Server Management 2.0 Installation and Configuration Guide Server Management 2.0 and Higher May 2008
.
unisys imagine it. done. Server Management 2.0 Installation and Configuration Guide Server Management 2.0 and Higher May 2008 8216 3452 000
NO WARRANTIES OF ANY NATURE ARE EXTENDED BY THIS DOCUMENT. Any product or related information described herein is only furnished pursuant and subject to the terms and conditions of a duly executed agreement to purchase or lease equipment or to license software. The only warranties made by Unisys, if any, with respect to the products described in this document are set forth in such agreement. Unisys cannot accept any financial or other responsibility that may be the result of your use of the information in this document or software material, including direct, special, or consequential damages. You should be very careful to ensure that the use of this information and/or software material complies with the laws, rules, and regulations of the jurisdictions with respect to which it is used. The information contained herein is subject to change without notice. Revisions may be issued to advise of such changes and/or additions. Notice to U.S. Government End Users: This is commercial computer software or hardware documentation developed at private expense. Use, reproduction, or disclosure by the Government is subject to the terms of Unisys standard commercial license for the products, and where applicable, the restricted/limited rights provisions of the contract data rights clauses. Unisys is a registered trademark of Unisys Corporation in the United States and other countries. Cisco is a registered trademark of Cisco Systems, Inc. NetIQ is a registered trademark of NetIQ Corporation or its subsidiaries in the United States and other jurisdictions. AppManager and Knowledge Scripts are registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other jurisdictions. All other brands and products referenced in this document are acknowledged to be the trademarks or registered trademarks of their respective holders.
Server Management 2.0 Installation and Configuration Guide Server Management 2.0 and Higher Server Management 2.0 Installation and Configuration Guide Server Management 2.0 and Higher 8216 3452 000 8216 3452 000 Bend here, peel upwards and apply to spine.
.
Contents Section 1. Introduction 1.1. Documentation Updates........................... 1 1 1.2. Understanding Server Management Software........... 1 2 1.3. Understanding AppManager Software................. 1 3 1.4. Understanding Setup Assistant...................... 1 5 1.4.1. Server Management Setup Assistant.............. 1 5 1.4.2. Types of Data Collected....................... 1 5 1.4.3. User-Provided Data........................... 1 6 Section 2. Management Server Requirements 2.1. Hardware, Software, and Media Requirements.......... 2 1 2.2. Configuring the SNMP Service...................... 2 3 2.3. Verifying the Security Policy for Windows XP............ 2 4 2.4. Installing Interim Corrections on Systems You Want to Manage..................................... 2 5 Section 3. Preparing to Upgrade an Existing Sentinel Management Server 3.1. Isolating the Management Server During Software Installation................................... 3 1 3.2. Uninstalling the Cisco Security Agent.................. 3 2 3.3. Uninstalling the AppManager Program or Server Director on the Management Server....................... 3 2 3.4. Stopping the Call Home Generator Service.............. 3 4 Section 4. Installing or Upgrading Software on the Management Server 4.1. Setting Internet Explorer Security Options.............. 4 1 4.2. Configuring Databases for AppManager Software......... 4 4 4.3. Installing AppManager Software..................... 4 4 4.3.1. Installing AppManager 6.0 Software.............. 4 5 4.3.2. Installing AppManager 7.0 Software.............. 4 7 4.4. Firewall Configuration Information.................... 4 8 4.5. Installing Server Management Software................ 4 8 4.6. Reconnecting the Management Server to the Network..... 4 9 8216 3452 000 iii
Contents Section 5. Initially Configuring the Management Server 5.1. Understanding User Roles.......................... 5 1 5.2. Defining Users.................................. 5 2 5.3. Using an Internet Proxy Server with Server Management Software.................................... 5 3 5.4. Using a Modem Connection for Call Home.............. 5 4 5.4.1. Configuring and Testing the Modem.............. 5 4 5.4.2. Modifying the Hosts File to Use a Modem Connection............................... 5 5 5.5. Modifying the Management Server Hosts File........... 5 6 5.6. Accessing the Infrastructure Solutions Console.......... 5 6 5.7. Verifying and Completing Software Settings............. 5 7 Section 6. Installing or Upgrading AppManager Software on Windows Servers and Partitions Section 7. Configuring ES7000 Model 7405R G1 Systems 7.1. ES7000 Model 7405R G1 System Requirements......... 7 1 7.2. Configuring Windows Servers and Partitions............ 7 2 7.2.1. Configuring the SNMP Service on Servers and Partitions................................ 7 2 7.2.2. Configuring Internet Explorer Options............. 7 4 7.2.3. Firewall Configuration Information................ 7 4 7.2.4. Installing Server Management Software............ 7 5 7.2.5. Modifying the Server or Partition Hosts File......... 7 5 7.3. Installing and Configuring on Linux and VMware ESX Server Servers and Partitions...................... 7 6 7.4. Running Setup Assistant........................... 7 9 7.5. Configuring Server and Partition Force Dumps........... 7 9 7.6. Optional Workgroup and Domain Configuration......... 7 12 Section 8. Completing the Management Server Configuration 8.1. Using Configuration Assistant for Virtual Machines........ 8 1 8.2. Adding Additional Systems to be Monitored............. 8 1 8.3. Completing Server and Partition Configuration for Non- Windows Operating Systems..................... 8 2 8.4. Verifying and Completing AppManager Setup............ 8 2 8.5. Verifying Communication with Integrated Lights Out Manager (ILOM)............................... 8 4 8.6. Configuring Call Home Generator Services.............. 8 4 8.7. Defining the Call Home Central Service................ 8 5 8.8. Verifying Call Home Readiness for New Systems......... 8 6 8.8.1. Introduction to Sending a Call Home RFU Packet..... 8 6 iv 8216 3452 000
Contents Prerequisites to Use the Internet for Transmissions........................... 8 6 Identifying the Central Service Connection Method............................... 8 7 Sending a Call Home RFU Packet.............. 8 7 8.8.2. Verifying Call Home.......................... 8 8 8.9. Updating Port Numbers for Server Management Software Communication........................ 8 8 8.10. Changing the Server Management Services Account Credentials................................... 8 9 8.11. Obtaining Updates.............................. 8 10 8.12. Registering for E-mail Notification of Software Updates... 8 11 8.13. Installing Virus Protection Software.................. 8 12 8.14. Submitting the Arrival Quality Report................. 8 12 Section 9. Installing and Configuring Client Workstations 9.1. Client Workstation Requirements.................... 9 1 9.2. Setting Internet Explorer Security Options.............. 9 2 9.3. Firewall Configuration Information.................... 9 5 9.4. Installing Server Management Software................ 9 6 9.5. Modifying the Client Workstation Hosts File............. 9 6 9.6. Configuring for AppManager Software................. 9 7 9.6.1. Defining a User Account for the AppManager Operator Console.......................... 9 7 9.6.2. Installing the AppManager Operator Console........ 9 7 9.7. Viewing Product Documentation..................... 9 9 9.8. Installing Virus Protection Software................... 9 9 9.9. Obtaining Updates............................... 9 9 Appendix A. Firewall Considerations A.1. Understanding Firewall Requirements................. A 1 A.2. Firewall Requirements for the Management Server....... A 1 A.3. Firewall Requirements for AppManager Management Server Software............................... A 2 A.4. Firewall Requirements for Service Processors........... A 3 A.5. Firewall Requirements for Servers and Partitions You Want to Manage.............................. A 4 A.6. Firewall Requirements for Client Workstations........... A 5 Appendix B. Installing Unisys Software in an Existing AppManager Infrastructure B.1. Integrating Unisys Software into an Existing AppManager Installation................................... B 1 8216 3452 000 v
Contents vi 8216 3452 000
Tables 1 1. AppManager 6.0 and 7.0 Management Server Software Requirements...... 1 4 8216 3452 000 vii
Tables viii 8216 3452 000
Section 1 Introduction This guide provides the information necessary to install and configure Server Management software on each of the following hardware components: Management server Servers and partitions you want to manage Client workstations In addition, this guide provides information on upgrading a Sentinel Management Server to run the latest Server Management software. Before you begin the Server Management software installation, you must initially configure your hardware components, as follows: For management servers and client workstations, configuration means that you must install the appropriate operating system. For servers and partitions you want to manage, configuration means that you must complete the steps in the appropriate hardware and software installation guides to install and configure your servers and their operating systems. This guide is intended for system administrators and Unisys service representatives who are responsible for installing and administering servers. Depending on your particular configuration, some procedures or steps in this guide might not apply. Skip the unnecessary procedures and continue with those procedures that apply to your system or situation. 1.1. Documentation Updates This document contains all the information that was available at the time of publication. Changes identified after release of this document are included in problem list entry (PLE) 18591651. To obtain a copy of the PLE, contact your Unisys representative or access the current PLE from the Unisys Product Support Web site: http://www.support.unisys.com/all/ple/18591651 Note: If you are not logged into the Product Support site. you will be asked to do so. 8216 3452 000 1 1
Introduction 1.2. Understanding Server Management Software Server Management software helps you monitor and manage the systems in your enterprise. The Server Management Infrastructure Solutions Console provides an easy-touse and convenient interface for managing both the physical and virtual components of your environment. Server Management software can be installed on management servers and on servers and partitions you want to manage. This software can also be installed on client workstations, which provide remote access to your management environment. You can use the Infrastructure Solutions Console to manage servers running the latest version of Server Management software as well as servers running older versions of Unisys software, for example, managed servers running Server Sentinel software. This means you can use the Infrastructure Solutions Console to manage new ES7000 7405R G1 systems and existing ES7000/one systems and also to monitor other ES7000 and ClearPath systems in your environment. However, when you select a managed server running Server Sentinel software, a new window is launched with the individual Server Sentinel page for that server displayed. If you decide to upgrade a management server running Server Sentinel software to run the latest Server Management software, the Infrastructure Solutions Console becomes the entry point for managing systems from that management server. If you want to continue using the familiar Server Sentinel navigation to manage your older servers as a group, you can configure a new management server to run Server Management software. The following figure shows the components that run Server Management software: 1 2 8216 3452 000
Introduction 1.3. Understanding AppManager Software AppManager software, versions 6.0 and 7.0, is provided for free with your purchase of Server Management software. You might want to install this software to take advantage of its centralized event management, powerful scripting, historical data analysis, and automated response to event-driven actions. For more information about AppManager software, see the Server Management 2.0 Software Release Announcement. If you decide to install and use the AppManager software, you must first determine whether you want to install version 6.0 or 7.0. Note: You should use the same level of AppManager for the AppManager Management Server, agent, and Operator Console. (Use either AppManager 6.0 in your environment or use AppManager 7.0.) The AppManager 6.0 agent cannot be installed on servers and partitions running Windows Server 2008. If you want to monitor Windows Server 2008 8216 3452 000 1 3
Introduction servers and partitions, then you should use the 7.0 version for all AppManager components. See the following table for differences between these two software versions: Table 1 1. AppManager 6.0 and 7.0 Management Server Software Requirements AppManager 6.0 AppManager 7.0 Database Information Operating System Information Supports either Microsoft SQL Server 2000 with Service Pack 3 or later or Microsoft SQL Server 2000 Desktop Engine (MSDE) with Service Pack 3 or later. If you do not have a SQL Server database, you can download and install MSDE for free from the Microsoft Web site. Runs on Windows Server 2003 and on Windows XP operating systems. Supports either Microsoft SQL Server 2000 with Service Pack 3 or later or Microsoft SQL Server 2005. Note: Neither MSDE nor SQL Server Express is supported by AppManager 7.0. Runs on Windows Server 2003 operating systems. Processor Type Runs on 32-bit processors only. The AppManager software includes the following three major components: AppManager management server software (includes the Repository Database, Management Server software, Agent, Monitoring Modules, Web Management Server software, Control Center and Deployment Service, and Operator Console) Install this software set on your management server or on a different server, depending on your needs. Note: The Server Management software can run on operating systems that AppManager does not support. Therefore, if you plan to run any other operating system than those listed in the previous table, you must install the AppManager software on a separate server. AppManager Operator Console - Only if you install the AppManager management server software on a separate server, then you must install the AppManager Operator Console on your management server. The Server Management software uses components of the AppManager Operator Console to remotely query the AppManager management server. - If you configure one or more client workstations, then you can install the AppManager Operator Console on one or all of the client workstations to connect directly to the AppManager management server. This is optional. AppManager agent Install this software on Windows servers and partitions you want to manage. 1 4 8216 3452 000
Introduction Note: If you are a current customer of NetIQ Corporation and you want to integrate Server Management software with your existing AppManager infrastructure, see Appendix B for more information. 1.4. Understanding Setup Assistant An important requirement of the Server Management software installation and configuration process is using Setup Assistant. Read the following topics to learn more about Setup Assistant. You are instructed to run this application later in the configuration process. 1.4.1. Server Management Setup Assistant Before you implement your network, you need to plan your LAN configuration and assign network values. Setup Assistant enables you to collect this data and place it in a single configuration information file that the system uses when the configuration information file is installed. Setup Assistant has the following capabilities: Collect configuration and network values. Save configuration data and complete later. Print a summary page. Import and modify an existing configuration. Deploy the system configuration to applicable components. Running Setup Assistant ensures you have the data required to configure the system. Print and save the summary page of the final configuration for future reference. During deployment, the configuration information file is saved to the management server, and used to configure Server Management components and automate the system installation and configuration process. 1.4.2. Types of Data Collected The following types of data are collected by Setup Assistant: Customer information The customer and contact information you provide is used by the server health monitoring facilities of Server Management. System information The system information you define here is used to configure your Service Processor and networking components. Server or partition information The information you define here is used to configure your server or partition. 8216 3452 000 1 5
Introduction Management Server information The information you define here establishes how system components are to communicate with each other and is used by the various networking components of your system. 1.4.3. User-Provided Data You might be asked to provide some or all of the following data during a Setup Assistant session: System name Company name Address City and state or province Postal code Country Console phone Remote phone Primary contact information: - Name - Department - Phone - E-mail For the Service Processor: - Service Processor name, IP address, or both - Subnet mask if fixed IP address is used - Default gateway if fixed IP address is used For the server or partition: - Operating system type - Computer name - Maintenance LAN IP address For Call Home Central Services: - Transportation means: Internet/LAN or modem - Computer name or IP address for primary Central Service location - Computer name or IP address for secondary Central Service location - Management server communication port numbers The default values can be used. 1 6 8216 3452 000
Introduction For AppManager software: - Management server computer name or IP address This is usually the management server. - Repository name - Web reporting location: computer name or IP address This is usually the management server. SNMP read-only community name The default is public. E-mail alert information: - Mail server method for sending e-mail: SMTP or Exchange - Mail server computer name or IP address - Sender name - Sender e-mail address 8216 3452 000 1 7
Introduction 1 8 8216 3452 000
