: 1 From the taskbar, select Start All Programs Motorola Motorola PRNM Suite Applications. Step result: A submenu displays master site and zone core folders. If you have the Dynamic System Resilience feature enabled, it also displays master site and zone core folders for Backup Master Site and the Backup Zone Core. 6871025P07-A November 2013 Send Feedback
50 PNM Client Operations 2 Double-click the Primary Zone Core folder. Note: 3 Optional: If the Dynamic System Resilience feature is enabled, you can also display a zone-level application for Backup Zone Core by clicking Backup Zone Core folder. 4 Select a zone from the navigation pane. Step result: The Explorer window displays applications associated with the selected zone in the contents pane. 5 Double-click a zone-level application. Step result: The application opens. Checking the User Identity When and where to use: Perform this procedure to locate the list of PRNM suite user IDs. Note: User IDs are the same for both Windows and the PRNM Suite. Procedure: 1 Enter: sysdm.cpl 2 Optional: If a User Account Control dialog box displays, click Allow, Yes, or Continue. 3 Click the Advanced tab. 4 In the User Profiles field, click Settings. Result: The list of users is displayed. Run Command The Run command is an efficient way to open programs, files, or web sites. To access the Run command dialog box, press the WINDOWS + R. For more information on the Run command, see the Start a program by using the Run command topic in your operating system online help. Centralized Backup and Recovery for PNM Clients This section provides information about centralized backup and recovery for Private Network Management (PNM) clients in an ASTRO 25 system that includes a Backup and Recovery Server (BAR server), if implemented in your system. Note: If secure protocols are used for communication with the BAR server, then correctly configure secure protocols, provision SSH keys, and register the device. See the SSH configuration process for centralized backup and restore in the Securing Protocols with SSH manual. PNM Client Backup on the Backup and Recovery Server Back up a PNM Client whenever critical data on the client changes. Critical data types for a PNM Client include SSH keys, certificates, password vault, and configuration (including secure settings). Send Feedback November 2013 6871025P07-A
PNM Client Operations 51 To back up a PNM Client, schedule a backup to the Backup and Recovery Server (BAR server), selecting the PNM Client for backing up. See the Backup and Restore Services manual. Restoring Critical Data to a PNM Client from the Backup and Recovery Server Prerequisites: For details on how to restore critical data from the Backup and Recovery Server (BAR server) to a PNM Client, see the Backup and Restore Services manual. Procedure: 1 Connect to the Backup and Recovery Server (BAR server) and log on using the administrative account for the Backup and Restore (BAR) Service. 2 Execute a client data restore, selecting the PNM Client as the client for restoring. 3 Verify the successful completion of the restore. See Reporting Restore Results in the Backup and Restore Services manual. 6871025P07-A November 2013 Send Feedback
Chapter 6 PNM Client Maintenance This chapter describes the periodic maintenance procedures relating to PNM Client. There are no serviceable parts in the PC client or PNM Client that require maintenance or calibration. Exterior cleaning by the user using a clean, lint-free cloth, or soft brush is sufficient. It is also advisable to do periodic interior cleaning of the cooling fan, power supply, and boards by using a low-suction vacuum cleaner. Since PNM databases are not on the PNM Client PC and the PNM Client application does not consume much space on the hard drive, regular PC maintenance is enough for the PNM Client. The PNM Client PC should solely be used for PNM Client activity. If you install any extra applications, they can cause the PNM Client to malfunction. Keep a minimum of 5 GB free space on the hard drive at all times. Uninstalling the PRNM Suite of Applications Install the following components on the system: Embedded Password Management, CGD, MOT_CACerts, OpenSSL, 7-Zip, and Java. You can remove them from the system only after you uninstall the PRNM Suite. For details on how to check which components apply to the NM Client, see Installing Components Located On the Windows Supplemental CD in the Windows Supplemental