N2000 System User Manual

Chapter 1 System Description........................................................................
1-1
1.1 Product Introduction ............................................................................... 1-1
1.2 Architecture ............................................................................................ 1-2
1.2.1 Software Architecture..................................................................... 1-2
1.2.2 Hardware Architecture ................................................................... 1-3
1.3 Technical Indices.................................................................................... 1-4
1.4 System Interface Standards ................................................................... 1-4
1.5 About Help .............................................................................................. 1-4
1.5.1 How to Get Help ............................................................................. 1-4
1.5.2 Content .......................................................................................... 1-5
1.5.3 Conventions ................................................................................... 1-6
1.5.4 How to Use Help ............................................................................ 1-7
Chapter 2 Topology Management .................................................................. 1-1
2.1 Basic Concepts ...................................................................................... 1-2
2.1.1 Concept Description ....................................................................... 1-2
2.1.2 Icon Description ............................................................................. 1-4
2.2 Functions ................................................................................................ 1-5
2.2.1 Editing the Topological View .......................................................... 1-5
2.2.2 Viewing a Topological View ........................................................... 1-12
2.2.3 Setting Default SNMP Parameters ................................................ 1-14
2.2.4 Setting Access Protocol Parameters ............................................. 1-15
2.2.5 Setting Device Maintenance Information ....................................... 1-17
2.2.6 Auto Device Discovery ................................................................... 1-18
2.3 Deploying Devices .................................................................................. 1-20
2.3.1 Preparations ................................................................................... 1-20
2.3.2 Adding a Submap .......................................................................... 1-20
2.3.3 Adding a Device to the NMS .......................................................... 1-20
2.3.4 Add Links ....................................................................................... 1-21
2.3.5 Device Deploying Example ............................................................ 1-22
Chapter 3 Fault Management .......................................................................... 3-1
3.1 Basic Concepts ...................................................................................... 3-1
3.1.1 Alarm Definition.............................................................................. 3-1
3.1.2 Term Explanations ......................................................................... 3-2
3.2 Functions ................................................................................................ 3-4
3.2.1 Browsing Alarm .............................................................................. 3-4
3.2.2 Alarm Statistics .............................................................................. 3-6
3.2.3 Setting Local Alarm Attributes ........................................................ 3-7
3.2.4 Setting Automatic Alarm Dumping ................................................. 3-7
3.2.5 Setting Automatic Alarm Acknowledgement .................................. 3-9
3.2.6 Setting Alarm Synchronization ....................................................... 3-9
3.2.7 Setting Remote Alarm Notification ................................................. 3-10
3.2.8 Setting Alarm Correlation ............................................................... 3-11
3.2.9 Locating Alarm/Event ..................................................................... 3-12
3.2.10 Managing Alarm Maintenance Tips ............................................. 3-12
3.3 Troubleshooting ...................................................................................... 3-13
3.3.1 Preparation .................................................................................... 3-14
3.3.2 Getting Alarm Information .............................................................. 3-15
3.3.3 Analyzing Alarm ............................................................................. 3-16
3.3.4 Eliminating Fault ............................................................................ 3-16
3.3.5 Acknowledging and Recovering Alarm .......................................... 3-16
3.3.6 Sharing Alarm Maintenance Tips ................................................... 3-17
3.3.7 An Example of Troubleshooting ..................................................... 3-17
Chapter 4 Performance Management ............................................................ 4-1
4.1 Realtime Performance Management...................................................... 4-2
4.1.1 Adding/deleting Performance Indexes ........................................... 4-2
4.1.2 Saving Data ................................................................................... 4-2
4.1.3 Adjusting Refresh Frequency......................................................... 4-2
4.2 Task Management .................................................................................. 4-3
4.2.1 Viewing Tasks ................................................................................ 4-3
4.2.2 Creating Tasks ............................................................................... 4-4
4.2.3 Suspending Tasks ......................................................................... 4-7
4.2.4 Resuming Tasks ............................................................................ 4-7
4.2.5 Deleting Tasks ............................................................................... 4-7
4.3 Data Management .................................................................................. 4-8
4.3.1 Querying Performance Data by Measuring Object ........................ 4-8
4.3.2 Querying Performance Data by Task............................................. 4-10
4.3.3 Setting Data Security Term ............................................................ 4-11
4.4 Data Integrity Management .................................................................... 4-12
4.4.1 Querying Data Integrity .................................................................. 4-12
4.4.2 Mending Data................................................................................. 4-13
4.5 Performance Alarm Threshold Management ......................................... 4-14
4.5.1 Querying Performance Alarm Threshold ....................................... 4-14
4.5.2 Adding a Performance Alarm Threshold ........................................ 4-15
4.5.3 Modifying a Performance Alarm Threshold.................................... 4-16
4.5.4 Deleting a Performance Alarm Threshold ...................................... 4-17
4.6 Performance Measurement .................................................................... 4-17
4.6.1 Time Distribution Analysis .............................................................. 4-17
4.6.2 Global Traffic Flow Analysis ........................................................... 4-18
4.6.3 Call Failure Analysis ...................................................................... 4-19
4.7 Other Functions ...................................................................................... 4-20
4.7.1 Changing Graph Settings............................................................... 4-20
4.7.2 Saving Measurement Data ............................................................ 4-21
4.7.3 Printing Measurement Data ........................................................... 4-22
4.7.4 Deleting Measurement Data .......................................................... 4-22
4.7.5 Creating a Conditional Expression ................................................. 4-23
Chapter 5 Security Management .................................................................... 5-1
5.1 Basic Conception ................................................................................... 5-1
5.2 Functions ................................................................................................ 5-2
5.2.1 Creating a User .............................................................................. 5-2
5.2.2 Modifying User Attributes ............................................................... 5-3
5.2.3 Assigning a User to User Groups .................................................. 5-3
5.2.4 Assigning Operation Right to a User .............................................. 5-3
5.2.5 Assigning Management Right to a User ........................................ 5-5
5.2.6 Creating a User Group ................................................................... 5-5
5.2.7 Modifying User Group Attributes .................................................... 5-6
5.2.8 Assigning Operation Right to a User Group ................................... 5-6
5.2.9 Assigning Operation Right to a User Group ................................... 5-7
5.2.10 Creating an Operation Set ........................................................... 5-8
5.2.11 Modifying Operation Set Attributes .............................................. 5-8
5.2.12 Setting Operations in an Operation Set ....................................... 5-8
5.2.13 Setting User ACL Right ................................................................ 5-9
5.2.14 Setting System ACL ..................................................................... 5-9
5.2.15 Realtime Monitoring User Operation Logs ................................... 5-9
5.2.16 Browsing/Dumping User Operation Logs ..................................... 5-10
5.3 User Right Management ........................................................................ 5-12
5.3.1 Preparations ................................................................................... 5-12
5.3.2 Creating Users ............................................................................... 5-12
5.3.3 Adding Users to User Groups ........................................................ 5-13
5.3.4 Adjusting User Operation Right ..................................................... 5-13
5.3.5 Adjusting User Management Right ................................................ 5-13
5.3.6 Configuring ACL ............................................................................. 5-13
5.3.7 User Log In .................................................................................... 5-13
5.4 License Management ............................................................................. 5-15
5.4.1 Querying License ........................................................................... 5-15
5.4.2 Upgrading License ......................................................................... 5-15
Chapter 6 Environment Monitoring Management ......................................... 6-1
6.1 Monitoring Power Parameters ................................................................ 6-1
6.2 Monitoring Environment Parameters ...................................................... 6-3
6.3 Monitoring Configuration Information ..................................................... 6-4
6.4 Related Operations ................................................................................ 6-5
6.4.1 Configuring Synchronizing Period .................................................. 6-5
6.4.2 Synchronizing Monitoring Unit List ................................................. 6-6
6.4.3 Synchronizing Environment Monitoring Device ............................. 6-7
6.4.4 Refreshing Environment Monitoring Unit List................................. 6-7
6.4.5 Browsing Legend ........................................................................... 6-8
Chapter 7 Database Backup Tool ................................................................... 7-1
7.1 Functions ................................................................................................ 7-1
7.1.1 Starting/Exiting a Database Backup Tool ...................................... 7-1
7.1.2 Viewing a Database ....................................................................... 7-2
7.1.3 Viewing Logs .................................................................................. 7-3
7.1.4 Configuring a Database Server...................................................... 7-4
7.1.5 Configuring a Database Set ........................................................... 7-5
7.1.6 Configuring an Auto Backup Policy................................................ 7-6
7.1.7 Configuring a Backup Device......................................................... 7-7
7.1.8 Manual Backup .............................................................................. 7-7
7.1.9 Configuring an Auto Backup Task ................................................. 7-8
7.1.10 Restoring a Database .................................................................. 7-9
7.2 Backing Up/Restoring a Database ......................................................... 7-9
7.2.1 Preparations ................................................................................... 7-10
7.2.2 Backing Up a Database ................................................................. 7-10
7.2.3 Restoring a Database .................................................................... 7-11
Chapter 8 System Monitor .............................................................................. 8-1
8.1 Starting/Exiting a System Monitor .......................................................... 8-1
8.2 Starting/Closing an NMS Server ............................................................ 8-2
8.3 Querying Processes ............................................................................... 8-3
8.4 Querying Database Information ............................................................. 8-4
8.5 Querying System Resource Information ................................................ 8-4
8.6 Querying Disk Information ...................................................................... 8-4
8.7 Querying Component Information .......................................................... 8-5
8.8 Setting a System Monitor ....................................................................... 8-5
Chapter 9 NMS Security Policy ...................................................................... 9-1
9.1 Overview ................................................................................................ 9-1
9.2 Security of Operating System ................................................................. 9-1
9.2.1 Security Policy for UNIX System .................................................... 9-2
9.2.2 Security Policy for Windows System .............................................. 9-12
9.3 Security of NMS Database ..................................................................... 9-15
9.4 Equipment Access Control ..................................................................... 9-15
9.5 Network Security Monitoring .................................................................. 9-16
Chapter 10 Routine Maintenance ................................................................... 10-1
10.1 NMS Maintenance Suggestions ........................................................... 10-1
10.2 Daily Maintenance Suggestions ........................................................... 10-2
10.2.1 Monitoring Running Environment ................................................. 10-2
10.2.2 Checking Network Running Status .............................................. 10-2
10.2.3 Checking Running Status of NMS Processes.............................. 10-3
10.2.4 Checking Server Performance ..................................................... 10-4
10.2.5 Checking Running Status of Equipment ...................................... 10-4
10.2.6 Checking Running Status of Boards ............................................ 10-5
10.2.7 Saving Configuration Data of Equipment ..................................... 10-5
10.2.8 Monitoring and Processing Alarms .............................................. 10-6
10.2.9 Monitoring User Operations ......................................................... 10-7
10.2.10 Backing up NMS Database ........................................................ 10-8
10.2.11 Shift Maintenance ...................................................................... 10-8
10.3 Weekly Maintenance Suggestions ....................................................... 10-9
10.3.1 Checking Performance Data ........................................................ 10-9
10.3.2 Managing Hard Disk Space of Server.......................................... 10-10
10.3.3 Managing Database Space .......................................................... 10-10
10.3.4 Backing up NMS Database .......................................................... 10-11
10.3.5 Managing User Authority ............................................................. 10-12
10.3.6 Outputting Weekly Report ............................................................ 10-13
10.4 Monthly Maintenance Suggestions ...................................................... 10-13
10.4.1 Checking NMS Running Performance ......................................... 10-13
10.4.2 Checking NMS Workstation Security ........................................... 10-14
10.4.3 Checking NMS Installation Disk ................................................... 10-15
10.4.4 Saving or Deleting History Data in NMS Database ...................... 10-16
10.4.5 Exporting or Clearing Data Files .................................................. 10-16
10.4.6 Checking Hardware, Power Supply and Equipment Room
Environment of Workstation .................................................................... 10-17
10.4.7 Checking SUN Terminal and PC Terminal of NMS ..................... 10-18
10.4.8 Outputting Monthly Report ........................................................... 10-18
10.5 Quarterly Maintenance Suggestions .................................................... 10-19
10.5.1 Checking NMS by Remote Logon................................................ 10-19
10.5.2 Communicating Maintenance Experience ................................... 10-19
10.5.3 Outputting Quarterly Report ......................................................... 10-20
10.6 Yearly Maintenance Suggestions ......................................................... 10-20
10.6.1 Summarizing Yearly Maintenance Experience ............................ 10-20
10.6.2 Outputting Yearly Report ............................................................. 10-20
Chapter 11 Remote Maintenance ................................................................... 11-1
11.1 Setting Up Remote Maintenance Channels ......................................... 11-1
11.2 Hardware Requirements and Connection Methods ............................. 11-1
11.2.1 PC and PC workstation ................................................................ 11-2
11.2.2 SUN workstation .......................................................................... 11-2
11.3 Software Configuration for Communication Connections..................... 11-3
11.3.1 PC/Windows2000 as PSTN dial-up access server ...................... 11-3
11.3.2 PC/Windows2000 as PSTN dial-up client .................................... 11-3
11.3.3 SUN workstation as PSTN dial-up access server ........................ 11-4
11.4 Remote Maintenance Schemes ........................................................... 11-10
11.4.1 SUN workstation serves as the dial-up server ............................. 11-10
11.4.2 PC/Windows2000 serves as the dial-up server ........................... 11-11
11.5 Troubleshooting.................................................................................... 11-11
Appendix A FAQs ............................................................................................ A-1
A.1 Workstation ............................................................................................ A-1
A.1.1 How to Start Sun Workstation from CD-ROM (Sun/Solaris) .......... A-1
A.1.2 Sun Workstation Abnormally Shut Down (Sun/Solaris) ................. A-1
A.1.3 How to Set IP Address of Sun Workstation (Sun/Solaris) ............. A-1
A.1.4 How to Change Host Name of Sun Workstation (Sun/Solaris)...... A-2
A.1.5 Failed to Connect PC to Sun Workstation through
Direct-connect Cable ( Sun/ Solaris) ....................................................... A-2
A.1.6 Keyboard No Response for Sun Workstation (Sun/Solaris) .......... A-2
A.1.7 How to Configure Maximum Terminals for Sun Workstation (
Sun/ Solaris)? ......................................................................................... A-2
A.1.8 How to Use CD-ROM Drive (Sun/Solaris) ..................................... A-2
A.1.9 How to Use Tape Drive (Sun/Solaris) ............................................ A-3
A.1.10 Failed to Log in to the System as a Root User While Using
FTP ( Sun/ Solaris) ................................................................................. A-4
A.1.11 Can’ t Use Services Such as Telnet After the NMS is
Installed................................................................................................... A-4
A.1.12 File Size Changed When FTP is Used to Send Files .................. A-4
A.1.13 Execution Authority of Files is Lost When FTP is Used to
Send Files ............................................................................................... A-5
A.2 Database................................................................................................ A-5
A.2.1 How to Change the Password of "sa" (Sun/Solaris/Sybase)? ....... A-5
A.2.2 How to Set the sa Password (Windows/SQL Server 2000) ........... A-5
A.2.3 Sun Workstation Abnormally Shut Down (Sun/Solaris/Sybase) .... A-6
A.2.4 Unable to Start Sybase(Sun/Solaris/Sybase) ................................ A-6
A.3 NMS ....................................................................................................... A-6
A.3.1 No Response from Left Mouse Button .......................................... A-6
A.3.2 Some NMS Functions Abnormal Due to OS Time Changed ......... A-7
A.3.3 Alarm Window Display Abnormal Due to Alarm Panel Closed ...... A-7
A.3.4 Installation Interface No Response (Windows).............................. A-7
A.3.5 Shortcut No Response .................................................................. A-8
A.3.6 Help Window No Response ........................................................... A-8
A.3.7 Topology Display Abnormal ........................................................... A-8
A.3.8 Nonstop Alarm Sound ................................................................... A-8
A.3.9 How to View Text Completely ........................................................ A-9
A.3.10 Abnormality Occurs When Selecting Multiple Records in
Table ....................................................................................................... A-9
A.3.11 Failed to Restore Database ......................................................... A-9
A.3.12 "Admin" Fails to Log in ................................................................ A-9
A.3.13 Device Name Overlap ................................................................. A-10
Appendix B Abbreviations .............................................................................. B-1
HUAWEI
HUAWEI iManager N2000 Fixed Network Integrated

Management System
User Manual
V200R003
HUAWEI iManager N2000 Fixed Network Integrated Management
System
User Manual
Manual Version T2-100140-20040430-C-2.30
Product Version V200R003
BOM 31013840
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support
and service. Please feel free to contact our local office or company headquarters.
Huawei Technologies Co., Ltd.
Address: Administration Building, Huawei Technologies Co., Ltd.,
Bantian, Longgang District, Shenzhen, P. R. China
Postal Code: 518129
Website: http://www.huawei.com
Email: support@huawei.com
Copyright © 2004 Huawei Technologies Co., Ltd.
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any

means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks
, HUAWEI, C&C08, EAST8000, HONET, , ViewPoint, INtess, ETS, DMC,

TELLIN, InfoLink, Netkey, Quidway, SYNLOCK, Radium, M900/M1800,
TELESIGHT, Quidview, Musa, Airbridge, Tellwin, Inmedia, VRP, DOPRA, iTELLIN,
HUAWEI OptiX, C&C08 iNET, NETENGINE, OptiX, iSite, U-SYS, iMUSE, OpenEye,
Lansway, SmartAX, infoX, TopEng are trademarks of Huawei Technologies Co.,
Ltd.
All other trademarks mentioned in this manual are the property of their respective
holders.
Notice
The information in this manual is subject to change without notice. Every effort has
been made in the preparation of this manual to ensure accuracy of the contents, but
all statements, information, and recommendations in this manual do not constitute
the warranty of any kind, express or implied.
About This Manual
Release Notes
This manual applies to iManager N2000 Fixed Network Integrated Management

System V200R003 (hereinafter referred to as iManager N2000).
Related Manuals
Manual Content
HUAWEI iManager N2000 Fixed It introduces the installation procedures of iManager 2000,
Network Integrated Management including operating system, database, NMS software and
System Installation Manual client.
It introduces the basic operations of iManager N2000,

including system description, topology management, fault
HUAWEI iManager N2000 Fixed
management, performance management, security
Network Integrated Management
management, database backup, and system monitor.
System User Manual
Security strategy, daily maintenance and remote
maintenance are also described in this manual.
For the operations on network elements (NEs), please refer to the user manuals of the
corresponding subsystem.
Organization
The manual introduces basic functions and operations of iManager N2000 and the
maintenance guide as well.
Chapter 1 System Description covers function features, architecture of iManager

N2000 and introduction to help system.
Chapter 2 Topology Management describes basic concepts, function features of

topology management. The procedures of device deployment are illustrated with
examples.
Chapter 3 Fault Management describes basic concepts, function features of fault

management. The procedures of fault processing are illustrated with examples.
Chapter 4 Performance Management introduces a group of management tools,
through which the user can query performance data on different layers such as network
layer, device layer and port layer.
Chapter 5 Security Management introduces the user authority management of

iManager N2000.
Chapter 6 Environment Monitoring Management presents the integrated

environment monitoring function of the iManager N2000 on the devices of the whole
network.
Chapter 7 Database Backup Tool introduces the usage of this database backup tool,
which provides auto and manual database backup and recover function. It also
supports the remote maintenance.
Chapter 8 System Monitor introduces the usage of the system monitoring client and
its maintenance functions.
Chapter 9 NMS Security Policy provides security policies from four aspects, such as
operating system, database, NM applications and network.
Chapter 10 Routine Maintenance gives suggestions and guides to routine

maintenance.
Chapter 11 Remote Maintenance introduces the methods of remote maintenance on

the NMS.
Appendix collects the frequent asked questions (FAQs) about the NMS maintenance
and the abbreviations used in the manual.
Intended Audience
The manual is intended for the following readers:

z Network design & management personnel
z Network maintenance personnel
z Engineer for iManager N2000 NMS
Conventions
I. General conventions
Convention Description
Arial Normal paragraphs are in Arial.
Arial Narrow Warnings, Cautions, Notes and Tips are in Arial Narrow.
Boldface Headings are in Boldface.
Courier New Terminal Display is in Courier New.
II. GUI conventions
Button names are inside angle brackets. For example, click <OK>
<>
button.
Window names, menu items, data table and field names are inside
[]
square brackets. For example, pop up the [New User] window.
Multi-level menus are separated by forward slashes. For example,
/
[File/Create/Folder].
III. Keyboard operation
Format Description
Press the key with the key name inside angle brackets. For example,
<Key>
<Enter>, <Tab>, <Backspace>, or <A>.
Press the keys concurrently. For example, <Ctrl+Alt+A> means the three
<Key1+Key2>
keys should be pressed concurrently.
Press the keys in turn. For example, <Alt, A> means the two keys should
<Key1, Key2>
be pressed in turn.
IV. Mouse operation
Action Description
Click Press the left button or right button quickly (left button by default).
Double Click Press the left button twice continuously and quickly.
Drag Press and hold the left button and drag it to a certain position.
V. Symbols
Eye-catching symbols are also used in the manual to highlight the points worthy of
special attention during the operation. They are defined as follows:
Caution, Warning, Danger: Means reader be extremely careful during the
operation.
Note, Comment, Tip, Knowhow, Thought: Means a complementary description.

User Manual
HUAWEI iManager N2000 Fixed Network Integrated Management System Table of Contents
Table of Contents
Chapter 1 System Description ..................................................................................................... 1-1

1.1 Product Introduction........................................................................................................... 1-1
1.2 Architecture........................................................................................................................ 1-2
1.2.1 Software Architecture.............................................................................................. 1-2
1.2.2 Hardware Architecture ............................................................................................ 1-3
1.3 Technical Indices ............................................................................................................... 1-3
1.4 System Interface Standards .............................................................................................. 1-4
1.5 About Help ......................................................................................................................... 1-4
1.5.1 How to Get Help ...................................................................................................... 1-4
1.5.2 Content.................................................................................................................... 1-5
1.5.3 Conventions ............................................................................................................ 1-6
1.5.4 How to Use Help ..................................................................................................... 1-6
Chapter 2 Topology Management................................................................................................ 2-1

2.1 Basic Concepts .................................................................................................................. 2-2
2.1.1 Concept Description................................................................................................ 2-2
2.1.2 Icon Description....................................................................................................... 2-4
2.2 Functions ........................................................................................................................... 2-5
2.2.1 Editing the Topological View ................................................................................... 2-5
2.2.2 Viewing Topological View ..................................................................................... 2-12
2.2.3 Setting Default SNMP Parameters........................................................................ 2-14
2.2.4 Setting Access Protocol Parameters .................................................................... 2-15
2.2.5 Setting Device Maintenance Information .............................................................. 2-16
2.2.6 Auto Device Discovery .......................................................................................... 2-18
2.3 Deploying Devices ........................................................................................................... 2-19
2.3.1 Preparations .......................................................................................................... 2-19
2.3.2 Adding Submaps ................................................................................................... 2-20
2.3.3 Adding Devices to the NMS .................................................................................. 2-20
2.3.4 Add Links............................................................................................................... 2-21
2.3.5 Device Deploying Example ................................................................................... 2-21
Chapter 3 Fault Management ....................................................................................................... 3-1

3.1 Basic Concepts .................................................................................................................. 3-1
3.1.1 Alarm Definition ....................................................................................................... 3-1
3.1.2 Term Explanations .................................................................................................. 3-2
3.2 Functions ........................................................................................................................... 3-4
3.2.1 Browsing Alarm ....................................................................................................... 3-4
3.2.2 Alarm Statistics........................................................................................................ 3-6
3.2.3 Setting Local Alarm Attributes................................................................................. 3-7
i
User Manual
3.2.4 Setting Automatic Alarm Dumping .......................................................................... 3-7

3.2.5 Setting Automatic Alarm Acknowledgement ........................................................... 3-9
3.2.6 Setting Alarm Synchronization ................................................................................ 3-9
3.2.7 Setting Remote Alarm Notification ........................................................................ 3-10
3.2.8 Setting Alarm Correlation ...................................................................................... 3-11
3.2.9 Locating Alarm/Event ............................................................................................ 3-12
3.2.10 Managing Alarm Maintenance Tips..................................................................... 3-12
3.3 Troubleshooting ............................................................................................................... 3-13
3.3.1 Preparation............................................................................................................ 3-14
3.3.2 Getting Alarm Information ..................................................................................... 3-15
3.3.3 Analyzing Alarm .................................................................................................... 3-16
3.3.4 Eliminating Fault.................................................................................................... 3-16
3.3.5 Acknowledging and Recovering Alarm ................................................................. 3-16
3.3.6 Sharing Alarm Maintenance Tips .......................................................................... 3-17
3.3.7 An Example of Troubleshooting ............................................................................ 3-17
Chapter 4 Performance Management.......................................................................................... 4-1

4.1 Realtime Performance Management ................................................................................. 4-2
4.1.1 Adding/deleting Performance Indexes .................................................................... 4-2
4.1.2 Saving Data............................................................................................................. 4-2
4.1.3 Adjusting Refresh Frequency.................................................................................. 4-2
4.2 Task Management ............................................................................................................. 4-3
4.2.1 Viewing Tasks ......................................................................................................... 4-3
4.2.2 Creating Tasks ........................................................................................................ 4-4
4.2.3 Suspending Tasks................................................................................................... 4-7
4.2.4 Resuming Tasks...................................................................................................... 4-7
4.2.5 Deleting Tasks......................................................................................................... 4-7
4.3 Data Management ............................................................................................................. 4-8
4.3.1 Querying Performance Data by Measuring Object ................................................. 4-8
4.3.2 Querying Performance Data by Task.................................................................... 4-10
4.3.3 Setting Data Security Term ................................................................................... 4-11
4.4 Data Integrity Management ............................................................................................. 4-12
4.4.1 Querying Data Integrity ......................................................................................... 4-12
4.4.2 Mending Data ........................................................................................................ 4-13
4.5 Performance Alarm Threshold Management................................................................... 4-14
4.5.1 Querying Performance Alarm Threshold .............................................................. 4-14
4.5.2 Adding a Performance Alarm Threshold............................................................... 4-15
4.5.3 Modifying a Performance Alarm Threshold........................................................... 4-16
4.5.4 Deleting a Performance Alarm Threshold............................................................. 4-17
4.6 Performance Measurement ............................................................................................. 4-17
4.6.1 Time Distribution Analysis..................................................................................... 4-17
4.6.2 Global Traffic Flow Analysis.................................................................................. 4-18
4.6.3 Call Failure Analysis.............................................................................................. 4-19
ii
User Manual
4.7 Other Functions ............................................................................................................... 4-20

4.7.1 Changing Graph Settings...................................................................................... 4-20
4.7.2 Saving Measurement Data.................................................................................... 4-21
4.7.3 Printing Measurement Data .................................................................................. 4-22
4.7.4 Deleting Measurement Data ................................................................................. 4-22
4.7.5 Creating a Conditional Expression........................................................................ 4-23
Chapter 5 Security Management.................................................................................................. 5-1