Section 2 Management Server Requirements A management server running Server Management 2.0 software must be an independent server in your environment; you can provide your own hardware, or you can purchase one or more qualified servers from Unisys. If you are using VMware ESX Server in your environment, you can install the management server software onto a virtual machine, as long as that VMware ESX Server host (also known as the virtual machine monitor) is not being managed by the management server. You cannot install the management server software on any system server or partition, whether physical or virtual, or on any system external Service Processor. 2.1. Hardware, Software, and Media Requirements Note: Management servers running Server Management software do not operate correctly when Microsoft Terminal Services is used, except for Terminal Services in the Remote Administration mode. Hardware Requirements All management servers require the following minimum hardware configuration: 2.4-GHz Xeon processor (single processor) with at least 512 megabytes (MB) of memory 1 gigabyte free disk space Super VGA color monitor with a display area of at least 1024 x 768 pixels; a 1280 x 1024 display area is recommended Fast Ethernet network interface card (NIC) Connection to the network through a network segment that can access the server and partition operating systems and Service Processors Software Requirements A management server can run any of the following Windows operating systems. Note: The following are the latest supported Service Packs for each operating system. 8216 3452 000 2 1
Management Server Requirements Windows Server 2003 R2, Standard Edition, with Service Pack 2, 32-bit and x64 editions Windows Server 2003 R2, Enterprise Edition, with Service Pack 2, 32-bit and x64 editions Windows XP Professional, with Service Pack 3 for 32-bit editions and Service Pack 2 for x64 editions Note: AppManager management server software cannot run on x64 operating systems. Therefore, if you use an x64 operating system for your management software, you must install the AppManager management server software on a different server. See Section 1 for more information. All management servers require the following software configuration: Internet Explorer 6.0 and higher TCP/IP Each management server must be configured to run TCP/IP with either static or dynamic IP addressing. SNMP service SNMP must be configured on the management server and on all servers, partitions, and Service Processors that it manages. Note: For information on how to configure SNMP on servers, partitions, and Service Processors, refer to your system installation and configuration documentation. Valid administrator group privileges on the system User authentication requirements User authentication on all of the components of each system you plan to manage (including Service Processors, servers, partitions, and client workstations) must be the same as the management server. Unisys systems are initially installed using the Microsoft workgroup model, meaning that you must configure the same user name, password, and group membership on each component. After installation, your environment can be configured to use domain credentials instead. See your system planning documentation for more information. For security reasons, it is highly recommended that all users have strong passwords. Some Unisys server management software does not accept users without passwords. Internet Information Services (IIS) If you intend to configure the Call Home Central Service from your management server, hardware and software that enables you to connect to the Internet (either a modem or a network interface card) Media Requirements The Server Management Services Software CD-ROM is required for installation and is provided with your order. 2 2 8216 3452 000
Management Server Requirements The AppManager 6.0 Supplement Software CD-ROM and the AppManager 7.0 Supplement Software CD-ROM are included with your order so that you can optionally install AppManager software. 2.2. Configuring the SNMP Service To support system management software that uses SNMP, you must configure SNMP. Configuring the SNMP community and defining SNMP traps enables communication between the management server and your environment. Note: You can add and remove SNMP trap destinations at any time as required. If your environment includes other management servers or third-party management frameworks, configure them as SNMP trap destinations; otherwise, you will not receive all of the applicable data. To configure SNMP or verify that your current configuration is defined to support this software, perform the following steps: 1. Access the Computer Management window. 2. In the left pane, expand Services and Applications and click the Services icon. 3. In the list of services in the right pane, right-click SNMP Service and click Properties. The SNMP Service Properties dialog box appears. 4. Select the Agent tab. 5. Type a value in the Contact box. This string value indicates the person to contact if an error is found with the system. 6. Type a value in the Location box. This string value indicates the physical and logical location of the system. 7. Select the Traps tab. Note: Most SNMP-enabled management frameworks expect the value public by default. 8. If you want to use public for a community name, verify that it is entered in the Community name list. If it is not listed, enter it and then click Add to list. 9. If you want to use a value other than public for a community name, enter it in the Community name list and then click Add to list. If public is present by default and you do not want to use it, delete it. 10. Select the Security tab. 11. Ensure that the Send authentication trap check box is selected. If the SNMP agent receives traps from an unknown IP address and community string pair, it generates an authentication failure trap to all the remote management servers. 8216 3452 000 2 3
Management Server Requirements 12. Ensure that the community name that you specified previously is listed as READ ONLY. If it is not, do the following: a. Click Add in the Accepted community names box. b. Type the community name in the Community Name box. c. Select READ ONLY from the Community rights list. d. Click Add. 13. Enter a community name with a READ WRITE value as follows: Note: Do not specify a value of READ WRITE for the community name whose value you previously specified as READ ONLY; you should use two different community names for security reasons. a. Click Add in the Accepted community names box. b. Type a community name in the Community Name box. (This value is specific for your site, and it is case-sensitive.) c. Select READ WRITE from the Community rights list. d. Click Add. 14. Decide whether to accept SNMP packets from any host or from only selected hosts, depending on your desired security and level of network traffic. If you selected Accept SNMP packets from any host, the configuration is complete. Click OK. If you selected Accept SNMP packets from these hosts, do the following: Note: Repeat the following steps to add the value localhost and the computer name for each server, partition, and Service Processor being monitored by this management server. a. Click Add below the Accept SNMP packets from these hosts value. The SNMP Service Configuration dialog box appears. b. In the Host name, IP, or IPX Address box, type the appropriate computer name or IP address. c. Click Add. d. Click OK. 15. Locate SNMP Service in the right pane of the Computer Management window, right-click it, and click Restart to restart the service and save your settings. 16. If you are prompted to restart other services, click Yes. 17. Close the Computer Management window. 2.3. Verifying the Security Policy for Windows XP Note: Perform the following procedure only if your management server is running Windows XP. 2 4 8216 3452 000
Management Server Requirements In Windows XP, the default security policy is set to Guest only. This setting only enables you to log on to the management server remotely using guest privileges. (You cannot log on with administrative privileges.) To verify that the security policy is set properly, perform the following steps: 1. On the Start menu, point to Settings, and then click Control Panel. Control Panel is displayed. 2. Double-click Administrative Tools. The Administrative Tools window is displayed. 3. Double-click Local Security Policy. The Local Security Settings window is displayed. 4. In the left pane, expand Local Policies if it is not already expanded. 5. In the left pane, select Security Options if it is not already selected. 6. In the right pane, right-click Network access: Sharing and security model for local accounts and click Properties. The Network access: Sharing and security model for local accounts Properties dialog box is displayed. 7. Verify that the value in the drop-down menu is set to Classic - local users authenticate as themselves. If it is not, update the setting. 8. Click OK to close the Properties dialog box. 9. Close the Local Security Settings window. 10. Close the Administrative Tools window. 2.4. Installing Interim Corrections on Systems You Want to Manage Before you install Server Management software on the management server, ensure that all of your existing Unisys systems are running the latest Interim Corrections (ICs) and quick-fix releases (QFRs), which are replacement modules containing fixes for your software or platform firmware. To access the latest updates and apply them to your systems, use EZupdate to discover and download any required updates. Alternatively, perform the following steps: 1. Access the Unisys Product Support Web site at www.support.unisys.com. 2. Sign on to entitled support with your user name and password. If you do not have a user name and password, click Register and then follow the on-screen directions to register. After you sign on, the Product Support page appears. 3. Select a system type and click Go. The support page for that system is displayed. 8216 3452 000 2 5
Management Server Requirements 4. Click Releases. The releases for the system are displayed. 5. Find the appropriate fixes for both your software and your platform firmware. 6. Follow the on-screen instructions to download the available fixes for your systems. 2 6 8216 3452 000
Section 3 Preparing to Upgrade an Existing Sentinel Management Server You can upgrade an existing Sentinel Management Server to run the Server Management software. However, if you perform this upgrade, the Infrastructure Solutions Console becomes the entry point for managing systems from that management server. If you want to continue using the familiar Server Sentinel navigation to manage your older servers as a group, you can configure a new management server to run Server Management software. Note: If you are upgrading a Sentinel Management Server running Server Sentinel 4.3 or earlier, do not delete any instances of MSDE until you have completed all of the procedures in this document. After you have finished the installation and configuration, open the Infrastructure Solutions Console and verify that all of your systems, servers, and partitions are present. After you complete this verification, you can delete the MSDE instances, if you choose. If you are not upgrading a Sentinel Management Server, or if you are upgrading a Sentinel Management Server running Server Sentinel 4.x or higher, skip this section. If you are upgrading a Sentinel Management Server that is running Server Sentinel 2.x or 3.x, perform the procedures in this section. Note: If your current Service Processor also acts as a Sentinel Management Server, you must provide a new management server; you cannot install the Server Management software on a Service Processor. 3.1. Isolating the Management Server During Software Installation If you are upgrading an existing management server, you must isolate it from any Service Processors on the network. Isolate the existing management server by disconnecting all network cables or by disabling all network interface cards (NICs). 8216 3452 000 3 1
Preparing to Upgrade an Existing Sentinel Management Server 3.2. Uninstalling the Cisco Security Agent Perform the following procedure: 1. On the Start menu, point to Settings and click Control Panel. 2. Double-click Add/Remove Programs and remove Cisco Security Agent. 3. Close the Add/Remove Programs window. 4. Restart the server and log on. 3.3. Uninstalling the AppManager Program or Server Director on the Management Server If you are preparing for an upgrade, read the information under Before Uninstalling the AppManager Program or Server Director. Otherwise, proceed with the information under Uninstalling the Software. Before Uninstalling the AppManager Program or Server Director If you are upgrading a management server running Server Sentinel 2.1 or earlier software, you must uninstall Server Director. This is necessary because a Server Director repository gives undefined results if it is upgraded to the AppManager program. If you are upgrading a management server running Server Sentinel 2.2 through Server Sentinel 3.4 software, then the AppManager software is at an earlier level (5.0). Use the procedures described in 4.3 Installing AppManager Software to upgrade the existing AppManager software to a later level. Optionally, you can uninstall in advance the earlier version of the AppManager software. Consider the following factors in deciding whether to uninstall the AppManager program: Advantage: The new management software is installed quickly because the installation of a new AppManager management server and repository takes only about 30 minutes. Upgrading an existing installation usually takes 3 hours or longer. Disadvantages - Customized scripts and graph data are deleted. - After the new AppManager program is installed, you must add all your managed servers to the tree view and run the Discover_NT and Discover_Unisys scripts on each server or partition. Uninstalling the Software To uninstall the AppManager program or Server Director on a management server, perform the following steps: 1. On the Start menu, point to Settings, and then click Control Panel. 2. Double-click Administrative Tools and then double-click Services. The Services window is displayed. 3 2 8216 3452 000
Preparing to Upgrade an Existing Sentinel Management Server 3. Right-click one of the following services, depending on whether you are uninstalling the AppManager program or Server Director: NetIQ AppManager Management Service (NetIQms) Server Director Management Service (NetIQms) 4. Click Stop. 5. Right-click the Enterprise Server Directory service and then click Stop. This service is started automatically during the software installation. 6. Disconnect any users and applications that are accessing the AppManager or Server Director repository. For example, close all console programs (such as the Operator Console, Security Manager, or License Manager) and the Operator Web Console. 7. On the Start menu, point to Settings, and then click Control Panel. 8. Double-click Add/Remove Programs and uninstall NetIQ AppManager or Server Director. 9. After the uninstallation process is complete, delete any existing QDB repository database by using the SQL Server Enterprise Manager. If you do not have the SQL Server Enterprise Manager, enter the following command from a command prompt: osql -E -q drop database qdb Cold-Starting the AppManager Agent Cold-start the AppManager agent on each server or partition to remove cache information related to the old QDB repository database. 1. On the Start menu, point to Settings, and then click Control Panel. 2. Double-click Administrative Tools and then double-click Services. The Services window is displayed. 3. Right-click NetIQ AppManager Client Resource Monitor Service and click Properties. The Properties dialog box for the service is displayed. 4. Click Stop. 5. Type -o (hyphen, lowercase letter o) in the Start Parameters box. 6. Click Start. Note: You must click Start, not OK. The OK button does not start the service. 7. Click OK to close the Properties dialog box. 8216 3452 000 3 3
Preparing to Upgrade an Existing Sentinel Management Server 3.4. Stopping the Call Home Generator Service Before upgrading, you should stop the Call Home Generator Service on the management server by doing the following: 1. From the Computer Management window, select Services and Applications. 2. Right-click Call Home Generator Service and then click Stop. 3. Verify that the Startup Type is Manual. If the Startup Type is not Manual, do the following: a. Right-click Call Home Generator Service and then click Properties. The Call Home Generator Service Properties dialog box is displayed. b. On the General tab, select Manual from the Startup type list. 3 4 8216 3452 000
Section 4 Installing or Upgrading Software on the Management Server Use the procedures in this section to install, reinstall, or upgrade the software on your management server. 4.1. Setting Internet Explorer Security Options Note: Internet Explorer settings only affect the current user account. If you log on as a different user, you must repeat these configuration steps. Use these steps to set and verify the proper Microsoft Internet Explorer settings: 1. Launch Internet Explorer. For Windows Server 2008, you must be logged on to a user account in the Administrators group. If this account is not the built-in Administrator account, then launch Internet Explorer by right-clicking the Internet Explorer shortcut icon and clicking Run As Administrator. 2. Click Internet Options on the Tools menu. The Internet Options dialog box appears. 3. Select the Security tab. 4. Select the Trusted sites icon. 5. Click Sites. The Trusted sites dialog box appears. 6. Make sure the Require server verification (https:) for all sites in this zone check box is not selected. 7. Add a URL for each Service Processor, management server, and Windows server and partition. If a Service Processor, management server, or Windows server or partition is in a different Domain Name System (DNS) domain than the computer on which you are performing this procedure, use fully qualified host names instead of the URL for that component. a. In the Add this Web site to the zone box, enter one URL, for example, http://computername. b. Click Enter or Add. c. Repeat steps a and b until you have added each URL. 8216 3452 000 4 1