Configuration manual. Use to uninstall the PNM applications. This procedure does not uninstall other components installed from the Windows Supplemental CD as prerequisites in step 6 of Installing the PNM Client on page 34 or components that operate automatically in the background after the installation of PRNM Suite of Applications (such as Java). Prerequisites: Close the PNM applications. Procedure: 1 Log on using a local administrative account (the account name set up by Motorola is secmoto for Windows-based devices), or Active Directory administrative account. If you use a domain account to log on Windows, make sure that the Active Directory domain is entered before the user name in the format <domain>\<user name>. If you use a local account to log on Windows, make sure that the host name is entered before the user name in the format <host name>\<user name>. 2 In the Run dialog box, enter: appwiz.cpl 3 Right-click Motorola PRNM Suite. From the context menu, select Uninstall. 4 When prompted to confirm that you want to unistall the suite, click Yes. If a User Account Control dialog box displays, click Allow, Yes, or Continue. Step result: The following message appears: Would you like InstallShield to back up your critical data? The backup may be used while installing PRNM Suite next time to restore or migrate the data. 5 Perform one of the following actions: To backup the critical data, click Yes. 6871025P07-A November 2013 Send Feedback
54 PNM Client Maintenance To skip backing up the critical data, click No. Step result: A dialog box may appear asking you to close the Java Platform SE binary application. 6 If a dialog box asking you to close the Java Platform SE binary application appears, click Yes. Step result: When the PRNM Suite of Applications is uninstalled, the system restarts. 7 If the pop-up window with information about a necessary reboot appears, click Yes. Send Feedback November 2013 6871025P07-A
Chapter 7 PNM Client Troubleshooting This chapter contains information on PNM Client troubleshooting procedures. For detailed information on the Operating System, see the Windows help and the specific Network Management application manuals within the ASTRO 25 system documentation set for more information on those applications. Embedded Passwords Embedded accounts have passwords that must match on all peer devices. Motorola sets up default passwords that match on all peer devices. However, problems may occur when, on all peer devices, the embedded passwords are: not changed all at the same time not set to the same value For detailed information, see the "Embedded Password Management" appendix in the Authentication Services manual. 6871025P07-A November 2013 Send Feedback
Chapter 8 PNM Client FRU Information This chapter lists the Field Replaceable Units (FRUs). PNM Client Field Replaceable Units Table 8: PNM Client Field Replaceable Units Item Description Certified Network Management ASTRO 25 System Workstation (Z400/Z420) HP DL380 Gen8 HC Virtual Server without Software (for L1 system configuration) HP DL380 Gen8 HC DAS 300 Virtual Server without Software (for L2 system configuration) Part Number N/A (see the Motorola model number) DLN6863A DLN6822A 6871025P07-A November 2013 Send Feedback
Chapter 9 PNM Client Disaster Recovery This chapter provides references and information that enable you recovering PNM Client in the event of a failure. Recovering the PNM Client Process: 1 Backup data. See Backing Up the PNM Client SSH Data on page 61. 2 Perform this step only if you replace your PC hardware. If MAC Port Lockdown is enabled, unlock the HP Switch Port corresponding to the failed client. Perform steps related to disabling the MAC Port Lockdown from the Unlocking/Locking HP Switch Ports When Replacing Connected Devices in the MAC Port Lockdown manual. 3 Optional: If you replace your PC hardware, set up the new hardware and connect the PC to the switch. 4 If MAC Port Lockdown was enabled at the beginning of the device recovery, verify that the new MAC address has been learned by the HP Switch and re-enable MAC Port Lockdown. a) Obtain the MAC address of the recovered PNM Client. Verify that the HP Switch has learned the new MAC address before locking down the port again. 1 Log on to the PNM Client using the valid administrator account. 