5.1 Basic Conception ............................................................................................................... 5-1
5.2 Functions ........................................................................................................................... 5-2
5.2.1 Creating a User ....................................................................................................... 5-2
5.2.2 Modifying User Attributes ........................................................................................ 5-3
5.2.3 Assigning a User to User Groups............................................................................ 5-3
5.2.4 Assigning Operation Right to a User....................................................................... 5-3
5.2.5 Assigning Management Right to a User ................................................................. 5-5
5.2.6 Creating a User Group ............................................................................................ 5-5
5.2.7 Modifying User Group Attributes ............................................................................. 5-6
5.2.8 Assigning Operation Right to a User Group............................................................ 5-6
5.2.9 Assigning Operation Right to a User Group............................................................ 5-7
5.2.10 Creating an Operation Set .................................................................................... 5-8
5.2.11 Modifying Operation Set Attributes ....................................................................... 5-8
5.2.12 Setting Operations in an Operation Set ................................................................ 5-8
5.2.13 Setting User ACL Right ......................................................................................... 5-9
5.2.14 Setting System ACL .............................................................................................. 5-9
5.2.15 Realtime Monitoring User Operation Logs............................................................ 5-9
5.2.16 Browsing/Dumping User Operation Logs............................................................ 5-10
5.3 User Right Management.................................................................................................. 5-12
5.3.1 Preparations .......................................................................................................... 5-12
5.3.2 Creating Users ...................................................................................................... 5-12
5.3.3 Adding Users to User Groups ............................................................................... 5-13
5.3.4 Adjusting User Operation Right............................................................................. 5-13
5.3.5 Adjusting User Management Right ....................................................................... 5-13
5.3.6 Configuring ACL .................................................................................................... 5-13
5.3.7 User Log In............................................................................................................ 5-13
5.4 License Management ...................................................................................................... 5-15
5.4.1 Querying License .................................................................................................. 5-15
5.4.2 Upgrading License ................................................................................................ 5-15
Chapter 6 Environment Monitoring Management ...................................................................... 6-1

6.1 Monitoring Power Parameters ........................................................................................... 6-1
6.2 Monitoring Environment Parameters ................................................................................. 6-3
6.3 Monitoring Configuration Information ................................................................................ 6-4
6.4 Related Operations............................................................................................................ 6-5
6.4.1 Configuring Synchronizing Period........................................................................... 6-5
iii
User Manual
6.4.2 Synchronizing Monitoring Unit List.......................................................................... 6-6

6.4.3 Synchronizing Environment Monitoring Device ...................................................... 6-7
6.4.4 Refreshing Environment Monitoring Unit List.......................................................... 6-7
6.4.5 Browsing Legend .................................................................................................... 6-8
Chapter 7 Database Backup Tool ................................................................................................ 7-1

7.1 Functions ........................................................................................................................... 7-1
7.1.1 Starting/Exiting a Database Backup Tool ............................................................... 7-1
7.1.2 Viewing a Database ................................................................................................ 7-2
7.1.3 Viewing Logs ........................................................................................................... 7-3
7.1.4 Configuring a Database Server............................................................................... 7-4
7.1.5 Configuring a Database Set .................................................................................... 7-5
7.1.6 Configuring an Auto Backup Policy......................................................................... 7-6
7.1.7 Configuring a Backup Device.................................................................................. 7-7
7.1.8 Manual Backup........................................................................................................ 7-7
7.1.9 Configuring an Auto Backup Task........................................................................... 7-8
7.1.10 Restoring a Database ........................................................................................... 7-9
7.2 Backing Up/Restoring a Database..................................................................................... 7-9
7.2.1 Preparations .......................................................................................................... 7-10
7.2.2 Backing Up a Database ........................................................................................ 7-10
7.2.3 Restoring a Database ........................................................................................... 7-11
Chapter 8 System Monitor............................................................................................................ 8-1

8.1 Starting/Exiting a System Monitor...................................................................................... 8-1
8.2 Starting/Closing an NMS Server........................................................................................ 8-2
8.3 Querying Processes .......................................................................................................... 8-3
8.4 Querying Database Information......................................................................................... 8-4
8.5 Querying System Resource Information............................................................................ 8-4
8.6 Querying Disk Information ................................................................................................. 8-4
8.7 Querying Component Information...................................................................................... 8-5
8.8 Setting a System Monitor................................................................................................... 8-5
Chapter 9 NMS Security Policy .................................................................................................... 9-1

9.1 Overview ............................................................................................................................ 9-1
9.2 Security of Operating System ............................................................................................ 9-1
9.2.1 Security Policy for UNIX System............................................................................. 9-2
9.2.2 Security Policy for Windows System..................................................................... 9-12
9.3 Security of NMS Database .............................................................................................. 9-15
9.4 Equipment Access Control .............................................................................................. 9-15
9.5 Network Security Monitoring............................................................................................ 9-16
Chapter 10 Routine Maintenance............................................................................................... 10-1

10.1 NMS Maintenance Suggestions .................................................................................... 10-1
10.2 Daily Maintenance Suggestions .................................................................................... 10-2
10.2.1 Monitoring Running Environment........................................................................ 10-2
iv
User Manual
10.2.2 Checking Network Running Status ..................................................................... 10-2

10.2.3 Checking Running Status of NMS Processes..................................................... 10-3
10.2.4 Checking Server Performance ............................................................................ 10-4
10.2.5 Checking Running Status of Equipment ............................................................. 10-4
10.2.6 Checking Running Status of Boards ................................................................... 10-5
10.2.7 Saving Configuration Data of Equipment............................................................ 10-5
10.2.8 Monitoring and Processing Alarms ..................................................................... 10-6
10.2.9 Monitoring User Operations ................................................................................ 10-7
10.2.10 Backing up NMS Database ............................................................................... 10-8
10.2.11 Shift Maintenance ............................................................................................. 10-8
10.3 Weekly Maintenance Suggestions................................................................................. 10-9
10.3.1 Checking Performance Data ............................................................................... 10-9
10.3.2 Managing Hard Disk Space of Server............................................................... 10-10
10.3.3 Managing Database Space............................................................................... 10-10
10.3.4 Backing up NMS Database ............................................................................... 10-11
10.3.5 Managing User Authority................................................................................... 10-12
10.3.6 Outputting Weekly Report ................................................................................. 10-13
10.4 Monthly Maintenance Suggestions.............................................................................. 10-13
10.4.1 Checking NMS Running Performance .............................................................. 10-13
10.4.2 Checking NMS Workstation Security ................................................................ 10-14
10.4.3 Checking NMS Installation Disk ........................................................................ 10-15
10.4.4 Saving or Deleting History Data in NMS Database........................................... 10-16
10.4.5 Exporting or Clearing Data Files ....................................................................... 10-16
10.4.6 Checking Hardware, Power Supply and Equipment Room Environment of
Workstation .................................................................................................................. 10-17
10.4.7 Checking SUN Terminal and PC Terminal of NMS .......................................... 10-18
10.4.8 Outputting Monthly Report ................................................................................ 10-18
10.5 Quarterly Maintenance Suggestions ........................................................................... 10-19
10.5.1 Checking NMS by Remote Logon..................................................................... 10-19
10.5.2 Communicating Maintenance Experience ........................................................ 10-19
10.5.3 Outputting Quarterly Report .............................................................................. 10-20
10.6 Yearly Maintenance Suggestions ................................................................................ 10-20
10.6.1 Summarizing Yearly Maintenance Experience ................................................. 10-20
10.6.2 Outputting Yearly Report................................................................................... 10-20
Chapter 11 Remote Maintenance............................................................................................... 11-1

11.1 Setting Up Remote Maintenance Channels .................................................................. 11-1
11.2 Hardware Requirements and Connection Methods....................................................... 11-1
11.2.1 PC and PC workstation ....................................................................................... 11-2
11.2.2 SUN workstation ................................................................................................. 11-2
11.3 Software Configuration for Communication Connections.............................................. 11-3
11.3.1 PC/Windows2000 as PSTN dial-up access server ............................................. 11-3
11.3.2 PC/Windows2000 as PSTN dial-up client........................................................... 11-3
v
User Manual
11.3.3 SUN workstation as PSTN dial-up access server............................................... 11-4

11.4 Remote Maintenance Schemes................................................................................... 11-10
11.4.1 SUN workstation serves as the dial-up server .................................................. 11-10
11.4.2 PC/Windows2000 serves as the dial-up server ................................................ 11-11
11.5 Troubleshooting ........................................................................................................... 11-11
Appendix A FAQs ..........................................................................................................................A-1

A.1 Workstation........................................................................................................................A-1
A.1.1 How to Start Sun Workstation from CD-ROM (Sun/Solaris)...................................A-1
A.1.2 Sun Workstation Abnormally Shut Down (Sun/Solaris)..........................................A-1
A.1.3 How to Set IP Address of Sun Workstation (Sun/Solaris) ......................................A-1
A.1.4 How to Change Host Name of Sun Workstation (Sun/Solaris) ..............................A-2
A.1.5 Failed to Connect PC to Sun Workstation through Direct-connect Cable (Sun/Solaris)
..........................................................................................................................................A-2
A.1.6 Keyboard No Response for Sun Workstation (Sun/Solaris)...................................A-2
A.1.7 How to Configure Maximum Terminals for Sun Workstation (Sun/Solaris)?..........A-2
A.1.8 How to Use CD-ROM Drive (Sun/Solaris) ..............................................................A-2
A.1.9 How to Use Tape Drive (Sun/Solaris).....................................................................A-3
A.1.10 Failed to Log in to the System as a Root User While Using FTP (Sun/Solaris)...A-4
A.1.11 Can’t Use Services Such as Telnet After the NMS is Installed ............................A-4
A.1.12 File Size Changed When FTP is Used to Send Files ...........................................A-4
A.1.13 Execution Authority of Files is Lost When FTP is Used to Send Files .................A-5
A.2 Database ...........................................................................................................................A-5
A.2.1 How to Change the Password of "sa" (Sun/Solaris/Sybase)?................................A-5
A.2.2 How to Set the sa Password (Windows/SQL Server 2000) ...................................A-5
A.2.3 Sun Workstation Abnormally Shut Down (Sun/Solaris/Sybase).............................A-6
A.2.4 Unable to Start Sybase(Sun/Solaris/Sybase).........................................................A-6
A.3 NMS...................................................................................................................................A-6
A.3.1 No Response from Left Mouse Button ...................................................................A-6
A.3.2 Some NMS Functions Abnormal Due to OS Time Changed..................................A-7
A.3.3 Alarm Window Display Abnormal Due to Alarm Panel Closed...............................A-7
A.3.4 Installation Interface No Response (Windows).......................................................A-7
A.3.5 Shortcut No Response............................................................................................A-8
A.3.6 Help Window No Response....................................................................................A-8
A.3.7 Topology Display Abnormal....................................................................................A-8
A.3.8 Nonstop Alarm Sound.............................................................................................A-8
A.3.9 How to View Text Completely.................................................................................A-9
A.3.10 Abnormality Occurs When Selecting Multiple Records in Table ..........................A-9
A.3.11 Failed to Restore Database ..................................................................................A-9
A.3.12 "Admin" Fails to Log in..........................................................................................A-9
A.3.13 Device Name Overlap.........................................................................................A-10
Appendix B Abbreviations ...........................................................................................................B-1
vi
User Manual
HUAWEI iManager N2000 Fixed Network Integrated Management System Chapter 1 System Description
Chapter 1 System Description
1.1 Product Introduction
The iManager N2000 Fixed Network Integrated Management System (called

iManager N2000 in this manual) maintains and manages the fixed-network devices in
a unified manner.
Residing at the management layer of network solutions, the iManager N2000

manages Network Elements (NEs) and networks.
The iManager N2000 provides different network management solutions:

z Broadband Network Management System (BMS)
z U-SYS Management System (UMS) of the Next Generation Network (NGN).
The iManager N2000 is developed on the unified network management (NM) platform
of Huawei.
It employs the mature and widely-used client/server architecture. Therefore, it

supports multiple clients and can manage large and complex networks.
With a multi-process design mechanism, the iManager N2000 can be flexibly

extended to meet different requirements.
The iManager N2000 provides a concise and consistent management mode. It

provides unified device panel and operation interfaces for the function supported.
The functions are shown below.

z Topology management
z Fault management
z Performance management
z Security & log management.
Considering the user habits, the iManager N2000 puts the distributed devices
together in a unified visual style. In this way, the operators can easily monitor, operate
and manage the devices on the network.
The iManager N2000 BMS is designed to manage the broadband devices and
services. It manages the broadband access devices and Asynchronous Transfer
Mode (ATM) backbone convergence devices. They are:
z MA510X
z MA5200
z MA530X
1-1
User Manual
z MD5500
z Radium 8750/BAS
z HONET (Home Optical Network)
The iManager N2000 UMS manages NGN components. They are:
z Trunk Media Gateway (TMG)
z Access Media Gateway (AMG)
z Signaling Gateway (SG)
z Media Resource Server (MRS)
z Integrated Access Device (IAD)
z Universal Media Gateway (UMG)
z iGateway Bill (iGWB)
z Integrated Access Device Management System (IADMS).
The iManager N2000 also manages NGN services. It provisions IAD, AMG and UMG
services and manages the users. It also manages the NGN resources, including
device resources and service resources.
The Data Management System (DMS) is developed on the same NM platform. It is

designed to manage data communications devices, such as routers, switches and
access servers. It can manage both devices and networks.
The iManager N2000 BMS, UMS and UMS can manage all devices of Huawei on the
fixed network.
1.2 Architecture
1.2.1 Software Architecture
Figure 1-1 shows the software architecture of the iManager N2000.
Figure 1-1 Software architecture of the iManager N2000
1-2
User Manual
The design of the iManager N2000 is object-oriented. The iManager N2000 has a
multi-process and modular structure. It supports distributed system management and
has high scalability.
The iManager N2000 schedules and monitors the real-time stauts of the NE daemon
process in a unified way. The daemon processes transfer messages through one
message distribution center (MDC). In this way, the NE daemons become highly
independent. One NM application can initiate multiple real-time tasks, which can be
quickly switched.
The iManager N2000 provides NM components for different devices. You can choose
the components that you want, so the iManager N2000 is highly scalable. You can
easily add new components, device types and functions to it.
1.2.2 Hardware Architecture
The iManager N2000 consists of one system server and multiple clients. The system
server communicates with the clients through a Local Area Network (LAN) or Wide
Area Network (WAN).
Figure 1-2 shows the hardware architecture of the iManager N2000.
Client
System server/database server
DCN
Managed To NEs
devices
Client Client
Figure 1-2 Hardware architecture of the iManager N2000
The NMS server runs on Solaris or Windows 2000 Server platform. The NMS server
can be SUN workstation or a PC.
You can install client and server software on the same PC, instead of a workstation,
and install SQL Server as database. In this way, you are provided with a cost-effective
NM solution.
You can do the following through this PC:
1-3
User Manual
z browse through the navigation tree

z do some basic configurations
z receive and query alarms
z monitor the device performance in real time.
1.3 Technical Indices

1) The iManager N2000 supports up to 6,000 equivalent nodes.
2) The iManager N2000 supports 50 clients at the same time.
3) The current alarm table can store up to 100,000 alarm records. The maximum
number of records in the history alarm and event alarm tables can by the user.
Once the tables are full, the data is to be dumped.
4) The time delay to display the alarms that is received at the fault management
module at the client is less than 8 seconds.
5) The log database contains three months’ log. In refreshing of the displayed log
information, the latency time does not exceed 3 seconds.
6) The iManager N2000 supports up to 255 users.
7) The iManager N2000 deals with up to 100 alarm records per second. The alarm
buffer can store up to 100,000 alarm records.
1.4 System Interface Standards

z Downstream SNMP V1/V2/V3 interfaces: management interfaces of the NMS to
the broadband devices.
z Downstream Man Machine Language (MML) interfaces: management interfaces
of the NMS to the narrowband devices.
z Downstream SYSLOG interface: Some devices report the operation information
through the SYSLOG interface.
z Downstream File Transfer Protocol/Trivial File Transfer Protocol (FTP/TFTP)
interfaces: standard FTP/TFTP interfaces used to load and backup device
versions.
z Downstream Telnet interface: command line interface of the NMS to the
broadband device.
z Upstream SNMP (V1/V2/V3) interfaces: interfaces of the NMS to the upper NMS
and other NMSs.
1.5 About Help
1.5.1 How to Get Help
To start the iManager N2000 help, do one of these.

z Start the iManager N2000 client, and then select [Help/Topic].
1-4
User Manual
z Start the iManager N2000 client, click on any area of the client, and then press
<F1>. The context-sensitive Help appears.
To browse the Help while the client is not started, do one of these.
z On the Solaris operating system (OS), right click on the Common Desktop
Environment (CDE), and then select [Applications/iManager N2000/N2000
Online Manual].
z On Windows OS, select [Start/Program/iManager N2000/N2000 Online Manual].
The help window is as shown in Figure 1-3.
Figure 1-3 Help browser
1.5.2 Content
The Help covers these major topics:

z Product Brief Introduction: It introduces the orientation, function features, and
typical applications of the iManager N2000.
z N2000 Quick Start: It introduces the client interface, customized settings, and
usage of the iManager N2000.
z Deploy Devices: It introduces how to deploy devices in the iManager N2000 and
how to manage the devices through the topology.
1-5
User Manual
z Device Troubleshooting: It introduces how to do troubleshooting through the

iManager N2000. For example, it tells you how to collect alarms, locate and
eliminate faults, and summarize alarm processing experiences.
z User Right Management: It introduces how to manage user rights to ensure the
reliability and security of the iManager N2000.
z View Device Running Performance: It introduces how to query, collect and
analyze the real-time performance data of devices. It helps you identify the
performance bottleneck and provides reference for optimizing the network
status.
z Backup/Restore Database: It introduces how to back up and restore the NMS
database.
z NE Management: It tells how to manage the devices and finish the service
configuration.
z Service Management: It presents how to provision and maintain services.
z Device Resource Management: It introduces how to measure and query network
device resources and logical resources.
z Routine Maintenance: It introduces the contents, methods and references of the
routine maintenance. This helps you effectively maintain devices and ensure the
reliability of the iManager N2000.
z FAQ: It describes common problems and solutions to them.
z Basic Operation List: It lists all basic operations. Through the basic operation list,
you can know the operations quickly.
z Terms and Abbreviations: It lists the relevant terms and abbreviations.
1.5.3 Conventions
The conventions in the help system include:

z Pop-up: It is blue. Clicking it displays a window giving an explanation of the blue
word.
z Hyperlink: It is underlined and blue. Clicking it leads you to the linked page.
z The relationship between interface and Help.
—If the active dialog box or tab has a basic, independent function, press <F1>.
The related help page is shown. For example, open the "Auto Discovery" dialog
box, and then click <F1>. The "Set Device" page is shown.
—If the active dialog box can implement many functions, click <F1>. The default
help page is shown. For example, in the topological view, press <F1>. The
"Topology Management" page is shown. On the page, the links of all topology
management operations are listed.
1-6
User Manual
1.5.4 How to Use Help
I. How to find a topic
In the "Help" window, do one of the following:

z To search for a topic from the topic list, select [View/Topic] or click the "Help
Topics" tab. On the navigation tree, click the desired topic.
z To search for a topic from the index list, select [View/Index] or click the "Index"
tab. On the tab, enter the keyword, and then press <Enter>.
The related help appears in the right pane.
II. How to print a topic
1) In the right pane of the "Help" window, click the topic you want to print.
2) On the "Help" title bar, click .

3) In the dialog box that appears, set the parameters, and then <OK>.
III. How to set the Help window
1) Hide or show directories

z To hide the directories in the left pane of the help window, click on the boundary
between the left and right panes. The right pane occupies the entire help window.
Click on the left boundary to restore.
z To make the directories in the left pane occupy the entire help window, click on
the boundary between the left and right panes. Click on the right boundary to
restore.
2) Set the window size
z To resize the left and right panes, move the pointer to the boundary. When the
pointer becomes a double-headed arrow, drag it to the left or the right.
z To resize the "Help" window proportionately, move the pointer to the corner of the
"Help" window. When the pointer becomes a double-headed arrow, drag it to
resize the window.
z To change the height or width of the "Help" window, move the pointer to the top,
bottom, left, or right boundary of the window. When the pointer becomes a
double-headed arrow, drag it to resize the window.
1-7
User Manual Chapter 1 Topology
HUAWEI iManager N2000 Fixed Network Integrated Management System Management
Chapter 2 Topology Management
Topology management enables you to construct and manage the topology structure
of the network. You can keep track of the operation status of the entire network by
browsing topological views of the network.
In topology management, you can upload topological data of network devices through
topology auto discovery or by manually adding topology nodes. You can also add,
delete, modify, and query topological devices. According to different management
requirements of users, topology management provides such functions as
non-hierarchically zooming, setting background, and auto layout. In this way, you can
manage networks and devices easily.
Topology management can poll network devices and refresh their status regularly,
thus making the network view display consistent with the actual network topology. In
addition, topology management can monitor polling status and alarm status of
network devices through color changes of the topological nodes.
Figure 1–1 shows the main window for topology management.
Figure 1–1 Main topological view
1-1
2.1 Basic Concepts

The topology is a map of the managed telecommunications network in the NMS. It
displays managed devices and links on the user interface using graphs and trees.
Through the topology, users can perform such operations as configuration, alarm and
performance.
The topological objects that can be managed include nodes, submaps and links.
2.1.1 Concept Description
I. Submap
In the NMS, a large network can be divided into several smaller networks by region or
something else to facilitate network management. In the topology, these smaller
networks are known as submaps.
II. Node
A node refers to a managed device that is mapped into the topology. For a
single-frame device, a node represents the device. For a multiple-frame device, a
node usually represents a frame in the device. Therefore, in the topology, a node and
a device do not mean exactly the same.
III. Link
A link refers to a connection between devices that is mapped into the topology. In the
topological view, the displaying of links follows these rules:
z If there is any connection relation between two objects in the same submap, a
link is drawn between the icons of the two objects. Double click the link, and you
can query the detailed attributes, including the link name, link type and link
status.
z If there is any connection relation between two objects in two submaps, a
shortcut icon is drawn at the lower right corner of each icon.
z If there is any connection relation between the lower submaps or nodes in two
submaps, a link is drawn between the two objects (two submaps).
IV. View
In the NMS, different views can be used to display the topology, depending on the
angle of observing network or the service range concerned. As examples, a physical
view divides network topology structure based on regions or any other rules; an IP
view divides a network into several smaller networks based on the IP network
segment.
Accordingly, the topology structure is organized in this way:
1-2
Each view corresponds to a device explorer and is concerned about different service
points. Each device explorer includes several submaps, which show the network
composition in the view. Each submap includes several nodes, as shown in Figure
1–2.
Figure 1–2 View
V. Role
Switches in a cluster can play different roles based on the locations and functions. A
cluster is a manageable network that comprises of multiple interconnected switches.
It is assigned with a single IP address. All switches in the cluster must support Huawei
Group Management Protocol V2 (HGMP V2). With the cluster management, the user
can manage a group of switches without assigning an IP address to each member
switch.
In the NMS, depending on different service angles, device nodes of the same type
can be defined as different roles to implement different operation and configuration
modes. For example, a Quidview device node, which is not defined in the physical
view, may be defined as a command switch or member switch in the Virtual Local
Area Network (VLAN) view.
The switches in a cluster can play the following roles.
z Command switch
The switch is assigned with a public network IP address and provides the main
management interfaces for the overall cluster. A management command is first sent
to the command switch for processing. If it finds that the command is destined to a
certain member switch, it will redirect the command to the member switch.
1-3
z Member switch
The switch is a member of a cluster, which is not assigned with a public network IP
address in normal situations. It only receives the management commands redirected
from the command switch.
z Candidate switch
The switch does not join any cluster, but has the cluster capability and can become a
member of a cluster.
z Independent switch
The switch can be discovered in the process of gathering cluster topology information,
but has no cluster capability and cannot become a cluster member.
VI. Filter
Filter is a special topological node. It can contain members. Currently, the filter often
represents a multi-frame device. The multiple nodes under the filter represent the
frames of the device.
VII. Polling status and alarm status
Polling status: The NMS queries the status and other configuration data of devices
regularly, and displays the queried status information in the topological view.
The possible polling statuses include:
Normal, unknown, offline, insignificant, minor, major fault, critical, loopback, and test.
Alarm status: The device reports trap information to the NMS. Then the trap
information is displayed in the topological view.
The possible alarm statuses include:
Critical, major, minor, and warning.
2.1.2 Icon Description
Corresponding to the concepts provided in the previous section, the topological view
uses different icons to indicate submap, node, link, view objects and their statuses,
and role.
For a node, a submap, or a link, the color of its icon shows its polling status. The
status at the upper left corner of the icon shows its alarm status, lock status (locked or
unlocked), and its role.
Figure 1–3 shows a node which is locked, offline and is experiencing a critical alarm.
Figure 1–3 Node
1-4
Below list the legends of the status icons.
I. Polling status color legend
Normal
Unknown
Offline
Insignificant Fault
Minor Fault
Major Fault
Critical Fault
Loopback
Test
II. Alarm icon
Critical
Major
Minor
Warning
III. Lock icon
indicates that the object is locked.
IV. Shortcut icon
indicates a cross-submap link.
V. Filter icon
indicates a filter.
2.2 Functions
2.2.1 Editing the Topological View
I. Adding/deleting a submap
1) Select [Edit/Add Object] to display the "Add Object" dialog box.

2) On the “Object Type” pane, select the submap type to be added, and enter the
related parameters, as shown in Figure 1–4.
1-5
Figure 1–4 Adding submaps
3) Then click <Add>.

If the operation succeeds, the status bar prompts the success. If the operation fails, a
dialog box shows the failure.
4) In the topological view or on the device explorer, select the submap to be deleted.
Click [Edit/Delete From This Submap] or press <Delete>, and then confirm the
operation.
The selected submap is then deleted.
II. Adding/deleting a device
1) Select [Edit/Add Object] to display the "Add Object" dialog box.