Installing or Upgrading Software on the Management Server Note: If you are running Internet Explorer on a management server or Service Processor, repeat steps a and b to add the URL http://localhost/. 8. Add an IP address for any components that use fixed IP addresses rather than DHCP addresses. These components might include the Service Processor, management server, partition, and Console Manager (if applicable). a. In the Add this Web site to the zone box, enter one IP address, for example, http://192.168.1.100. b. Click Enter or Add. c. Repeat steps a and b until you have added each IP address. 9. Add the Unisys Product Support Web site using the IP address 192.61.3.3 and the host name www.support.unisys.com. 10. Click Close or OK to close the dialog box. 11. Click Custom Level under Security level for this zone. The Security Settings dialog box appears. 12. In the Settings list, ensure that the following settings are selected. Note: Not all of these settings are available in every Internet Explorer and Windows operating system combination. If you do not see a setting in your environment, simply disregard that setting. Category Option Setting ActiveX controls and plug-ins Allow previously unused ActiveX controls to run without prompt Automatic prompting for ActiveX controls Binary and script behaviors Download signed ActiveX controls Download unsigned ActiveX controls Initialize and script ActiveX controls not marked as safe Run ActiveX controls and plug-ins Script ActiveX controls marked safe for scripting Enable Enable Enable Enable Enable or Prompt Enable Enable Enable Miscellaneous Access data sources across domains Enable Navigate sub-frames across different domains Submit nonencrypted form data Enable Enable or Prompt Scripting Active scripting Enable or Prompt 4 2 8216 3452 000
Installing or Upgrading Software on the Management Server Note: If the computer accessing the management software is not in the same intranet zone as the management server or Service Processor being accessed, select Automatic Logon with current username and password under User Authentication to avoid being prompted for credentials. 13. Click OK. If you receive a warning message, click Yes. 14. Do the following to allow active content to run: Notes: After you install the software, return these security settings to their previous values. Not all security settings are available in every Internet Explorer and Windows operating system combination. If you do not see a setting in your environment, simply disregard the instruction to change it. a. Select the Advanced tab in the Internet Options dialog box. b. Scroll down and select the following two check boxes under Security: Allow active content from CDs to run on My Computer Allow active content to run in files on My Computer 15. If you are configuring a client workstation, and your client workstation and management server are part of the same Internet Explorer security zone, skip to the next step. Otherwise, do the following: Note: After you install the software, return these settings to their previous values. a. Select the Internet icon on the Security tab. b. Click Custom Level under Security levels for this zone. The Security Settings dialog box appears. c. In the Settings list, ensure that the following settings are selected: Category Option Setting ActiveX controls and plug-ins Allow previously unused ActiveX controls to run without prompt Initialize and script ActiveX controls not marked as safe Enable Prompt d. Click OK. If you receive a warning message, click Yes. 16. Click OK in the Internet Options dialog box. 17. Close Internet Explorer. Note: Pop-up blockers prevent this software from operating properly. To avoid this problem, allow pop-ups from the management server, Service Processor, and client workstation. For information on allowing pop-ups, refer to the documentation for Internet Explorer or for your third-party software. 8216 3452 000 4 3
Installing or Upgrading Software on the Management Server 4.2. Configuring Databases for AppManager Software Notes: Use the following guidelines if you intend to install AppManager software in your environment. If you do not plan to install the AppManager software, you can skip this topic. These guidelines apply to the server on which you install the AppManager management server software; this can be the same as the management server or a different server. Both AppManager 6.0 and AppManager 7.0 have specific database requirements, as follows: AppManager 6.0 Requires a default instance of Microsoft SQL Server 2000 with Service Pack 3 or later or Microsoft SQL Server 2000 Desktop Engine (MSDE). (If you do not have a SQL Server database, you can download and install MSDE for free from the Microsoft Web site.) AppManager 7.0 Requires a default instance of Microsoft SQL Server 2000 with Service Pack 3 or later or Microsoft SQL Server 2005. For both AppManager versions Configure the default database instance to use SQL Server and Windows authentication mode (also known as mixed mode). You can configure this setting during installation or use SQL Server Enterprise Manager to change the authentication mode. Set the sa account password to a non-empty value. Make a note of this value, which you must use later when you configure the Infrastructure Solutions Console to communicate with the AppManager repository, as described in Verifying and Completing Settings in Section 5. If you are using an MSDE instance that was installed with an earlier level of Unisys management software, the sa account might still have the initial default value of SentinelPasswordForSA. 4.3. Installing AppManager Software If you choose to install the optional AppManager software, you must choose The software level to be installed Whether to install the AppManager management server software on a server running the Server Management software or on a different server. These installation choices are discussed in Section 1. 4 4 8216 3452 000
Installing or Upgrading Software on the Management Server If you install the AppManager management server software on a different server, you must still install the AppManager Operator Console on the same server that is running the Server Management software. The Server Management software uses components of the AppManager Operator Console to communicate with the AppManager management server. The AppManager Operator Console and the AppManager management server must be at the same version level. Therefore, your choices are as follows: Install the AppManager 6.0 management server software on the server running the Server Management software. Install the AppManager 6.0 Operator Console on the server running the Server Management software and the AppManager 6.0 management server software on a separate system. Install the AppManager 7.0 management server software on the server running the Server Management software. Install the AppManager 7.0 Operator Console on the server running the Server Management software and the AppManager 7.0 management server software on a separate system. Refer to the following guidelines when installing AppManager components. 4.3.1. Installing AppManager 6.0 Software To install AppManager 6.0, perform the following steps: 1. For installation instructions, refer to the NetIQ AppManager Installation Guide, which is included on the AppManager 6.0. Supplement Software CD-ROM at \appmanager\documentation\install.pdf. 2. Refer to the following guidelines for suggestions about the messages and options that you might encounter. Your installation options depend on the AppManager components that you select. Installation Guidelines for the AppManager 6.0 Management Server AppManager 6.0 requires Microsoft SQL Server 2000 with Service Pack 3 or later or Microsoft SQL Server 2000 Desktop Engine (MSDE) with Service Pack 3 or later. Accept the default values unless the following guidelines indicate otherwise. 8216 3452 000 4 5
Installing or Upgrading Software on the Management Server When prompted with What AppManager components do you want to install, select All the available components. If you are upgrading from an earlier version of the AppManager software, you might be asked whether to upgrade or replace existing components. For most components, the difference is not important. You must choose the upgrade option if you want to retain data, jobs, and any customized scripts in the repository. However, the repository upgrade option substantially increases the installation time because upgrading a repository typically takes 3 hours or longer. Installing a new repository usually takes 30 minutes or less. When prompted with Select the applications and systems you want to monitor on this server, disable all the listed options except for AppManager Asynchronous Event Receiver. (Licenses for these options expire within 30 days.) When the Response Time Module Selection dialog box appears, clear all the check boxes in this dialog box. (These modules are not included in the basic AppManager license.) When prompted with Select the agent options you want, clear the Enable reporting capability check box. If this check box is selected, you must specify a user account for the agent service. It is preferable to run the agent under the default Local System account. At the end of the AppManager installation, click No when prompted to register the product. Your registration is through Unisys, so it is not appropriate to register directly with NetIQ. After the installation is complete, ensure that the World Wide Web service is running. If the service is not running, or if you cannot start it, reboot the system. Installation Guidelines for the AppManager 6.0 Operator Console Only if you are installing the AppManager Operator on a Windows Server 2008 operating system, perform the following steps. 1. If the AppManager Suite Version 6.0.2 window appears, close it. 2. Open a command prompt. 3. Type the drive letter of the CD-ROM followed by a colon. For example, type D: 4. Type the following command: cd appmanager\setup 5. Press Enter. 6. Type the following command: setup SKIPINSTALLATIONCHECK 7. Press Enter. 8. Follow the on-screen directions and note the following guidelines. When prompted with What AppManager components do you want to install, select only the AppManager Operator Console component. 4 6 8216 3452 000
Installing or Upgrading Software on the Management Server After the installation is complete, if Internet Information Services (IIS) is installed on your system, ensure that the World Wide Web service is running. If the service is not running, or if you cannot start it, reboot the system. 4.3.2. Installing AppManager 7.0 Software To install AppManager 7.0, perform the following steps: 1. For installation instructions, refer to the NetIQ AppManager Installation Guide, which is included on the AppManager 7.0. Supplement Software CD-ROM at \appmanager\documentation\install.pdf. 2. Refer to the following guidelines for suggestions about the messages and options that you might encounter. Your installation options depend on the AppManager components that you select. Installation Guidelines for the AppManager 7.0 Management Server If you are upgrading from an earlier version of the AppManager software, you might be asked whether to upgrade or replace existing components. For most components, the difference is not important. You must choose the upgrade option if you want to retain data, jobs, and any customized scripts in the repository. However, the repository upgrade option substantially increases the installation time because upgrading a repository typically takes 3 hours or longer. Installing a new repository usually takes 30 minutes or less. If you have MSDE or SQL Server 2005 Express Edition installed, you must upgrade to the Standard Edition or Enterprise Edition of SQL Server 2000 (Service Pack 3 or later) or SQL Server 2005. If you do not have a version of SQL Server installed, you must install one. When prompted to choose between Evaluation or Production mode 1. Click Production. 2. Select all the component check boxes except for the Monitoring Modules check box. Your license does not include any of the monitoring modules. During the AppManager agent installation, if you are prompted with Reporting and Discovery Options, clear the Enable reporting capability check box. If this check box is selected, you must specify a user account for the agent service. It is preferable to run the agent under the default Local System account. At the end of the AppManager installation, click No when prompted to register the product. Your registration is through Unisys, so it is not appropriate to register directly with NetIQ. After the installation is complete, ensure that the World Wide Web service is running. If the service is not running, or if you cannot start it, you must reboot the system. 8216 3452 000 4 7
Installing or Upgrading Software on the Management Server Installation Guidelines for the AppManager 7.0 Operator Console When prompted to choose between Evaluation or Production mode 1. Click Production. 2. Select only the AppManager Console check box. After the installation is complete, if the Internet Information Services (IIS) is installed on your system, ensure that the World Wide Web service is running. If the service is not running, or if you cannot start it, reboot the system. 4.4. Firewall Configuration Information If the Windows Firewall is included with your operating system, it is automatically configured during the Server Management software installation. This automatic configuration enables you to use the Windows Firewall to protect your Internet connection while allowing components running Server Management software to communicate with each other and with the Unisys Support Center. If your current operating system does not include the Windows Firewall, and you later decide to upgrade to an operating system that includes the Windows Firewall, reinstall Server Management software so that the Windows Firewall is automatically configured. If you are using any other hardware or software firewall to protect your Internet connection, refer to Appendix A for information about how to configure that firewall. 4.5. Installing Server Management Software Perform the following steps to install the Server Management software: Note: Do not install this software on domain controllers. 1. Insert the Server Management Services Software CD-ROM into the CD/DVD drive. The Server Management Installation Assistant wizard is automatically launched. Notes: As a result of Windows security, you must install this software directly from the CD-ROM or from a local drive; you cannot install the software from a network share or a mapped drive. To manually launch the wizard, navigate to the CD/DVD drive, and double-click the setup.exe file. 2. In the left pane, under Select Software to Install, select the check box for the hardware component on which you are installing the software (management server, Windows managed server or partition, or client workstation). 3. If you receive a message that system requirements must be satisfied before the software can be installed, click OK. 4. In the right pane, ensure that the system software requirements are met. If you see a black check mark and a message that the requirements have been met, proceed to the next step. 4 8 8216 3452 000
Installing or Upgrading Software on the Management Server If you see a red arrow next to the hardware component name, click the name of the hardware component, and then satisfy the environmental and redistributable requirements. Refer to the Installation Help available within the wizard for more information. Note: It might take up to an hour to install prerequisite components, depending on the needs of your system. 5. Select your installation type: Recommended Installation or Custom Installation. Recommended Installation is the default installation type. 6. When the installation is complete, click Finished. 4.6. Reconnecting the Management Server to the Network Note: Perform this procedure only if you are upgrading an existing Sentinel Management Server. In preparation for upgrading an existing Sentinel Management Server, you were instructed to isolate that management server from all Service Processors on the network by disconnecting all network cables or disabling all network interface cards (NICs). At this time, reconnect the management server to the network by reconnecting the network cables or enabling all NICs. 8216 3452 000 4 9
Installing or Upgrading Software on the Management Server 4 10 8216 3452 000
Section 5 Initially Configuring the Management Server After you install the Server Management software, use the procedures in this section to initially configure the management server. 5.1. Understanding User Roles Server Management software uses the following user groups: Administrators The default Windows user group Sentinel Administrators Created during the installation of Server Management 2.0 and higher Sentinel Observers Created during the installation of Unisys management software Sentinel Operators Created during the installation of Unisys management software Note: Because Server Management software is an evolution of Unisys Server Sentinel software, the Unisys group names are prefaced by Sentinel. If you are upgrading from an existing Server Sentinel configuration, this convention enables you to use your existing Server Sentinel user accounts to access the Infrastructure Solutions Console. Prior to the release of Server Management 2.0, users defined as Administrators were in the default Windows Administrators group. Beginning with Server Management 2.0, Installation Assistant creates the Sentinel Administrators group, and any user names currently in the Administrators group are copied to this new group. Most administration tasks now require membership in the Sentinel Administrators group only. However, the following tasks require membership in both the Sentinel Administrators group and the Administrators group: Installing Unisys management software, including Interim Corrections (ICs), from the Unisys Product Support Web site Modifying the Server Management Services Account Accessing and using EZupdate Use the procedure described in the Defining Users topic to assign users to the Administrators, Sentinel Administrators, Sentinel Observers, and Sentinel Operators groups, as appropriate. 8216 3452 000 5 1
Initially Configuring the Management Server 5.2. Defining Users The Infrastructure Solutions Console is the interface to the Server Management software, and you must define the users that can access this interface. You can define administrators, operators, and observers. For more information on users and their roles, refer to the Infrastructure Solutions Console Help. 1. Access the Computer Management window. 2. In the left pane, expand Local Users and Groups. 3. Select Users. 4. Right-click in the right pane of the window and click New User. 5. In the New User dialog box, enter information as appropriate for the user role. Clear the User must change password at next logon check box and select the Password never expires check box. Note: Nonblank passwords are required. 6. Click Create. 7. Repeat steps 5 through 6 to add all the users that will be placed in the administrators, operators, and observers groups. 8. Close the New User dialog box. 9. In the left pane, select Groups. 10. Define the users for the following groups by selecting the group in the right pane, right-clicking it, and then clicking Add to Group. The Properties dialog box for the selected group appears. You can add users to the following local groups directly or create domain groups to help manage user access: Administrators Sentinel Observers Sentinel Operators Note: Because the Server Management software is an evolution of the Server Sentinel software, the observer and operator group names are prefaced by Sentinel. If you are upgrading from an existing Server Sentinel configuration, this enables you to use your existing Server Sentinel user accounts to access the Infrastructure Solutions Console. 11. To add a user to the group, click Add. A Select Users dialog box appears. 12. Type a valid user name in the Enter the object names to select box and click OK. 13. Click Apply in the Properties dialog box. 14. Repeat steps 10 through 13 for each group and then click OK. 15. Click OK in the Properties dialog box. 16. Close the Computer Management window. 5 2 8216 3452 000