2 To open the Run dialog box, press WINDOWS ICON + R. 3 Enter: ipconfig /all 4 Under Ethernet Adapter Local Area Connection, in the Physical Address field, locate the MAC address. b) Enable MAC Port Lockdown. See Unlocking/Locking HP Switch Ports When Replacing Connected Devices in the MAC Port Lockdown manual. Complete the portion of the procedure to enable MAC Port Lockdown and validate that the MAC address on the switch port matches the MAC address from the previous step. 5 Reinstall the PNM Client software. See PNM Client Installation Process in the Private Network Management Client manual. (If needed, see the PNM Client Software Installation Media table.) 6 To restore the data, perform one of the following procedures: If a BAR server is present in a system, perform Executing a BAR Client Data Restore in the Backup and Restore Services manual. If a BAR server is not used in a system, perform a local restore. See Restoring the PNM Client SSH Data in the Private Network Management Client manual. 6871025P07-A November 2013 Send Feedback
Appendix A Local Backup/Restore of PNM Client SSH Data To learn how to perform PNM Client backup and restore, see Centralized Backup and Recovery for PNM Clients on page 50. This appendix should not be used for a regular backup/restore of PNM Client. However, it can be useful in some specific cases (such as PNM Client Disaster Recovery when your Backup/Restore Server is not accessible). Backing Up the PNM Client SSH Data Procedure: 1 Log on to the PNM Client using your Active Directory account, a member of the Active Directory Network Security Administrator group (secadm). If needed, see the Logging on to Network Management Clients to Configure SSH in the Securing Protocols with SSH manual. If you use a domain account to log on Windows, make sure that the Active Directory domain is entered before the user name in the format <domain>\<user name>. If you use a local account to log on to Windows, make sure that the host name is entered before the user name in the format <host name>\<user name>. 2 Launch this option using Run As Administrator: from the Start menu, select All Programs Motorola Motorola PRNM Suite Maintenance backupsshsettings (Programs in the Windows classic menu). Step result: A Status window opens with the status of the backup. When successful, there are no errors reported. 3 To acknowledge the backup status, click OK. Note: All backed up settings are stored within the D:\Upgrade Data Store\Motorola PRNM Suite folder. Additionally, you may copy this folder to a safe external location. Remember to copy it back to the folder before a restore, if for any reason the folder was removed or emptied. Step result: The Status window closes. Restoring the PNM Client SSH Data Procedure: 1 Log on to the PNM Client using your Active Directory account being a member of the Active Directory Network Security Administrator group (secadm). If needed, see the Logging on to Network Management Clients to Configure SSH in the Securing Protocols with SSH manual. If you use a domain account to log on Windows, make sure that the Active Directory domain is entered before the user name in the format <domain>\<user name>. If you use a local account to log on to Windows, make sure that the host name is entered before the user name in the format <host name>\<user name>. 2 Verify that the backup files are available within the D:\Upgrade Data Store\Motorola PRNM Suite folder. If for any reason this folder was removed or emptied, copy your backup files from an external location to the D:\Upgrade Data Store\Motorola PRNM Suite folder. 6871025P07-A November 2013 Send Feedback
62 Local Backup/Restore of PNM Client SSH Data 3 Launch this option using Run As Administrator : from the Start menu, select All Programs Motorola Motorola PRNM Suite Maintenance restoresshsettings (Programs in the Windows classic menu). If a User Account Control dialog box displays, select Allow, Yes, or Continue. Step result: A Status window opens with the status of the restore. When successful, there are no errors reported. 4 Click OK. Step result: The Status window closes. Send Feedback November 2013 6871025P07-A