2) On the “Object Type” pane, select the device type to be added, and enter the
related parameters, as shown in Figure 1–5.
1-6
Figure 1–5 Adding devices

4) In the topological view or on the device explorer, select the device to be deleted.
Select [Edit/Delete From This Submap] or [Edit/Delete From All Submaps] or
press <Delete>, and then confirm the operation.
The selected device is then deleted.
Note:
z If there are several copies of the specified device, all of them are deleted after you select a copy and
then [Edit/ Delete From All Submaps].
z If you select [Edit/Delete From This Submap] or press <Delete>, only the selected copy is deleted.
1-7
III. Adding/deleting a link
1) Select [Edit/Add Object] to display the "Add Object" dialog box. You can also
select two objects in the topological view, right click and select [Create Link] to
pop up the “Add Object” dialog box.
2) On the “Object Type” panel, select the link type to be added, enter the related
parameters, as shown in Figure 1–6.
Figure 1–6 Adding links

4) In the topological view, select the link to be deleted, and then select [Edit/Object
Attributes]. In the “Object Attributes” dialog box that appears, click the “Link” tab
to display the link attribute list.
5) Select one or more records in the link attribute list, right click, and then select
[Delete].
1-8
IV. Editing object attributes
1) In the topological view, select the desired object, and then select [Edit/Object
Attributes]. The “Object Attributes” dialog box then appears, as shown in Figure
1–7.
Figure 1–7 Object attributes
2) On this interface, batch modify the attributes of the objects such as links, nodes,
submaps, and so on.
V. Searching for objects
1) Select [Edit/Search], or press <Ctrl+F>, or click on the toolbar. Then the

“Search” dialog box appears, as shown in Figure 1–8.
1-9
Figure 1–8 Searching for objects
2) In this dialog box, specify the searching conditions, including:

z Find Type: the object type to search for, such as device, board or port.
z Find Mode: the searching mode, such as device name, IP or physical address.
z Find What: the keyword to search for.
z Match whole word only: whether to use the default fuzzy search.
3) Click <Search> to perform the operation. All the matching records will appear in
the "Find Result" list.
4) Select the record you want to locate in the "Find Result" list, and double click to
locate the corresponding record in the topological view or on the panel.
5) Click <Close> to cancel the operation and close the "Search" dialog box.
VI. Refreshing a topological view
Select [Edit/Refresh View], or press <F9>, or click on the toolbar. Then the current
topological view is refreshed.
VII. Refreshing a device status
This operation is to refresh the polling status of the specified device node.
1) On the device explorer, select the device node you want to refresh.
2) Select [Edit/Refresh Status].
1-10
If the operation succeeds, the status prompts the success. The status of the device
node is refreshed on the device explorer and in the topological view. If the operation
fails, a dialog box shows the failure.
VIII. Setting a start view
Select [Edit/Set as Home View], then the current view is set as a start view. It will be
displayed when you log in to the NMS next time.
The start view is locally saved and is applied to the local terminal.
IX. Saving an icon position
Select [Edit/Save Position], or click on the toolbar. Then the current icon position
is saved.
If the icon position is not saved after being changed, the icon position remains
unchanged after the view is refreshed or after you log in again.
X. Copying/cutting/pasting an object
With this function, you can copy or move the selected device node/submap from one
submap to another.
1) On the topological view, switch to the original submap where the object locates.
2) Select [Edit/Copy] or [Edit/Cut] to copy or move the selected object to the
Clipboard.
3) Select the target view, and then select [Edit/Paste] to paste the object from the
Clipboard.
Caution:
z If you select the cut/paste operation, the selected object is copied to the target view and deleted from
the source view.
z Neither the copy/paste operation nor the cut/paste operation can be performed across multiple
views.
z No recursive copy operation can be performed. For example, you are not allowed to copy submap A
to a view under A.
z Multiple objects can be copied and pasted at one time. To select multiple objects, press and hold
<Shift> and then select the desired objects.
1-11
2.2.2 Viewing a Topological View
I. Zooming a topological view
1) Select [View/Zoom In] or click on the toolbar to zoom in the current view to
1.2 times of its original size.
2) Select [View/Zoom Out] or click on the toolbar to zoom out the current view
to the 1.2 times of its original size.
3) Select [View/Zoom In Partially] or click on the toolbar. Press and hold the
left mouse button and select an area in the view. When you release the left
mouse button, the selected area is displayed on the full screen.
4) Select [View/Fit Window] or click on the toolbar to display the whole view on
the full screen.
5) Select [View/Restore] or click on the toolbar to display the view at its original
size.
II. Browsing topological view
1) In the topological view, double click the icon of the submap you want to enter.
Then the submap is switched to, and its topological structure is displayed.
2) Select [View/UP] or click on the toolbar, or press <F6>.
Then the parent view of the current submap is switched to, and the topological
structure of the parent view is displayed.
III. Printing topological view
1) Select [View/Print Preview].

2) In the “Preview” dialog box that appears, click <Previous> or <Next> to browse
the topological view page by page.
3) Select [View/Print].
4) In the “Print” dialog box that appears, select a printer, specify printing range,
copies and other desired parameters, and then click <OK>. Then the current
topological view is printed.
IV. Auto layout
1) Select [View/Layout Manager] or press <Ctrl+Y> to display the “Layout Manager”

dialog box.
1-12
2) In the topological view, select the nodes you want to lay out, and then switch to
the desired layout mode to lay them out.
3) Select [View/Auto Layout] to lay out the nodes selected on the interface in the
default mode.
Note:
z We recommend that the objects with obvious star or tree connection be laid out in star or tree mode;
those with obvious closed loop be laid out in loop or round mode; those with complicated connection
be laid out in dispersal or uniform length mode; and those with simple connection be laid out in
uniform length mode or loop mode.
z You can select some nodes on the interface and try different layout modes to get the best effect.
V. Showing filter and legend
1) Select [View/Filter&Legend], or click on the toolbar, or press [Ctrl+F2]. Then

the “Filter/Legend” panel appears on the right side of the topological view.
2) Select the “Legend” panel to view the legend of the graphics in the topological
view. Select the “Filter” panel to filter the objects displayed in the topological view
by category.
VI. Showing an aerial view
If the size of the topological view is larger than 1024*768 pixels, only part of it can be
displayed in the topology window. In this case, you can display the entire topological
view and locate the displayed area in the aerial view.
1) Select [View/Aerial View], or click on the toolbar, or press<Ctrl+F3>.
Then the “Aerial View” window appears in the right part of the topological view. The
rectangle area is the visible range of the current topological view.
2) Click in the "Aerial View" window or press and hold the left mouse button and
drag the rectangular area in the window.
Then the display area of the current view is changed.
3) Click [View/Aerial View] again.
Then the "Aerial View" window is closed.
VII. Showing view navigation tree
Select [View/Network Explorer], or click on the toolbar, or press <Ctrl+F4>.
Then the view navigation on the “Device Explorer” panel is displayed.
1-13
VIII. Showing topology on full screen
Select [View/Full Screen Mode].

Then the topological window occupies the full screen, and the toolbar and system
menus are hidden. After the window is closed, the interface shows its actual status
again.
IX. Setting icon size
1) Select [View/Icon Size Setting/Small]. Then the size of the currently displayed
icons becomes 16*16 pixels.
2) Select [View/ Icon Size Setting/Medium]. Then the size of the currently displayed
3) Select [View/Icon Size Setting/Large]. Then the size of the currently displayed
2.2.3 Setting Default SNMP Parameters
In manual creating of the SNMP device or in device auto discovery, the system uses
the default SNMP parameter profile to adapt to the specified device. This can
determine the SNMP parameters supported by the device.
This operation allows you to modify, add, or delete a default SNMP parameter profile
of the system.
1) Select [Edit/Default SNMP Configuration].
Then the “Default SNMP Configuration” dialog box appears, as shown in Figure 1–9.
It lists all of the SNMP parameter profiles in the system.
1-14
Figure 1–9 Setting default SNMP parameters
2) Click the desired SNMP parameter type tab. It includes the SNMP V1 parameter
type, SNMP V2 parameter type and SNMP V3 parameter type.
3) Configure the SNMP parameter profile of the selected type:
z To add a parameter profile, click <Add>. A configuration area appears in the
lower part of the dialog box. Enter the parameters and then click <OK>. The
parameter profile then appears in the profile list.
z To modify a parameter profile, double click the desired profile in the profile list.
Then a configuration area appears in the lower part of the dialog box. Modify the
parameters, and then click <Apply> to confirm the operation. The profile list is
also refreshed.
z To delete a parameter profile, select the desired profile in the profile list, and then
click <Delete>. In the confirmation dialog box that appears, confirm the operation.
Then the selected profile is deleted.
4) After the configuration, click <Close> to close the dialog box.
2.2.4 Setting Access Protocol Parameters
With this function, you can modify or test the access protocol parameters of the
specified device at the NMS side.
1) On the device explorer, click to select a device node or a submap.
1-15
2) Select [Edit/Device Access Protocol] to display the “Device Access Protocol”

dialog box, as shown in Figure 1–10. The configuration list displays the SNMP
parameter/MML parameter configuration of the selected device. The “Detailed
Information” text box in the lower part of the dialog box displays the details of the
record selected in the list.
Figure 1–10 Setting device access protocol
3) Click <Display> or double click the selected record in the SNMP/MML parameter
configuration list. Then the details of the record appear in the lower part of the
dialog box.
z Modify the desired parameters.
z Click <Test> to test whether the parameters are properly configured. A prompt
box pops up showing the operation results.
z Click <Apply> to confirm the operation.
dialog box prompts the failure.
4) Click <Close> to complete the configuration and close the "Device Access
Protocol" dialog box.
1-16
2.2.5 Setting Device Maintenance Information
With this function, you can add, delete and modify the device maintenance profiles.
1) Select [Edit/Device Maintenance Info].
Then the “Device Maintenance Info” dialog box appears, as shown in Figure 1–11. It
lists all the device maintenance information.
Figure 1–11 Setting device maintenance information
2) To add the device maintenance, click <Add>. Then a parameter configuration

area appears in the lower part of the dialog box.
3) Set the following parameters:
z [Supporter]: The name of the maintainer. It is mandatory.
z [Department]: The name of the company in which the maintainer works.
z [Phone]: The phone number of the maintainer.
z [Email]: The E-mail address of the maintainer. It should be in standard form, such
as tom@huawei.com.
After the setting, click <OK>. Then the maintenance information appears in the
information list.
4) To modify the device maintenance, double click the maintenance you want to
modify in the information list. Then a parameter configuration area appears in the
lower part of the dialog box.
5) Modify the desired parameters and then click <Apply> to confirm the operation
and refresh the information list.
1-17
6) To delete the device maintenance, select the maintenance you want to delete
from the information list, and then click <Delete>. In the confirmation dialog box
that appears, confirm the operation.
7) Click <Close> to close from the "Device Maintenance Info" dialog box.
2.2.6 Auto Device Discovery
With this function, the NMS can search the specified IP network segment and device
type automatically. It can further add the device to the topological view.
1) Select [Edit/Auto Discovery] to display the “Auto Discovery” dialog box. The
dialog box is as shown in Figure 1–12.
Figure 1–12 Setting auto discovery
2) Select the desired auto discovery mode from the "Protocol" drop-down list. It is
the "IP and SNMP" mode by default.
3) Select the desired device type from the "Device Type" drop-down list. It is "All
Devices" by default.
4) Enter "PING Times", which is 1 by default. This parameter specifies the PING
retries for the specified IP network segment.
1-18
The PING retries should be no more than 5 so that the operation will not last for too
long.
5) Enter “Timeout(s)”. This parameter specifies a time limit of the ping operation.
When the time is up, the operation will be stopped. The range is 5–15 seconds. It
depends on the complexity of the network.
6) Enter "Layers", which is 0 by default.
This parameter refers to how many subnet layers the system will search to discover
the router in an IP segment. The subnet layer should be no more than 5 so that the
operation will not last for too long.
7) Click the "Physical Path" input box, and move the mouse pointer onto the
"Device Explorer" tab or in the topological view. Click the target submap in which
the desired device resides.
The path of the target submap then appears in the "Physical Path" input box.
8) In the "IP Address Range" frame, click <Add> to add a new IP address range
record.
This record should specify the start IP address, end IP address, and subnet mask of
the IP segment that the system needs to search.
9) Click <Delete> to delete the IP address range.
10) Click <Filter> to set the filtered IP address.
For example, the IP address range is set as 10.11.242.86~10.11.242.90, and the
filtered IP address is set as 10.11.242.87. Then the IP address will not be
automatically discovered.
11) Click <Discover All> and <Discover None> to set whether to discover in the
default IP address range.
12) Click <Default SNMP Parameter> to pop up the "Default SNMP Parameter"
dialog box. Select the SNMP parameter profile that is used to adapt to the device
you want to search for. By default, all default SNMP parameter parameters are
used.
13) Click <Start> to confirm the operation.
Note:
For the time being, the auto device discovery function is only applicable to the devices that use the
SNMP.
1-19
2.3 Deploying Devices

Reasonable device deployment in the NMS can make the communication network
more visual and improve the operability of the NMS.
Generally, deploying device should experience four phases: Preparations–>Creating
a Submap–>Adding a Device to the NMS–>Creating a Link.
2.3.1 Preparations
Deploying a device is to deploy communication devices in the network in the

topological view. Before deploying a device in the topological view, you should plan
the topological submaps reasonably. If there are too many devices in a very large
network, it is very difficult to locate and manage a device in one topological view.
You can classify the topological view into topological submaps by:
z Geographical region, that is, the region where the communication device is
located.
z Device type, that is, the type of the communication device.
z IP network segment, that is, the IP address of the communication device.
z Manager of the device.
Note:
z Up to 300 devices can be added to each submap. If there are too many devices in a submap, the
interface of the NMS will be much crowded and the devices will be overlapped. This will make
locating devices inconvenient.
z Submaps should be arranged in 5 layers at most. If they are arranged in too many layers, it will cause
much trouble to operate on the NMS.
2.3.2 Adding a Submap
There is a very large and complex communication network. To ease the management
and operation, you can divide it into several subnets based on the geographical
region, type or IP network segment of devices. Each subnet is mapped to a submap in
the topology.
Adding a submap helps you to manage the communication network easily.
Each subnet can correspond to a submap.
2.3.3 Adding a Device to the NMS
After planning the communication network and creating a submap, you should add a
device to the NMS.
1-20
Take the two steps below to add a device to the NMS:
I. Configuring NMS and device data
Before adding a device to the NMS, configure SNMP parameters at the NMS side and
NMS workstation parameters at the device side. Get Community/Set Community
must be exactly the same at both sides. In order to improve the security of the system,
do not use the default community names.
You should configure the following data in the NMS:
1) The network management protocol and parameters supported by the managed
devices.
If the SNMP is used to manage the devices, you should configure the default SNMP
parameters of the NMS. See “Set Default SNMP Parameters”.
2) According to the different device types, the following data should be configured
at the device side:
z Network management protocol and parameters supported by the managed
devices.
z ACLs of the devices.
z Trap center.
z Other parameters.
For different devices, different parameters need be configured at the NMS and device
sides in different ways. For details, refer to the user manuals of the respective network
management subsystems.
II. Adding a device
There are two methods to add a device to the NMS.

z Add devices manually
First specify the type, IP address, name, submap, network management protocol and
parameters of the device you want to add. Then add the device to the NMS.
z Auto device discovery
First specify the IP network segment you want to search, automatically discover the
desired device within the network segment. Then add it to the NMS. The auto
discovery mode applies only to the devices that support the SNMP. See “Auto Device
Discovery”.
After adding a device to the NMS, you can copy/cut and paste the device to move it
among different submaps to modify the layout of the topological view.
2.3.4 Add Links
After adding a device to the NMS, you can add the physical links between devices in
the NMS. If a logical connection exists between two submaps, between a submap and
1-21
a device, or between two devices, you can add the corresponding virtual link to the
NMS.
2.3.5 Device Deploying Example
Below shows the device deployment.

z Office A: MA5100
z Office B: MA5100 and MA5200
z Office C: MA5200 and NE16
z NMC (Network Management Center): Radium 8750 and NE80
z Links: MA5100->Radium 8750, MA5200->Radium 8750, NE16-> NE80
10.11.25.5/24
iManager N2000
Client 2 Server
10.11.25.1/24
HUB
NMC Room
10.11.25.2/24 10.11.25.4/24
10.11.25.6/24 10.11.25.3/24
DCN
Radium
Client 3 8750 NE80
Client 1
211.124.8.1/24
201.224.5.2/24
211.124.8.2/24 212.12.8.1/24
MA5100 212.12.8.2/24
MA5100 MA5200
MA5200
Office A NE16
Office B
Office C
Figure 1–13 NMS networking example
The procedures for deploying devices are as follows:

1) Divide the managed communication network into four regions: "Office A", "Office
B", "Office C", and "NMC Room".
2) Create four submaps in the physical topology: "Office A", "Office B", "Office C",
and "NMC Room".
3) Name devices after their IP addresses.
4) Create MA5100 211.124.8.1 in the "Office A", MA5100 211.124.8.2 and MA5200
212.12.8.1 in the "Office B", MA5200 211.12.8.2 and NE16 201.124.5.2 in the
"Office C", and Radium8750 10.11.25.2 and NE80 10.11.25.3 in the "NMC
Room".
5) Create links between 211.124.8.1–10.11.25.2, 211.124.8.2–10.11.25.2,
212.12.8.1–10.11.25.2, 212.12.8.2–10.11.25.2, and 201.224.5.2–10.11.25.3.
1-22
User Manual Chapter 3
HUAWEI iManager N2000 Fixed Network Integrated Management System Fault Management
Chapter 3 Fault Management
Fault management is used to process the device alarms and the alarms of NMS itself.
The management functions include querying the alarm history and operation
information of devices, and querying and configuring device alarm information. The
main window for fault management is shown in Figure 3-1.
Figure 3-1 The main window for fault management
3.1 Basic Concepts
3.1.1 Alarm Definition
Alarm (event) information may come from various device modules or service boards.
Alarms can be classified into operation information, fault alarm and recovery alarm by
alarm type. Fault alarms and recovery alarms correspond to each other one by one.
Alarms (events) can be classified into four levels in the descending order of severity:
critical, major, minor, and warning.
After an alarm is generated, the system broadcasts it to the terminals according to the
condition of the configured terminals, mainly to the NMS users and Command Line
3-1
Interface (CLI) users. Whether an alarm will be reported the terminals are specified in
alarm control.
I. Alarm ID
An alarm ID consists of four bytes, indicating a unique alarm. Each alarm ID

corresponds to an alarm. Generally, alarm IDs are allocated according to alarm type
and alarm module type.
II. Alarm level
Alarm (event) level is used to identify the severity of an alarm. Alarms can be
classified into four levels in the descending order of severity: critical, major, minor, and
warning.
z A critical alarm refers to a global alarm that endangers the normal operation of
the device and needs to be handled, like power failure, output clock failure, and
so on.
z A major alarm refers to a board or line failure within the limited range. The user
services will be abnormal if the user does not handle it in time. Examples of such
alarm include fiber cut, fault in physical line, and so on.
z A minor alarm refers to an ordinary fault alarm or event alarm that shows the
board or line abnormality, like the bit error on a physical line.
z A warning refers to a status change or event that does not affect the system
performance and user services but interests the operator. A warning may also be
a message that prompts the recovery from a device abnormality.
III. Alarm category
By function, alarms can be classified into power alarm, environment alarm, trunk
alarm, hardware alarm, software alarm, operation alarm, communications alarm,
service quality alarm, and error processing alarm.
3.1.2 Term Explanations
I. Real-time alarm
Real-time alarms refer to the alarms that are reported after the real-time alarm
browser is started. The real-time alarm browser can automatically scroll down to
display the latest alarms on the screen.
3-2
II. Current alarm
Current alarms refer to the unacknowledged&unrecovered alarms,

unacknowledged&recovered alarms and acknowledged&unrecovered alarms. A
current alarm requires human intervention.
III. Historical alarm
Historical alarms refer to the acknowledged&recovered alarms. A historical alarm

does not require human intervention.
IV. Real-time event
Real-time events refer to the events that are reported after the real-time event
browser is started. The real-time event browser can automatically scroll down to
display the latest events on the screen.
V. Alarm acknowledgement
By the alarm acknowledgement status, the user can easily identify which alarms have
been handled and which alarms have not. Then the user can take different measures
to handle the alarms in two different statuses. The system supports manual and
automatic alarm acknowledgement.
VI. Alarm status transition
In case of a device fault, the device sends an alarm to the NMS. The NMS receives
the reported alarms in real time. For the time being, the NMS supports the alarms and
events reported in form of MML and SNMP Trap. The latest alarms received by the
NMS are unacknowledged&unrecovered. After the fault is eliminated, the alarm is
acknowledged manually or automatically. When the NMS receives a recovery alarms,
the alarm becomes recovered. The acknowledged&recovered alarm becomes a
historical alarm and is not handled as a current alarm. Current alarms include all
unacknowledged and/or unrecovered alarms, and they can be handled in a
centralized manner.
The alarm status transition model is shown in Figure 3-2.
3-3
Network Element
Report Acknowledge
Unacked but Unrecovered Alarm Acked but Unrecovered Alarm
Recover Recover
Acknowledge
Unacked but Recovered Alarm Historicial Alarm
Figure 3-2 Alarm status transition model
3.2 Functions
3.2.1 Browsing Alarm
To facilitate browsing and querying alarms, the system provides alarm profile. The
alarm profile helps you to:
z Get the concerned alarm information in time.
z Identify critical alarms from a large number of alarms so as to perform efficient
network management.
z Divide alarms into several manageable groups based on your filtering conditions.
Through the fault browser, you can open these windows easily: “Realtime Alarm
Browse”, “Current Alarm Browse”, "Realtime Event Browse”, “Event Browse”, and
“Alarm History Browse”. Taking the real-time alarm browsing as an example, this
section explains how to browse and query alarms.
1) Select [Fault/Fault Browser] to open the main interface of the fault browser. The
fault browser appears in the left part of the main interface, and the "Realtime
Alarm Browse" window appears in the right part, as shown in Figure 3-3.
3-4
Figure 3-3 Browsing real-time alarms
2) In the opened “Alarm Filtering Condition Setting Panel”:

z Enable the "Select Resource" switch, and then click <Select Resource>.
z In the "Select Resource" dialog box that appears, select the desired device, and
then click <OK> to add it to the "Select Devices" list.
z Enable the "Severity" switch, and then select the desired alarm severity.
z Enable the "Function Class" switch, and then select the desired alarm function
category.
z Select the desired alarm fields in the "Displayed Column" list box.
z Click <OK> to validate the filtering conditions immediately and turn the "Alarm
Filtering Condition Setting Panel" into a filtering condition character string
3) Click <Save> to update the currently selected real-time alarm browsing profile.
z If the default profile is selected, the "Save as" dialog box will appear for you to
save the alarm filtering conditions as a new profile.
z Enable the "Automatic Scroll Down" at the bottom left corner of the "Realtime
Alarm Browse" window.
z If a new alarm is reported to the "UnAck" or "Ack" list, the list will automatically
scroll to the bottom to show the latest alarms.
4) Select one or multiple alarms in the "UnAck" list, right click, and then:
z Select [Ack Alarm]. Then the selected unacknowledged&unrecovered alarms will
be moved from the "UnAck" list to the "Ack" list, and the selected
unacknowledged&recovered alarms will be deleted from the "UnAck" list.
3-5
z Select [Clear Alarm]. Then the selected acknowledged&unrecovered alarms will

get unacknowledged&recovered. Recovered alarms cannot be manually
recovered. Select [Detailed] to display the "Detailed Information" window.
z Select [Locating to] to locate the topological node that experiences an alarm
5) Select one or multiple alarms in the "Ack" list, right click, and then select [Ack
Alarm], [Recovery], [Locating to], or [Detailed].
6) To avoid reconfiguring the alarm filtering conditions, you can open the alarm
browsing window from the real-time alarm browsing profile you have defined.
3.2.2 Alarm Statistics
This operation lists the alarm data in two dimensions according to the specified
conditions, helping you analyze the device operation status. Alarm statistics involves:
setting alarm statistics conditions, showing statistics results, and saving and printing
statistics results. The alarm statistics conditions include: alarm object, function class,
alarm level, alarm time range, and alarm. The main interface of the "Alarm Statistics"
window consists of three parts: statistics condition setting panel, statistics result list,
and status bar.
1) Select [Fault/Fault Browser] to start the fault browser.
2) In the fault browser, double click the "Alarm Statistics" node to expand the profile
node for alarm statistics.
3) Double click the "by Month&Severity" profile node. The "Alarm Statistics" window
then appears.
4) In the "Statistics Condition Setting Panel", the statistics conditions are month and
alarm severity. Click <Stat.> to measure all alarms by month and alarm severity.
Reconfigure the query conditions. The condition settings here are the same as
those for "Create Alarm Statistics Profile".
5) Click <Stat.> to validate the statistics conditions immediately and turn the
"Create Alarm Statistics Profile" into a statistics condition character string.
6) Click <Save> to update the current alarm statistics profile with the current
statistics conditions.
Note:
z If no control is available for changing statistics conditions, you can click the triangle button at the
upper left corner of the fault display window to display the controls. Changing statistics conditions
does not result in an updated profile.
z The system provides a default profile for alarm statistics by month&severity.
3-6
3.2.3 Setting Local Alarm Attributes
Using this function, you can set real-time printing, alarm panel, and audio/visual alarm,
facilitating you in getting the reported alarms from the NMS in time.
1) Select [Fault/Fault Setting/Local Property]. Then the "Local Property" dialog box
appears, as shown in Figure 3-4.
Figure 3-4 Setting local properties
2) Click the “Realtime Printing Setting” tab, the "Alarm Panel Setting” tab, and the
“Audio&Visual Setting” tab to set the local properties.
z Realtime Printing Setting: Select the “Enable Realtime Printing” check box.
Select the “Severity” check box, and then select the alarm severity. Select the
“Function Class” check box, and then select the function class. Select the
columns you want to print.
z Alarm Panel Setting: Select the display mode of the alarm panel and that of the
alarm indicator.
z Audio&Visual Setting: Set alarm display color and alarm sound.
3) Click <OK> to save your settings and close the “Local Property” dialog box.
3.2.4 Setting Automatic Alarm Dumping
Automatic dumping is used to dump alarm history data to files regularly, during which
the dumped alarm history data will be deleted. This operation improves the efficiency
3-7
and stability of the system. Using this function, you can set the attribute of automatic
dumping.
1) Select [Fault/Fault Setting/Dump&Sync&Ack] to display the "Dump&Sync&Ack"
dialog box.
2) Select the "Others" tab, as shown in Figure 3-5.
Figure 3-5 Setting automatic alarm dumping
3) To enable the automatic alarm dumping, select "Enable Alarm Auto Dumping".
4) In the tab, enter the conditions and period for automatic acknowledgement.
5) Click <OK> to save your settings and close the "Dump&Sync&Ack" dialog box.
Note:
z "Alarm Generated x Days ago" means that alarms generated x days ago will be automatically
dumped. For example, if x=90, only the alarms generated 90 days ago (with regard to the time when
automatic dumping is performed) will be automatically dumped.
z "Auto Dump Intervals x days" indicates the period for the automatic dumping. If it is set to 5 days, the
system will perform automatic dumping once every five days.
z Only historical alarms can be automatically dumped while the current alarms cannot.
z By default, the automatic dumping starts at 1:00 AM.
3-8
3.2.5 Setting Automatic Alarm Acknowledgement
Using this function, you can set the conditions for automatic alarm acknowledgement.
1) Select [Fault/Fault Setting/Dump&Sync&Ack] to display the "Dump&Sync&Ack"
dialog box.
2) Select the "Others" tab.
3) Select the "Enable Auto Ack" check box.
4) Enter the conditions on the panel.
5) Click <OK> or <Apply> to save your settings.
Note:
z "Alarm Generated x days ago": The alarms generated x days ago will be automatically
acknowledged. For example, if x=3, then the alarms generated 3 days ago (with regard to the time
when the alarm is automatically acknowledged) will be automatically acknowledged.
z "Auto Ack Interval" indicates the period for the automatic acknowledgement. If it is set to 5 days, the
system will perform automatic acknowledgement once every five days.
z The unrecovered alarms will also be automatically acknowledged.
z By default, the automatic acknowledgement operation starts at 0:00.
3.2.6 Setting Alarm Synchronization
When the failure of the communication between the NMS and a device recovers or
when the NMS is restarted, you should synchronize the alarm information to make the
alarm information consistent. Because the synchronization operation greatly affects
the system performance, it is provided only for alarms but not for events.
1) Select [Fault/Fault Setting/Dump&Sync&Ack] to pop up the "Dump&Sync&Ack"
dialog box.
2) In the device tree in the left part of the window, select a device node.
3) If you want to synchronize alarms when the NMS is restarted, select
"Auto-synchronizing when the system starts".
4) If you want to synchronize alarms when the failure of the communication
between the NMS and a device recovers, select "Auto-synchronizing when the
communication recovers".
5) Click <OK> or <Apply> to save your settings.
3-9
Note:
You can set alarm synchronization for multiple devices at one time, but your settings will not work until
you click <OK> or <Apply>.
3.2.7 Setting Remote Alarm Notification
This operation can be used to set the attribute of alarm transferring to e-mail. With this
function, when the system is faulty and the maintainer is absent, the NMS can notify
the operation status of the system to the maintainer.
1) Select [Fault/Fault Setting/Remote Notification] to display the "Remote
Notification" dialog box.
2) In the dialog box, click <Add> to display the "Add" dialog box, enter the profile
name, and then click <OK> to add the profile name in the "Profile Name" tree.
3) Select the desired function class, alarm resource, and severity.
4) Enter an e-mail address.
5) Set the time length for the notification delay to prevent the NMS from still sending
a reported alarm after the corresponding recovery alarm is received.
6) Click <Advanced> to set the Simple Mail Transfer Process (SMTP) Server and
the sending address.
7) Click <OK> to save your settings and close the “Remote Notify” dialog box.
Note:
z The alarm notification e-mail messages provide the number and details of critical alarms, the number
and details of major alarms, the number of major alarms, and the number of warnings.
z To set Domain Name Server (DNS) under Solaris operating system:
a) Add “nis” and/or “dns” to the “hosts” of “/etc/nsswitch.conf”, with the content being:
hosts: files dns
b) Set the gateway of the DNS in “/etc/defaultrouter”, with the content being:
10.11.43.254
c) Set the IP address of the DNS in /etc/resolv.conf, with the content being:
nameserver 10.15.1.3
nameserver 129.9.111.100
domain huawei.com
3-10
3.2.8 Setting Alarm Correlation
I. Setting Root-Cause Regulations
Root-cause correlation analysis is to analyze device alarms comprehensively and