Initially Configuring the Management Server 5.3. Using an Internet Proxy Server with Server Management Software Some components of Server Management software including EZupdate require access to the Internet. If you are using a proxy server (for example, Microsoft Internet Security and Acceleration (ISA) Server), Server Management software must be able to use that proxy server to access Unisys Web sites. If your proxy server supports Web Proxy Autodiscovery (WPAD) and does not require authentication, Server Management software can automatically use it to access the Internet. If your proxy server does not support WPAD, or if it requires authentication, you must do the following: Specify the user account that Server Management software will use to authenticate itself to the proxy server. Configure the specific proxy server connection settings. Specifying an Account to Authenticate Server Management Software If your proxy server does not support WPAD, or if it requires authentication, use the Server Management software Account Maintenance utility as follows to configure an account to authenticate Server Management software: 1. On the Start menu, point to Programs, point to Unisys Server Management, and then click Configure Proxy Server Credentials. 2. Select Use the following credentials. 3. Type the appropriate usercode in the Enter proxy usercode box. This usercode can be either a local machine account (for example, Bob) or a domain account (for example, MyDomain\Bob). If you do not specify a domain, the local machine name automatically prefaces the user code you enter (for example, if you enter Bob, MyLocalMachine\Bob is used). Note: Your proxy server must be capable of handling credentials in this format in order to process communications for the Call Home, Call Home Health Advisor, and EZupdate services. If your proxy server is not domain-aware, you might be unable to use these services. 4. Type the appropriate password for the usercode in the Enter proxy password box. 5. Click Update. Note: If the password for this account changes, you must repeat this procedure to update the account information. Configuring the Proxy Server Connection Settings After you use the Server Management software Account Maintenance utility to configure an account to authenticate Server Management software, do the following to configure the proxy server connection settings: 8216 3452 000 5 3
Initially Configuring the Management Server 1. Log on to your management server using the account you specified through the Server Management software Account Maintenance utility. 2. On the Start menu, point to Settings, and then click Control Panel. Control Panel is displayed. 3. Double-click Internet Options. The Internet Properties dialog box is displayed. 4. Select the Connections tab. 5. Click LAN Settings. The Local Area Network (LAN) Settings dialog box is displayed. 6. Configure the settings in the dialog box to match your network configuration. 7. Click OK to close the Local Area Network (LAN) Settings dialog box. 8. Click OK to close the Internet Properties dialog box. 9. Close Control Panel. Note: The management server provides Internet access through the proxy server only for systems that it is managing (Service Processors, servers, partitions, and the management server itself). To determine whether updates are required for systems that are not managed by the management server, such as client workstations, you must log on to those systems with credentials that are acceptable to the proxy server so that you can access the Internet. After you have access to the Internet, you can run EZupdate from the Start menu. 5.4. Using a Modem Connection for Call Home If you are using the Call Home Central Service on the management server you are configuring, and if you plan to use a modem connection, perform the steps in the following topics. Note: The preferred method for Call Home to access the Unisys Support Center is through an Internet connection. 5.4.1. Configuring and Testing the Modem If you are using a modem connection for Call Home, do the following steps to configure and test your modem. Ensure the USB modem is connected to your USB port before performing this procedure. If you are using an Internet connection, skip this procedure. Note: For external Service Processors, use the software supplied with the modem to load the drivers. Follow the installation instructions included with the modem to ensure that the modem is properly installed and recognized by the operating system. 1. On the Start menu, point to Programs, Unisys Server Management, and then click Create Call Home Dial-up. 2. Select a modem from the Modems list. 5 4 8216 3452 000
Initially Configuring the Management Server 3. Select your country from the Location list. 4. Type a prefix in the Prefix box if you need to enter a number to access an external line. 5. Click Generate String. A Unisys Support Center telephone number appears in the Dial String box. 6. Verify that the dial string is correct for your environment. 7. Click Create Entry. The dial-up connection is created. 8. Click OK to close the confirmation window. 9. Test the connection you just created by clicking Test Dial-up Connection. 10. From the Connect Support Center window, click Dial. Do not change the user name or password; otherwise, the dial-up fails. 11. Verify that the connection is made by doing the following: a. From the Create Phonebook Entry dialog box, click Show Dial-up Connections. b. From the Network Connections window, select View/Refresh. If a connection is made, you can see a new connection labeled SupportCenter in the Network Connections window. c. Right-click SupportCenter and click Disconnect. d. Click View/Refresh to verify that you are disconnected from the Support Center. 12. Close the Network Connections dialog box. 13. Click Close in the Create Phonebook Entry dialog box. 5.4.2. Modifying the Hosts File to Use a Modem Connection Perform the following steps prior to sending a Call Home ready-for-use (RFU) packet and service request packets through a USB modem. Depending on where Call Home Central Service is installed, such as the Service Processor or management server, modify the hosts file so that Call Home uses the modem connection. 1. On a workstation, maximize the Remote Desktop window for either the Service Processor or the management server. 2. On the Start menu on your Service Processor or management server, click Run. The Run dialog box appears. 3. Type the following line: notepad %systemroot%\system32\drivers\etc\hosts. 4. Click OK. The hosts file opens. 5. Add the following line to the end of the file: 8216 3452 000 5 5
Initially Configuring the Management Server 129.225.192.40 callhome.unisys.com Note: This line starts in column one. There is no space between call and home. 6. Save the file and close Notepad. 5.5. Modifying the Management Server Hosts File Note: Perform the following procedure only if your system operations or maintenance LAN does not use DNS. To modify the management server hosts file if your environment uses static IP addressing, do the following: 1. On the Start menu, click Run. The Run dialog box appears. 2. Type the following: notepad %systemroot%\system32\drivers\etc\hosts 3. Click OK. The hosts file opens. 4. Modify or add information for each management server, Service Processor, and server and partition in your environment by entering the static address and host name; for example: 192.168.222.201 partition0 Note: If you intend to change a host name or IP address later, use the new host name or IP address when modifying the hosts file. 5. Save the hosts file and close Notepad. 5.6. Accessing the Infrastructure Solutions Console You can access the Infrastructure Solutions Console from the management server on which Server Management software is installed or remotely from a client workstation. To access the Infrastructure Solutions Console 1. Choose one of the following methods: On the Start menu of the management server, point to Unisys Server Management, and then click Infrastructure Solutions Console. From either the management server or a client workstation, open a browser window and enter the following URL in the Address bar: http://management_server_computer_name/console The management_server_computer_name is the Windows computer name for the management server. From a client workstation, open a remote desktop connection to the management server, and follow the previous access method that uses the Start menu. 5 6 8216 3452 000
Initially Configuring the Management Server The Infrastructure Solutions Console launch screen appears. 2. Click Run. If you are accessing the Infrastructure Solutions Console from a client workstation, the program verifies that your client workstation meets the application requirements. If needed, software agents are automatically downloaded to your system. The Infrastructure Solutions Console log-on screen appears. 3. If the user name and password combination that you used to log on to your management server or client workstation is the same as the one that you want to use to log on to the Infrastructure Solutions Console, select the Use current credentials check box and click OK. If you want to use a different user name and password combination to log on to the Infrastructure Solutions Console, clear the Use current credentials check box, type your user name and password in the appropriate boxes, and click OK. Note: After you have successfully logged on, you can use the Options dialog box to change the way that you are prompted for your user name and password. After you log on to the Infrastructure Solutions Console, you might be prompted for a user name and password for other components in the datacenter hierarchy, such as systems and servers. The default user name and password for these components are Administrator and Administer4Me. For security, change the default credentials as soon as possible. For detailed information about the Infrastructure Solutions Console, refer to its online help by clicking the question mark icon in the upper-right corner. 5.7. Verifying and Completing Software Settings Perform the following procedure to verify and complete the Server Management software settings: 1. Access the Infrastructure Solutions Console. 2. On the left pane, select the Systems tab and then select the Datacenter node. 3. On the right pane, select the Administration tab. 4. In the Commands section under Configure, click General settings. The Server Management Settings page appears. 5. Ensure that the following settings have the correct values assigned to them as applicable to your environment. Update the settings as required. Refer to the task help, which is available from a link in the upper-right corner of the page, for more information. Note: If AppManager software is not installed in your environment, ignore the AppManager settings. 8216 3452 000 5 7
Initially Configuring the Management Server Setting SNMP ReadOnly Community String EZupdate Transport Protocol AppManager User Logon Name AppManager User Logon Password Confirm AppManager User Logon Password AppManager Location AppManager Repository Name AppManager Web Management Server Location Description The default ReadOnly community string for your environment. This value is typically public. The transport protocol that you want EZupdate to use. The choices are http (Hypertext Transport Protocol) or https (Hypertext Transport Protocol Secure). The user name that you want to use to log on to the AppManager repository, if AppManager software is installed in your environment. The default user name is sa. Ensure that you specify a user name that has access rights to the AppManager repository database (the SQL or MSDE default instance). The password you want to use to log on to the AppManager repository, if AppManager software is installed in your environment. The default password, if MSDE was installed with a previous version of Unisys management software, is SentinelPasswordForSA. If you previously installed AppManager software, ensure that this password is the same password you assigned when installing the AppManager software and configuring the database instance (the SQL or MSDE default instance). Confirm the password you want to use to log on to the AppManager repository. The location of the AppManager repository that was defined when you installed the AppManager software, if AppManager software is installed in your environment. The name of the AppManager repository that was defined when you installed the AppManager software, if AppManager software is installed in your environment. This value is typically QDB. The location of the AppManager Web management server, if AppManager software is installed in your environment. This location is usually the same as the AppManager repository location. 6. If you made any changes, click Update. 7. Close the Server Management Settings page. 5 8 8216 3452 000
Section 6 Installing or Upgrading AppManager Software on Windows Servers and Partitions Note: If you do not have AppManager software installed in your environment, skip this section. If you are using AppManager software in your environment, ensure that each server or partition is running an AppManager agent and extensions that match the version of AppManager management server software. Installing the AppManager 6.0 Agent Note: The AppManager 6.0 agent cannot be installed on servers and partitions running Windows Server 2008. If you want to monitor Windows Server 2008 servers and partitions, then you should use the 7.0 version for all AppManager components. To install the AppManager 6.0 agent on your servers and partitions, use the AppManager 6.0 Supplement Software CD-ROM. Refer to the installation instructions in the NetIQ AppManager Installation Guide, which is included on the CD-ROM at \appmanager\documentation\install.pdf. During installation, follow these guidelines: When prompted to select which AppManager components to install, select only the AppManager management agent. When prompted to Select the applications and systems you want to monitor on this server, disable all the listed options except for AppManager Asynchronous Event Receiver. (Licenses for all other options expire within 30 days.) When the Response Time Module Selection dialog box appears, clear all the check boxes in this dialog box. (These modules are not included in the basic AppManager license.) When prompted to Select the agent options you want clear the Enable reporting capability check box. If this check box is selected, you must specify a user account for the agent service. It is preferable to run the agent under the default Local System account. 8216 3452 000 6 1
Installing or Upgrading AppManager Software on Windows Servers and Partitions Installing the AppManager 7.0 Agent To install the AppManager 7.0 agent on your servers and partitions, use the AppManager 7.0 Supplement Software CD-ROM. Refer to the installation instructions in the NetIQ AppManager Installation Guide, which is included on the CD-ROM at \Documentation\Installation and Upgrade\Installation Guide.pdf. During installation, follow these guidelines: When prompted to select which AppManager components to install, select only the agent. If you are prompted with Reporting and Discovery Options, clear the Enable reporting capability check box. If this check box is selected, you must specify a user account for the agent service. It is preferable to run the agent under the default Local System account. Installing AppManager Extensions Perform the following steps after installing the AppManager 6.0 or 7.0 agent: 1. Insert the Server Management Services Software CD-ROM in the CD/DVD drive of your existing AppManager management server. Installation Assistant appears. 2. Click Finished to close Installation Assistant. 3. Open Windows Explorer, and then navigate to AppManager\OEM folder on the CD-ROM. 4. Double-click UnisysExtensions.exe. 5. Follow the on-screen instructions, accepting all of the default values. Configuring Firewall Exceptions After installing the AppManager 6.0 or 7.0 agent and extensions, create the following firewall exceptions on the servers and partitions to ensure that the agent can communicate with the AppManager management server: A program exception for Program Files\NetIQ\AppManager\bin\NetIQmc.exe, or a port exception for port 9998 A program exception for Program Files\NetIQ\AppManager\bin\NetIQCtrl.exe, or a port exception for port 8996 6 2 8216 3452 000
Section 7 Configuring ES7000 Model 7405R G1 Systems Use the procedures in this section to configure ES7000 Model 7450R G1 systems. If you are prompted for credentials, enter Administrator as the user name and enter Administer4Me as the password. 7.1. ES7000 Model 7405R G1 System Requirements The following are the requirements for ES7000 Model 7405R G1 systems: An operating system supported by the ES7000 Model 7405R G1 system. The latest supported Windows operating systems are listed in the ES7000 Model 7405R G1 Windows Operating System Installation Guide and the latest supported Linux operating systems are listed in the ES7000 Model 7405R G1 Operating System Installation Guide. Note: The Server Management software has additional requirements for Windows operating systems. Therefore, although the ES7000 Model 7405R G1 system supports Windows Server 2003 operating systems with Service Pack 1, the system must be running a Windows Server 2003 R2 or Windows Server 2008 operating system in order to be managed by the management server. The system Service Processor IP address must be known. Note: During the hardware installation process, the BIOS displayed the IP address of the Service Processor, and you were instructed to make a note of it. If you did not note the IP address at that time, you can reboot the system to learn the Service Processor IP address. The system Service Processor must be connected to the LAN that includes the management server. You might refer to this LAN as the maintenance LAN or MLAN; this is a dedicated LAN segment over which you maintain other systems in your environment. The management server has assigned IP addresses that are compatible with both the initially assigned Service Processor IP address and the final IP address you plan to assign for the Service Processor (this might be the same IP address). If the management server does not have assigned IP addresses that are compatible with the Service Processor IP addresses, use the standard Microsoft Network Connections dialog box to assign additional IP addresses to the management server. The server or partition is connected to a keyboard, monitor, and mouse, either directly or through a KVM switch. 8216 3452 000 7 1