Appendix B PNM Printer Security Configuration This chapter describes configuration of the HP LaserJet 500 color M511dn printer. Procedures apply only to PNM Printers that are connected to the system as Network Printers through LAN, not USB. Configuring the PNM Printer Security While using the Web Administration Panel you may see the following warning messages: Certificate Error: There is a problem with this website s security certificate. Click Continue to this website to proceed. Security Alert: You are about to view pages over a secure connection. Click OK to proceed. A script is accessing some software (an ActiveX control) on this page which has been marked safe for scripting. Do you want to allow this? Click Yes to proceed. Process: 1 Perform the following initial configuration procedures: a) Accessing PNM Printer Web Administration Panel on page 63 b) Disabling Printer SNMP Management and Unnecessary PNM Printer Services on page 64 c) Configuring PNM Printer Static IP Address on page 66 d) Disabling PNM Printer Management Protocols (Except for HTTPS) on page 67 e) Disabling PNM Printer Firmware Upgrade Sent as Print Jobs on page 69 f) Restricting PNM Printer Print Services to Port 9100 and LPD (port 515) on page 70 g) Restricting PNM Printer Configuration Access to Administrators Only on page 70 2 Perform the periodical maintenance procedures in PNM Printer Periodical Maintenance on page 72. Accessing PNM Printer Web Administration Panel Prerequisites: For the default IP address, see the printer's manual. This figure shows proper settings. 6871025P07-A November 2013 Send Feedback
64 PNM Printer Security Configuration Figure 3: PNM Printer Device Status Procedure: Log in to the Web Administration Panel of the Printer by entering its IP address in the Web Browser on the PC with network access to the PNM printer. Step result: The Device Status window appears. See Figure 3: PNM Printer Device Status on page 64. Post requisites: Return to the Configuring the PNM Printer Security on page 63. Disabling Printer SNMP Management and Unnecessary PNM Printer Services Figures show proper settings. Send Feedback November 2013 6871025P07-A
PNM Printer Security Configuration 65 Figure 4: PNM Printer Network Settings Figure 5: PNM Printer Other Settings Procedure: 1 Perform the following steps: a) On the Networking tab, select Network Settings Disable SNMPv1/v2. b) Remove the selection for Enable SNMPv3. c) See Figure 4: PNM Printer Network Settings on page 65. 2 Scroll down, click Apply OK. 3 Perform the following steps: a) On the Networking tab, select Other Settings Misc. Settings. b) Remove the selection for the following: Bonjour FTP Printing Telnet Config TFTP Configuration File 6871025P07-A November 2013 Send Feedback
66 PNM Printer Security Configuration See Figure 5: PNM Printer Other Settings on page 65. 4 Scroll down, click Apply OK. Post requisites: Return to the Configuring the PNM Printer Security on page 63. Configuring PNM Printer Static IP Address Prerequisites: Obtain the IP plan from your system administrator. Figures show proper settings. Figure 6: PNM Printer TCP/IP(v4) Settings Figure 7: PNM Printer TCP/IP(v6) Settings Procedure: 1 On the Networking tab, select TCP/IP Settings TCP/IP(v4). See Figure 6: PNM Printer TCP/IP(v4) Settings on page 66. Step result: The TCP/IP(v4) tab appears. 2 Set the IP Configuration Method to Manual. Send Feedback November 2013 6871025P07-A
PNM Printer Security Configuration 67 3 Complete the following fields, according to the System IP Plan: IP Address: Subnet Mask: Default Gateway: 4 Scroll down, click Apply OK. 5 On the TCP/IP(v6) tab, uncheck Enable for IPv6. See Figure 7: PNM Printer TCP/IP(v6) Settings on page 66. 6 Scroll down, click Apply OK. Post requisites: Return to the Configuring the PNM Printer Security on page 63. Disabling PNM Printer Management Protocols (Except for HTTPS) Figure 8: PNM Printer Management Protocols Web Management on page 67, Figure 9: PNM Printer Management Protocols Other on page 68 and Figure 10: PNM Printer Device Announcement Agent on page 68 show proper settings. Figure 8: PNM Printer Management Protocols Web Management 6871025P07-A November 2013 Send Feedback
68 PNM Printer Security Configuration Figure 9: PNM Printer Management Protocols Other Figure 10: PNM Printer Device Announcement Agent Procedure: 1 On the Networking tab, select Mgmt. Protocols Web Mgmt.. See Figure 8: PNM Printer Management Protocols Web Management on page 67. Step result: The Web Mgmt. window appears. 2 Select the Encrypt All Web Communication check box. Note: Make sure to set Encryption Strength to High. 3 Scroll down, click Apply OK. Send Feedback November 2013 6871025P07-A