efficiently by using the regulation-based correlation analysis technique. This reduces
network storm and enables the maintainers to locate fault quickly. This operation
allows you to add or delete alarm correlation analysis regulations.
1) Select [Fault/Fault Setting/Alarm&Event Correlation] to pop up the "Alarm&Event
Correlation" dialog box.
2) Select the "Root-cause Regulations" tab.
3) Click <...> next to "Source Alarm or Event Name" to pop up the "Select Alarms"
dialog box.
4) Select an alarm and click <OK>.
5) Select an alarm in the "Related Alarm or Event Name" in a way similar to Steps 3
and 4.
6) Select an action from the "Action" drop-down list.
7) Select the relationship between the source alarm and the target alarm from the
"Relation" drop-down list.
8) Click <Add>.
9) Click <OK> to save your settings and close the "Alarm&Event Correlation" dialog
box.
II. Repeated Event Definition
No event can be recovered. Even though the cause for an event has disappeared,
status of the event remains unchanged. Therefore, the same event may be due to
different causes. For the events with the same product type, event ID and locating
information that are reported within a period, you should not discard them directly
(repeated alarms are so handled). You should handle them according to your settings.
2) Click the "Repeated Event Definition" tab.
z Select the desired device type on the “Device Type” tree, and select the desired
event from the “Event Name” list.
z Enter a period in the "Report Interval" input box.
3) Click to select “Enable Correlation Analyzing”.
4) Click <OK> or <Apply> to save your setting.
3-11
III. Set Flash Alarm
When the interval between the first recovery of an alarm and the second recovery of
the alarm is very short, this alarm is defined as a flash alarm. For the flash alarm, the
system only receives the first report, and the subsequent reports will be masked.
This operation allows you to set flash interval for alarms. If the interval between the
previous alarm recovery and the current alarm recovery is less than the set interval,
the system will mask the alarm and does not handle it.
2) Click the "Flash Alarm" tab.
z Select the desired device type on the “Device Type” tree, and select the desired
alarm from the “Alarm Name” list.
z Enter a flash interval in the “Flash Interval” edit box.
3) Click to select “Enable Correlation Analyzing”.
4) Click <OK> or <Apply> to save your setting.
3.2.9 Locating Alarm/Event
Using this function, you can locate the object that experiences the specified alarm or
event. This operation can be performed in all alarm/event browsing/querying
windows.
1) Open an alarm/event browsing/querying window, select an alarm or event, right
click, and then select [Locating to].
2) The alarm/event object then is located, with a white frame surrounding it.
Note:
z The display focus can be located to not only the topological node level but also a specific object
(board, port, and so on) on the panel.
z If no alarm/event object is found, the alarm/event locating operation will be stopped.
3.2.10 Managing Alarm Maintenance Tips
Using this function, you can record your experience in handling alarms for future
reference.
1) Select [Fault/Fault Setting/Maintenance Tips] to display the "Maintenance Tips"
dialog box, as shown in Figure 3-6.
3-12
Figure 3-6 Maintenance tips
2) Select a device type in the device type tree in the left part of the dialog box, and
then the corresponding alarms appear in the table in the right part.
3) Select an alarm in the table.
4) In the "please input your maintenance tips" column, type your experience in
handling alarms.
5) Click <OK> or <Apply> to save your maintenance tips.
Note:
z You can sort the alarm table based on a column by double clicking the corresponding column
heading.
z The input column provides automatic and forced line wrap functions. When a line is too long, a new
line will be used.
3.3 Troubleshooting
An alarm will be reported when a device or line fault occurs. The alarm information
helps you to find the alarm cause and locate the fault. After that, you can take
corresponding measures to eliminate the fault.
3-13
Please follow these steps to process a device fault: Preparation->Getting Alarm

Information->Analyzing Alarm->Eliminating Fault->Acknowledging and Recovering
Alarm->Sharing Alarm Maintenance Tips.
3.3.1 Preparation
To facilitate processing device faults and getting alarm information, you should make
these operations:
I. Setting alarm attributes
Except the attribute "remote notification", Default values are provided for the
attributes except “remote notification”. You can use the default settings or change
them as required.
z Setting alarm panel: Setting the display mode of the alarm panel and alarm
indicators.
z Setting alarm real-time printing: Setting the print conditions, and printing the
reported alarms in teal time. The printer should be connected to the computer.
z Setting alarm transferring to e-mail: Setting the e-mail address to notify alarms to
the remote user.
Besides, the system supports the sending of visual and audio alarms by the alarm box.
You need equip alarm box produced by Huawei.
II. Creating profile
For the convenience of alarm browsing, querying and statistics, the system provides
the function of customizing profile. Alarm profile enables different users to attend to
the alarms concerned, makes it easier to set alarm query and statistics conditions,
and makes the handling of device faults more efficient.
III. Setting alarm correlations
If a fault occurs, several correlative alarms may be reported together as well as the
alarms caused by the fault itself. The setting of alarm correlations makes the alarm
reporting more efficient and the fault locating easier. The correlation setting mainly
involves:
z Set Root-Cause regulations
z Define repeated event
z Set flash alarm
z Enable correlation analysis
z Redefine alarm severity
3-14
3.3.2 Getting Alarm Information
To get alarm information in time is important for fault locating. There are various
means to get alarm information.
I. Alarm panel
Through alarm panel, you can monitor the alarms of the whole network. According to
the statistics conditions (by severity or by status), the alarm panel shows the
information such as the numbers of acknowledged alarms and unacknowledged
alarms of different severities.
II. Topology
The status icon on the upper left of the topological object indicates the alarm status of
the object. Different icons indicate different severities. In the topological view, select a
topological object with alarm status icon, right click to select [Browse Alarm] to open
the alarm browser.
III. Alarm browser
Using the alarm browser, you can view the reported alarms in real time. Multiple query
functions are also provided. You can select alarm profiles and set querying conditions
to filter alarms. The major query functions include:
z Browse real-time alarm
z Browse real-time event
z Query current alarm
We recommend that the profile-based query be preferred.
IV. Alarm box
You can get alarm notifications through alarm box. The alarm indicators and the alarm
sound will show the alarm information. The system provides the operations such as
stopping alarm box sound and turning off alarm box indicator.
V. Sound box
The speaker connected with the system will notify you of the alarm information. The
system provides the operations such as setting alarm sound and stopping current
alarm sound.
VI. Alarm transferring to e-mail
With the remote alarm notification function, the NMS can send alarms to the remote
users in e-mail.
3-15
VII. Printer
You can print the alarm information in real time for permanent backup.
3.3.3 Analyzing Alarm
The system provides functions such as filtering repeated alarms, analyzing alarm
correlations, and so on to make the obtained alarm information as valid as possible.
Multiple and various valid alarms might be available. You should find out the real
alarm causes according to the alarm-related information, including time, device status,
and so on.
The alarm causes might be very complicated. The alarm causes in the alarm details
window are only prompts. You should analyze, deduct and verify the real alarm
causes according to the prompted alarm causes and the actual situation. You can
analyze alarms from these aspects:
1) Through alarm details and related experiences
2) The system supports not only to jump from a topological node to the
corresponding alarm window, but also to locate the faulty topological node or
port based on the alarm information.
Besides, the system provides port searching function. You can quickly locate the
faulty port by inputting the string for port description.
3.3.4 Eliminating Fault
After finding out the real alarm causes, you can take corresponding measures to
eliminate the fault.
You can locate the faulty device according to the location information provided in the
alarm details window, and then eliminate the device fault according to the recovery
suggestions provided and the alarm maintenance tips.
The fault recovery suggestions are general resolutions. Maintenance tips are the
summary of the experience in troubleshooting. The same type of alarms may be due
to different causes and require different resolutions. You should refer to the fault
recovery suggestions to properly accumulate and update alarm maintenance tips.
Besides, after eliminating the fault, we suggest that you summarize the experience
immediately.
3.3.5 Acknowledging and Recovering Alarm
If a fault has been cleared, you should acknowledge the relevant alarm to extract valid
alarm information.
3-16
z The system provides the functions of manual alarm acknowledging and

automatic alarm acknowledging. The automatic alarm acknowledging is
performed periodically.
z After recovering from a fault, the device will report a recovery alarm. The fault
system might not receive the recovery alarm due to some reason. The fault
information will still exist. In this case, you should recover the alarm manually.
After the alarm is acknowledged and recovered, detailed information will be recorded
including the acknowledgement user, alarm time and acknowledgement time. The
corresponding alarm indicator on the alarm panel will turn green.
Moreover, after a certain period, the alarm panel and alarm box will automatically stop
their alarm sound, and the alarm box will turn off the corresponding alarm indicator.
Alternatively, you can manually stop them immediately The specific operations
include:
z Stop current alarm sound
z Stop alarm box sound
z Turn off alarm box indicator
3.3.6 Sharing Alarm Maintenance Tips
You should accumulate and record your experience in troubleshooting, particularly

after getting new solution to eliminate a new alarm. The alarm maintenance tips are
very helpful for you to handle similar faults in the future.
You can view, add and update the alarm maintenance tips:
z In Alarm "Detailed Information" dialog box, click <Tips> to enter "Maintenance
Tips" dialog box.
z Enter the "Maintenance Tips" dialog box through menu operation.
3.3.7 An Example of Troubleshooting
1) Preparations:
z Set alarm display mode as "Alarm panel pops up when a new alarm arrives", set
alarm indicator as "Alarm panel flashes when uncleared alarm exists".
z Create a "Major Alarm" profile to detect all major device alarms timely.
z Enable correlation analysis, and set the flash interval as 150 seconds.
2) When the alarm panel pops up and the major alarm indicator flashes, double
click the indicator to pop up the current alarm querying window. Then the queried
alarm information is displayed in the right part of the window.
3) Select an alarm record and double click it. The "Detailed Information" dialog box
then appears showing the following information:
z Device Name: Office A MA5100_1
z Device Type: MA5100
3-17
z Alarm Name: LAN opposite end does not support self-negotiation.

z Severity: Major
z Function Class: Event
z Status: UnAck&UnClear
z Generated Time: 2002-09-27 10:57:02
z Locating Info: Frame=0 Slot=1 Port=5
According to alarm name and alarm processing experiences, you may find the
probable causes:
LAN local end supports self-negotiation, while the opposite end does not support.
Then find the port and check the port mode according to the device name and
Location Information.
4) Take the following measures: Set the same port mode for the local end and
opposite end of LAN.
5) Summarize and record the alarm processing experience, and then acknowledge
and recover the alarm manually.
3-18
User Manual Chapter 4 Performance
Chapter 4 Performance Management
Performance management supports collecting, browsing and measuring performance

data of all managed devices in an integrated manner. With this function, you can get to
know the basis information and performance status of the current network, which can
help you to prevent network failures and plan the network reasonably.
For the explanation of the concepts involved in the performance management, see
Table 4-1.
Table 4-1 Explanation of the basic concepts involved in the performance management
Concept Explanation
A measuring object is a managed object on which the performance data is collected,
Measuring
such as a device, board, port, logical port and PVC. Each measuring object has a
Object
unique identification within the network.
A parameter measuring the running performance of a system (NE, NMS or network).
It can be obtained through arithmetic of one or more Managed Information Base
Performance
(MIB) objects. For example, ADSL line downstream noise margin is obtained by
Metrics
calculating X1 and X2 MIB objects through Y1 and Y2 operations. Each
performance metrics has one unique ID.
A performance profile combines several performance indexes so that it applies to

Performance
one type of NEs, such as ADSL port performance collection profile of the MA5100
Profile
and ADSL performance collection profile. Each performance profile has a unique ID.
A parameter of the data that must be collected during the measurement, like traffic,
Measuring
calling times and average seizure duration. It can be considered as a measuring
Entity
variable.
A type of specific measurements, such as the incoming office traffic measurement,
outgoing office traffic measurement, internal traffic measurement. It can be
Measuring Unit described with such elements as the entity, object, time and output ranging, and
provides answers to such questions as what, when, how to measure, and when to
output the measuring results.
A group of descriptions of a specified traffic measurement operation, involving
multiple respects, like description of the statistic object features (specifying calls
Task
specified in the statistic range), that of the statistic time, output entities and output
time.
A report describing the measurement result of one type of traffic, as well as
Traffic
measuring object, measuring entity value, measuring cycle and start date and end
Measurement
date of the measurement, providing a basis for the whole network performance
Report
measurement, planning and running management.
4-1
4.1 Realtime Performance Management

Realtime performance management provides the function of browsing realtime
performance data of the objects. You can browse the realtime performance data as well
as save the data.
4.1.1 Adding/deleting Performance Indexes
This operation enables you to add or delete performance indexes of an object.

1) Select [Performance/Add/Delete Performance Index] to display the “Add/Delete
Performance Index” dialog box.
2) In the “Optional Indexes” drop-down list, select a profile.
3) Select one or more indexes (selecting multiple indexes while pressing <Shift> or
<Ctrl>), click to add the specified indexes to the selected list. You can click
to add all available indexes to the selected list.
4) Click <OK> to save the modification.
4.1.2 Saving Data
While browsing the view containing the realtime performance data, you can save the
data to a file of another format for further processing and for future use. You can save
the current view as an HTML file (.html) containing pictures. You can also save the data
that you are viewing as an Excel file (.txt) or Text file (.txt).
Perform the following operations to save the data.
1) Select [Performance/Save as] to display the file saving dialog box.
2) In the dialog box, select the file type the data is to be saved as: .html, .csv or .txt.
3) Select the directory the file is to be saved and enter the file name.
4) Click <Save>.
Note:
The default file name provided by the system consists of the object browsed and time.
4.1.3 Adjusting Refresh Frequency
When browsing the performance data in real time, you can select one refresh
frequency from highest, higher, normal, lower or lowest. After a frequency is selected,
the client will refresh the interface display according to the refresh frequency.
1) Select [Performance/Frequency].
4-2
2) Select one refresh frequency from the following options: Highest, Higher, Normal,
Lower or Lowest. By default, “Highest” is selected.
Note:
z Highest frequency sampling means that each time the data is reported by the device, it is displayed.
Higher frequency sampling means that one of two data reported by the device is displayed. For
normal, lower and lowest frequency sampling, one of three, one of four and one of five data are
displayed respectively.
z The realtime performance management function is only supported by the broadband devices. You can
display the realtime performance measurement window through the right-click menu of the modules of
the NM subsystems.
4.2 Task Management

The task management module supports creating and managing collection tasks.
Creating a collection task is the prerequisite to performance data measurement. The
collection task can collect data according to the time interval set by the collection
period.
After a task is created, you can perform the following operations:
z data management
z time distribution analysis
z global traffic flow measurement
z call failure measurement
z data mending
The task management module can modify, suspend, resume and delete the existing
tasks, and view detailed information of the selected device tasks.
4.2.1 Viewing Tasks
This operation enables you to view the information about all existing tasks, as well as
the detailed information about one task. You can perform the operation only when the
tasks are available on the “Task Management” window.
1) Select [Performance&Stat/Task Management] to display the “Task Management”
window.
2) On the upper part of the window, select the device type which you want to view
tasks from the "Device Type" drop-down list. The tasks meeting the conditions are
displayed on the window, as shown in Figure 4-1.
4-3
Figure 4-1 Task management window
3) Select a task to be viewed, right click it and then select [View Task], or double click
the task to display the “Task Details” dialog box showing the detailed information
of the task.
4) Click the headings of the tasks to sort the tasks.
After the operation, the detailed information of the task is shown in the “Task Details”
dialog box: Task Name, Device Task Id, Device Name, Measuring Unit, Objects, Output
Port, Time Range (Start Date, End Date and Polling Period) and Collection Time.
4.2.2 Creating Tasks
This operation enables you to create tasks according to the selected device type,
device name, measuring unit and measuring object. You can also specify a validity
period and a data collection period for a task. For the broadband devices, you can
select multiple devices for one task, and before creating a task, you can test it.
I. Operation procedure
1) Select [Performance&Stat/Task Management] from the main menu to display the

"Task Management" window.
2) On the upper part of the window, select a device type from the "Device Type"
drop-down list and a device name from the "Device Name" drop-down list. If there
are tasks meeting the conditions, they will be displayed on the lower part of the
window.
4-4
3) Right click and then select [Create Task] to display the "Create Task" dialog box
as shown in Figure 4-2.
Figure 4-2 Creating task dialog box
4) The default task name is displayed in the "Task Name" text box. You can change it
to the desired task name.
5) Select the desired device from the "Device Name" list box.
6) Select the desired measuring unit from the "Measuring Unit" drop-down list.
7) Select the desired output port from the "Output Port" list box. “NMS Port” is
recommended.
8) Select a polling period from the "Polling Period" drop-down list. It should be longer
than five minutes.
9) Click <...> next to the "Start Time" and "End Time" boxes to specify a valid time
segment. Note that the end time should not be earlier than the start time and the
start time should not be earlier than the current time.
10) Click <Advanced>. In the "Advanced" dialog box that appears, select a collection
period: daily, weekly, or monthly, and then click <OK>.
11) In the "Measuring Object" frame, unfold the "Root" and then select the desired
check boxes. Then the measuring objects are grouped based on the object type
displayed in the "Root". Select at least one measuring object.
12) Click <OK> and then view the newly added task in the task list.
II. Parameter specification
[Device Type]: All device types supported by the performance module.

[Device Name]: After a device type is selected, all devices of the type are displayed in
the "Device Name" drop-down list.
4-5
[Task Name]: Name of the task.

[Measuring Unit]: After a device is selected, all measuring units supported by the device
are displayed in the "Measuring Unit" list.
[Output Port]: It can be "Statistic Port" or "NMS Port". When the "Statistics Port" is
selected, the system transmits analysis data to the Background Administration Module
(BAM). When the "NMS Port" is selected, the system transmits the collected
performance analysis data to the Network Management Port. By default, the "NMS
Port" is selected.
[Objects]: A measuring object supported by the selected device and measuring unit.
[Start Data]: Start time of the task.
[End Date]: End time of the task.
[Polling Period]: The polling period for data collection. The options include: 1 minute, 5
minutes, 15 minutes, 30 minutes, 1 hour, and 1 day.
[Set Time]: The time segment for data collection within each day. A maximum of 3 time
segments can be specified, which can be of the same or different duration but should
not be repeated.
[Polling Period]: The options include: daily, weekly, and monthly.
z If "Daily" is selected in the "Advanced" dialog box, performance data will be
collected at the time segments set in step 9 within the polling period set in step 8.
z If "Weekly" is selected in the "Advanced" dialog box, you need to specify the days
for data collection within each week. If you select "Tuesday" and "Saturday",
performance data will be collected at the time segments set in step 9 within the
polling period set in step 8.
z If "Monthly" is selected in the "Advanced" dialog box, you need to specify the days
for data collection within each month. If you select the 1st, 10th and 20th days for
data collection within each month, performance data will be collected at the time
segments set in step 9 within the polling period set in step 8.
Note:
z A maximum of 3 time segments can be selected for the data collection within a day, for example,
10:00~12:00, 14:00~16:00 and 18:00~22:00.
z For the broadband devices, multiple devices can be selected for one task. Note that the devices
should be devices of one device type and one version.
4-6
4.2.3 Suspending Tasks
This operation enables you to suspend one or more collection tasks in running status at
one time. Once a task is suspended, it can be modified, resumed or deleted.
2) On the upper part of the window, select the device types of the tasks you want to
suspend from the "Device Type" drop-down list.
3) On the upper part of the window, select the device names of the tasks you want to
suspend from the "Device Name" drop-down list.
4) The tasks meeting the conditions will be displayed on the lower part of the window.
5) Select the tasks you want to suspend, right click it and then select [Suspend Task].
6) In the confirmation dialog box that appears, click <Yes> to confirm the operation or
<No> to abort the operation.
If the operation succeeds, the selected tasks change to the "Suspended" status, and
the indicators in front of them turn red.
If the operation fails, the system prompts that the selected tasks fail to be suspended. If
the operation partially succeeds, the system prompts that not all of the selected tasks
are suspended successfully. Click <Details>to view the detailed operation results.
4.2.4 Resuming Tasks
This operation enables you to resume suspended collection tasks. One or more
collection tasks can be resumed at one time.
2) In the "Device Type" list on the upper part of the window, select the device type of
the task to be resumed.
3) Tasks meeting the conditions are displayed on the lower part of the window.
4) Select the task to be resumed from the task list, right click it and then select
[Resume Task].
5) In the confirmation dialog box, click <Yes> to resume the tasks or click <No> to
abort the operation.
4.2.5 Deleting Tasks
This operation enables you to delete one or more collection tasks at one time.
2) On the upper part of the window, select the device type of the task to be deleted in
the "Device Type" list.
4-7
3) On the upper part of the window, select the device name of the task to be deleted
in the "Device Name" list.
4) Tasks meeting the conditions are displayed on the lower part of the window.
5) Select one or more tasks to be deleted. Right click and then select [Delete Task], a
dialog box will be shown for you to confirm the operation.
6) In the dialog box, click <Yes> to proceed to the operation or click <No> to abort the
operation.
Note:
Only the tasks in "Suspended", "Not Started" or "Terminated" status can be deleted.
4.3 Data Management

Original performance data is collected from different Network Elements according to
the tasks created. Data management module performs overall management on the
original performance data. By setting different parameters in the query pane, you can
query the original performance data by measuring object and task.
Data management includes querying performance data by measuring objects, querying
performance data by task and setting data security term.
4.3.1 Querying Performance Data by Measuring Object
This operation enables you to query the collected original data according to the set
conditions. You can select device type, device name, measuring unit, measuring object,
measuring entity and conditional expression to query the original performance data
within the specified period.
1) Select [Performance&Stat/Performance Data Management] or click on the

toolbar to display the "Data Management" window as shown in Figure 4-3.
4-8
Figure 4-3 Querying performance data by measuring objects
2) Select "Query by Measuring Object" in the "Query Type" area.

3) Select the device type for data query from the "Device Type" drop-down list.
4) Select the device name for data query from the "Device Name" drop-down list.
5) Select the measuring unit for data query from the "Measuring Unit" drop-down list.
6) In the "Time Range" area, click <...> next to the "Start Time" and "End Time" edit
boxes to specify the time range for the data to be queried.
7) Click <Measuring Object>, and then select measuring objects in the dialog box
that appears, finally click <OK> to confirm the operation and close the dialog box.
Table 4-2 Function of the buttons
Click… To…
add one or more measuring objects at one time.
add all measuring objects.
remove one or more selected objects.
Remove all selected objects.
8) Click <Measuring Entity> to display the "Create Conditional Expression" dialog

box. In the dialog box, configure the conditional expression for querying and then
click <OK>.
9) In the “Data Management” dialog box, click <Query> or <Apply>.
4-9
[Device Type]: A device type supported by the data management module.

[Device Name]: After a device type is selected, all names of the devices of the type are
displayed in the "Device Name" drop-down list.
[Measuring Unit]: After a device is selected, all measuring units supported by the device
are displayed in the "Measuring Unit" drop-down list.
[Start Time]: Start time for the data querying.
[End Time]: End time for the data querying.
[Measuring Objects]: Measuring objects for the data querying.
[Measuring Entity]: Measuring entity for the data querying.
4.3.2 Querying Performance Data by Task
This operation enables you to query the collected original data according to the set
conditions. You can select device type, device name, task, measuring entity and
condition expression to query the original performance data within the specified period.
1) Select [Performance&Stat/Performance Data Management] or click on the

toolbar to display the "Data Management" window as shown in Figure 4-3.
2) Select "Query by Task" in the "Query Type" area.
3) Select the device type for data query from the "Device Type" drop-down list.
4) Select the device name for data query from the "Device Name" drop-down list.
5) Select the measurement task for data query from the "Task" drop-down list.
6) In the "Time Range" area, click <...> next to the "Start Time" and "End Time" edit
boxes to specify the time range for data to be queried.
7) Click <Measure Entity>. In the dialog box that appears, create a conditional
expression, and then click <OK>.
8) In the “Data Management” window, click <Query> or <Apply>.
[Device Type]: A device type supported by the data management function.

[Device Name]: After a device type is selected, all names of the devices of the type are
displayed in the "Device Name" drop-down list.
[Task]: After a device is selected, all tasks are displayed in the "Task" drop-down list.
[Start Time]: Start time for the data querying. It should be earlier than the valid start time
of the performance measurement task.
[End Time]: End time for the data querying.
4-10
[Measuring Entity]: Measuring entity for the data querying. It is related to the measuring
unit selected when creating the performance measurement task.
Note:
z For the operations of creating a conditional expression, refer to 4.7.5 Creating a Conditional
Expression.
z Click <Save> to save the query results in the form of .html or .csv. Click <Print> to print the query
results. Click <Delete> to delete the records. Click <Close> to close the query window.
4.3.3 Setting Data Security Term
In order to ensure security of the saved performance data, you can set a time segment
starting from the current date. The time segment ranges from 3 to 6 months. The
performance data within this time range cannot be deleted.
1) Select [Performance&Stat/Performance Data Management] from the main menu

or click the corresponding shortcut button on the toolbar to display the "Data
Management" window as shown in Figure 4-3.
2) Click <Security> on the lower part of the "Data Management" window to display
the “Set Security Term” dialog box, as shown in Figure 4-4.
Figure 4-4 Setting security term
3) In the dialog box, select the security term.

4) Click <OK>.
[Security Term]: A time segment backward from the current date (it ranges from three to
six months). The data within this time range will be protected and cannot be deleted.
4-11
Before the data deleting, it is determined whether to delete the data earlier than the set
security term.
4.4 Data Integrity Management

This operation provides the data integrity analysis function. You can analyze the data
integrity according to device, measuring unit and collection task to understand the data
collection status in time. The system also provides the function of mending the lost data
in minimum duration, thus enhancing the integrity and security of performance analysis
data. This module involves: querying data integrity, mending data by devices, mending
data by measuring units, and mending data by tasks.
4.4.1 Querying Data Integrity
This operation enables you to query the data integrity information.