Configuring ES7000 Model 7405R G1 Systems 7.2. Configuring Windows Servers and Partitions Perform the following procedures on servers and partitions running Windows operating systems. 7.2.1. Configuring the SNMP Service on Servers and Partitions To support system management software that uses SNMP, you must configure SNMP. Configuring the SNMP community and defining SNMP traps enables communication between servers and partitions and your environment. Note: You can add and remove SNMP trap destinations at any time as required. If you have a management server configured in your environment or if your environment includes a third-party management framework, configure it as an SNMP trap destination; otherwise, you will not receive all of the applicable data. To configure SNMP, perform the following steps: 1. Access the Computer Management window. 2. In the left pane, expand Services and Applications and click the Services icon. 3. In the list of services in the right pane, right-click SNMP Service and click Properties. The SNMP Service Properties dialog box appears. 4. Select the Agent tab. 5. Type a value in the Contact box. This string value indicates the person to contact if an error is found with the system. 6. Type a value in the Location box. This string value indicates the physical and logical location of the system. 7. Select the Traps tab. 8. If you want to use public for a community name, verify that it is entered in the Community names list. If it is not listed, enter it and then click Add to list. 9. If you want to use a value other than public for a community name, enter it in the Community names list and then click Add to list. If public is present by default and you do not want to use it, select it and click Remove from list. 10. Click Add under Trap Destinations. The SNMP Service Configuration dialog box appears. 11. In the Host name, IP, or IPX Address box, type localhost and click Add. 7 2 8216 3452 000
Configuring ES7000 Model 7405R G1 Systems 12. If you have a management server, or if your environment includes a third-party management framework, do the following: a. Click Add under Trap Destinations. The SNMP Service Configuration dialog box appears. b. In the Host name, IP, or IPX Address box, type the IP address or computer name of the management server or management framework. c. Click Add. d. Repeat steps a, b, and c for each management server or management framework. 13. Select the Security tab. 14. Ensure that the Send authentication trap check box is selected. If the SNMP agent receives traps from an unknown IP address and community string pair, it generates an authentication failure trap to all the remote management servers. 15. Ensure that the community name that you specified previously is listed as READ ONLY. If it is not, do the following: a. Click Add in the Accepted community names box. b. Type the community name in the Community Name box. c. Select READ ONLY from the Community rights list. d. Click Add. 16. Type a community name with a READ WRITE value that matches the value configured for your management server by doing the following. Note: Do not specify a value of READ WRITE for the community name whose value you previously specified as READ ONLY; you should use two different community names for security reasons. a. Click Add in the Accepted community names box. b. Type a community name in the Community Name box. (This value is specific for your site, and it is case-sensitive.) c. Select READ WRITE from the Community rights list. d. Click Add. 17. Decide whether to accept SNMP packets from any host or from only selected hosts. If you selected Accept SNMP packets from any host, the configuration is complete. Click OK. If you selected Accept SNMP packets from these hosts, do the following. Note: Repeat the following steps to add the value localhost and the computer name for each management server and third-party management framework in your environment. 8216 3452 000 7 3
Configuring ES7000 Model 7405R G1 Systems a. Click Add below the Accept SNMP packets from these hosts value. The SNMP Service Configuration dialog box appears. b. In the Host name, IP, or IPX Address box, type the appropriate computer name. c. Click Add. d. Click OK. 18. Right-click SNMP Service in the right pane of the Computer Management window and click Restart to restart the service and save your settings. 19. If you are prompted to restart other services, click Yes. 20. Close the Computer Management window. 7.2.2. Configuring Internet Explorer Options 1. Open Internet Explorer. 2. Click Internet Options on the Tools menu. The Internet Options dialog box appears. 3. Select the Advanced tab. 4. Scroll down, and under Security, select the Allow active content from CDs to run on My Computer check box. 5. Click the Privacy tab and verify that the check box under Pop-up Blocker is not selected. Pop-up blockers prevent Server Management software from operating properly. 6. Click OK to save these settings. When configuration is complete, configure Internet Explorer to meet the needs of your environment. 7.2.3. Firewall Configuration Information If the Windows Firewall is included with your operating system, it is automatically configured during the Server Management software installation. This automatic configuration enables you to use the Windows Firewall to protect your Internet connection while allowing components running Server Management software to communicate with each other and with the Unisys Support Center. If your current operating system does not include the Windows Firewall, and you later decide to upgrade to an operating system that includes the Windows Firewall, reinstall Server Management software so that the Windows Firewall is automatically configured. If you are using any other hardware or software firewall to protect your Internet connection, refer to Appendix A for information about how to configure that firewall. 7 4 8216 3452 000
Configuring ES7000 Model 7405R G1 Systems 7.2.4. Installing Server Management Software Perform the following steps to install the Server Management software: 1. Insert the Server Management Services Software CD-ROM into the CD/DVD drive. The Server Management Installation Assistant wizard is automatically launched. Notes: As a result of Windows security, you must install this software directly from the CD-ROM or from a local drive; you cannot install the software from a network share or a mapped drive. To manually launch the wizard, navigate to the CD/DVD drive, and double-click the setup.exe file. 2. In the left pane, under Select Software to Install, select the check box for the hardware component on which you are installing the software (management server, Windows managed server or partition, or client workstation). 3. If you receive a message that system requirements must be satisfied before the software can be installed, click OK. 4. In the right pane, ensure that the system software requirements are met. If you see a black check mark and a message that the requirements have been met, proceed to the next step. If you see a red arrow next to the hardware component name, click the name of the hardware component, and then satisfy the environmental and redistributable requirements. Refer to the Installation Help available within the wizard for more information. Note: It might take up to an hour to install prerequisite components, depending on the needs of your system. 5. Select your installation type: Recommended Installation or Custom Installation. Recommended Installation is the default installation type. 6. When the installation is complete, click Finished. 7.2.5. Modifying the Server or Partition Hosts File Note: Perform the following procedure only if your system operations or maintenance LAN does not use DNS. To modify the server or partition hosts file, do the following: 1. On the Start menu, click Run. The Run dialog box appears. 2. Type the following: notepad %systemroot%\system32\drivers\etc\hosts 3. Click OK. The hosts file opens. 8216 3452 000 7 5
Configuring ES7000 Model 7405R G1 Systems 4. Modify or add information for each management server, Service Processor, server, and partition in your environment by entering the static address and host name; for example: 192.168.222.201 partition0 Note: If you intend to change a host name or IP address later, use the new host name or IP address when modifying the hosts file. 5. Save the hosts file and close Notepad. 7.3. Installing and Configuring on Linux and VMware ESX Server Servers and Partitions Perform the following procedures to install the appropriate Server Management software on servers and partitions running supported Linux operating systems or VMware ESX Server. Prerequisites Note: To perform the following procedures, you must be an expert in administering Linux or VMware ESX Server. Before beginning installation, ensure that you meet the following prerequisites for your operating system. 1. Review the following list of required packages. If any of the packages listed for your version of Linux or VMware ESX Server are not currently installed, install them using your operating system media. SUSE LINUX: - net-snmp - net-snmp-devel - newt - newt-devel - portmap - slang - slang-devel - compat-libstdc++ Note: The net-snmp and net-snmp-devel packages require a version higher than 5.1.3.1-0.13. The newt and newt-devel packages require a version higher than 0.51.6-5. Red Hat Linux: - net-snmp - net-snmp-devel 7 6 8216 3452 000
Configuring ES7000 Model 7405R G1 Systems - net-snmp-utils - newt - newt-devel - portmap - slang - slang-devel - compat-libstdc++ VMware ESX Server - net-snmp - net-snmp-utils - newt - portmap - slang - compat-libstdc++ 2. Modify the snmpd.conf environment settings file to set the community privilege to READ WRITE as follows: a. Use a text editor, such as the vi editor, to open the snmpd.conf file. For SUSE LINUX, this file is located at /etc/snmpd.conf For Red Hat Linux and VMware ESX Server, this file is located at /etc/snmp/snmpd.conf b. Set the community privilege to READ WRITE, if it is not already set. For example, remove the comment from the rwcommunity admin line. c. Exit the snmpd.conf file. 3. Enter the following command so that the snmpd service starts automatically: # /sbin/chkconfig snmpd on 4. Enter the following command so that the portmap service starts automatically: # /sbin/chkconfig portmap on 5. Execute the following command to start portmap: # /etc/init.d/portmap start 6. For Red Hat Linux only, if the SELinux feature is enabled, perform the following steps: a. Enter the following commands to disable an snmpd limitation that conflicts with the SELinux feature: # setsebool -P snmpd_disable_trans 1 # /etc/init.d/snmpd restart b. Confirm that the SELinux feature is enabled by entering the sestatus command: 8216 3452 000 7 7
Configuring ES7000 Model 7405R G1 Systems # sestatus -v SELinux status: enabled 7. If you have a firewall or plan to enable a firewall, see Appendix A, Firewall Considerations, for a list of ports you should open. Installation Procedure Note: In the following topic, the mount point is assumed to be /media/dvd. Depending on your operating system version and drive type, you might need to substitute /mnt for /media and substitute /cdrom or the CD-ROM volume label for /dvd. Perform the following steps: 1. Log on to the system as root. 2. Insert the Server Management Services Software CD-ROM into the CD/DVD drive. If the CD-ROM does not mount automatically, enter the following command, as appropriate for your environment: # mount /media/dvd Alternatively, navigate to the Computer window, right-click the CD-DVD drive, and then click Mount Volume. 3. If the CD-ROM does not mount with executable privileges, enter the following command: mount -o,remount,exec /media/dvd 4. Initiate the software installation by entering the appropriate command for the operating system, as follows: SUSE LINUX or Red Hat Linux: # /media/dvd/servermanagement/sma/linux/smainst.sh -i For VMware ESX Server: # /media/dvd/servermanagement/sma/linux/ smainst_vmware.sh -i 5. Enter the following command to unmount the CD-ROM, as appropriate for your environment: # umount /media/dvd 6. Confirm that the installation completed successfully by entering the following command: # rpm -qa grep Esmpro-common 7. Configure the system information by entering the following commands: # cd /opt/nec/esmpro_sa/tools #./sethwinf When prompted, set the product name, manufacturer, and chassis type. 8. Restart the software agent by entering the following commands: 7 8 8216 3452 000
Configuring ES7000 Model 7405R G1 Systems # sync # /opt/nec/esmpro_sa/bin/esmrestart 7.4. Running Setup Assistant Setup Assistant creates a.cif file and assigns a file name of your own choosing. Until you complete data collection, the file has the suffix for the interim configuration information file; for example, mysystem.icif. When you have entered all the data into Setup Assistant, it validates the.icif file and, if no errors exist, allows you to save the file. Setup Assistant has an error checking/correction mechanism. You cannot complete the creation of the.cif file until you correct all errors. When the file is saved, it is created with the.cif suffix; for example, mysystem.cif. Setup Assistant contains an overview and tooltip help, which you can refer to during a session. Note: Perform the following procedure on the management server and then follow the on-screen instructions to deploy the system configuration to your new systems. To run Setup Assistant 1. On the Start menu, point to Programs, Unisys Server Management, and then click Setup Assistant. 2. Select the option you want to perform. 3. Enter information as prompted by Setup Assistant. 4. Print or save the summary page of the system configuration for reference. 5. Deploy the system configuration to applicable components. The configuration information file is saved to the management server, and is used to configure Server Management components and automate the system installation and configuration process. Note: The deployment task can be performed only from the management server that is connected to the system you are configuring. 7.5. Configuring Server and Partition Force Dumps Configure Force Dumps as follows, based on the operating system running on your servers and partitions. The Force Dump stop forces an operating system crash and produces a crash dump in response to certain interrupts. Performing the following procedure helps ensure that Unisys support personnel receive adequate information to analyze the problem that caused the Force Dump stop. The following procedures are for servers and partitions running Windows, SUSE LINUX Enterprise Server 10, and Red Hat Linux 5. If your server or partition includes a preinstalled Solaris operating system, see the Solaris documentation for information on how to perform procedures for that operating system. 8216 3452 000 7 9
Configuring ES7000 Model 7405R G1 Systems Windows Operating Systems To use Force Dump, configure Windows to respond to these interrupts by producing a crash dump. To configure Windows for a Force Dump, perform the following procedure to edit the system registry and insert a new system key: Caution Microsoft Corporation advises caution when editing the system registry. Follow the procedure carefully, and do not make other changes to the system registry. This procedure is based on information from the Microsoft Web site (www.microsoft.com) and is subject to change without notice. Refer to the Microsoft Web site and Windows documentation for additional information. 1. On the Start menu, click Run. 2. Type regedit, and then click OK. The Registry Editor opens. 3. Navigate the registry tree structure to open the folder in the following path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl 4. On the Edit menu, point to New, and then click DWORD Value. New Value #1 is inserted in the Name column. 5. Replace New Value #1 with NMICrashDump. (If necessary, right-click New Value #1 and click Rename.) 6. Press Enter to accept the modified value and turn off edit mode. 7. On the Edit menu, click Modify. The Edit DWORD Value dialog box appears. 8. In Value data, change the value from 0 to 1 and click OK. The value 1 specifies that a crash dump occurs after an NMI; the value 0 specifies a crash dump does not occur. 9. Click Exit on the File menu to close Registry Editor. 10. Restart the operating system. SUSE LINUX Enterprise Server 10 Operating Systems Before changing the configuration, perform the following steps: Ensure that the Unisys Linux partition drivers are installed on the server or partition. Ensure that the server or partition on which /var resides has enough disk space for the 7 10 8216 3452 000
Configuring ES7000 Model 7405R G1 Systems vmcore file. This step is necessary because kdump stores kernel core dumps under /var, and the vmcore file is approximately the size of the physical memory of the system. You can change the location of the vmcore file by setting the KDUMP_SAVEDIR parameter in the /etc/sysconfig/kdump file. Perform the following procedure as the root user: 1. Verify that the kernel-kdump and kexec-tools packages are installed by typing the following commands: rpm -q kernel-kdump rpm -q kexec-tools 2. If the kernel-kdump or kexec-tools packages need to be installed, type either or both of the following commands as needed: yast2 -i kernel-kdump yast2 -i kexec-tools 3. To reserve memory for the crash kernel, open the primary kernel command line by typing the following command: vi/boot/grub/menu.lst 4. Add the following to the end of the kernel command line: crashkernel=512m@16m 5. Retrieve the system loops_per_jiffy (lpj) value by typing the following command: dmesg grep lpj= head -n1 6. Record the lpj value. 7. Add the lpj value to the KDUMP_COMMANDLINE parameter in the /etc/ sysconfig/kdump file by appending the following to the end of the parameter value: cat /proc/cmdline sed -e s/crashkernel=[0-9] \+[MmKkGg]@[0-9]\+[MmKkGg]// lpj=nnnnnnnn The variable stands for the lpj value. 8. Read through the kdump configuration file and set the values for various siteappropriate parameters for the site. Save the file and exit. 9. Activate the kdump system service by typing the following command: chkconfig kdump on 10. Reboot the system. Red Hat Linux 5 Operating Systems Before changing the configuration, perform the following steps: Ensure that the Unisys Linux partition drivers are installed on the server or partition. Determine a location in which the vmcore file (dump file) can be placed. This location can be another server, a RAW device, or a local file system that is approximately the size of the physical memory of the system. 8216 3452 000 7 11
