Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring a Regional Server

    This section describes the options that are available for reconfiguring the regional server.

    After you enter nsm_setup at the command prompt, the serial console displays the following NSMXpress settings menu:

    [root@NSM4000 ~]# nsm_setup
    Welcome to the NSMXpress network settings utility.
    Initializing, please wait NSMXpress Settings Menu
    1> Change Password
    2> Set Interfaces
    3> Set Routing
    4> Change Hostname
    5> Set DNS Servers
    6> Change Time Options
    7> Forward Local Status Emails
    8> System Security Update
    9> Reconfigure NSM Regional Server
    10> Configure Extended HA
    Q> Quit
    R> Redraw menu

    For details on using the general setup menu items, see Navigating the Menus.

    From the NSMXpress settings menu, enter 9 to configure the NSM regional server.

    The serial console displays the following options to configure the regional server:

    NSM Configuration Main Menu
    1> Management IP [10.204.92.114]
    The IP address on this server that will be
    used for management
    2> NSM 'super' password []
    Password for 'super' user
    3> GUI server one-time password []
    Password to initiate authentication
    between HA peers and to Central Manager.
    This password must be the same for all
    NSM servers in this installation.
    4> Cfmuser password []
    CfmPassword for ConfigFileVersions directory
    5> FIPS Support [n]
    Enable FIPS Support or not
    6> NSM License type []
    Specify a license file, or select "Base Install"
    to use the built-in limited device license.
    7> Menu: High Availability [Off]
    8> Menu: Advanced Options
    A> Apply settings
    C> Cancel all changes and quit
    R> Redraw menu
    Choice [1-8,A,C,R]:

    The following sections provide details of these options:

    Configuring Settings

    This section describes the options that are available for a typical installation for the regional server:

    You have the following options:

    • Management IP—Enter 1 to select interface eth0 or eth1 as the primary IP address for your management server. Once configured, the setup program displays the IP address for the interface you selected.
    • NSM ‘super’ password—Enter 2 to specify an NSM super password. This password must be at least eight characters long and is case-sensitive. This password is used by the NSM super user (also referred to as the NSM administrator). This user has the highest level of privilege in NSM.
    • GUI Server one-time password—Enter 3 to specify this password. This password authenticates this server to its peers in a high availability configuration.
    • Cfmuser password—Enter 4 to specify a cfmuser password. This password is used to authenticate the ConfigFileVersions directory.
    • NSM License type [ ] — Enter 6 to specify the license option. Enter Base Install to use the built-in limited device license for as many as 25 devices. This option is the default. Otherwise, enter the filename of the license file you purchased from Juniper Networks that permits you to manage more than 25 devices.

    For additional details about NSM licensing, see the Network and Security Manager Installation Guide.

    Configuring Optional Settings

    This section describes the custom options that are available for a regional server configuration. The custom options include the typical options described in the previous section as well as the following two options:

    5> FIPS Support [n]
    Enable FIPS Support or not

    7> Menu: High Availability [Off]
    8> Menu: Advanced Options

    You have the following options:

    • FIPS Support—Enter 5 to enable or disable FIPS support.
    • High Availability—Enter 7 to open a menu to configure HA.
    • Advanced Options—Enter 8 to open a menu of additional configurable options, including the port number for receiving messages through the NSM API, remote database replication details, and the statistical report server (SRS).

    The following sections provide details about these options:

    Configuring High Availability

    Note: When you install an NSM regional server in an HA configuration with a shared disk, you must first revert the system to factory default values using the boot menu. See Installing an NSM4000 ISO Image on the NSM4000 Appliance Using a USB Drive for details.

    The following options are available to configure high availability (HA) on the regional server.