1) Select [Performance&Stat/Data Integrity Management] to display the "Data
Integrity Management" window. There are three tables in the window, which are
"Integrity of Devices", "Integrity of Measuring Units" and "Integrity of Tasks", as
shown in Figure 4-5.
Figure 4-5 Data integrity window
2) Select a device type, and view the data integrity rate conditions of all devices of
this device type in the “Integrity of Devices” list.
4-12
3) Select a device in the “Integrity of Devices” list, and view the data integrity rate
conditions of all measuring units of this device in “Integrity of Measuring Units”.
4) Select a measuring unit in the “Integrity of Measuring Units” list, and view the data
integrity rate conditions of all tasks of the selected measuring unit in “Integrity of
Tasks”.
4.4.2 Mending Data
This operation enables you to mend the lost performance data at the device level,
measuring unit level and task level.
1) Select [Performance&Stat/Data Integrity Management] or click on the toolbar

to display the “Data Integrity Management” window.
2) Select a device type in the “Device Type” drop-down list, and then set the start
time and end time, finally click <Query>.
3) To do mending on a device, elect a device in the "Integrity of Devices" table, right
click it and then select [Execute Mending], or click the corresponding button on the
toolbar.
4) To do mending on a measuring unit, select a measuring unit in the "Integrity of
Measuring Units" table, right click it and then select [Execute Mending], or click the
corresponding button on the toolbar.
5) To do mending on a task, select a task in the "Integrity of Tasks" table, right click it
and then select [Execute Mending], or click the corresponding button on the
toolbar.
[Device Type]: All device types supported by the data integrity management module.
[Start Time]: The time point for starting querying the data integrity.
[End Time]: The time point for finishing querying the data integrity.
Note:
z Click to do mending on the selected device.
z Click to do mending on the selected measuring unit.
z Click to do mending on the selected task.
4-13
4.5 Performance Alarm Threshold Management

Performance alarm threshold management enables you to set threshold values for the
measuring entities.
For each combination of device type, device, measuring unit, measuring object and
measuring entity, upper threshold value and lower threshold values can be set. In the
process of collecting performance data, the system will automatically check the
threshold for performance data set with alarm thresholds. If the performance data
exceeds the threshold, performance alarms will be generated and sent to the alarm
module and finally reported to you. There are recovery alarms corresponding to the
performance alarms.
Performance alarm threshold management involves querying, adding, deleting and
modifying performance alarm threshold.
4.5.1 Querying Performance Alarm Threshold
This operation enables you to query performance alarm threshold records.
1) Select [Performance&Stat/Threshold Management] or click on the tool bar to

display the "Threshold Management" window as shown in Figure 4-6.
Figure 4-6 Performance alarm threshold management window
4-14
2) In the "Device Type" drop-down list, select the type of the device for which the
performance alarm threshold is to be queried.
3) In the "Device Name" drop-down list, select the name of the device for which the
4) In the "Measuring Unit" drop-down list, select the measuring unit for which the
5) In the "Measuring Object" drop-down list, select the measuring object for which the
6) In the "Measuring Entity" drop-down list, select the measuring entity for which the
7) In the alarm threshold list, observe the performance alarm threshold information.
[Device Type]: All device types supported.

[Device Name]: After one device type is selected, all devices of the type will be
available in the "Device Name" drop-down list.
[Measuring Unit]: After one device is selected, all measuring unit supported by the
device will be available in the "Measuring Unit" drop-down list.
[Measuring Object]: It is the measuring object for which performance alarm threshold is
to be queried.
[Measuring Entity]: It is the measuring entity for which performance alarm threshold is
to be queried.
4.5.2 Adding a Performance Alarm Threshold
This operation enables you to add performance alarm threshold for the measuring
entities. Depending on the alarm threshold and alarm levels added, corresponding
alarms will be generated.
1) Select [Performance&Stat/Threshold Management] from the main menu or click
on the toolbar to display the "Threshold Management" window as shown in

Figure 4-6.
2) In the "Device Type" drop-down list, select the type of the device for which the
performance alarm threshold is to be added.
3) In the "Device Name" drop-down list, select the name of the device for which the
4) In the "Measuring Unit" drop-down list, select the measuring unit for which the
5) In the "Measuring Object" drop-down list, select the measuring objects for which
the performance alarm threshold is to be added.
4-15
6) In the "Measuring Entity" drop-down list, select the measuring entities for which
7) In the "Threshold" pane, enter values for "High Threshold" and "Low Threshold",
and then select "Alarm Level".
8) In the "Date Time" pane, click <...> next to the "Start Time" and "End Time" to set
start time and end time for the performance alarm threshold.
9) Click <Add> and then observe the newly added performance alarm threshold
record in the performance alarm threshold list.
[High Threshold]: Upper threshold of the performance alarm threshold. In case it is

crossed, alarms will be generated.
[Low Threshold]: Lower threshold of the performance alarm threshold. In case it is
crossed, alarms will be generated.
[Alarm Level]: It is of enumerated type. The following options are provided: critical,
major, minor and warning.
[Start Time]: Start time for threshold value checking. It should not be earlier than the
current time.
[End Time]: End time for threshold value checking. It should not be earlier than the start
time.
4.5.3 Modifying a Performance Alarm Threshold
This operation enables you to modify performance alarm threshold of the measuring
entity. Among the parameters, start time, end time, upper limit, lower limit and alarm
level can be modified. After the modification, the alarms will be reported according to
the newly-set upper/lower limit and alarm level.
1) Query performance alarm threshold following the steps given in 4.5.1 to list all
performance alarm threshold records meeting the conditions in the result output
area.
2) Select one record to be modified in the threshold list.
3) On the "Threshold" pane, enter new values for "High Threshold" and "Lower
Threshold", and then select new "Alarm Level".
4) On the "Time Range" pane, click <...> next to the "Start Time" and "End Time" edit
boxes and then modify the start time and end time for performance alarm
threshold.
5) Click <Apply>.
4-16
4.5.4 Deleting a Performance Alarm Threshold
This operation enables you to delete performance alarm threshold from the measuring
entities. After the deletion, no performance alarms will be generated for the measuring
objects.
1) Query performance alarm threshold following the steps given in 4.5.1 to list all
performance alarm threshold records meeting the conditions in the result output
area.
2) Select one or more records to be deleted in the threshold list.
3) Right click it and then select [Delete].
4) In the confirmation dialog box, click <OK>.
4.6 Performance Measurement

4.6.1 Time Distribution Analysis
Time distribution analysis is:

z analyze one or multiple measuring entities of one measuring object according to
different steps within the specified period of time
z or to compare the same measuring entity of multiple measuring objects and output
the analysis result in the form of table or graphics.
1) Select [Performance&Stat/Time Distribution Analysis] or click on the toolbar

to display the "Time Distribution Analysis" window. On the upper part of the
window is the analysis conditions input area while the lower part is the result
output area.
2) Select the desired device type from the "Device Type" drop-down list.
3) Select the desired device name from the "Device Name" drop-down list.
4) Select the desired measuring unit from the "Measuring Unit" drop-down list.
5) Select the desired analysis type from the "Analysis Type" drop-down list.
6) In the "Time Range" pane, click "Period" drop-down list and then select the
analyzing cycle. Click <...> next to the "Start Time" edit box and then set the
analyzing operation start time in the pop-up calendar.
7) Click <Measuring Object> to display the measuring object selection dialog box. In
this dialog box, select measuring objects.
8) Click <Measuring Entity>. In the dialog box that appears, select the measuring
entity and then configure the calculation formula for the measuring entity. In the
measuring entity selection dialog box, select measuring entities.
9) In the “Show Type” list, select the query result output format: Table Multiple Bar or
Line.
10) Click <Query> or <Apply>.
4-17
4.6.2 Global Traffic Flow Analysis
This operation enables you to analyze the specified measuring units including:
z originating traffic
z inner traffic
z originating outgoing office traffic
z incoming office traffic
z incoming office terminating traffic
z transfer traffic
z terminating traffic
z outgoing office traffic
The analysis entities include call attempt times, call connect times, answer times,
seizure traffic and answer traffic.
1) Select [Performance&Stat/Global Traffic Flow Analysis] or click on the

toolbar to display the “Global Traffic Flow Analysis" window as shown in Figure
4-7.
Figure 4-7 Global traffic flow analysis
2) In the "Device Type" drop-down list, select the type of the device to be analyzed.
3) In the "Device Name" drop-down list, select the name of the device to be analyzed.
4-18
4) In the "Date Time" pane, click <...> next to the "Start Time" and "End Time" edit
boxes and then set the start time and end time for the analysis.
[Device Type]: All device types supported.

[Device Name]: After one device type is selected, all devices of the type will be
available in the "Device Name" drop-down list.
[Start Date]: Start date for the analysis.
[End Date]: End date for the analysis.
Note:
This function is only supported by the C&C08 switch and SoftX3000.
4.6.3 Call Failure Analysis
This operation enables you to analyze different failure calls resulted from different
causes within the specified time segment. To perform a call failure analysis operation,
the user needs to select a device, measuring unit, measuring objects of the trunk
groups as well as start time and end time for the analysis.
The measuring units supporting call failure analysis include Incoming Trunk Group and
Outgoing Trunk Group.
1) Select [Performance&Stat/Call Failure Analysis] or click on the toolbar to

display the "Call Failure Analysis" window as shown in Figure 4-8.
4-19
Figure 4-8 Call failure analysis window
2) In the "Device Type" drop-down list, select the type of the device to be analyzed.
3) In the "Device Name" drop-down list, select the name of the device to be analyzed.
4) In the "Measuring Unit" drop-down list, select the measuring unit to be analyzed.
5) In the "Time Range" pane, click <...> next to the "Start Time" and "End Time" edit
boxes and then set start time and end time for the analysis.
Note:
This function is only supported by the C&C08 switch and SoftX3000.
4.7 Other Functions

4.7.1 Changing Graph Settings
When the measurement results are displayed in the form of histogram or graph, their
attributes can be reset, for which the line color and type, background color and grid can
be selected freely. When statistics report is displayed in the form of graph, through the
above settings, an object can be differentiated from others. The graph can be moved
horizontally or vertically, through which parts that cannot be fully displayed will be
4-20
viewed. Furthermore, the graph can be flexed by zooming in or out X and Y axis, and
the two axes can be displayed in the grid mode.
1) In the “Show Object" check box, select the desired object for graph setting.
2) In the “Line Color” check box, select the desired color.
3) In the “Line Type” check box, select the desired line type.
4) In the “Background Color” check box, select the desired background color.
5) In the “Show X-axis Grid Line” selection box, select the grid line of X axis.
6) In the “Show Y-axis Grid Line” selection box, select the grid line of Y axis.
7) Select “X Properties” to zoom in or out X axis.
8) Select “Y Properties” to zoom in or out Y axis.
9) Click <Right> or <Left> in the “X Properties” area to right or left move the graph.
10) Click <Right> or <Left> in the “Y Properties” area to right or left move the graph.
[Show Object]: The selected object.

[Line Color]: The line color of the selected object.
[Line Type]: The line type of the selected object.
[Background Color]: The background color of the graphics.
[Show X-axis Grid Line]: Show grid line on the X-axis.
[Show Y-axis Grid Line]: Show grid line on the Y-axis.
[X Properties]: Vary the graph with the zooming in/out of X axis, or right/left move the
graph.
[Y Properties]: Vary the graph with the zooming in/out of Y axis, or right/left move the
graph.
Note:
The graph property tool is available only when the “Multiple Bar” or “Line” mode is selected.
4.7.2 Saving Measurement Data
This operation enables you to save measurement data in the form of .html, .txt, or .csv.
1) Perform a performance measurement task to measure the performance data.

2) Click <Save> to display the “Save” dialog box.
4-21
3) If the records are displayed in full pages, you will be prompted to select all data or
current data. After selecting one mode, click <OK> and proceed to step 4).
Otherwise, proceed to step 4) directly.
4) Select the saving directory, enter the file name and select the save type.
5) Click <Save>.
[Save Path]: Save path of the measurement report.

[File Name]: Name of the file saving the measurement report.
[File Type]: Select to save the measurement report in one of the following
type: .htm, .txt or .csv.
4.7.3 Printing Measurement Data
This operation enables you to print the measurement data generated from
measurement operations for reference.
2) Click <Print> to display the “Print Preview” dialog box.
3) Click <First>, <Previous>, <Next> and <Last> to browse the information to be
printed.
4) Click <Print> to display the “Print” dialog box.
5) If the records are displayed in full pages, you will be prompted to select all data or
current data. After selecting one mode, click <OK> and proceed to step 6).
Otherwise, proceed to step 6) directly.
6) Specify a printer and then click <OK> to print the measurement result with the
specified printer.
Note:
The measurement report in any of the three forms (table, multiple bar or line) can be printed.
4.7.4 Deleting Measurement Data
This operation enables you to delete the queried performance measurement data.
2) Select multiple data records and then click <Delete>.
3) In the dialog box that appears, select the start time of the data to be deleted.
4) Click <OK> to delete the selected data.
4-22
Note:
z You can only delete the data beyond the data security term.
z You can only delete the data in the “Data Management” window.
4.7.5 Creating a Conditional Expression
This operation enables you to create a conditional expression to query the performance
measurement data of a measuring entity of the selected measuring unit conditionally.
1) Select [Performance&Stat /Data Management] to display the “Data Management”
window.
2) Click <Measuring Entity> to pop up the “Create Conditional Expression” dialog
box.
3) Select a measuring entity and click the Operator drop-down list. The following
operators are available: “=", “>”, “>=”, “<”, “<=” and “!=”. Select one operator and
enter the value of the conditional expression in the value pane to generate a
conditional expression.
4) Click <OK> to create the conditional expression, or click <Cancel> to abort the
operation.
Note:
The query condition should comply with the operation results. For example, select Entity 1 and Entity 2,
and operate them with AND, then the query results can only be the measuring objects with both desired
measuring entities. Operate them with OR, then the query results can be the measuring objects with either
desired measuring entity.
4-23
HUAWEI iManager N2000 Fixed Network Integrated Management System Security Management
Chapter 5 Security Management
Security management performs security control of the NMS. To ensure system

security, NMS user right must be controlled. After starting the NMS, the user can only
log in to the NMS with the created user account, and after logging in, the user can only
perform the authorized operations. The system will record any sensitive operations
performed by the user to the management applications. And the administrator can
monitor and browse the user operation logs to get operation information of all users.
The security management main window is as shown in Figure 5-1.
Figure 5-1 Security management main window
5.1 Basic Conception
I. User group
User group is a group of NMS users with the same authorities. User group is a
collection of users as well as authorities. The default user groups are administrator
group, maintainer group, operator group and monitor group.
5-1
II. Device set
Device set is a group of managed devices which are of the same device type. In a
device set, the information of authorities is not involved. One device set may contain
multiple devices and one device may belong to multiple device sets.
III. Operation set
Operation set is a group of operations which may be performed on the NMS. One
operation set may contain multiple operations and one operation may belong to
multiple operation sets.
5.2 Functions
5.2.1 Creating a User
Perform the following operations to create a new NMS user.

1) Select [System/Security Manager] to enter the security management main
window.
2) In the "Security Object" tree, select the "User" node, right click it and then select
[New User] to display the "New User" dialog box.
3) In the dialog box, set the following parameters:
z Name: compulsory, a character string which consists of less than 20 characters.
The parameter must be filled in and the name should not overlap with the
existing operation set name.
z User Full Name: optional, a character string which consists of less than 48
characters.
z Detailed Description: optional, a character string which consists of less than 48
characters. The maintenance personnel may input useful information here.
z Password: compulsory, a character string which consists of 4-10 characters.
z Confirm password: to confirm the previously inputted user password.
z Account suspended: options are "Yes" or "No", and it is "No" by default.
z Account always valid: options are "Yes" or "No", and it is "No" by default.
z Account expiry data: In the case you select "No" in the "Account always valid" list
box, you need input the expiry date here. The date can be selected by click <...>
besides the list box.
z Password always valid: options are "Yes" or "No", and it is "No" by default.
z Password expiry date: In the case you select "No" in the "Password always valid"
list box, you need input the expiry date here. The date can be selected by click
<...> besides the list box.
z Login time quantum: to restrict user login time. It defaults to be any time within
one day.
5-2
4) Click <OK> to add the user.
5.2.2 Modifying User Attributes
Perform the following operations to modify such information as user detailed

information, management right, operation right and Access Control List (ACL).
window.
2) On the "Security Object" tree, double click the "User" node to show all users.
3) Click the user, the name of which you want to modify, then the basic information
of the user is shown on the right part of the window.
4) On the "General" tab, modify general attributes of the user. Note that the name of
the user cannot be modified. Then click <Apply> to validate the modification.
5) On the "Subjection" tab, modify the user group to which the user belongs.
6) On the "ACL Setting" tab, set the user to log in to the NMS from a specified client.
Then click <Apply> to validate the modification.
7) On the "Management Right" tab, modify the management right of the user.
8) On the "Operation Right" tab, modify the operation right of the user and then click
<Apply> to validate the operation.
5.2.3 Assigning a User to User Groups
Perform the following operations to assign a user to a user group so that the user has
all the management and operation authorities of the user owned by the user group.
window.
3) Click the user to be assigned, then detailed information of the user is shown on
the right part of the window.
4) Select the "Subjection" tab and then click <Add> to display the "Add User Group"
dialog box.
5) In the table displayed on the upper part of the dialog box, all the user groups
available are listed. In the list, select the group you need the user to be in and
then click <Add> to add the user group to the table on the lower part of the
window. Or click <Delete> to delete the record from the table on the lower part of
the window.
6) Click <OK> to assign the user to the selected user group.
5.2.4 Assigning Operation Right to a User
Perform the following operations to authorize a user to perform or prohibit a user from
performing specified operations.
5-3
1) Select [System/Security Manager...] to enter the security management main

window.
3) Click the user to which the operation right is to be assigned, then detailed
information of the user is shown in the right part of the window.
4) On the "Operation Right" tab, current operation right of the user is shown. Click
<Add> to display a dialog box to add operation right. In the dialog box, select the
types and sub-types, then the corresponding security objects are shown in the
"Operation Objects" list and operation names and levels are shown in the table
on the up right corner.
5) Select the objects and operations to assign operation right, then click <Add> to
add the selected operation right to the list on the lower part of the window or click
<Delete> to delete the selected operation right on the lower part of the window.
6) Click <OK>, the operation right in the list on the lower part of the window will be
added to the operation right group of the corresponding user. The system will
automatically identify and filter the right that already exists in the operation right
group of the user.
7) On the "Operation Right" tab, select the operation right to be deleted and click
<Delete> to delete it.
Note:
z Security Object and Type: The basic unit for right assigning is security object. Any entities to be
assigned with operation right, such as menus and managed devices, can be regarded as the security
object. To make the operation more convenient, we classify the security objects into two levels:
object type and object subtype.
z Operation and Operation Set: Each piece of right is a triplet composed of users, security objects and
operations and it is meaningless to have security objects but no operations. Operations are always
the same on the object of the same subtype, thus you may create operation sets containing some
operations of the same subtype. Then you will find your operation to assign operation right is
simplified with the operation sets.
z "Add Device" right: In the "Add Operation Right" dialog box, there exists a special object "Add
Device" in the "Operation Object" list. In the case that the user has the right to conduct some or all of
the operations contained in the "Add Device" object, after the user creates one device of the type, he
can conduct the operations on the device.
z Conventions: The user cannot assign right to the super user (admin) or to himself.
5-4
5.2.5 Assigning Management Right to a User
Perform the following operations to authorize a user assign management right to a

user.
window.
3) Click the name of the user to which the operation right is to be assigned, then
detailed information of the user will be listed on the right part of the window.
4) On the "Management Right" tab, view current management right of the user.
5) Management right is displayed with a resource tree. The first layer of the tree lists
the device types that can be managed by the user. The second layer lists the
devices that can be managed by the user. If a node on the first layer is selected,
it means that the resource and all its sub-resources can be managed. If the
nodes on the second layer are partially selected, it means that resource can be
managed while some of its sub-resources cannot. If no node is selected, it
means that neither the resource nor the sub-resources can be managed.
6) Click <Set> to display the management right setting dialog box. On the upper
part of the dialog box, set the desired query conditions, and then click <Query>.
Then the matching devices are displayed in the list on the lower part. The
"Management Status" column shows the management status of the device.
Change the status, and then click <OK> or <Apply>.
7) Alternatively, you can set the management rights of some resources in this way:
Change the management right status on the resource tree and then click
<Apply>.
Note:
z Management Right: whether or not the user has the right to manage the specified device and board.
In the topological view, the devices which the user has no right to manage will not be shown to the
user, and on the device panel, the boards which the user has no right to manage will not be shown to
the user either.
z Conventions: When a user is created, he is not authorized to manage any resource by default. The
user can't assign management right to the super user or himself. If a user is not authorized a device,
it is impossible to assign the operation right of the device to him.
5.2.6 Creating a User Group
Perform the following operations to create a user group.
5-5

window.
2) On the "Security Object" tree, select the "User Group" node, right click it and then
select [New User Group] to display the "New User Group" dialog box.
3) In the "New User Group" dialog box, set the following parameters:
z [Name]: optional, a character string shorter than 20 characters. It should not be
the same with any existing user group name.
z [Detailed description]: optional, a character string shorter than 50 characters,
giving detailed information of the user group.
4) Click <OK> to add the user group.
5.2.7 Modifying User Group Attributes
Perform the following operations to modify description information and members of

the specified user group.
window.
2) On the "Security Object" tree, double click the "User Group" node to show all
user groups.
3) Click the user group to be modified, then the basic information of user group is
shown on the right part of the window.
4) On the "General" tab, modify "Detailed Description" of the user group. Note that
the name of the user group cannot be modified. Then click <Apply> to validate
the modification.
5) On the "Member" tab, modify the users contained in the user group.
6) On the "Management Right" tab, modify the management right of the user group.
7) On the "Operation Right" tab, modify the operation right of the user group, and
then click <Apply> to validate the modification.
5.2.8 Assigning Operation Right to a User Group
Perform the following operations to authorize a user group to perform or prohibit a

user group from performing the specified operation.
window.
user groups.
3) Click the user group to which operation right is to be assigned, then detailed
information of the user group will be listed in the right part of the window.
4) On the "Operation Right" tab, view the current operation right of the user group.
Click <Add> to enter the "Add Operation Right" dialog box. In the dialog box,
select different types and sub-types, then the "Operation Object" list will display
5-6
all related security objects, and the table on the up right corner will list all the
related operation names and levels.
5) Select the objects and operations to which operation right is to be assigned, click
<Add> to add the operation right in the list on the upper part of the interface to the
list on the lower part. Or click <Delete> to delete the selected operation rights in
the list on the lower part of the interface.
6) Click <OK>, the operation right in the list on the lower part of the interface will be
added to the operation set of the user group. The system will automatically
identify and filter the right that already exists in the operation set of the user
group.
7) On the "Operation Right" tab, select the operation right to be deleted and then
click <Delete> to delete it.
5.2.9 Assigning Operation Right to a User Group
Perform the following operations to authorize a user group to manage or prohibit a

user group from managing the specified devices and boards.
window.
user groups.
3) Click the user group name to which the operation rights are to be assigned, then
detailed information of the user group will be listed on the left part of the window.
4) On the "Management Right" tab, view the current management right of the user
group.
5) Management right is displayed with a resource tree. The first layer of the tree lists
the device types that can be managed by the user group. The second layer lists
the devices that can be managed by the user group. If an item is fully selected, it
means that the resource and all its sub-resources can be managed. If it is
half-selected, it means that resource can be managed while some of its
sub-resources cannot. If it is not selected, it means that neither the resource nor
the sub-resources can be managed.
6) Click <Set> to display the <Query>. Then the matching devices are displayed in
the list on the lower part. The "Management Status" column shows the
management status of the device. Change the status, and then click <OK> or
<Apply>.
7) Alternatively, you can set the management rights of some resources in this way:
Change the management right status on the resource tree and then click
<Apply>.
5-7
5.2.10 Creating an Operation Set
Perform the operations to create an operation set according to the security object type,
thus making it convenient to assign user operation right.
window.
2) On the "Security Object" tree, select the "Operation Set" node, right click it and
then select [New Operation Set] to display the "New Operation Set" dialog box.
3) In the dialog box, set the following parameters:
z [Name]: compulsory, a character string which consists of less than 20 characters.
The name should not overlap with the existing operation set name.
z [Detailed Description]: optional, a character string which consists of less than 50
characters. It is a description of the operation set.
z [Type]: all security types of the NMS are listed.
z [Subtype]: all subtypes corresponding to the security type.
4) Then click <OK> to create the operation set.
5.2.11 Modifying Operation Set Attributes
Perform the following operations to modify description information and members of a

specified operation set.
window.
2) On the "Security Object" tree, double click the "Operation Set" node to show all
operation sets.
3) Select the operation set to be modified, then the operation set information will be
displayed on the right part of the window.
4) On the "General" tab, modify detailed description of the operation set. Note that
the name of the operation set cannot be modified. Then click <Apply> to validate
the modification.
5) On the "Member" tab, modify the operations contained in the operation set.
5.2.12 Setting Operations in an Operation Set
Perform the following operations to add or delete specified operations. In this way, the
user can assign operation right conveniently.
window.
2) On the "Security Object" tree, double click the "Operation Set" node to show all
operation sets.
3) Select the operation set to be modified, then the operation set information will be
displayed on the right part of the window.
5-8
4) On the "Member" tab, click <Add> to display a dialog box for you to add a device.
5) All the operations can be added are listed in the table on the upper part of the
window. Select the desired operations and then click <Add> to add the
operations to the table on the lower part of the window.
6) Click <Delete> to delete the selected operations in the table on the lower part of
the window. Or click <OK> to add the operations in the table on the lower part of
the window to the operation set.
5.2.13 Setting User ACL Right
Perform the operations to specify from which clients can the users log in to the NMS.
window.
3) Click the user to set ACL right, then the basic information of the user is listed on
the right part of the window.
4) On the "ACL Setting" tab, view current ACL of the user. If a check box in the first
column is checked, it indicates that the user is authorized to log in to the NMS
from the client.
5) "Constrained by ACL" check box is used to set whether or not the user is
constrained by ACL. If the check box is cleared, it means that the user is allowed
to log in to the NMS from any client in the ACL, otherwise, the user can only log in
to the NMS from the selected clients in the ACL.
6) Click <Add ACL> to add a new ACL item.
7) Check or clear the check boxes in the first column to set from which clients the
users can log in to the NMS.
8) After completing the settings, click <Apply> to validate the setting.
5.2.14 Setting System ACL
Perform the following operations to set system ACL data, including adding, modifying
and deleting ACL items.
1) Select [System/System Setting] to display the "System Setting" dialog box.
2) Select the "ACL Setting" tab, then all ACL items in the current NMS will be listed.
z Click <Add> to add a new ACL item.
z Click <Modify> to modify the selected ACL item.
z Click <Delete> to delete the selected ACL item.
3) After completing the settings, click <Apply> or <OK> to validate the settings.
5.2.15 Realtime Monitoring User Operation Logs
Perform the following operations to view operations conducted by the logon users.
5-9
1) Select [System/Monitor User Operations] to display the “Operation Realtime