Configuring ES7000 Model 7405R G1 Systems Perform the following procedure as the root user: 1. Verify the kexec-tools package is installed by typing the following command: rpm -q kexec-tools 2. If the kexec-tools package is not installed, install it on the server or partition. 3. Retrieve the system loops_per_jiffy (lpj) value by typing the following command: dmesg grep lpj= head -n1 4. Record the lpj value. 5. Add the lpj value to the KDUMP_COMMANDLINE_APPEND parameter in the /etc/sysconfig/kdump file by appending the following to the end of the parameter value inside the double quotation marks ( ): lpj=nnnnnnnn The variable stands for the lpj value. 6. Read through the kdump configuration file, and set the site-appropriate values for various parameters. Save the file, and exit. 7. Run the Kernel Dump Configuration utility by entering the following command: system-config-kdump 8. Once the utility is started, perform the following steps: a. Select the kdump check box. b. Enter 512 for the kdump memory size. c. Configure the Location and Path boxes for the vmcore file. d. Click OK. e. Click OK to the system reboot message. 9. Reboot the system. 7.6. Optional Workgroup and Domain Configuration You can optionally change the default workgroup or assign domains for your servers and partitions. For instructions on completing these procedures, see the documentation included with your operating system. 7 12 8216 3452 000
Section 8 Completing the Management Server Configuration Use the procedures in this section to complete the configuration. 8.1. Using Configuration Assistant for Virtual Machines Note: Perform the following procedure only if you have one or more virtual machines in your environment. If you want to use the Infrastructure Solutions Console to manage your virtual machines, do the following: 1. Access the Infrastructure Solutions Console. 2. On the Tools menu, click Configuration Assistant (VMware). The Configuration Assistant interface is launched. 3. Follow the on-screen directions to configure integration with VMware. Refer to the Configuration Assistant help for more information. 8.2. Adding Additional Systems to be Monitored When you deployed Setup Assistant, your ES7000 Model 7405R G1 systems were automatically added to the Infrastructure Solutions Console. If you are upgrading an existing Sentinel Management Server, your list of systems should automatically appear. If the systems do not appear, you can follow this procedure to add them and also to add new Unisys servers and partitions to be managed: 1. Access the Infrastructure Solutions Console. 2. In the left pane, ensure that the Systems tab and the Datacenter node are selected. 3. In the right pane, select the Administration tab. 4. In the Commands section under Configure, click Managed systems. The Configured Systems Information page appears. 5. Click Add a System. The Add Monitored System page appears. 8216 3452 000 8 1
Completing the Management Server Configuration 6. Select your system type in the System Type list. 7. Enter the required information based on your system type. 8. Click Add. 9. If prompted, enter the user name and password for the Service Processor. 10. Continue adding all systems that you want to be monitored, or close the window. For more information, refer to the task help available with each page or refer to the Infrastructure Solutions Console Help. 8.3. Completing Server and Partition Configuration for Non-Windows Operating Systems Servers and partitions that are running operating systems other than Windows operating systems, such as Linux or VMware ESX Server operating systems, do not have their component information automatically discovered. You must manually enter this information using the following procedure: 1. If the Infrastructure Solutions Console is not already open, access it. 2. In the left pane, ensure that the Systems tab and the Datacenter node are selected. 3. In the right pane, select the Administration tab. 4. In the Commands section under Configure, click Managed Systems. The Configured Systems Information page appears. 5. Click Edit in the Options column of a system that has one or more servers or partitions running operating systems other than Windows operating systems. The System Definition View Configuration Information page appears. 6. Under Partition Information, verify that the computer name, IP address, and SNMP read-only community string are correct. If you need to correct any information or add missing information, do the following: a. Click Edit in the Options column next to the server or partition whose information you want to update. The System Definition Modify Component page appears. b. Enter your changes. The fields that can be changed are indicated with an asterisk. c. Click Save Changes. Note: Whenever you change the network configuration for a server or partition for example, the IP address, host name, or SNMP settings verify and complete the System Definition settings as described previously. 8.4. Verifying and Completing AppManager Setup Perform the following procedures to verify, and if necessary complete, AppManager setup: 8 2 8216 3452 000
Completing the Management Server Configuration 1. On the Start menu (on the management server that contains the AppManager repository), point to Programs, NetIQ, AppManager, and then click Operator Console. 2. Log on to the AppManager Operator Console. 3. If you configured any of your servers or partitions to use an SNMP read-only community name other than public, then configure that community name in AppManager as follows: a. From the Extensions menu, click Security Manager. b. In the left pane, expand the Computers node and select a server or partition. c. In the right pane, click the SNMP tab. d. In the Community String box, fill in the name of the read-only group for the server or partition. Click Apply. e. Repeat steps b and c for each server or partition that uses a read-only community name other than public. f. Close the Security Manager window. 4. On the Master tab, ensure that all Windows servers or partitions appear. If necessary, add a computer by performing the following steps: a. Right-click Master in the TreeView pane. b. Click Add Computer. The Add Computer dialog box appears. c. Type the computer name. d. Ensure that the Discover Windows objects automatically check box is selected. e. Click OK. The discovery process might take several minutes. 5. For each added computer, ensure that Windows objects such as CPU, memory, and others appear. If these objects are not present, then run the NT discovery script by completing the following steps: a. In the right pane, select the Discovery tab. b. Select the NT script in the right pane, and drag it to the desired computer object in the TreeView pane. 6. For each added computer, ensure that a Unisys Server object appears. If this object is not present, then run the Unisys discovery script by completing the following steps: a. In the right pane, select the Discovery tab. b. Select the Unisys script in the right pane, and drag it to the desired computer object in the TreeView pane. 7. Close the AppManager Operator Console window. 8216 3452 000 8 3
Completing the Management Server Configuration 8.5. Verifying Communication with Integrated Lights Out Manager (ILOM) During installation, Integrated Lights Out Manager (ILOM) is automatically configured so that its alerts are communicated to the Server Management software. To verify that the system Service Processor is configured correctly and that you can communicate with ILOM from the management server, do the following: 1. Open a browser window, and enter the IP address of the system Service Processor in the Address bar to connect to the ILOM interface. 2. Log on to ILOM using your user name and password. Note: If you need help operating the ILOM, see the Integrated Lights Out Manager User s Guide. The default ILOM user name is root and the default password is changeme. To familiarize yourself with ILOM, you can verify the settings that enable Server Management software to communicate with ILOM are properly configured. Do the following: 1. Click the Configuration tab. 2. On the Configuration screen, click the Alert Management tab. 3. Verify that IPMI PET appears in a location between 1 and 13. (IPMI PET cannot use location 14 or 15 because those locations are used by Call Home.) 4. Verify that the IP address is set to the management server running Server Management software and that the Level is set to Major. 5. If you made any changes, save them. 6. Log out of the ILOM interface. 8.6. Configuring Call Home Generator Services Perform the following procedure if you want to change the configured Call Home Generator Service, or if you have an existing Unisys system for which you did not previously configure Call Home. Note: For ES7000 Model 7405R G1 systems, you must perform the following procedures on the partition. Do not perform this procedure on the Service Processor, because deploying the configuration information file (.cif file) using Setup Assistant configured these settings. 1. Access the Infrastructure Solutions Console. 2. On the left pane, ensure that the Systems tab and the Datacenter node are selected. 3. On the right pane, select the Administration tab. 4. In the Commands section under Tools, click View service requests (Call Home). 8 4 8216 3452 000
Completing the Management Server Configuration The Call Home Service Request Status page appears. 5. Ensure that All Systems is selected in the Show Service Requests from list. 6. Click Generator and then List of Generator Services. 7. From the List of Generator Service Computers page, click Update List. This refreshes the list of computers to ensure that the computers being installed are correctly listed. 8. On the List of Generator Service Computer page, click the name of the computer where the Generator Service is installed. The Configure the Generator Service page appears. Note: If the message Connect() failed is displayed, wait a couple of minutes and then repeat this step. 9. Fill in the required Generator Service information fields, each of which is marked with an asterisk (*). You can refer at any time to the Call Home online help for information you might need on fields or other elements of the interface. Notes: The System Information, Customer Information, and Central Service Information fields must be filled in. For the Central Service Information fields, supply the correct primary computer name. Type in the name of the management server as the primary computer if a management server is part of your system; otherwise, type in the name of the master Service Processor as the primary computer. 10. Click Submit. 8.7. Defining the Call Home Central Service Note: For ES7000 Model 7405R G1 systems, you can skip this procedure because deploying the configuration information file (.cif file) using Setup Assistant configures these settings. The Call Home Central Service records service request packet information in a database and delivers the packets to the Unisys Support Center. The Central Service can be installed on multiple management servers; however, one Central Service must be identified as the primary. Notes: Do not perform this procedure on systems running versions of Server Sentinel prior to Server Sentinel 4.0. To identify or change the Central Service primary location, do the following: 1. Access the Infrastructure Solutions Console. 2. On the left pane, ensure that the Systems tab and the Datacenter node are selected. 8216 3452 000 8 5
Completing the Management Server Configuration 3. On the right pane, select the Administration tab. 4. In the Commands section under Tools, click View service requests (Call Home). The Call Home Service Request Status page appears. 5. Click Generator and then List of Servers. 6. Click the name of a listed computer. The Configure the Generator Service page appears. 7. Scroll down to the Central Service Information group. Verify that the name of the management server that you want to be the primary Central Service location appears in the Primary box. Note: Baseboard Management Controller platforms use SNMP trap destinations to identify the location of the Central Service. Therefore, the Service Processor on these platforms must contain the management server IP address as a trap destination in the SNMP Trap Destinations group. This configuration is automatically configured for ES7000 Model 7405R G1 systems when you deployed Setup Assistant. 8. Repeat steps 3 and 4 until you have identified the primary and secondary Central Service for all of the listed computers. 9. Click Submit. The identity of the primary Central Service location is important because the history and status of service request packets are sent only to the primary Central Service. 8.8. Verifying Call Home Readiness for New Systems Using the management server, perform the procedures in the following topics to configure Call Home on new, unconfigured systems. Note: You must repeat this procedure for each system. 8.8.1. Introduction to Sending a Call Home RFU Packet Sending a Call Home ready-for-use (RFU) packet ensures that the Call Home communication is working and enables you to verify whether the test packet was received by the Support Center. Use the Internet connection (the recommended method) or a modem to send a Call Home RFU packet. Ensure that the following conditions are met for the selected connection method: Prerequisites to Use the Internet for Transmissions For Call Home, Call Home Health Advisor, EZupdate, and Remote Support to access the Unisys Product Support Web site using the Internet, the following ports must be opened: 8 6 8216 3452 000
Completing the Management Server Configuration Call Home Health Advisor protocol HTTPS: - Port 443 - IP address 192.61.3.82 Call Home protocol HTTPS and SSL: - Hostname: callhome.unisys.com o Port 443 o IP address 129.225.192.40 - Hostname: www.app1.unisys.com o Port 5700 o IP address 192.61.11.75 EZupdate protocol (select one) - If using HTTPS: port 443 and IP address 192.61.3.3 - If using HTTP: port 80 and IP address 192.61.3.3 Remote support protocol HTTPS: - Port 443 - IP address 129.225.216.130 Note: Ports can be set to outbound only for Unisys purposes. Identifying the Central Service Connection Method Perform the following steps to identify the Central Service connection method through Call Home Central Service. 1. Using Server Management software, launch the Call Home user interface. 2. Click the Central Service tab and select Configure Central Service. 3. On the Connection Method group, choose a connection method (Internet or USB modem) and click Apply. For more configuration information, refer to the task specific help available for this page. Sending a Call Home RFU Packet After meeting the conditions for the Internet or for the modem connection, perform the following steps to send the Call Home RFU packet. 1. Using Server Management software, launch the Call Home user interface. 2. Click List of Generator Services on the Generator menu. The List of Generator Service Computers page appears. 3. Click Update List. Wait a few seconds before proceeding with the next step. 8216 3452 000 8 7
Completing the Management Server Configuration 4. Click Ready. This action routes RFU packets to the Unisys Support Center for the servers or partitions and Service Processors. 5. Click Status. The Call Home Service Request Status page appears. 6. Verify that the RFU packet was received by the Unisys Support Center and that a success acknowledgment (SACK) message has been returned. RFU packet status is indicated in the Status column. The page refreshes periodically to update the displayed status. If the packet does not transfer correctly, ensure that the information for each Generator Service is complete. Refer to Information Required for Call Home for the list of required Call Home information. Select the Diagnostics tab on the Call Home page for more information. 8.8.2. Verifying Call Home Verify the overall Call Home operations on the enterprise server by sending a test packet from each computer with a Generator Service installed. 1. Using Server Management software, launch the Call Home user interface. 2. Click Generator and then List of Servers. 3. For each of the computers listed on this page, click Send Test Packet. Wait for the progress bar to complete before clicking Send Test Packet for the next generator computer. 4. Click Status. 5. Verify that the test packet was sent to the support center and that a SACK response has been received. Test packet status is indicated in the Status column. For example, a notation in the Status column for the test packet should indicate that the send process has been completed and that a SACK message was returned by the support center. 8.9. Updating Port Numbers for Server Management Software Communication Perform this procedure only if you want to change the default ports that enable communications between components running Server Management software. Note: If you want to change the default ports, you must perform these steps on all Windows servers and partitions, ES7000/one Service Processors, and management servers running Server Management software or Server Sentinel 4.0 or higher. A firewall might be installed between one or more of these components. If a firewall exists, the ports must also be opened in the firewall. 8 8 8216 3452 000
Completing the Management Server Configuration Do the following: 1. Navigate to C:\Program Files\Unisys\Server Sentinel\Infrastructure. 2. Double-click the file configure_ports.vbs to run the script. The Communication Channel window appears. The current port value or the default port value 182 appears in the edit box. 3. If you do not use the default port value, enter a port value between 0 and 65535, and click OK. This port number must be identical for all systems in the enterprise. The Remote Library window appears. The current port value or the default port value 62182 appears in the edit box. 4. If you do not use the default port value, enter a port value between 0 and 65535, and click OK. This port number must be identical for all systems in the enterprise. The Infrastructure Services Server window appears. The current port value or the default port value 62183 appears in the edit box. 5. If you do not use the default port value, enter a port value between 0 and 65535, and click OK. This port number must be identical for all systems in the enterprise. If any port value is changed, the corresponding service is updated and restarted. Messages appear confirming the restart of the services whose default port was changed. 6. Click OK to acknowledge the notification. 8.10. Changing the Server Management Services Account Credentials The Server Management Services Account is created and configured as part of the recommended Server Management software installation. During the initial software installation, the account is configured with a default key and password. Some Server Management software components installed as Windows services are configured to run under this account and use the credentials of this account to communicate with components on other systems. You are strongly encouraged to change these default credentials as soon as possible. For components running Server Management software to successfully authenticate components on other systems, these credentials must be identical on all computers that include the Server Management Services Account feature. (This includes older systems running Server Sentinel software.) 1. If the Infrastructure Solutions Console is not already open, access it. 2. Select the Systems tab in the left pane and then click Datacenter in the tree view. 3. Select the Administration tab in the right pane. 4. Under Tools, click Configure Server Management Account. The Change Password page appears. 8216 3452 000 8 9