PNM Printer Security Configuration 69 4 On the Networking tab, select Mgmt. Protocols Other. See Figure 9: PNM Printer Management Protocols Other on page 68. Step result: The Other window displays. 5 Remove the selection for the following: LLMNR Enable WINS Port WINS Registration Enable Telnet HP Jetdirect XML Services TFTP Configuration File Certificate Mgmt Service 6 Scroll down, click Apply OK. 7 On the Networking tab, select Announcement Agent. See Figure 10: PNM Printer Device Announcement Agent on page 68. Step result: The Device Announcement Agent window displays. 8 Remove the selection for Enable Device Announcement Agent. 9 Scroll down, click Apply OK. Post requisites: Return to the Configuring the PNM Printer Security on page 63. Disabling PNM Printer Firmware Upgrade Sent as Print Jobs This figure shows proper settings. Figure 11: PNM Printer General Security Procedure: 1 On the Security tab, select General Security. See Figure 11: PNM Printer General Security on page 69. Step result: The General Security window appears. 6871025P07-A November 2013 Send Feedback
70 PNM Printer Security Configuration 2 Remove the selection for the Allow firmware upgrades sent as print jobs (port 9100) check box. 3 Scroll down, click Apply. Post requisites: Return to the Configuring the PNM Printer Security on page 63. Restricting PNM Printer Print Services to Port 9100 and LPD (port 515) Procedure: 1 On the Networking tab, select Mgmt. Protocols Other. See Figure 9: PNM Printer Management Protocols Other on page 68. Step result: The Other window appears. 2 Under Enable Print Services, remove the selection the following: IPP IPPS Web Services Print FTP 3 Scroll down, click Apply OK. Post requisites: Return to the Configuring the PNM Printer Security on page 63. Restricting PNM Printer Configuration Access to Administrators Only Figures show proper settings. Figure 12: PNM Printer General Security Set Password Send Feedback November 2013 6871025P07-A
PNM Printer Security Configuration 71 Figure 13: PNM Printer Permission Policies Figure 14: PNM Printer Device User Accounts Procedure: 1 On the Security tab, select General Security. See Figure 12: PNM Printer General Security Set Password on page 70. Step result: The General Security window appears. 2 Set up the Local Administrator Password by entering credentials. Note: Make sure that the password meets complexity requirements. 3 Select the Information tab requires administrator access check box. 4 Scroll down, click Apply. 5 To disable guest configuration access from the Local Device (Panel on the Printer) on the Security tab, select Access Control. Step result: The Access Control window displays. 6871025P07-A November 2013 Send Feedback
72 PNM Printer Security Configuration 6 Configure the Sign In and Permissions Policies table as shown in Figure 13: PNM Printer Permission Policies on page 71. 7 Remove selection for the Allow users to choose alternate sign-in methods check box. 8 Scroll down, click Apply. 9 Create a User/Admin Device account in the Device User Accounts window. See Figure 14: PNM Printer Device User Accounts on page 71. 10 Click New, then perform the following: a) In the Display Name, enter the name for the account. b) Enter at least 8-digit-long Access Code. c) Click OK. Step result: You can use this access code to configure from the Device Panel. Post requisites: Return to the Configuring the PNM Printer Security on page 63. PNM Printer Periodical Maintenance This section describes periodical maintenance actions required for the PNM Printer. Applying PNM Printer Firmware Procedure: 1 Download the latest firmware from the HP Support web page for your PNM printer model. 2 Copy the downloaded Printer Firmware File to a PNM Client that has network access to the Printer. The typical recommended methods to transfer the Firmware File to the PNM Client are: CD/DVD Media USB Memory/Disk Device Remote Desktop Copy Depending on your organization's policies, choose the appropriate transfer method. For example, use of USB drives may be prohibited. 3 On the PNM Printer Web Administration Panel, go to the General Tab, select Firmware Upgrade. 4 Verify the Firmware Version and Date. You can do that by printing a configuration page to determine the version of firmware currently installed in this product. 5 If the firmware installed is older than the one downloaded, click Browse, select the firmware file and click Open Install. 6 Restart the PNM printer after upgrade is completed. Reviewing Event and Job Logs Procedure: To review the logs periodically, go to the Information tab, Job Log or Event Log Page. Send Feedback November 2013 6871025P07-A