Monitor” window, as shown in Figure 5-2.
Figure 5-2 Operation realtime monitor
2) In the ”Operation Realtime Monitor” dialog box, set the following monitoring
conditions:
z [User]: You can select "All" or a specific user.
z [Client]: You can select "All" or a specific IP address of a client.
z [Operation Name]: You can select "All" or input a specific operation name.
z [Operation Level]: You can select "All", "System Administration", "System
Maintenance", "System Operation", or "System Survey".
z [Object]: You can select "All" or input a specific object name.
z [Result]: You can select "All", "Succeed", "Partially Succeed" or "Fail". Herein,
"Partially Succeed" means that a part of operations succeed while performing
batch operation. For example, after batch dumping logs, the final dumping record
number is 1500, while the initial number is 2000. In this case, the operation result
is "Partially Succeed".
3) After you completing the settings, the system will automatically display the
operations meeting the conditions.
5.2.16 Browsing/Dumping User Operation Logs
Perform the following operations to browse and dump user operation logs.
5-10
1) Select [System/Browse User Log] to display the "Log Browse" dialog box, as
Figure 5-3 Log browsing
2) In the "Log Browse" dialog box, set the following browsing conditions:
z [User]: "All Users" or a specific user.
z [Client]: "All Client" or a specific IP address of a client.
z [Range]: combined by "Start Time/The First Record" and "End Time/The Last
Record", totally 4 options.
z ["Start Time" or "End Time"]: selected from the time selection box besides it.
When "The First Record" or "The Last Record" is selected, the time selection box
beside it will gray out.
z [Key String]: a fuzzy index for searching for the log "Detailed Information"
containing the character string.
z [Object]: Click <Select> and then select an object.
3) After completing the settings, click <Query>, all operation logs meeting the set
conditions will be displayed in the table on the lower part of the window. Double
click the table headers to sort the information.
4) In the table, select a log and then double click it, the detailed information dialog
box will appear showing detailed information of the operation logs.
5) Click <Print> to print the query result or click <Save> to save the query result as
a file.
6) Click <Dump> to dump the operation logs manually.
5-11
Caution:
Only the users who are authorized to browse user operation logs as well as the super user can browse
user operation logs.
5.3 User Right Management
It is of vital importance to reasonably plan NMS user right and strictly control user
account allocation, because any security neglect may make the NMS fragile when
facing attacks thus may menace security of the managed devices.
Generally, user right management process falls into six phases: preparationsÆ
creating usersÆ adding users to user groupsÆ adjusting user operation rightÆ
adjusting user management rightÆ configuring ACLÆ user login.
5.3.1 Preparations
First, according to the need of daily maintenance operations, classify the NMS users
into the following groups:
z Administrator: It may be the administrator of the Network Management Center
(NMC) or the network planning personnel, who has the highest operation right.
z Maintainer: It can be the service provisioning personnel, maintenance personnel
or trouble-shooting personnel.
z Operator: It is the operator in the NMC.
z Monitor: It can only monitor network running and has the lowest operation right.
Then confirm the members containing in each group and collect user name, logon
password, logon client IP address, the managed device and operations which has a
special requirement for operation right.
5.3.2 Creating Users
After the system is initially installed, only one default user "admin" is provided and the
ACL is empty. The user can only log in to the NMS from the server. "Admin" is a super
user who has all operation and management rights. Like other users, "admin" can be
controlled to log in from a specified client.
Log in to the NMS as "admin" and create all the NMS users depending on the user
names and passwords collected.
5-12
5.3.3 Adding Users to User Groups
According to the common maintenance requirements, the NMS provides user groups
of four levels, including administrator group, maintainer group, operator group and
monitor group. Among them, administrator group has the highest operation authority
while the monitor group has the lowest. For operation authorities they have, you may
query in the NMS. If the default user group cannot meet the maintenance
requirements, you may create new user groups.
According to the authority level the users should have, add the NMS users to the
corresponding user groups.
5.3.4 Adjusting User Operation Right
After being added to a user group, by default, the user has all operation right defined
for this user group. When the operation right of the user group does not fit the user,
the operation right can be adjusted by adding or deleting operation right of the user so
that the operation right can meet the actual requirement.
5.3.5 Adjusting User Management Right
After being added to a user group, by default, the user has all management right
defined for this user group. When the management right of the user group does not fit
the user, the management right can be adjusted by adding or deleting management
right of the user so that the operation right can meet the actual requirement.
5.3.6 Configuring ACL
To ensure system security, the NMS authenticate the logon user by verifying the user
access IP. The NMS has a list of all system addresses (system ACL). If the user do
not log in to the NMS through the server, he must log in from the IP address defined in
the system ACL, otherwise, authentication may fail. Besides, each user corresponds
to his own ACL (user ACL). In the case the user ACL is not empty, the IP address from
which the user log in must be defined in the user ACL, otherwise, the user cannot log
in to the NMS successfully.
According to the logon client IP address, configure system ACL and user ACL to
control the user to log in to the NMS from the specified client.
5.3.7 User Log In
After the above setting, all the users can be provided with the server IP address and
be notified to log in to the NMS. Remember to remind the users to keep the logon
5-13
password safety and change it periodically to avoid the password being embezzled by
others illegally.
To log in to the NMS, do the following:
From the "Start" menu, select [Program/iManager N2000/N2000 Client] or double
click the desktop shortcut icon to display the user logon dialog box, as shown in
Figure 5-4. In the dialog box, input user name and password to enter the client
topological window.
Figure 5-4 User login
Besides, you may click <...> next to the "Server" drop-down list to display the server
setting dialog box as shown in Figure 5-5. In the dialog box, you may set logon
servers by adding, modifying or deleting operations so that the user may switch to
other servers. Here the IP address is shown in dotted decimal notation, and the
default port No. is 9800 which need not be set by the user.
5-14
Figure 5-5 Setting login servers
5.4 License Management
5.4.1 Querying License
Perform the following operations to view the license information and usage.
1) Select [Help/About] from the main menu.
2) In the “About” dialog box that appears, click the “License” tab.
The license details and usage are displayed, including the number of licenses you
have purchased and that of the licenses being used.
Parameter specification:
[Licensed Packages]: The software package you are authorized to install and use.
[Capacity]: The number of the devices you are authorized to manage. The
management of an additional device requires one more license. If all your licenses are
used up, you cannot manage any additional device.
[Client]: The number of the clients you are authorized to connect with. If all your
licenses are used up, no additional client can be connected.
[Expiry]: The invalidity period of the license.
[Server ID]: Unique ID of the NMS server.
5.4.2 Upgrading License
If you need more licenses or your licenses expire, please contact our local office or
local agent or call 800-830-2118 to upgrade your licenses.
5-15
User Manual Chapter 6 Environment
HUAWEI iManager N2000 Fixed Network Integrated Management System Monitoring Management
Chapter 6 Environment Monitoring Management
The environment monitoring module of the iManager N2000 can implement

centralized monitoring of corresponding device environment, including:
z centralized management and maintenance of the environment parameters and
power parameters of the devices;
z monitoring the third party power system, thus reducing costs of the operators.
Environment monitoring management module of the iManager N2000 mainly
provides the following functions:
z Centralized monitoring to the local equipment room, remote module power
supply and running environment.
z Centralized monitoring to such environment parameters as power supply,
temperature, humidity and access control of access network devices of
narrowband switches.
Data transmission through its inherent monitoring units and monitoring message
transmission channels, thus greatly reducing the monitoring cost.
The monitored information is transmitted to the monitoring console through the

transmission channel, so that the monitoring console can monitor the AC power
supply and power off time, DC voltage, battery group and environment parameters of
the remote equipment.
6.1 Monitoring Power Parameters
This operation enables you to monitor the power parameters of the selected
environment monitoring units, including:
z AC input voltage and current;
z rectifier output voltage and current;
z working status of the rectifier;
z load fuse alarm;
z rectifier module fault;
z over voltage/over current/under voltage/over temperature alarm;
z battery fuse alarm;
z working status of the battery.
I. Operation proceudre
1) Select [Environment Monitoring/Browse Environment Monitoring Unit] on the

main interface to display the “Environment Monitoring” window.
6-1
2) Select the query mode. Options are “All Monitoring Unit” or a specified IP
address of a device.
3) In the Environment Monitoring Unit list, select a monitoring unit with power
parameters.
4) The power tab appears in the display area at the lower part. Click the power tab
to pop up a browsing interface of the power information.
5) Eight sub-tabs are contained on the power tab. Click different tabs to browse
corresponding power information.
Click… to…
browse all information of the power, including the power index, power type,
power name, Power Index, Power Type, Power Name, Mains Status,
“General” tab Communication Status, AC Input Status, Current AC Loop, DC Output Voltage
Status, DC Output Current Status, Output Load Status, Rectifier Module
Status, Battery group loop Status, Power Supply Control Mode.
browse the AC input loop information of this power supply, including: Loop
No., Input Status (V), Overvoltage Threshold (V), Undervoltage Threshold (V),
“AC Input Loop” tab
Input Voltage A(V), Input Current A(A), Input Voltage B(V), Input Current B(A),
Input Voltage C(V), Input Current C(A).
browse the DC output information of this power supply, including: DC Voltage
Output (V), DC Current Output (A), Overvoltage Threshold (V), Undervoltage
“DC Output” tab
Threshold (V), DC Output Voltage Status, DC Output Current Status, Total
Current, Load Power off Temperature(OC), DC Distributor Running Status.
browse the output load information of this power supply, including: Load No,
“Output Load” tab Load Name, Power Status, Load Fuse Status, Present Voltage (V), Present
Current (A) and Lower Voltage (V).
browse the rectifier module information of this power supply, including: Module
“Rectifier Module”
No, Current Status, Running Status, Output Voltage (V), Output Current (A)
tab
and Current Limiting Mode.
browse the battery group information of this power supply, including: Battery
Energy Supply Status, Battery Group Total Capacitance, Battery Group
“Battery Group” tab Remaining Capacitance, Number of Battery Groups, Undervoltage Threshold,
Overvoltage Threshold, Second Lower Voltage, Battery Protection Voltage,
Charging Current Limiting Point Factor and Battery Power off Temperature.
browse the battery group loop information of this power supply, including:
“Battery Group Loop” Loop No, Switch Status, Working Status, Battery Fuse Status, Battery Contact
tab Status, Loop Voltage (V), Loop Temperature, Charging Capacitance (A.h)
and Overcurrent Threshold (A).
browse the recharging management information of this power supply,
“Charging including: Charging Management Mode, Charging Status, Even Charging
Management” tab Voltage Charging Capacity (V), Float Charging Voltage Charging Capacity
(V), Timing Even Charging Time (h) and Temperature Compensation Factor.
6-2
Note:
z The queried power information may vary with the selected monitoring unit and configured power.
z The power tab is automatically created according to the monitoring unit, the number of which is
consistent with the configured powers. No power tab is displayed if the selected environment
monitoring unit is not configured with the power.
6.2 Monitoring Environment Parameters
This operation enables you to monitor the environment parameters of one or all
devices managed by the NMS.

main interface to pop up the “Environment Monitoring” window, as shown in
Figure 6-1.
Figure 6-1 Environment monitoring window
6-3
2) The area at right of the window is divided into three parts: The upper is the
“Query Mode” selection box, the middle is the monitoring unit list, and the lower is
the display area of environment parameters and power parameters.
3) Select “All Monitoring Units” in “Query Mode” to browse general information of all
the monitoring units of this device under the NMS in the monitoring unit list.
4) Select the IP address of a device in “Query Mode” to browse general information
of the environment monitoring units of this device in the monitoring unit list.
5) Select an environment monitoring unit in the monitoring unit list.
6) The “Environment Parameters” tab of this monitoring unit is displayed in the
display area. Click it to browse the environment parameter information of the
selected monitoring unit.
II. Operation result
1) In steps 1 ~ 4, the environment monitoring unit information of all devices or

selected device can be browsed, including: Monitoring Board Status,
Environment Parameter Status, Supply Status, Device Name,
NE/Frame/Module Index, Monitoring Object Name and Monitoring Board Type.
2) In steps 5 ~ 6, details of the environment parameters of the selected environment
monitoring unit can be browsed, including the name, current value, status, unit
and latest alarm time of such environment parameters as temperature, humidity,
ZN, distribution frame, access control, fire alarm, theft alarm, smoke, water,
smell and sensor.
Note:
z You can click <Refresh> to browse the latest information of the monitoring unit and environment
parameter.
z After the “Environment Monitoring” tab appears, the system will open the “All Monitoring Units” list by
default. Only the “Environment Parameters” tab is displayed at the lower part of the initial window.
6.3 Monitoring Configuration Information
This operation enables you to browse the configuration information of an environment

monitoring unit.
main interface to pop up the “Environment Monitoring” window.
2) Select “All Monitoring Units” or the IP address of a device in "Query Mode”.
3) Select a monitoring unit in the monitoring unit list, right click and select [Query
Environment Monitoring Unit Configuration Info] to pop up the environment
monitoring unit configuration information dialog box.
6-4
4) There are three tabs in the dialog box: “Digital Sensor Channel”, “Analog Sensor
Channel” and “Fan”.
Click… to…
“Digital Sensor browse the channel No., name, valid level information of the selected monitoring
Channel” tab unit.
To browse the channel No., type, name, unit, working upper threshold, working
“Analog Sensor
lower threshold, alarm upper threshold and alarm lower threshold of the selected
Channel” tab
monitoring unit.
browse the fan name, control mode, start temperature, adjust mode, close
“Fan"
temperature, adjust parameters and switch status of the selected monitoring unit.
5) Click <OK> or <Cancel> to close the dialog box.
6.4 Related Operations
6.4.1 Configuring Synchronizing Period
This operation enables you to set the automatic synchronizing period mode of the
environment monitoring system in the network so as to synchronize the system with
the host data in a fixed time interval.
1) Select [Environment Monitoring /Environment Synchronization Cycle] on the

main interface to pop up the “Configure Synchronization Cycle” dialog box, as
Figure 6-2 Synchronizing cycle configuration dialog box
6-5
2) Select “Interval” in “Cycle Mode”, and then enter the “Time Interval” parameter.
3) Or select “Every Day” in “Cycle Mode”, and then enter the “Starting Time Point”
parameter.
4) Click <OK> or <Apply> to configure the synchronizing period. Click <Cancel> to
abort the operation.
z If the configuration succeeds, a “Prompt” dialog box will pop up to prompt that
setting the synchronization cycle to the server succeeds.
z If the configuration fails, a failure message will appear.
z After the automatic synchronizing period is set, the system will automatically
synchronize the NMS data with the host data as per the set period.
III. Parameter specification
Parameter Description
Cycle Mode Two modes are available: Interval and Every Day.
The time interval for starting the synchronization with the unit as hour. The range is 6
Interval
~ 72.
Every Day The time point for starting the synchronization everyday.
Note:
z For the period mode selection, when the “Interval” mode is selected, only the “Time Interval”
parameter can be configured, while the “Starting Time Point” parameter will be grayed. When the
Daily mode is selected, the case will be reversed.
z Click <OK> to complete the configuration operation and close the dialog box. Or click <Apply> to
complete the configuration operation only.
z You may synchronize with the host data manually.
6.4.2 Synchronizing Monitoring Unit List
This operation enables you to synchronize the environment monitoring unit with the
device information. You can synchronize one or more environment monitoring units
with the host data once.
1) Select [Environment Monitoring /Environment Synchronization Cycle] on the

6-6
2) In the Monitoring Unit List, select one or more monitoring units, right click and
select [Synchronize Environment Monitoring Device], or click the shortcut button
at the upper part of the window to synchronize the data.

3) The “Environment Monitoring Unit Synchronization Result” dialog box pops up
displaying the synchronized device name, monitoring object name and
synchronizing results.
4) Click <OK> to close the dialog box.
When the operation is completed, a result dialog box pops up. If the synchronization
succeeds, the synchronizing result will display “Success”, otherwise, it will display
“Failure”.
6.4.3 Synchronizing Environment Monitoring Device
This operation enables you to synchronize one or more environment monitoring

devices once.
1) Select [Environment Monitoring/Browse Environment Monitoring Unit] to pop up

the “Environment Monitoring " window.
2) Select one or more monitoring unit, right click and then select [Synchronize
Environment Monitoring Device], or click the shortcut button to start the

synchronization process.
3) Click <OK> in the pop-up result dialog box to close it.
z After synchronization, the “Environment Monitoring Device Synchronization

Result” dialog box will pop up to display the synchronized device name and
synchronizing results. If the operation fails, error causes are prompted.
z If the synchronization succeeds, the operation success will be prompted,
otherwise, the failure will be prompted.
6.4.4 Refreshing Environment Monitoring Unit List
This operation enables you to update one or more environment monitoring unit lists
displayed on the topological client with the latest data from the database.
6-7

2) In the “Monitoring Unit" list at the right area of the window, select one or more
monitoring units.
3) Right click and select [Refresh] or click the shortcut button on the toolbar to
perform the refreshing operation.
The environment monitoring unit list will be refreshed, keeping consistency with the
information of the NMS database and displayed on the interface.
Note:
Only the environment monitoring unit list can be refreshed. After the refreshing is performed, the
environment parameters, power information will disappear from the lower part of the window and will not
reappear until another monitoring unit is selected.
6.4.5 Browsing Legend
This operation enables you to browse different legends that stand for the current
statuses of the monitoring unit.

2) Select a monitoring unit in the monitoring unit list at the right part of the window.
3) Right click and select [Show Legend] to pop up the "Show Legend” dialog box.
4) Browse the monitoring statuses of different legends. Then click <OK> to close
the dialog box.
The status information indicated by different legends can be browsed, as shown in

Table 6-1.
6-8
Figure 6-3 Legend
Table 6-1 Legend
Legend Status
Normal
The monitoring board is disconnected from the host
Faulty
Abnormal
Configuration
The host is disconnected from the NMS
6-9
HUAWEI iManager N2000 Fixed Network Integrated Management System Database Backup Tool
Chapter 7 Database Backup Tool
The Database Backup Tool can be used to back up and restore NMS databases
automatically and manually. In case of NMS database failure, the user can restore the
database with the latest backup so as to minimize the loss and ensure the reliability of
the NMS. The Database Backup Tool also supports remote maintenance of the NMS
database in a centralized manner, making the operations easy and efficient.
7.1 Functions
7.1.1 Starting/Exiting a Database Backup Tool
1) From the "Start" menu, select [Program/iManager N2000/DBBackup Client] or
click the desktop shortcut icon to start the database backup tool.
2) If database servers have already been configured, select the node of the server to
be logged in to, input the password (password of the "N2000user") in the user
login window, and then click <OK> to log in to the server. See Figure 7-1.
7-1
Figure 7-1 Database backup tool
3) Select [System/Exit] to exit the tool and close the "Database Backup Tool"
window.
Note:
z In the database backup tool window, the password for the database login is the password of the
"N2000user". It is a sole user for the NMS to connect the database and specified during the NMS
server installation.
z In the preceding section, the method to start the database backup tool on the Windows operating
system is introduced. On the Solaris operating system, the method to start the database backup tool is
as follows: On the CDE, right click and then select [Applications/iManager N2000/DBBackup Client] to
display the "Database Backup Tool " window. Other operations are the same on the two operating
systems.
7.1.2 Viewing a Database
This operation enables you to view basic information of an NMS database, including
the database size, used size, and creation date.
7-2
1) Start the database backup tool and log in to the server node where you want to
view the database.
2) Select [View/Database] and select the desired database in the "All Database" area.
Detailed information of the database then appears in the "Description" area,
including database name, size, used size and creation time. See Figure 7-2.
Figure 7-2 Viewing a database
7.1.3 Viewing Logs
This operation enables you to view logs of the operations on the NMS through the
database backup tool. If multiple database backup tools are used to perform operations
on one NMS database server, you can view the same logs kept for the server.
1) Start the database backup tool and log in to the server node to be configured.
2) Select [View/Log] and then set parameters in the "View Log" area.
z Log Type: Select the type of logs to be viewed, including "All", "Backup" or
"Restore".
z Time: Select the segment you want to view, including "Latest Month", "Latest
Three Months", "Latest Half Year" or "Latest One Year".
3) After completing the settings, click <Next>. The matching logs then appear in the
"Operation Log" area.
7-3
Figure 7-3 Viewing logs
7.1.4 Configuring a Database Server
You should configure a database server before backing up and restoring it.
1) Start the database backup tool.
2) Use the adding or deleting operation to configure a database server.
3) To add a database server, select [System/Add Database Server] and set the
following parameters in the "Add Database Server" area.
z Server Name: Enter the ID of the server you want to add. It can be any character
string, but it must not be identical to an existing one. By default, it is
"N2000DBServer".
z IP Address: Enter the IP address of the server you want to add. It should be
expressed as a dotted decimal notation. By default, it is 127.0.0.1.
z Description: Enter the description information about the server you want to add.
After completing the settings, click <Add>, a dialog box appears prompting the
operation success. After confirmation, the server node appears in the NMS database
explorer.
4) To delete a database server, select the desired server node on the NMS database
explorer. Select [System/Delete Database Server]. A prompt dialog box then
appears showing the operation success. After confirmation, the selected NMS
7-4
database server is deleted and the corresponding server disappears from the
NMS database explorer.
Note:
z The server name must be unique at the terminal. That is to say, it must not be identical to an existing
one.
z If the NMS database server does not exist, you cannot log in.
7.1.5 Configuring a Database Set
According to different backup/restoration requirements, one or multiple databases in

the NMS database server are distributed to different sets so that all backup/restoration
tasks can share them. One database can be distributed in multiple database sets.
1) Start the Database Backup Tool and log in to the server node to be configured.
2) Select [Configuration/Database Set] and configure the database sets.
3) To add a database set, click <Add> and configure the following parameters:
z Set Name: Enter the name of the database set you want to add.
z Database for Selection: Shows all databases in the server you can choose from.
z Selected Database: Shows the databases already contained in the database set.
Use or to add databases in or delete databases from the database set.
After setting the parameters, click <Finish>. A prompt dialog box then appears showing
the operation success. After confirmation, the database set appears in the "All
Database Sets" area.
4) To delete a database set, select the desired database set in the "All Sets" area,
and click <Delete>. Details about the database then appear, including Database
Set Name and Database in Set. Click <Finish>. A prompt dialog box then appears
showing the operation success. After confirmation, the database set disappears
from the "All Database Sets" area.
Note:
The name of a database set can be any character string, but it should not be identical to an existing one.
7-5
7.1.6 Configuring an Auto Backup Policy
Perform the following operations to add, delete and modify the backup period and start
time for auto backup tasks.
2) Select [Configuration/Auto Backup Policy] and configure the auto backup policy.
3) To add an auto backup policy, click <Add>, and configure the parameters below in
the "Add Time Policy" area:
z Time Policy Name: Enter name of the auto backup policy you want to add.
z Backup Frequency: Select "Day", "Week" or "Month". If you selected "Week", you
should also set the specific day of the week using the corresponding check box,
ranging between Monday~Sunday. If you selected "Month", you should also set
the specific date of the month from the "Every month no" drop-down list, ranging
between 1~31(Day).
z Start Time: Set the start time for the backup task, ranging between 0~23(o'clock).
the operation success. After confirmation, the auto backup policy appears in the "All
Time Policies" area.
4) To modify an auto backup policy, select the desired auto backup policy in the "All
Time Policies" area. Click <Modify> and set the parameters below in the "All Time
Policies" area.
z Backup Frequency.
z Start Time.
the operation success. After confirmation, the auto backup policy information is
refreshed.
5) To delete an auto backup policy, select the desired auto backup policy in the "All
Time Policies" area, and then click <Delete>. Details about the auto backup policy
then appear, including Time policy name and Time policy info. Click <Finish>. A
prompt dialog box then appears showing the operation success. After confirmation,
the auto backup policy disappears from the "All Time Policies" area.
Note:
The name of an auto backup policy can be any character string, but it must not be identical to an existing
one.
7-6
7.1.7 Configuring a Backup Device
This operation enables you to configure the backup device type and backup path.
2) Select [Configuration/Backup Device] and configure the auto backup device.
3) To add a backup device, click <Add>, and then set the parameters below in the
"Add Backup Device" area:
z Backup Device Name: Enter name of the backup device you want to add.
z Backup device type: Set type of the backup device, including "Disk" and "Tape".
z Backup to: Set the physical path of the backup device. If you selected "Disk" as the
backup device type, enter a directory name, which is the "backup" subdirectory
under N2000 installation directory by default. If you selected "Tape" as the backup
device type, select name of the desired tape from the corresponding drop-down
list.
the operation success. After confirmation, the backup device appears in the "All
Backup Devices" area.
4) To delete a backup device, select the desired backup device in the "All Backup
Devices" area, and then click <Delete>. Details about the backup device then
appear, including Backup device name and Backup device info. Click <Finish>. A
prompt dialog box then appears showing the operation success. After confirmation,
the backup device disappears from the "All Backup Devices" area.
Note:
z The name of a backup device can be any character string, but it must not be identical to an existing
one.
z By default, the name of a "Tape" backup device is the tape name.
z The tape cannot be used for backup before initialization. You can select the tape in the "All Backup
Devices" field and click <Initialize Tape>.
7.1.8 Manual Backup
Manual backup allows you to back up a database instantly. To do so, you should select
a database set and a backup device.
1) Start the database backup tool and log in to the desired database server node.
2) Select [Operation/Manual Backup], select the desired database set in the "Select
database set to backup" area, and then click <Next>.
7-7
3) Select the desired backup device in the "Selection backup device" area, and then
click <Finish>.
4) The system begins to backup the database, and please wait. After the backup, a
prompt dialog box appears showing the operation success.
Note:
The manual backup should be performed when the NMS server load is slight. To reduce workload of daily
maintenance, you are recommended to use auto backup function and take the manual backup as a
complement.
7.1.9 Configuring an Auto Backup Task
This operation enables you to configure an auto backup task so that the system can
perform the backup at the specified time.
2) Select [Operation/Auto Backup Task], and then add or delete auto backup tasks.
3) To add an auto backup task, click <Add>.
z Select the desired backup database set in the "Select database set" area, and
then click <Next>.
z Select the desired backup policy in the "Select time policy" area, and then click
<Next>.
z Select the desired backup device in the "Select backup device" area, and then
click <Finish>.
A prompt dialog box then appears showing the operation success. After confirmation,
the backup task appears in the "All Time Backup Tasks" area.
4) To delete an auto backup task, select the desired backup task in the "All Time
Backup Tasks" area, and then click <Delete>. Details of the auto backup task then
appear, including name and other information of the auto backup task. Click
<Finish>. A prompt dialog box then appears showing the operation success. After
confirmation, the auto backup task disappears from the "All Time Backup Tasks"
area.
7-8
Note:
z You should configure the desired database set, auto backup policy and backup device before
configuring the auto backup task.
z In order not to affect normal maintenance during the backup, it is recommended that the auto backup
operation be perform during 00:00 ~ 06:00.
7.1.10 Restoring a Database
This operation enables you to restore a database from the backup in case of any error
to minimize the loss.
1) Start the Database Backup Tool and log in to the desired database server node.
2) Select [Operation/Restore Database], select the desired backup device in the
"Select backup device" area, and then click <Next>.
3) Select the desired database set in the "Select database set to restore" area, and
then click <Next>.
4) Select the desired backup record in the "Select one backup" area, and then click
<Finish>.
5) The system begins to restore the database, and please wait. After the restoration,
a prompt dialog box appears showing the operation success.
Caution:
z Before restoring the database, please make sure that no user is accessing to the database. Otherwise,
the restoration may fail.
z It is suggested that you shut down all the processes except the "database backup" process before
restoration.
7.2 Backing Up/Restoring a Database
To minimize the loss in case of NMS database failure, you need back up the database
periodically, so that the database can be restored in case of failure.
Backing up/restoring one NMS database experiences the following three phases:
1) Preparations: In this phase, you need configure the desired NMS database,
database set, backup policy and backup device.
7-9
2) Backing up database: In this phase, you need determine the database backup
method and back up the NMS database.
3) Restoring database: In this phase, you need to determine the NMS database you
want to restore and restore it.
7.2.1 Preparations
For the sake of convenience, the configuration items necessary in the database
backup/restoration are configured separately. The configuration results are also saved
so that all backup/restoration tasks can share them.
Before backing up/restoring a database, you should make these preparations:

z Configuring a database server
z Configuring a database set
z Configuring an auto backup policy
z Configuring a backup device
Note:
You should configure a database server before backing up or restoring the database.
7.2.2 Backing Up a Database
Database backup is an important operation to guarantee normal operation of the

system. Two backup modes are available, namely manual backup and auto backup.
z Manual backup is to backup a database immediately. After manually configuring
the backup database set and backup device, you can back up the database
immediately.
z Auto backup means that the system backs up a database automatically. After an
auto backup task is set, the system will automatically back up the database at the
specified time. For details, see 7.1.9 Configuring an Auto Backup Task.
Note:
You should set an auto backup task before the auto backup is performed.
7-10
7.2.3 Restoring a Database
This operation enables you to restore a database from a backup record in case of any
error to minimize the loss.
For details, see 7.1.10 Restoring a Database.
7-11
User Manual
HUAWEI iManager N2000 Fixed Network Integrated Management System Chapter 8 System Monitor
Chapter 8 System Monitor
Using the system monitor, you can view the information about the NMS server
processes in a centralized manner.
The system monitor also enables you to start and stop processes and set process
start mode. These functions can be used as emergent measures for troubleshooting.
As for daily operation, you need only view the desired information instead of
performing other operations in order to avoid unexpected trouble which may affect
system running.
8.1 Starting/Exiting a System Monitor