Completing the Management Server Configuration 5. For more instructions on changing the credentials, click Task Help in the upper-right corner. 8.11. Obtaining Updates If updates to the Server Management software and your system platform firmware are available, you can download them by using the EZupdate feature or by using the Unisys Product Support Web site. To obtain updates using EZupdate, your management server must be able to access the Internet. Obtaining Updates Using EZupdate EZupdate periodically checks the Unisys Product Support Web site for available updates to Server Management and your system platform firmware and notifies you if updates are available. To access EZupdate from management servers or client workstations, from the Start menu, point to Programs and then Unisys Server Management, and then click EZupdate. Internet access is required to use this method. To view or download the available updates for all your system components through the Infrastructure Solutions Console, do the following: 1. Access the Infrastructure Solutions Console. 2. In the left pane, ensure that the Systems tab and the Datacenter node are selected. 3. In the right pane, select the Administration tab. 4. In the Commands section under Tools, click Check for updates (EZupdate). The System Report page appears. 5. Click Task Help in the upper-right corner for more information on downloading and installing the updates. 6. Copy the files to all systems that need software or firmware updates. 7. Be sure to update all servers and partitions when you update the software and platform firmware on Service Processors, client workstations, and management servers. Obtaining Updates Using the Unisys Product Support Web Site If your management server does not have access to the Internet, you can download Server Management software and platform firmware updates from the Unisys Product Support Web site by using a workstation that is connected to the Internet. Updates to Server Management software and platform firmware are available in the form of Interim Corrections (ICs) and quick-fix releases (QFRs). ICs and QFRs are replacement modules that contain fixes for your software or platform firmware. Any customer with a maintenance agreement is entitled to use these modules. 8 10 8216 3452 000
Completing the Management Server Configuration To access the latest updates and apply them to your system, perform the following steps: 1. Close all open programs. 2. Access the Unisys Product Support Web site at www.support.unisys.com. 3. Sign on to entitled support with your user name and password. If you do not have a user name and password, click Register. The Product Support page appears. 4. Select your software. If required, click Go. The support page for the software you selected appears. 5. Click Releases. The Releases page appears. 6. Download any available ICs or QFRs 8.12. Registering for E-mail Notification of Software Updates Because EZupdate does not support all the software components available with Server Management software, it is strongly recommended that you register on the Unisys Product Support Web site to obtain software updates for your system. Software components not supported by EZupdate include AppManager. To register for e-mail notification, perform the following steps: 1. Access the Unisys Product Support Web site at www.support.unisys.com. 2. Sign on to entitled support with your user name and password. If you do not have a user name and password, click Register. The Product Support page appears. 3. Select a system type and click Go. The support page for that system appears. 4. Click Releases. The releases for the system are displayed. 5. In the Related Links column, click the fix for your release. 6. In the IC Level column, click the appropriate Server Management software release level. 7. Click the link labeled View profile of IC to get a description of the update and installation instructions. 8. Under IC E-Mail Registration, select both the Server Management software release and the all new releases for this product check boxes. 9. Click Submit Changes. 8216 3452 000 8 11
Completing the Management Server Configuration 8.13. Installing Virus Protection Software Virus protection software is not provided with the operating system of your system components. You can purchase and install any virus protection software you prefer. Note: Do not install virus protection software on the embedded Service Processor; there is insufficient disk space. Virus protection software and Microsoft required hotfixes must be installed before connecting to the public LAN IP address (DHCP server). Once they are installed, cable your system component to the public LAN. Some virus protection software can interfere with the installation of other software. If you encounter problems with the installation of any software, disable virus protection before you retry the installation. Be sure to enable virus protection again after you complete installation. Caution In a system with two Service Processors, install and maintain up-to-date virus protection software on both Service Processors. Regularly run virus scans on the Service Processors and on all disks attached to your system. 8.14. Submitting the Arrival Quality Report You must submit an Arrival Quality Report (AQR) to complete your server configuration. Submitting an AQR notifies the Unisys Support Center that your system is installed and ready for use (RFU). To access the AQR, navigate to the Unisys Supply Chain Management Web site: http://www.app3.unisys.com/scoperations/installation/aqr/create/generic You must have your system serial number available. Enter information in all required fields, and report any problems you encountered. 8 12 8216 3452 000
Section 9 Installing and Configuring Client Workstations This section explains how to configure one or more client workstations in your environment. A client workstation runs Server Management software and enables remote management. A client workstation can be located on your public LAN or on your operations LAN. On a properly sized and configured network, a client workstation provides remote management capabilities through Server Management software from anywhere in your public network. If you do not configure one or more client workstations in your environment, you must access the management server directly to operate your software. If you attempt to access the management server from a workstation that has not had the client workstation software configured on it, you might be prompted to download components of Server Management software. Note that you might be prompted to download software components multiple times because not all of the required client workstation software is downloaded at one time. If your workstation does not meet the requirements of the Server Management software, you cannot view the pages that you requested. Therefore, it is recommended that you follow the procedures in this section rather than download software components on an as-needed basis. If you previously installed the Server Sentinel client workstation software in your environment, you can upgrade your client workstations by performing the installation procedure in this section. 9.1. Client Workstation Requirements The following are the hardware and software requirements for client workstations. Hardware Requirements All client workstations require the following minimum hardware configuration: Pentium II or Pentium III processor with at least 128 megabytes (MB) of memory Super VGA color monitor with a display area of at least 1024 x 768 pixels; a display area of 1280 x 1024 is recommended Fast Ethernet network interface card (NIC) 8216 3452 000 9 1
Installing and Configuring Client Workstations Connection to the network through a network segment that can access the server and partition operating systems, Service Processor, and management servers Software Requirements All client workstations require the following software configuration: One of the following Windows operating systems: Note: The latest supported Service Packs for each operating system are listed. - Windows Server 2003 R2, Standard and Enterprise Editions, with Service Pack 3 for 32-bit versions and Service Pack 2 for x64 versions - Windows Server 2008, Standard, Enterprise, and Datacenter Editions, 32-bit and x64 versions - Windows XP Professional, with Service Pack 3, 32-bit and x64 versions - Windows Vista Business, Enterprise, and Ultimate Editions, with Service Pack 1, 32-bit and x64 versions Log on by a user with valid administrator group privileges on the system Internet Explorer 6.0 and higher A unique Windows computer name Media Requirements The Server Management Services Software CD-ROM is required for installation and is provided with your order. 9.2. Setting Internet Explorer Security Options Note: Internet Explorer settings only affect the current user account. If you log on as a different user, you must repeat these configuration steps. Use these steps to set and verify the proper Microsoft Internet Explorer settings: 1. Launch Internet Explorer. For Windows Server 2008, you must be logged on to a user account in the Administrators group. If this account is not the built-in Administrator account, then launch Internet Explorer by right-clicking the Internet Explorer shortcut icon and clicking Run As Administrator. 2. Click Internet Options on the Tools menu. The Internet Options dialog box appears. 3. Select the Security tab. 4. Select the Trusted sites icon. 5. Click Sites. The Trusted sites dialog box appears. 9 2 8216 3452 000
Installing and Configuring Client Workstations 6. Make sure the Require server verification (https:) for all sites in this zone check box is not selected. 7. Add a URL for each Service Processor, management server, and Windows server and partition. If a Service Processor, management server, or Windows server or partition is in a different Domain Name System (DNS) domain than the computer on which you are performing this procedure, use fully qualified host names instead of the URL for that component. a. In the Add this Web site to the zone box, enter one URL, for example, http://computername. b. Click Enter or Add. c. Repeat steps a and b until you have added each URL. Note: If you are running Internet Explorer on a management server or Service Processor, repeat steps a and b to add the URL http://localhost/. 8. Add an IP address for any components that use fixed IP addresses rather than DHCP addresses. These components might include the Service Processor, management server, partition, and Console Manager (if applicable). a. In the Add this Web site to the zone box, enter one IP address, for example, http://192.168.1.100. b. Click Enter or Add. c. Repeat steps a and b until you have added each IP address. 9. Add the Unisys Product Support Web site using the IP address 192.61.3.3 and the host name www.support.unisys.com. 10. Click Close or OK to close the dialog box. 11. Click Custom Level under Security level for this zone. The Security Settings dialog box appears. 12. In the Settings list, ensure that the following settings are selected. Note: Not all of these settings are available in every Internet Explorer and Windows operating system combination. If you do not see a setting in your environment, simply disregard that setting. 8216 3452 000 9 3
Installing and Configuring Client Workstations Category Option Setting ActiveX controls and plug-ins Allow previously unused ActiveX controls to run without prompt Automatic prompting for ActiveX controls Binary and script behaviors Download signed ActiveX controls Download unsigned ActiveX controls Initialize and script ActiveX controls not marked as safe Run ActiveX controls and plug-ins Script ActiveX controls marked safe for scripting Enable Enable Enable Enable Enable or Prompt Enable Enable Enable Miscellaneous Access data sources across domains Enable Navigate sub-frames across different domains Submit nonencrypted form data Enable Enable or Prompt Scripting Active scripting Enable or Prompt Note: If the computer accessing the management software is not in the same intranet zone as the management server or Service Processor being accessed, select Automatic Logon with current username and password under User Authentication to avoid being prompted for credentials. 13. Click OK. If you receive a warning message, click Yes. 14. Do the following to allow active content to run: Notes: After you install the software, return these security settings to their previous values. Not all security settings are available in every Internet Explorer and Windows operating system combination. If you do not see a setting in your environment, simply disregard the instruction to change it. a. Select the Advanced tab in the Internet Options dialog box. b. Scroll down and select the following two check boxes under Security: Allow active content from CDs to run on My Computer Allow active content to run in files on My Computer 15. If you are configuring a client workstation, and your client workstation and management server are part of the same Internet Explorer security zone, skip to the next step. Otherwise, do the following: 9 4 8216 3452 000
Installing and Configuring Client Workstations Note: After you install the software, return these settings to their previous values. a. Select the Internet icon on the Security tab. b. Click Custom Level under Security levels for this zone. The Security Settings dialog box appears. c. In the Settings list, ensure that the following settings are selected: Category Option Setting ActiveX controls and plug-ins Allow previously unused ActiveX controls to run without prompt Initialize and script ActiveX controls not marked as safe Enable Prompt d. Click OK. If you receive a warning message, click Yes. 16. Click OK in the Internet Options dialog box. 17. Close Internet Explorer. Note: Pop-up blockers prevent this software from operating properly. To avoid this problem, allow pop-ups from the management server, Service Processor, and client workstation. For information on allowing pop-ups, refer to the documentation for Internet Explorer or for your third-party software. 9.3. Firewall Configuration Information If the Windows Firewall is included with your operating system, it is automatically configured during the Server Management software installation. This automatic configuration enables you to use the Windows Firewall to protect your Internet connection while allowing components running Server Management software to communicate with each other and with the Unisys Support Center. If your current operating system does not include the Windows Firewall, and you later decide to upgrade to an operating system that includes the Windows Firewall, reinstall Server Management software so that the Windows Firewall is automatically configured. If you are using any other hardware or software firewall to protect your Internet connection, refer to Appendix A for information about how to configure that firewall. 8216 3452 000 9 5
Installing and Configuring Client Workstations 9.4. Installing Server Management Software Perform the following steps to install the Server Management software: 1. Insert the Server Management Services Software CD-ROM into the CD/DVD drive. The Server Management Installation Assistant wizard is automatically launched. Notes: As a result of Windows security, you must install this software directly from the CD-ROM or from a local drive; you cannot install the software from a network share or a mapped drive. To manually launch the wizard, navigate to the CD/DVD drive, and double-click the setup.exe file. 2. In the left pane, under Select Software to Install, select the check box for the hardware component on which you are installing the software (management server, Windows managed server or partition, or client workstation). 3. If you receive a message that system requirements must be satisfied before the software can be installed, click OK. 4. In the right pane, ensure that the system software requirements are met. If you see a black check mark and a message that the requirements have been met, proceed to the next step. If you see a red arrow next to the hardware component name, click the name of the hardware component, and then satisfy the environmental and redistributable requirements. Refer to the Installation Help available within the wizard for more information. Note: It might take up to an hour to install prerequisite components, depending on the needs of your system. 5. Select your installation type: Recommended Installation or Custom Installation. Recommended Installation is the default installation type. 6. When the installation is complete, click Finished. 9.5. Modifying the Client Workstation Hosts File Note: Perform the following procedure only if your system operations or maintenance LAN does not use DNS. To modify the client workstation hosts file if you are using static IP addressing, do the following: 1. On the Start menu, click Run. The Run dialog box appears. 2. Type the following: notepad %systemroot%\system32\drivers\etc\hosts 3. Click OK. 9 6 8216 3452 000