    • High Availability—Enter 1 to turn HA on or off.
    • Primary Status—Enter 2 to specify the NSM4000 appliance as either the primary or secondary server. At the next prompt, enter y for the primary server. Enter n for a secondary server.
    • HA Remote IP—Enter 3 to specify the IP address for the HA peer in the HA cluster.
    • HA Link Failure Detection IP—Enter 4 to specify the IP address of a machine outside the HA cluster that you can ping to verify connection status.
    • HA Inter-server password—Enter 5 to specify the heartbeat password used between the primary and secondary servers.
    • Menu: Shared Disk—Enter 6 to open a menu to help you configure a shared disk. NSM4000 appliances support shared disks with NFS only. Because of the data-intensive nature of NSM, we recommend gigabit speed links (1000 Mbps) for shared disk usage. For more information on options available to you for custom settings, refer to the Network and Security Manager Installation Guide.
    • Menu: HA Links—Enter 7 to open a menu to help you configure the second HA link in the HA cluster. Use the items in this menu to set up a redundant link for the HA cluster. If you are going to use a second link, you need to set the IP address for eth1 before configuring this setting (see “Setting Interface Options” in Configuring Standard Configuration Options for more information). Setting a redundant link is optional. For more information on options available to you for custom settings, refer to the Network and Security Manager Installation Guide.

      If you configure HA with just one heartbeat link, then device management traffic and data replication traffic both use that link. If you configure two links, device management traffic uses the first link and data replication uses the second.

      If the HA link count is set to 1, the only options available are to set the HA link count and to return to the High Availability menu. If the HA link count is set to 2, all options are available.

    • Menu: HA Advanced Settings—Enter 8 to open a menu to configure HA advanced settings. For more information on options available to you for custom settings, refer to the Network and Security Manager Installation Guide.

    Configuring Advanced Options

    The Advanced Options menu provides the following configuration options:

    You have the following options:

    • https port for NBI service—Enter 1 to change the port number for listening for messages for the NSM API. In response to the prompt, enter a value in the range 1025 through 65535. Any number outside this range returns an error message. The default value is 8443.
    • Menu: Remote Replication of Database—Enter 2 to display a menu of options for configuring the time of day to take the backup, the location of the backup, and the timeout value.
    • Menu: SRS—Enter 3 to open a menu to configure the statistical report server (SRS).

    The following sections provide details about configuring remote backup and SRS:

    Enabling and Configuring Remote Replication of the Database

    On the Advanced Options menu, enter 2 to open a menu that allows you to mirror the daily backup to an external server. You can toggle it on or off. After you turn it on, use the menu options to configure this option.:

    The screen always shows the current status of the remote backup database. If no status exists, the option has not yet been configured.

    • Remote Replication of Database—Enter 1 to turn remote replication on or off. At the next prompt, enter y to change the state.
    • Hour of day to Replicate Database—Enter 2 to start the backup at the specified time. The valid range is 00-23.
    • Remote Backup IP—Enter 3 to specify the IP address of the remote backup machine. Backup information is copied to the /var/netscreen/dbbackup directory on the remote server. The nsm user must exist on both servers and you must establish an SSH trust relationship. See the Network and Security Manager Installation Guide for details.
    • Remote Replication Timeout—Enter 4 to time out the remote backup. The valid range is 1-65535 seconds.

    Enabling and Configuring the Statistical Report Server

    The following options are available for configuring the SRS:

    Note: The SRS must be installed on a separate server from NSM.

    You have the following options:

    • SRS—Enter 1 to turn the SRS on or off. At the next prompt, enter y to turn it on or n to turn it off. If you turn it on, the SRS will be used with the GUI server.
    • SRS DB IP—Enter 2 to specify the IP address for the server on which you have installed the SRS database server.
    • SRS DB Type—Enter 3 to specify the database type. The options are pgsql (default), oracle, and mssql.
    • SRS Database Name—Enter 4 to specify the name of the SRS database on the SRS server. The default value for this option is netscreen.
    • SRS DB Owner Name—Enter 5 to specify the name of the SRS database owner. The default value for this option is netscreen.
    • SRS DB Owner Password—Enter 6 to specify the owner password for the SRS database. At least eight characters are required. The password is case-sensitive.

    Published: 2014-10-30