Installing and Configuring Client Workstations The hosts file opens. 4. Modify or add information for each management server, Service Processor, and server and partition in your environment by entering the static address and host name; for example: 192.168.222.201 partition0 Note: If you intend to change a host name or IP address later, use the new host name or IP address when modifying the hosts file. 5. Save the hosts file and close Notepad. 9.6. Configuring for AppManager Software Perform the actions in the following subsection only if your environment includes AppManager software. 9.6.1. Defining a User Account for the AppManager Operator Console The AppManager program helps reduce the support costs of managing distributed clients and server networks by providing increased network efficiency. Using Knowledge Scripts, you can automate the monitoring and management capabilities of a server. The AppManager Operator Console is the user interface that enables you to configure and control the execution of Knowledge Scripts on the systems and applications that you manage. Using the Computer Management utility, define a user account for running the AppManager Operator Console. This user account must meet the following criteria: On the client workstation, the user account must belong to the Power Users group or the Administrator group. If the user account is a domain account, the user account must also belong to the Administrator, Sentinel Administrator, Sentinel Operator, or Sentinel Observer group on the management server. Note: Because upgrades from Server Sentinel (an earlier version of Unisys server management software) are supported, the Operator and Observer groups are prefaced with the word Sentinel. If the user account is a local account, it must have the same name and password as a local account on the management server that belongs to the Administrator, Sentinel Administrator, Sentinel Operator, or Sentinel Observer group on that management server. 9.6.2. Installing the AppManager Operator Console Use one of the following procedures to install the AppManager Operator Console, depending on the version of AppManager software installed in your environment. 8216 3452 000 9 7
Installing and Configuring Client Workstations Installing the AppManager 6.0 Operator Console To install the AppManager 6.0 Operator Console, do the following: 1. Insert the AppManager 6.0. Supplement Software CD-ROM into your CD/DVD drive. 2. Only if you are installing the AppManager Operator on a Windows Server 2008 operating system, perform the following steps. Otherwise, proceed to the next step. a. If the AppManager Suite Version 6.0.2 window appears, close it. b. Open a command prompt. c. Type the drive letter of the CD-ROM followed by a colon. For example, type D: d. Type the following command: cd appmanager\setup e. Press Enter. f. Type the following command: setup SKIPINSTALLATIONCHECK g. Press Enter. h. Follow the on-screen directions. 3. When prompted with What AppManager components do you want to install, select only the AppManager Operator Console component. 4. After the installation is complete, if Internet Information Services (IIS) is installed on your system, ensure that the World Wide Web service is running. If the service is not running, or if you cannot start it, reboot the system. Installing the AppManager 7.0 Operator Console To install the AppManager 7.0 Operator Console, do the following: 1. Insert the AppManager 7.0. Supplement Software CD-ROM into your CD/DVD drive. 2. When prompted to choose between Evaluation or Production mode a. Click Production. b. Select only the AppManager Console check box. 3. After the installation is complete, if the Internet Information Services (IIS) is installed on your system, ensure that the World Wide Web service is running. If the service is not running, or if you cannot start it, reboot the system. 9 8 8216 3452 000
Installing and Configuring Client Workstations 9.7. Viewing Product Documentation Product documentation for the Server Management software, and the tools required to view this documentation, are installed automatically when you install the Server Management software using the recommended procedure. To access this documentation from your client workstation, click Start, point to Unisys CD-ROM Library, and then click CD-ROM Library. The documentation is displayed automatically in CDLib Manager. You can view other Unisys documentation from CDLib Manager by clicking Open from the File menu and then navigating to the.mdb file on the CD-ROM or DVD. 9.8. Installing Virus Protection Software Virus protection software is not provided with the operating system of your system components. You can purchase and install any virus protection software you prefer. Note: Do not install virus protection software on the embedded Service Processor; there is insufficient disk space. Virus protection software and Microsoft required hotfixes must be installed before connecting to the public LAN IP address (DHCP server). Once they are installed, cable your system component to the public LAN. Some virus protection software can interfere with the installation of other software. If you encounter problems with the installation of any software, disable virus protection before you retry the installation. Be sure to enable virus protection again after you complete installation. Caution In a system with two Service Processors, install and maintain up-to-date virus protection software on both Service Processors. Regularly run virus scans on the Service Processors and on all disks attached to your system. 9.9. Obtaining Updates If updates to the Server Management software and your system platform firmware are available, you can download them by using the EZupdate feature or by using the Unisys Product Support Web site. To obtain updates using EZupdate, your management server must be able to access the Internet. 8216 3452 000 9 9
Installing and Configuring Client Workstations Obtaining Updates Using EZupdate EZupdate periodically checks the Unisys Product Support Web site for available updates to Server Management and your system platform firmware and notifies you if updates are available. To access EZupdate from management servers or client workstations, from the Start menu, point to Programs and then Unisys Server Management, and then click EZupdate. Internet access is required to use this method. To view or download the available updates for all your system components through the Infrastructure Solutions Console, do the following: 1. Access the Infrastructure Solutions Console. 2. In the left pane, ensure that the Systems tab and the Datacenter node are selected. 3. In the right pane, select the Administration tab. 4. In the Commands section under Tools, click Check for updates (EZupdate). The System Report page appears. 5. Click Task Help in the upper-right corner for more information on downloading and installing the updates. 6. Copy the files to all systems that need software or firmware updates. 7. Be sure to update all servers and partitions when you update the software and platform firmware on Service Processors, client workstations, and management servers. Obtaining Updates Using the Unisys Product Support Web Site If your management server does not have access to the Internet, you can download Server Management software and platform firmware updates from the Unisys Product Support Web site by using a workstation that is connected to the Internet. Updates to Server Management software and platform firmware are available in the form of Interim Corrections (ICs) and quick-fix releases (QFRs). ICs and QFRs are replacement modules that contain fixes for your software or platform firmware. Any customer with a maintenance agreement is entitled to use these modules. To access the latest updates and apply them to your system, perform the following steps: 1. Close all open programs. 2. Access the Unisys Product Support Web site at www.support.unisys.com. 3. Sign on to entitled support with your user name and password. If you do not have a user name and password, click Register. The Product Support page appears. 4. Select your software. If required, click Go. The support page for the software you selected appears. 9 10 8216 3452 000
Installing and Configuring Client Workstations 5. Click Releases. The Releases page appears. 6. Download any available ICs or QFRs 8216 3452 000 9 11
Installing and Configuring Client Workstations 9 12 8216 3452 000
Appendix A Firewall Considerations Use the information in this appendix to configure any hardware or software firewall other than the Windows Firewall. If you use the Windows Firewall, Installation Assistant automatically configures the firewall. A.1. Understanding Firewall Requirements To ensure that the Server Management software functions properly, configure your software or hardware firewall so that traffic is allowed between system components where the software is installed (for example, on a management server, on a managed server, and on a client workstation). Notes: The firewall requirements are for incoming traffic; most outgoing traffic uses dynamic ephemeral ports, and these requirements are not documented. %Program Files% is a path variable to the file location, for example: C\Program Files\. A.2. Firewall Requirements for the Management Server The following firewall requirements apply to the Server Management software: Allow HTTP traffic through port 80. Traffic comes from client workstations. Allow file and print sharing. Traffic comes from client workstations. Allow remote desktop connections. Traffic comes from client workstations. Allow a ping request for network diagnostics. Allow remote procedure call (RPC) on TCP port 135. Traffic comes from servers and partitions. Allow the following applications, or open SNMP and SNMP trap User Datagram Protocol (UDP) ports 161 and 162: %Program Files%\Unisys\Management Server\System Management \SAServer.exe 8216 3452 000 A 1
Firewall Considerations %Windows%\system32\snmptrap.exe Traffic comes from servers, partitions, and Service Processors. Allow the following Server Management software authenticated communication applications, or open TCP ports 182, 62182, and 62183: %Program Files%\Unisys\Server Management Infrastructure \Datapath.Service.exe %Program Files%\Unisys\Server Management Infrastructure \RemoteLibrary.Server.exe Note: Default port values might have been overridden during installation. If the default values are not used, be sure to use the port values that were specified during installation. Traffic comes from all managed Windows servers and partitions and Service Processors. Traffic might also come from client workstations accessing the navigation Web interface. Allow the following Server Management Manager applications, or open TCP ports 31134 and 8806 and also UDP port 162: %Program Files%\Unisys\Server Management Manager\SMM \ESMBASE\bin\nvbase.exe %Program Files%\Unisys\Server Management Manager\SMM \ESMBASE\bin\amvsckr.exe Allow the following application: %Program Files%\Unisys\Processor Autonome\GroupManager.exe Traffic is bidirectional with Windows servers and partitions that the application is configuring. If the management server has a Call Home Central Service receiving data from systems running Server Sentinel 3.x, allow the following application or open TCP port 7896: %Program Files%\Unisys\Call Home\Central Service\CHCS.exe Traffic comes from Call Home Generator Services running Server Sentinel 3.x on servers, partitions, and Service Processors. A.3. Firewall Requirements for AppManager Management Server Software The following firewall requirements apply to AppManager management server software, if it is installed in your environment: Allow HTTP traffic through TCP port 80. Traffic comes from client workstations. Allow the following AppManager application or open TCP port 9999: %Program Files%\NetIQ\AppManager\bin\NetIQms.exe A 2 8216 3452 000
Firewall Considerations Traffic comes from managed Windows servers and partitions. Allow the following AppManager application or open TCP port 8996: %Program Files%\NetIQ\AppManager\bin\NetIQctrl.exe Traffic comes from client workstations. Allow the following AppManager repository or open TCP port 1433: %Program Files%\Microsoft SQL Server\Mssql \Binn\MSSQL\Binn\SqlServer.exe Traffic comes from client workstations. A.4. Firewall Requirements for Service Processors The following firewall requirements apply to the Server Management software: Allow HTTP traffic through port 80. Traffic comes from client workstations and management servers. Allow file and print sharing. Traffic comes from client workstations. Allow remote desktop connections. Traffic comes from client workstations. Allow a ping request for network diagnostics and failover. Allow RPC from TCP port 135. Traffic is bidirectional between master and standby Service Processors. Allow the following Server Management authenticated communication applications, or open TCP ports 182 and 62182: %Program Files%\Unisys\Server ManagementInfrastructure \Datapath.Service.exe %Program Files%\Unisys\Server Management Infrastructure \RemoteLibrary.Server.exe Note: Default port values might have been overridden during installation. If the default values are not used, be sure to use the port values that were specified during installation. Traffic comes from management servers managing Service Processors and Windows servers and partitions. Traffic might also come from client workstations accessing Server Management software. 8216 3452 000 A 3
Firewall Considerations A.5. Firewall Requirements for Servers and Partitions You Want to Manage Servers and Partitions Running Windows Operating Systems The following firewall requirements apply to the Server Management software: Allow remote desktop connections. Traffic comes from client workstations. Allow file and print sharing. Traffic comes from client workstations. Allow a ping request for network diagnostics. Allow the following Server Management authenticated communication applications, or open TCP ports 182 and 62182: %Program Files%\Unisys\Server Management Infrastructure \Datapath.Service.exe %Program Files%\Unisys\Server Management Infrastructure \RemoteLibrary.Server.exe Note: Default port values might have been overridden during installation. If the default values are not used, be sure to use the port values that were specified during installation. Traffic comes from the Service Processor and from any management servers managing the server or partition. It might also come from client workstations. Allow the following application, or open SNMP and SNMP trap UDP ports 161 and 162: %WINDOWS%\system32\snmp.exe Traffic comes from localhost and management servers. Allow platform tools RPC traffic by opening TCP ports 7970 through 7989. Set the following registry keys under HKLM\Software\Microsoft\RPC\Internet: - Ports (REG_MULTI_SZ) = 7970-7989 - PortsInternetAvailable (REG_SZ) = Y - UseInternetPorts (REG_SZ) = Y Traffic comes from client workstations. Allow the following Resource Manager engine application or open port 41817: %Program Files%\Common Files\Unisys\Resource Manager \ResourceManager20.Host.exe Traffic comes from client workstations and management servers that are configuring processor affinity. Allow the following application: A 4 8216 3452 000
Firewall Considerations %Program Files%\Unisys\Processor Autonome\GroupManager.exe Traffic is bidirectional with the Windows servers and partitions that the application is configuring. Allow the following AppManager application or open TCP port 9998: %Program Files%\NetIQ\AppManager\bin\NetIQmc.exe Traffic comes from the AppManager management server. Allow the following AppManager application or open TCP port 8996: %Program Files%\NetIQ\AppManager\bin\NetIQctrl.exe Traffic comes from the AppManager management server and client workstations. Servers and Partitions Running Windows, Linux, and VMware ESX Server The following firewall requirements apply to the Server Management software: Application Item Protocol Port Number Server Management Agent ICMP Echo ICPM n/a Power On UDP 10101 Server Management Agent (Windows) Server Management Agent (Linux) UDP 161 TCP One port from 1024 to 5000 UDP 161, 111 TCP One port from 32767 to 33000 A.6. Firewall Requirements for Client Workstations To meet the firewall requirements that apply to your Server Management software, allow the following executable file: %Program Files%\Unisys\Processor Autonome\GroupManager.exe Traffic is bidirectional with Windows servers and partitions that the application is configuring. 8216 3452 000 A 5
Firewall Considerations A 6 8216 3452 000
Appendix B Installing Unisys Software in an Existing AppManager Infrastructure If you are a current customer of NetIQ Corporation with an AppManager management server, use the following information to help you install the required Unisys software AppManager extensions in your environment. Note that you must also install the management server software in your environment, either to your AppManager management server or to another server that meets the software requirements. See Section 4 for more information about installing this software. B.1. Integrating Unisys Software into an Existing AppManager Installation If you are adding a system that supports the AppManager program to a data center that includes servers that are not Unisys servers but are already managed by the AppManager software program, then the new system can be managed by your existing AppManager management server. However, the AppManager management server must be running AppManager version 6.0 or 7.0. The following steps describe how to integrate Server Management software into an existing AppManager installation. 1. Insert the Server Management Services Software CD-ROM in the CD/DVD drive of your existing AppManager management server. Installation Assistant appears. 2. Under Software to Install, click Custom Installation. Caution Do not choose a recommended installation of the AppManager management server. Such a choice permanently deletes your existing repository and any custom Knowledge Scripts or changed parameters that you have stored in the repository. 3. Click the documentation icon (?) next to AppManager Extensions. 8216 3452 000 B 1
Installing Unisys Software in an Existing AppManager Infrastructure The Installing AppManager Extensions help topic appears. 4. Follow the instructions in the help topic to install the AppManager extensions. 5. Optionally, you can perform a recommended installation of Server Management software on the same system, as long as the system prerequisites are satisfied. For information on recommended installations, click the documentation icon (?) next to Recommended Installation. 6. Perform recommended installations of AppManager components on your external Service Processor (if appropriate) and servers or partitions. 7. When asked for the name of the AppManager management server, type the name of your existing AppManager management server. 8. If you have other systems that are running the AppManager Operator Console, then complete the following steps for each system: a. Close the AppManager Operator Console, if it is running. b. Insert the Server Management Services Software CD-ROM into the CD/DVD drive. Installation Assistant appears. c. Under Software to Install, click Custom Installation. d. Click AppManager Extensions. This action installs the Unisys extensions to the AppManager Operator Console. e. Respond to any message as documented in the associated help topic. Tip: To open the help topic, click the documentation icon (?). B 2 8216 3452 000
.
2008 Unisys Corporation. All rights reserved. *82163452-000* 8216 3452 000