1) From the "Start" menu, select [Application/iManager N2000/N2000 SysMonitor]
or click the desktop shortcut icon to display the user login dialog box, as
Figure 8-1 User log in
2) In the dialog box, input the login password ("N2000" by default) and set the NMS
server to be logged in. Then the "System monitor" window is opened, as shown
in Figure 8-2. In the dialog box, you may maintain the NMS server process,
databases, system resources, hard disk and version information.
8-1
User Manual
Figure 8-2 System monitor
Besides, you may click <...> next to the "Server" drop-down list in the user login dialog
box to display the server setting dialog box. In the dialog box, you may set login
servers by adding, modifying or deleting operations so that the user may switch to
other servers. Here the IP address is shown in dotted decimal notation, and the
default port No. is 9800 which need not be set by the user.
Note:
In the preceding section, the method to start the system monitor on the Windows operating system is
introduced. On the Solaris operating system, the method to start the system monitor is as follows: On the
CDE, right click and then select [Applications/iManager N2000/N2000 Monitor] to display the user login
dialog box. Other operations are the same on the two operating systems.
8.2 Starting/Closing an NMS Server
This operation enables you to start and close an NMS server through the system
monitor.
1) Start the system monitor.
8-2
User Manual
2) In the “System monitor” window, select [System/Start Server]. The system then
starts all the processes. You can view the operation status of each process in the
"Process” tab.
3) In the “System monitor’" window, select [System/Stop Server]. In the
confirmation dialog box that appears, click <OK>. Then all the processes of the
NMS server will be stopped in 30 seconds, and the system will notify all the
online clients to log out.
Caution:
Stopping the NMS server may result in client disconnection, unsaved data loss, and further operation
interruption. So exercise caution when doing so.
8.3 Querying Processes
The system monitor enables you to view the processes of the NMS server in a unified
manner.
The system monitor also enables you to start/stop processes and set process start
mode. These functions can be used as emergent measures for troubleshooting. As
for daily operation, you need only view the desired information instead of performing
other operations in order to avoid unexpected trouble which may affect system
running.
I. Operation Procedures

2) Click the "Process" tab. The tab lists the details of all manageable processes,
including: Name, State, Start Mode, CPU, Memory, Restart Times, Start Time,
Server Name and Description.
II. Parameter Specifications
[Start mode]: Auto start, Manually start, or Forbidden start. "Auto start" is to exit and
then automatically restart a process when it is abnormal. "Manually start" is to exit an
abnormal process and then restart it manually. "Forbidden start" is to prohibit a
process from being started from the system monitor.
[Restart Times]: It refers to the times a process has been exited and restarted since
the startup of the NMS Server.
8-3
User Manual
[Description]: It describes the services that can be provided by a process or which

module the process belongs to.
Note:
After selecting one or multiple processes in the process list, you can right click and then perform the
following operations:
z Start process: Starts the selected processes that are not started.
z Stop process: Stops the selected processes that are started.
z Start mode: Sets the start mode of the selected processes.
z Refresh: Updates the details of the selected processes.
8.4 Querying Database Information
This operation enables you to query detailed information of all manageable

databases.
2) Click the "Database" tab. This tab lists details about all manageable databases of
the current NMS Server, including Name, Server Name, Size, Free Space, Used
Rate, Data Size, Log Size and Last Backup Time.
8.5 Querying System Resource Information
This operation enables you to query the system resource information of the computer
where the current NMS Server is located.
2) Click the "System Resource" tab. This tab lists the system resource information
of the computer where the current NMS Server is located, including Server
Name, CPU, Physical Memory, Used Memory and Available Memory.
8.6 Querying Disk Information
This operation enables you to query the disk partition information of the computer
where the current NMS Server is located.
2) Click the "Disk" tab. This tab lists the disk information of the computer where the
current NMS Server is located, including Server Name, Operation System,
System Partition, Total Size, Used Size, Available Size and Used Rate.
8-4
User Manual
Note:
To ensure reliable running of the NMS, when the disk space used by the NMS partition exceeds a certain
threshold, the system will automatically send a disk alarm to prompt the user to clean the disk space.
When the used disk space is lower than the threshold, the system will send a recovery alarm.
8.7 Querying Component Information
This operation enables you to query information of the components installed on the
NMS server you have logged in to.

2) Select the "Component" tab. This tab lists the information about the components
that have been installed on the current NMS Server, including Name, Version
and Description.
II. Parameter Specifications
[Name]: Name of the component that has been installed on the NMS Server.
[Version]: The version information of the component.
[Description]: Description of the current component.
8.8 Setting a System Monitor
This operation enables you to set the system information refresh mode and refresh
interval.

2) In the main window of System Monitor, select [System/Monitor Setting] to pop up
the "System Monitor Setting" dialog box.
3) In the dialog box, set the refresh modes for "Process", "Database", "System
resource" and "Disk". If you select auto refresh, you should set a refresh interval.
II. Parameter Specification
By default, the refresh interval is as follows:

z Process: 60 seconds.
z Database: 600 seconds.
8-5
User Manual
z System resource: 60 seconds.

z Disk: 60 seconds.
Note:
If auto refresh is not used, you can select the information you want to view and click [Refresh] to
manually refresh it.
8-6
HUAWEI iManager N2000 Fixed Network Integrated Management System NMS Security Policy
Chapter 9 NMS Security Policy
9.1 Overview
The iManager N2000 is based on Solaris 8/Windows operating system and large
database system (such as SYBASE or SQL Server). Its security involves four aspects:
operating system, database, NMS application software, and network. The security
negligence in any aspect will result in the vulnerability of the NM software system in
case of attacks, thus undermining the security of the equipment managed by the NMS.
The following lists several frequently occurred problems:
z When installing the NMS workstation operating system and the NMS, the default
user name/password "root/root" and "admin/N2000" are used respectively, which
are easy for attackers to dope out. Once the attacker obtains the password of the
super-user, he/she can control the whole NMS, and can further control or destroy
the equipment managed by the NMS.
z The Solaris 8 operating system patch is not installed or updated in the NMS
workstation timely, the NMS workstation may be attacked by illegal visitors.
z The services such as Telnet, FTP, TFTP and RCP have lots of bugs and are
vulnerable to attacks. For example, the operating system type is shown during
Telnet logon, providing attackers with the important information; the authority of
user root for logging on to the workstation in Telnet service is not masked, neither
is in FTP service, which are very dangerous.
z In SNMP parameters, the default read and write community names are public and
private respectively, which are easy for attackers to dope out. The equipment
information can be obtained and even modified by use of SNMP tool.
z The Access Control List (ACL) for broadband equipment is set inappropriately,
that is, IP addresses of the devices able to access are of too big range. If the NMS
workstation adopts private network address, it is possible that the users of the
equipment managed by the NMS workstation access the NMS workstation directly,
MA5200, for example, may suffer from attacks from internal network.
9.2 Security of Operating System

Only if the system administrator establishes a set of strict security regulations, can the
running reliability of the operating system be ensured effectively. This section outlines
the security policy for the operating system, summarizes the aspects that the system
administrator should implement necessary security configurations, and then describes
them in details based on the actual conditions, which may ensure a secure server
finally.
9-1
9.2.1 Security Policy for UNIX System
The Solaris operating system used by the NMS workstation enjoys the security level B1.
It has passed ITSEC certification and provides firewall. In addition, the SYBASE
database used by the NMS workstation also enjoys the security level B1.
I. Physical security
z Data are backed up in a disk dedicated for data recovery;

z The workstation ensures stable power supply by use of Uninterrupted Power
Supply (UPS);
Security measures for users:
z Lock the screen or log off from the workstation before leaving;
z Do not write down the password or password prompt where it is easily found by
others;
z Prevent others from reading the contents on the screen by executing the
xauth/xhost command;
z Do not set any welcome banner. Only the authorized user can access the NMS
workstation.
II. Network configuration security
Filter:
z Disable needless services in inetd.conf.
z Disable "r" series services.
z Routers filter messages on ports (TCP) 512, 513 and 514.
z Create ACL /var/adm/inetd.sec only for the equipment allowed to access.
z Unnecessary services are filtered from the route, and only necessary services will
be reserved;
z TCP wrappers is adopted to provide more powerful access control and log
functions;
z If the NMS workstation is required to access the Internet, it is recommended to
install a firewall.
Router:
z Close source sending;
z Apply filter to ensure that the source addresses of the information packets sent
from the external network are not the same as the IP addresses of the internal
network;
z Ensure that only authorized host names are stored in system files such as
Network File System (NFS), hosts.equiv and so on;
z Try not to use the file hosts.equiv or .rhosts;
z If the .rhost or .netrc file is to be used, the authority must be set to 600.
9-2
III. System service security
1) File /etc/inetd.conf
The authority of the file is set to 600, the authorized user is root, and needless services
are disabled.
2) File /etc/services
The authority of the file is set to 644, and the authorized user is root.
3) tcp_wrapper
All allowed services in /etc/inetd.conf are protected. If any allowed User Datagram
Protocol (UDP) service is required to be protected, the nowait parameter must be
enabled in /etc/inetd.conf.
4) File /etc/aliases
"#" is added at the beginning of the line to disable the alias "decode". To validate the
modification, /usr/bin/newaliases must be run.
5) File /etc/hosts.lpd
The first character in the file is not "-", the authority of the file is set to 600, the
authorized user is root, there is no "!", "#" or other screen mark in the file, and install the
newest patch.
6) sendmail
The newest sendmail should be used. If using the sendmail offered by the operating
system, you must ensure that the latest security patch has been installed. The sendmail
used has prohibited wizard password. If there is a line beginning with "OW" in
/etc/sendmail.cf, only one "*" will be followed. You need to modify the minimum log level
of sendmail (8) to 9, which can facilitate detecting the sendmail bugs.
7) fingerd
Do not use this service unless necessary, for the attackers may obtain important user
information from it. The newest fingerd software should be used.
8) tftp
Do not use this service unless necessary. If you have to use it, be sure to set directory
access restriction in the file inetd.conf.
9) Telnet
The newest patch should be made. You may replace the telnet service with a safer
version, for the telnet protocol transmits data (including user name and password) in
plain text over the network. The NMS workstation can disable this service in normal
state, and only enable it when remote maintenance is needed.
10) FTP
The newest ftp program should be adopted. All system users (such as uucp, bin, root
and so on) are stored in the file /etc/ftpusers. Try to set the least users and the minimum
9-3
authorities. Run FTP log and view the log frequently. Try to make the folders write
protection. Check all default configurations in the ftp program, and ensure that the ftp
program has no SITE EXEC command. If the workstation only functions as the NMS,
the FTP service can be disabled.
IV. Account security
1) Password
All accounts have valid passwords, but only account root can be enabled with UID 0
authority. Do not set the passwords to guessable or common words (which can be
deciphered by the crack tool). Do not use .netrc files. In case of illegal logon, the
account should be prohibited.
2) Account root
To check the files of "root", you are only allowed to log on from the console. There
should be no "." in directory variables, and a robust password shall be set. Do not log on
as root, but as a common user and then switch to "su" with the root authority. Ensure
that there is no file belonging to other users or writable for everyone in the executable
file for root logon. Use the shell dedicated to root, set umask to 077, which can be
modified to 022 when necessary. Use complete path execution command, and prohibit
any folder writable for other users than root existing in the directories of root. Ensure
that account root has no ~/.rhosts file, and that there is no file belonging to other users
or writable for everyone in the cron job file.
3) Anonymity account
It is only allowed to use when necessary. You need to modify the account guest to
another account, and set a robust password. Use restricted shell and set umask to 077.
4) Ordinary user account
When an account is not used any more, it should be removed. Do not share one
account. Set umask to 077 and use the restricted shell as possible.
V. File system security
1) NFS
NFS should be disabled if it is not required. If required, it should be enabled and
installed with the newest patch. NFS flow is filtered by routers on TCP/UDP port 111
and 2049, which can prevent the hosts in external network from accessing the file
system exported from your host. Be cautious when using the file /etc/exports, and there
should be no "localhost" in this file. Set the permission of /etc/exports to 644 and the
authorized user of /etc/exports to root. Use showmount -e to view the current output.
Allow reading only and no suid bit. Adopt a complete and valid host name.
2) Equipment file
Equipment files /dev/null, /dev/tty and /dev/console should be ensured writable globally,
but not executable. Most equipment files should be made read protection and write
9-4
protection for ordinary users. Mount the external file system/equipment with non-setuid
and read-only.
3) Script
Do not write setuid/setgid bit in a shell script, and replace them with c. Complete
directory shall be used in a script.
4) System configuration file
If no "r"-series service is employed, the file /etc/hosts.equiv must be deleted or its name
must be modified. In this way, even if an "r"-series command is enabled by chance, no
problem will occur. If the file /etc/hosts.equiv is to be used necessarily, only the
minimum number of trusted hosts, who are within the legal domain or under control, will
be listed. The host name should be in complete format, hostname.domainname.cn for
example. There should be no "+" entry, "!", "#" or other screen mark in the file. The first
character in the file should not be "_", the authorized user should be root, and the
authority of the file should be set to 600. If the file $HOME/.rhosts is not to be used, the
home directory of each user has no .rhosts file, which enjoys less security than the file
/etc/hosts.equiv, for each user can create it. Use cron to check and report the contents
of the .rhosts files periodically, as well as delete it. The user should know that this audit
is done in cycle. If the file $HOME/.rhosts is required to be used, its first character
should not be "_", its authority should be set to 600, its authorized user should be the
corresponding account, and it has no "+" entry, "!", "#" or other screen mark.
5) Files run by user root
Ensure that all the files run by root are authorized to root. The following files should be
checked for root:
~/.login, ~/.profile and similar logon initialization files
~/.exrc and similar program initialization files
~/.logout and similar logon session clearing files
crontab and at entries
Files in NFS partitions
/etc/rc* and similar system start and end files
6) File authorities
The authority of /etc/utmp, /etc/state and /etc/syslog.pid is set to 644, and that of
/etc/sm and /etc/sm.bak is set to 2755. You may cancel the read-only authority of the
files that the user need not access. For the core of the operating system (/vmunix for
example), its authorized user is root, group ID is 0, and the authority is set to 644.
Temporary file directory (for example, /tmp) is set with sticky-bit, unnecessary SUID
files and SGID files are removed, and umask is set to 027 or 077. Under /dev are
special files (/dev is the only directory for storing special files). The authority to start and
end system script is not 666.
9-5
VI. Security test
z Ensure that the newest patch released by the operating system provider has been
installed;
z Use network scan tool such as SATAN to test network security frequently;
z Use tool such as COPS to detect various systems frequently;
z Use intruder detection tool such as TIGER if user root is intruded;
z Use decipher tool such as CRACK periodically, so as to ensure the password
confidentiality;
z Run the Tripwire encryption file;
z View log files regularly, such as btmp, wtmp, syslog, sulog and so on;
z Send any suspicious information to the system administrator automatically.
VII. Guide to operation security
The aspects that are important to the NMS workstation security have been listed in the
above text, but not each aspect must be implemented on the workstation. Modification
is allowed depending on the actual situation on site. The commands that may be used
during system check are listed below:
z Restart inetd
# /bin/ps -aux | /bin/grep inetd | /bin/grep -v grep
# /bin/kill -HUP <inetd-PID>
z List registered rpc services
# /usr/bin/rpcinfo –p
z Re-establish alias mapping
# /usr/bin/newaliases
z Test whether sendmail wizard password is enabled% telnet hostname 25
wiz
debug
kill
quit
%
Show the response "5nn error return", otherwise update sendmail.
z Set the log level of sendmail to 9
In the general information part of the sendmail configuration file:
O LogLevel=9
z Set syslog level for message mail
/etc/syslog:
mail.info /dev/console
9-6
mail.info /var/adm/messages
# kill –HUP <syslog-pid>
z Test whether ftpd supports SITE EXEC
Ordinary users:
% telnet localhost 21
USER username
PASS password
SITE EXEC
Anonymity users:
% telnet localhost 21
USER ftp
PASS test@test.com
SITE EXEC
If not supported, a response "5nn error return" will be shown.
z Find .exerc files
# /bin/find / -name '.exrc' -exec /bin/cat {} \; -print
z Find writable files and directories of one group or all users
# /bin/find / -type f $ -perm -2 -o -perm -20 $ -exec ls -lg {} \;
# /bin/find / -type d $ -perm -2 -o -perm -20 $ -exec ls -ldg {} \;
z Find the files with SUID bit and SGID bit
# /bin/find / -type f $ -perm -004000 -o -perm -002000 $ -exec ls -lg {} \;
z Find common files under /dev
# /bin/find /dev -type f -exec ls -l {} \;
z Find block or character files
# /bin/find / $ -type b -o -type c $ -print | grep -v '^/
z Cancel default route and only set route to the managed network segment
To delete the default route, just delete "router add default IP" at the end of the file
/etc/rc3 or delete the file /etc/defaultrouter directly; add the route to the managed
network segment at the end of the file /etc/rc3, that is, router add + the managed
network segment;
z Modify the password of the NMS workstation superuser and that of the NMS user
#passwd root Modify the password of root
#passwd n2kuser Modify the password of n2kuser
z Install the newest operating system patch
9-7
Install the newest Solaris patch released on the bulletin board of the Technical Support
Dept. of Huawei. Do not download the latest patch directly from the website of SUN
Corporation, for the installation of the patch that has not been tested by the Technical
Support Dept. may affect the normal running of the NMS.
z Mask telnet prompt and root logon function of the telnet and ftp services
A. Mask telnet prompt
The telnet prompt will make system information and version number divulged, which
will cause attacks, so the default prompt need be modified.
1. Create the file /etc/default/telnetd
touch /etc/default/telnetd
2. Add BANNER into the file
Edit the file
Banner=""
Or add copyright information
Banner="\n\nThis is a protected System by property right law.\nDon't try to
crash in.............\n\n"
3. Modify the file to be read-only for all users
chmod 444 /etc/default/telnetd
B. Mask root logon function of the telnet service
To mask the root logon function of telnet, ensure that the item
"CONSOLE=/dev/console" is effective in the file /etc/default/login; if this item is
canceled, delete the mark "#".
C. Mask root logon function of the ftp service
To mask the root logon function of ftp, just ensure that the item "root" is not canceled or
deleted in the file /etc/ftpusers.
z Check network services closed unsafely
You can close network services by modifying the specific contents in the file inetd.conf.
Note to back up the file before modification.
#cp inetd.conf inetd.conf.bak
Open the file “/etc/inetd.conf" with vi editor. Search for the lines containing the
keywords of the services to be closed in the file, and add "#' at the beginning of the lines,
so as to comment it out. And then save the file and exit.
The following lists the operation procedures of shutting down each service.
1) Shutting down "sadmind” service
Find the following line in the file “/etc/inetd.conf”:
100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind
9-8
Add "#' at the beginning of the line, as shown in the following:

#100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind
Save the modification and exit.

After the comment, use the following command to prohibit the execution of
“rpc.sadmind”:
# chmod 000 /usr/sbin/sadmind
2) Shutting down “tooltalk RPC” service
100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd rpc.ttdbserverd
Add “#’ at the beginning of the line, as shown in the following:

#100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd rpc.ttdbserverd

3) Shutting down “Solaris in.lpd” service
Find the lines containing “printer” in the file “/etc/inetd.conf”:
printer stream tcp6 nowait root /usr/lib/print/in.lpd in.lpd

#printer stream tcp6 nowait root /usr/lib/print/in.lpd in.lpd

4) Shutting down “snmpXdmid” service
# mv /etc/rc3.d/S77dmi /etc/rc3.d/K07dmi
# /etc/init.d/init.dmi stop
# chmod 000 /usr/lib/dmi/snmpXdmid
5) Shutting down “finger” service
finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd

#finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd

6) Shutting down “rexecd” service
exec stream tcp nowait root /usr/sbin/in.rexecd in.rexecd
exec stream tcp6 nowait root /usr/sbin/in.rexecd in.rexecd

#exec stream tcp nowait root /usr/sbin/in.rexecd in.rexecd
9-9
#exec stream tcp6 nowait root /usr/sbin/in.rexecd in.rexecd

7) Shutting down “rsh” service
shell stream tcp nowait root /usr/sbin/in.rshd in.rshd
shell stream tcp6 nowait root /usr/sbin/in.rshd in.rshd

#shell stream tcp nowait root /usr/sbin/in.rshd in.rshd
#shell stream tcp6 nowait root /usr/sbin/in.rshd in.rshd

8) Shutting down “Chargen” service
chargen stream tcp6 nowait root internal
chargen dgram udp6 wait root internal

#chargen stream tcp6 nowait root internal
#chargen dgram udp6 wait root internal

9) Shutting down “daytime” service
daytime stream tcp6 nowait root internal
daytime dgram udp6 wait root internal

#daytime stream tcp6 nowait root internal
#daytime dgram udp6 wait root internal

10) Shutting down “echo” service
echo stream tcp6 nowait root internal
echo dgram udp6 wait root internal

#echo stream tcp6 nowait root internal
#echo dgram udp6 wait root internal
11) Shutting down “FTP” service
ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd
9-10

#ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd

12) Shutting down “L.rquotad RPC” service
rquotad/1 tli rpc/datagram_v wait root /usr/lib/nfs/rquotad rquotad

#rquotad/1 tli rpc/datagram_v wait root /usr/lib/nfs/rquotad rquotad

13) Shutting down “rlogin” service
login stream tcp6 nowait root /usr/sbin/in.rlogind in.rlogind

#login stream tcp6 nowait root /usr/sbin/in.rlogind in.rlogind

14) Shutting down “rstatd RPC” service
rstatd/2-4 tli rpc/datagram_v wait root /usr/lib/netsvc/rstat/rpc.rstatd
rpc.rstatd

#rstatd/2-4 tli rpc/datagram_v wait root /usr/lib/netsvc/rstat/rpc.rstatd
rpc.rstatd

15) Shutting down “rusersd RPC” service
rusersd/2-3 tli rpc/datagram_v,circuit_v wait root
/usr/lib/netsvc/rusers/rpc.rusersd rpc.rusersd

#rusersd/2-3 tli rpc/datagram_v,circuit_v wait root
/usr/lib/netsvc/rusers/rpc.rusersd rpc.rusersd

After the comment, use the following command to prohibit the execution of
“rpc.rusersd”:
# chmod 000 /usr/lib/netsvc/rusers/rpc.rusersd
16) Shutting down “sprayd RPC” service
9-11

sprayd/1 tli rpc/datagram_v wait root /usr/lib/netsvc/spray/rpc.sprayd
rpc.sprayd

#sprayd/1 tli rpc/datagram_v wait root /usr/lib/netsvc/spray/rpc.sprayd
rpc.sprayd

17) Shutting down “walld RPC” service
walld/1 tli rpc/datagram_v wait root
/usr/lib/netsvc/rwall/rpc.rwalld rpc.rwalld

#walld/1 tli rpc/datagram_v wait root
/usr/lib/netsvc/rwall/rpc.rwalld rpc.rwalld

After the comment, use the following command to prohibit the execution of “walld”:
# chmod 000 /usr/lib/netsvc/rwall/rpc.rwalld
Note:
To modify the file “inetd.conf”, you can also use the “dtpad” text editor. The usage of it is same as that of
the Notepad in Windows.
Use the following commands to start “dtpad””
# cd /usr/dt/bin
# ./dtpad
9.2.2 Security Policy for Windows System
I. Ensuring all partitions in NTFS Format
The disk partitioned in NTFS format is provided with powerful access control function,
which can prevent data from being divulged and being modified. The partitions in other
formats such as AT, FAT32 or FAT32x do not support this function. Therefore, you need
to confirm that each partition of the server is set in NTFS format first. For the partitions
in FAT format, you can convert them into NTFS format completely by running "convert"
program. However, it must be noted that the disk drive converted will be enabled with
full control authority to everyone after "convert" is run, which is very dangerous. To
9-12
resolve this problem, the software "fixacls" provided in Windows NT ServerResource

Kit can be used to re-configure more reasonable authority for the disk drive.
II. Setting a robust password for "Administrator"
Windows 2000 supports a maximum of 127 characters for password. In general, a long
password is more robust than a short one, and a password consisting of multiple types
of characters (that is, letters, digits, punctuation or non-print ASCII codes) is more
robust than one formed by a single type of characters (that is, all digits or letters).
Therefore, to ensure security to the utmost, you need set a password with at least nine
characters for Administrator, of which the first seven characters should include at least
one punctuation mark or non-print character (non-print characters are special
characters generated by pressing the <ALT> key and at the same time typing digits in
small keyboard). In addition, if a system administrator is in charge of several servers,
the Administrator's password for each server should be different.
III. Disabling needless services
After installing Windows 2000 Server, you should disable all network services not
supported by the server. It should be considered that whether the server needs to run
any IIS component and "files and printer sharing" service. Unless especially necessary,
it is prohibited to install other applications such as e-mail client program and office
product on the server. In a word, do not install any unnecessary applications.
IV. Prohibiting or deleting needless accounts
You need check the user account lists regularly, and prohibit or delete those accounts
not used frequently, account Guest for example. The authorities for access to files,
directories and registry should be set reasonably based on the actual demand. It is
recommended to modify the default access authorities for files, directories and registry
after Windows 2000 is installed.
V. Deleting all unnecessary file sharing services
It is suggested to delete all unnecessary file sharing services in the system, so as to

reduce information leakage risk. By default, the registry can not be accessed by
anonymity visitors, and remote access to it is also supported. However, the users with
remote access authorities are only Administrators in general. To achieve it, you need to
modify the registry by the following steps:
1) Open registry editor by typing Regedt32.exe in the "Run" dialog box.
2) Add the key value shown below:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\
winreg
3) Select the node "winreg", and then select [Security/Authority]. A dialog box "winreg
authority" pops up.
9-13
4) Set the authority of Administrator to Full Control, and confirm that there is no other
user or group in the list, and then click <OK>.
By setting the key value in the registry, you can control the users or groups who have
the remote access authority.
VI. Preventing access to LAS information by anonymity visitors
Local Security Authority (LSA) is in charge of processing user logon and identify
authentication on local computers. As LSA information is very important, anonymity
visitors should be restricted from accessing it. To achieve it, you need to modify the
registry by the following steps:
1) Create a key
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonym
ous
2) Specify its value to 1 and the type to REG_DWORD
VII. Setting robust passwords
Passwords should be set by the principles as follows:

1) The minimum length of a password is eight characters.
2) The minimum duration for password expiry should be set appropriately, which is
1-7 days generally.
3) The maximum duration for password expiry should be set appropriately, which is
no more than 42 days generally.
4) At lease the latest six passwords set should be reserved, that is, the password set
currently cannot be the same as any one of the latest six passwords set.
VIII. Setting user account locking strategy
Account locking means that if the failed logon times of an account exceed the number
set by Administrator, this account will be prohibited automatically and cannot be used
until Administrator enables it again. It is recommended to set the allowed failure times
to 3-5. There is a program passprop.exe in Windows NT Resource Kit, which can be
used to set the accounts that cannot be accessed by management tool. For example, to
set account locking strategy for Administrator, carry out the following command:
passprop /adminlockout
IX. Re-configuring account Administrator
Administrator is a superuser with highest authority. Due to its important role, it is

attacked most frequently. Therefore, you need to reconfigure the account Administrator
after installation, so as to ensure the security to the utmost. The following actions are
recommended:
1) Rename Administrator as myadminok or mygod and other unremarkable names.
9-14
2) Re-create another account Administrator, but no authority is assigned to it, so as

to distract attention. View log files frequently to check whether there is any illegal
attempt with this account, so as to take actions timely.
3) Use the program passprop to set account locking strategy for the real
Administrator.
4) Prohibit the account Administrator on the local computer.
X. Installing and updating anti-virus software
Since computer virus is more and more damaging, it has become a necessity to install
anti-virus software on the server and to update it in time.
XI. Installing newest SP and Hotfixes patch
You should keep an eye on the newest information about SP and hotfixes released by
Microsoft Corporation, and install the latest SP patch and hotfixes patch based on the
specific environment. The patches developed by Microsoft are of two types:
ServicePack (SP) and HotFixes. SP is a big patch collecting HotFixes released within a
time period. It is named as SP1 or SP2 generally and released every a certain period of
time. HotFixes are small patches, released within the period between the current SP
and the next one. It aims to removing the system bugs newly released in Security
bulletin on Microsoft website, and it is named by "MS year-sequence number". For
example, MS01-044 indicates the 44th HotFixes in 2001.
9.3 Security of NMS Database

In daily maintenance, both manual backup and automatic backup are employed. In
order to simplify daily maintenance, you can adopt automatic backup as the active
mode, and manual backup as the standby mode. The following are some suggestions
for backup:
In order not to affect the normal maintenance during backup, it is recommended to
carry out automatic backup between 00:00 and 06:00, and perform manual backup
when the NMS server load is low.
When creating automatic task, it is suggested to carry out DBCC database operation
before backing up the database, and carry out DBCC table set operation before
backing up the DBCC table set, so as to ensure the correctness and completeness of
backup data.
Refer to Database Management Tool for detailed manual backup and automatic
backup operations.
9.4 Equipment Access Control

You need set the IP address segment of the NMS workstation directly if the NM
equipment are allocated with private network IP addresses.
9-15
For the NM equipment with public network IP addresses, the IP address segment after
NAT conversion should be set for its NMS workstation.
The other IP addresses are all masked (Refer to Broadband Equipment Operation
Manual for the setting of broadband equipment ACL).
Add NMS ACL: By setting the ACL of N2000 NMS, you can specify the addresses that
are authorized to log on to the NMS server, while the other IP addresses are not
authorized (Refer to the specific chapter of Security Policy for the setting of the ACL of
the NMS workstation).
9.5 Network Security Monitoring

By imaging the ports of the Ethernet switch for connecting Data Communications
Network (DCN) or Internet, and then detecting network traffic on imaged ports by use of
Intrusion Detection System (IDS) software, network security can be ensured.
I. Introduction to IDS
Intrusion detection is a technology for discovering timely and reporting illegal or

abnormal operations in the system, thus guaranteeing the computer system security.
IDS is capable of identifying any unexpected action, which may come either from
external network or internal network. IDS can detect the attacks before they damage
the system, and then drive them out by cooperating with the defending system. During
the attack, it can decrease the damages caused by it. After the attack, it can collect the
related information about the attack as defending knowledge, and then add the
information to the knowledge base, thus enhancing the defending capability of the
system.
A typical IDS model consists of three functional parts:
1) Information source for offering event recording streams
2) Analysis engine for discovering intrusions
3) Response component for creating responses to analysis results
As an important part of the global network security solution, IDS needs to cooperate
with other security equipment to resolve security problems.
II. Data collection cooperation
IDS need collect both dynamic data (network data packet) and static data (log files and
others). The network-based IDS only detects intrusion in the network layer through
original IP packets, which cannot satisfy the increasing security demand. The
host-based IDS detects intrusion by directly checking user operations and operating
system log files, and it cannot detect the attacks from the bottom layer of the network.
Even the integrated IDS (both network based and host based) will separate the
collection and analysis of network data packets with that of log files, without considering
the correlation between these two types of original data. In addition, IDS obtains
9-16
network data packets by a passive detection method. Once a data packets is lost, it
cannot be recovered. The future network will be complete switching network with high
speed, and lots of important networks are encrypted. In this case, the collection of
network data packets will be more difficult. Therefore, the cooperation on data
collection and the full use of data of different layers become a prerequisite for improving
intrusion detection capability.
There are two important aspects for data collection cooperation:
1) Cooperation between IDS and bug scan system: Bug scan system functions in
scanning the hosts in the network according to the bug database, providing
comprehensive report for bugs in host-located network, operating system and
applications, and then offering the repairing method, finally giving the risk
assessment report.
2) Cooperation between IDS and anti-virus system: For more and more virus attacks
from the network, IDS may give alarms according to the some features, but
because IDS is not an anti-virus system, it cannot accurately forecast whether the
host in the network is suffering from attacks. In this case, the anti-virus system can
be used to verify the virus alarms reported by IDS, and then handle the host
suffering from virus attacks properly.
III. Data analysis cooperation
IDS not only needs to analyze the data collected by a detection engine by use of mode
match and abnormity detection technology to discover some simple intrusions, but also
needs to analyze the audit data submitted by several detection engines by use of data
mining technology to discover more complicated intrusions.
IV. Response cooperation
IDS integrates with the network equipment or network security equipment that can
respond effectively to form a security system providing alarms and responses, which is
called response cooperation. Response cooperation includes the following aspects:
V. Cooperation between IDS and firewall
Firewall and IDS can cooperate with each other efficiently. This cooperation exists in
both static way and dynamic way. In static way, IDS can analyze the events on the
network more effectively by acquainting the strategies of the firewall, thus giving
accurate alarms. In dynamic way, when IDS detects an attack, it can notify the firewall
to block the established connection and to modify its strategy, thus eliminating the
possibilities for latent future attacks.
VI. Cooperation between IDS, router and switch
Similar to the router firewall, the switch is connected to the network in parallel mode. In
addition, all of them have preset strategies and they can determine the data stream
over the network, so the cooperation between IDS, switch and router is similar to that
9-17
between IDS and firewall, that is, the cooperation exists in both static way and dynamic
way.
VII. Cooperation between IDS and anti-virus system
IDS is able to replace the response function of the firewall to some extent by sending
large amount of RST messages to block the established connections. However, it is
useless in preventing computers from virus attacks. Currently, because network virus
attacks gains more and more proportions among all attacks, the cooperation between
IDS and anti-virus system becomes more and more important.
VIII. IDS networking
The following illustration shows the whole security system described in this chapter:
Data
Stream
NE16
Data
Stream
Firewall
Data
Stream
LAN Switch S3526
IDS Anti-Virus Ordinary User Ordinary User
Figure 9-1 Schematic diagram of network security system
Note:
The illustration cannot show all data streams. It only aims to giving an image that a network security
system is formed by all security units.
9-18
IX. Introduction to IDS products
1) NetEye
NetEye is the IDS developed by Neusoft. It can expand network protection range by
offering continuous monitoring on the network, judge the illegal attempts from internal
or external networks by realtime and intelligent analysis of network data streams, send
alarms, give responses and take protection measures. It can also monitor, record and
replay the running status of the network, thus facilitating the Administrator to fully
control the network. NetEye supports automatic maintenance of itself, with no need of
user operation and imposing no impact on normal network running. It is a complete
network system for audit, monitoring and analysis, and forms an integrated network
security solution by cooperation with the NetEye firewall.
2) LinkTrust
LinkTrust is the giga IDS based on status protocol analysis technology developed by
Information Security One Ltd. (iS-One). Adopting three-layer architecture, it is usually a
distributed high-speed IDS of carrier class and enterprise level. In addition, LinkTrust
can monitor the giga traffic and give responses in realtime mode. Status protocol
analysis technology supports to detect the known attacks and prevent unknown
attacks.
3) Eye of Ice
Eye of Ice is the network-based distributed IDS developed by NSFOCUS Information
Technology Co., Ltd. It supports perfect reassembly of IP fragments, and provides both
feature-based detection and abnormity-based detection. Automatic online update
system enables Eye of Ice to update its rule base synchronously with the NSFOCUS
website. NSFOCUS experts trace the latest attack methods uninterruptedly and add
them to the rule base immediately. Moreover, the Intranet detection module can detect
all illegal external & internal connections, provide multiple modes for preventing
intrusion, and can cooperate with multiple types of firewall.
4) Intruder Alert
Intruder Alert (ITA) developed by Symantec can detect outside attacks or suspicious
attempts at the network border and inside the network. It is capable of detecting
potential dangers, sorting them according to the rules set by the security Administrator,
and making corresponding prevention measures. ITA can cover the whole enterprise,
including LAN, WAN, Intranet and Internet, providing the enterprise with a variety of
choices for security. In addition, ITA adopts the currently popular manager/agent
structure, by which it can not only monitor the whole network and check log files, but
also detect intrusions in realtime mode.
9-19
HUAWEI iManager N2000 Fixed Network Integrated Management System Routine Maintenance
Chapter 10 Routine Maintenance
10.1 NMS Maintenance Suggestions
To ensure the normal and reliable running of iManager, you need to pay attention to
the following suggestions, and carry out the necessary routine maintenance
according to the operation guidance.
1) It is recommended to configure UPS for the NMS workstation, so as to prevent
hardware damage, system NoRevert and data loss in case of power failure due
to fault.
2) It is recommended to paste a clear sign indicating "Do not power off the NMS
workstation! Follow this way to shut down ..." on the NMS workstation and power
supply connector.
3) If the NMS workstation cannot be configured with UPS, when the Administrator
receives the power failure notification, he/she should shut down the NMS and the
workstation before power failure.
4) To shut down the NMS workstation in any case, you must observe the following
steps: shut down NMS, close database and then run init 5 (for Solaris). It is
prohibited to use halt (for Solaris) or shut off the power supply directly, which
may lead to system unrecovery.
5) It is suggested to start three application systems, namely system monitoring
terminal, client and realtime alarm browser, after the NMS is started. Generally,
they need not be closed so as to facilitate monitoring system status by
management personnel.
6) Keep the equipment room clean, away from dust and humidity.
7) Do not play games on the NMS workstation, or install other unnecessary
software for other purpuses.
8) Perform routine check and test according to the operation guidance everyday
and record the results. Paste the contact information such as telephone number
and fax number of Huawei Customer Service Center in the equipment room,
making the maintenance personnel familiar with it. Phone number of Huawei
Customer Service Center: 800-830-2118.
9) If any fault occurs, handle it at once. For the problems that you cannot resolve,
you may contact the Regional Office of Huawei or Customer Service Center
according to the warranty situation of the equipment.
10) The passwords of the NMS workstation should be authorized by different levels.
Management-level passwords are only issued to the authorized persons in
charge of maintenance, thus ensuring strict management and distinct division of
responsibility and authority.
10-1
10.2 Daily Maintenance Suggestions
10.2.1 Monitoring Running Environment
I. Purpose
To ensure the normal running of the equipment of the NMS workstation.
II. Reference Indexes
Table 10-1 Checklist for monitoring environment
Maintenance Item Operation Guidance Reference Indexes

Temperature of running Check the temperature of the
Normal range: 15-30°C
environment for hardware system running environment
Humidity of running environment Check the humidity of the running
Normal range: 40%-60%
for hardware system environment
Dustproof situation of running Check the dustproof situation of the
Good or bad
environment for hardware system running environment
III. Operation guidance
Make use of the environment & power monitoring function of the NMS to check the
temperature, humidity and dustproof situation of the NMS equipment room.
10.2.2 Checking Network Running Status
I. Purpose
To ensure network connectivity between the NMS workstation and NE equipment it

manages, between NMS clients, between upper-level NMS and lower-level of NMS.
II. Reference indexes
When equipment node or panel is displayed in non-grey color, it indicates that the
communication is normal; when you refresh the equipment node or panel directly, a
prompt box indicating success will be displayed, and it also indicates that the
communication is normal currently.
10-2
Select [Edit/Refresh] on the NMS client, and then check the color of the equipment
icon. If the icon turns to blue indicating the communication broken, it may be because
the network is blocked. In this case, select this icon and right click to select the ping
command in the shortcut menu to check its connectivity. If the prompt "*.*.*.* (* stands
for IP address) alive" appears, it indicates that the network is normal. To check the
connectivity between the NMS and the equipment whose IP address is 10.10.10.100,
use the command below:
ping 10.10.10.100
If the following information appears,
10.10.10.100 alive
it indicates that the equipment and the NMS are interconnected normally.
In the Solaris system, you can open a terminal, and then ping the routing switch
equipment, client equipment, upper-level or lower-level NMS equipment connected
with the NMS workstation.
Note:
z In the Windows server, the ping command need be executed in DOS.
z You can check the colors of various state indications from the legend by the steps as follows: select
[View/Filter & Legend], open the "Filter/Legend" display frame, select "Legend" tab on the panel, and
then you can view the node status information indicated in different colors.
10.2.3 Checking Running Status of NMS Processes
I. Purpose
By checking the running status of all the processes of the NMS server, to detect and
remove the abnormal processes as early as possible, thus ensuring that all the
services are implemented normally.
All the processes of the NMS server are running.
10-3
Select [Start/Program/iManager N2000/N2000 SysMonitor] to pop up a "User logon"

dialog box. Input the logon password, which is N2000 by default. After setting the
NMS server to which you will log on, you can enter the system monitoring client
window.
In the "Process" page, the detailed information of all the managed processes is
displayed in a list, including process name, process status, start mode, CPU
occupation ratio, memory occupation ratio, restart times, start time, server name and
process description. Check the current running status and restart times of the system
process. If the current status is "Stop", you can start it manually.
10.2.4 Checking Server Performance
I. Purpose
By checking the CPU occupation ratio and the occupied memory size, to obtain the
current running status of the NMS server, so as to discover and resolve the
abnormities in time, thus ensuring the efficient running of the system.
The CPU occupation ratio of the server is lower than 80%, and the occupied memory
should be smaller than 80% of the total memory.
Start the system monitoring client and click "System resource information" tab. In this
page, check the server resource information, including server name, CPU occupation
ratio, physical memory, occupied memory, remaining memory and occupation rate. By
this operation, you can obtain the CPU occupation ratio and the occupied memory
size, thus facilitating you to master the running status of the server at any time.
10.2.5 Checking Running Status of Equipment
I. Purpose
To obtain and control the running status of the equipment.
The equipment should be in normal running status, and the equipment node should
be in green.
10-4
Select [Edit/Refresh] in the NMS client menu to refresh all the equipment status, and
then check whether the equipment topology node is in green at this time. If it is in
yellow, it indicates that the equipment is abnormal; if in red, it indicates that the
equipment is faulty seriously; if in grey, it indicates that the equipment communication
interrupts or the agent is faulty.
10.2.6 Checking Running Status of Boards
I. Purpose
To obtain the running status of the boards in the equipment.
The boards should be in normal running status, and the status indicators are green.
Select [Edit/Refresh] in the NMS client menu, and open the view of various NE device
panels to check whether the boards are in green (indicating normal status), whether
some boards are in red (indicating faulty status), whether the quantity and positions of
the boards on the panel are consistent with the actual situation; or view the detailed
information of a board to check it is normal.
10.2.7 Saving Configuration Data of Equipment
I. Purpose
To prevent data inconsistency for the reason that the modified configuration data are
not synchronized to the equipment. If the configuration data of the equipment are not
saved to the Flash in time, when emergency occurs (power-off for example), the lost
service data cannot be restored, so it is necessary to back up the configuration data to
the Flash regularly.
The configuration data should be saved to the Flash in time.
The system supports both immediate save and automatic save functions.
z Immediate save
10-5
Open the equipment panel view;
Select the main control board, right click on it and select [Save Data/Save Data
Immediately] in the shortcut menu. A prompt dialog box pops up for you to confirm the
immediate save operation;
Click <OK>.
z Automatic save
Open the equipment panel view;
Select the main control board, right click on it and select [Save Data/Auto Save
Configuration] in the shortcut menu. Then the "Auto Save Configuration" dialog box
pops up;
In the dialog box, turn on the "Auto Save Switch", then you can set the period for
automatic save.
Set the period by selecting in the "Cycle" pull-down list boxes.
Click <OK> to exit the dialog box for data save and return to the equipment panel
view.
Note:
The operation procedures may be different for different NEs. Please refer to the user manuals for the
corresponding NE subsystems.
10.2.8 Monitoring and Processing Alarms
I. Purpose
By obtaining the equipment alarm information, to carry out necessary maintenance on

equipment and system, so as to reduce faults and accidents.
None.
In daily maintenance, you need monitor the reported alarms in real time. The
schematic diagram of the alarm board is displayed in realtime mode on the right of the
10-6
toolbar in the main client window, which facilitates you to monitor the current alarm
information.
If the indicator in the schematic diagram flashes, it indicates that an alarm is reported.
At this time, you can open the alarm board by double clicking the schematic diagram,
and then query the current alarm. The specific operation procedure is as follows:
Select [Fault/Display Alarm Panel] to open the alarm panel.
Double click the indicator of an alarm to query the data of all the current alarms of this
level.
After finding the current alarms, mainly check the information of critical alarms and
major alarms. Based on these information and the possible causes provided by the
system, locate the fault and handle it immediately. Refer to the contents related to
locating and handling faults in Chapter 3 Fault Management for specific handling
methods.
10.2.9 Monitoring User Operations
I. Purpose
By checking operation log or user operations, to get acquainted with the operations of
the user for logon to the NMS, so as to detect the exception in time, prevent illegal
users' malicious attempts, and backtrack the error operations done by the NMS
maintenance personnel.
There is no exception or malicious operation recorded in the operation log.
Select [System/Browse User Log] in the NMS client menu. In the "Browse User Log"
window that pops up, check the operations of the logon users.
Select [System/Monitor user operation]. In the "Monitor user operation" window that
pops up, set the monitoring conditions and check the operations of the users logging
on to the NMS currently.
By this operation, you can discover the problems in time and prevent malicious
attempts of illegal users in advance.
10-7
10.2.10 Backing up NMS Database
I. Purpose
Back up the configuration data in the NMS database each day to minimize data loss in
case of accident, and to recover the NMS as early as possible.
None.
In daily maintenance, both manual backup and automatic backup are employed. To
simplify daily maintenance, you can adopt automatic backup as the active mode, and
manual backup as the standby mode.
In order not to affect the normal maintenance during backup, it is recommended to

carry out automatic backup between 00:00 and 06:00, and perform manual backup
when the NMS server is in low load.
Refer to Chapter 7 Database Backup Tool for the detailed operations.
Note:
Start the system monitor and select the "Database" tab. This tab lists details about all manageable
databases of the current NMS Server, including Name, Server Name, Size, Free Space, Used Rate,
Data Size, Log Size and Last Backup Time.
10.2.11 Shift Maintenance
I. Purpose
To facilitate the maintenance personnel after the shift to be acquainted with the
present running status of the NMS and other equipment, thus ensuring the smooth
handover of the maintenance work.
The daily maintenance records are outputted.
10-8
Set a maintenance record table for recording the daily maintenance information. Hand
it over to the next maintenance personnel on duty and emphasize the aspects to
which he/she should pay attention.
It is recommended to carry out these operations everyday to maintain the NMS and
check its basic functions.
10.3 Weekly Maintenance Suggestions
10.3.1 Checking Performance Data
I. Purpose
As the important data provided by the NMS, performance data are the basis for you to
know the equipment status, analyze services and functions, and finally make
decisions. Therefore, you need check the performance statistics periodically so as to
obtain the running status of the whole equipment.
Performance statistics data are saved regularly in the hard disk in other format to
facilitate query at any time.
Performance data include realtime performance data and history performance data.
You can view and save some of the performance data as desired weekly. The
operations are as follows:
First, create a performance statistics task, and then select [Performance/Performance

Data Management] in the NMS client menu to open the performance data query
window. Select the equipment to be queried in the window, set the performance index
to be queried, and then start to query it. You can view the statistics data of the
selected performance index of the equipment. When viewing it, you can also save the
results in HTML or Excel file, or in other output modes such as histogram or curve
diagram.
Refer to Chapter 4 Performance Management for specific operations.
10-9
10.3.2 Managing Hard Disk Space of Server
I. Purpose
If the large quantity of useless history data and those saved in other forms are not
cleared in time, they will occupy a lot of database space and affect its performance, or
even lead to unnecessary maintenance work. To prevent the database from being
overloaded, you need clear the database at a certain time weekly and check the
current occupation status of each hard disk partition on the server, so as to avoid
effecting system performance due to little available space.
It is suggested that the occupation rate of each partition be lower than 80%.
In the monitoring client window, click the "Disk" tab to check the server hard disk
information, including server name, operating system, system partitions, total space,
occupied space, remaining space and occupation rate. If the occupation rate is higher
than 80%, you should clean up the hard disk as soon as possible. The specific
operations are as follows:
Delete useless data in the database, including acknowledged alarms and warning
alarms, canceled alarms and unknown alarms.
Delete event logs.
10.3.3 Managing Database Space
I. Purpose
By checking automatic dump and automatic backup status in the system, to ensure
enough space in the database for storing data and logs, so as to guarantee the
normal running of the NMS.
By monitoring the occupation rate of the database, to expand the database size if
necessary, as so to avoid errors and data loss due to limited space.
The available space of the database needed is determined based on the actual
running of the system. It is recommended that the available space be no more than
80% of the total space of the database.
10-10
The system provides improved automatic data maintenance function. However, in

daily maintenance, it is only necessary to check logs to obtain the implementation
status of automatic dump & backup tasks and the current occupation rate of the
databases. In special cases, for example, when changing the storage equipment, you
can also dump the data at once manually. The system supports full dump, timing
dump and manual dump of log database. Refer to the specific operations in Log
Management.
The system also supports the above-mentioned dump modes for alarm and event
database. Refer to the specific operations in Chapter 3 Fault Management. After the
alarm data are dumped, be sure to clear the database immediately.
Note:
Start the system monitor and select the "Database" tab. This tab lists details about all manageable
databases of the current NMS Server, including Name, Server Name, Size, Free Space, Used Rate,
Data Size, Log Size and Last Backup Time.
10.3.4 Backing up NMS Database
I. Purpose
By backing up the database, to guarantee timely restoration of the database in case of

accident.
By backing up the NMS databases weekly, to minimize data loss due to disk error or
other errors damaging the file system in the workstation.
A full backup of the database should be carried out every Friday. To save the hard disk
space, you can delete the daily backup files of the last week after this backup.
Back up the database manually or carry out the automatic backup supported by the
system. Check the operation logs to obtain the implementation status of timing
backup tasks. Refer to Chapter 7 Database Backup Tool for details.
10-11
The NMS workstation adopts the Solaris operating system, which supports to
download the files by FTP. However, you need create a user with read authority to the
directory for storing data files before downloading them. Refer to Solaris Operation
Manual or other related documentary for creating the user. Or you may adopt
superuser download, before which you need to add "#" at the beginning of the "root"
line in the Solaris operating system file /etc/ftpusers by use of the vi tool. Refer to
Solaris Operation Manual or other related documentary for the use of vi.
If the NMS workstation works on Windows, the file can be shared and backed up to
other computer through file sharing.
10.3.5 Managing User Authority
I. Purpose
By checking the users of the NMS and the NMS workstation weekly, to clear the illegal
users and adjust the authority of ordinary users appropriately, thus ensuring the
security of the NMS and the NMS workstation.
You need check the users of the NMS and the NMS workstation weekly, clear the
illegal users and adjust the authority of ordinary users appropriately.
In the NMS client, select [System/Security Manager] to accomplish the following

operations:
z Delete abandoned NMS users;
z Set the ACL authority for NMS users, that is, NMS users can log on from which
client;
z Set operation authority for NMS users, that is, NMS users can carry out which
operations;
z Set management authority for NMS users, that is, NMS users can manage which
equipment;
z Switch to the superuser in Solaris system maintenance terminal and input
#admintool. In the interface that appears, you may accomplish the follows:
z Delete abandoned NMS workstation users;
z Add new NMS workstation users and user groups;
z Add/delete authority for NMS workstation users, and modify the logon password
for NMS workstation users.
10-12
For Windows, select [Programs/Management Tools/Computer Management], to pop

up the “Computer Management” dialog box. You can management the Windows
users.
10.3.6 Outputting Weekly Report
I. Purpose
By summarizing the maintenance work of a week, to monitor the running status of the
NMS globally, and collect fault symptoms and handling measures for future reference.
You need output the weekly report and record the faults and handling measures.
Customize a weekly report template, in which you need record the weekly
maintenance work, summarize the shift maintenance report, analyze the NMS
running status of the week and point out the key problems. You also need collect the
NMS related problems, processing of alarms, emergency handling measures in paper
or in electronic file, which are useful for writing the formal experience document at the
end of the month.
It is recommended to carry out these operations every week, so as to ensure the

normal and efficient running of the NMS. Do not store the files for saving alarm data
and performance data in the NMS workstation, for they will occupy too much space. It
is suggested to download them to a dedicated data backup server.
10.4 Monthly Maintenance Suggestions
10.4.1 Checking NMS Running Performance
I. Purpose
By checking the indexes of the NMS relative resources, to ensure the performance
requirements for the NMS running.
You need check the database information and system resource information of the
NMS regularly.
10-13
Open the system monitoring client. In the "Disk" page, the information about the NMS
server hard disk is displayed in a list, including server name, operating system,
system partition, total space, occupied space, available space and occupation rate.
In the "System Resource" page, the system information of the NMS server is
displayed in a list, including server name, CPU occupation ratio, physical memory,
occupied memory and available memory.
Check the above-mentioned resources, discover and remove the faults as early as
possible, so as to ensure the system to run efficiently.
10.4.2 Checking NMS Workstation Security
I. Purpose
By checking the security of operating system regularly, to ensure the NMS to run in a
secure and reliable environment.
It is suggested to modify the superuser password and other relative passwords

regularly.
Besides the modification of passwords periodically, you should also install the newest
operating system patch:
z Install the Windows operating system patch:
Visit www.microsoft.com, find and download the newest patch provided by Microsoft.
Copy to the NMS workstation then install the patch. Right click “My Computer” and
select [Properties] to pop up the “System Properties" dialog box. Click the "General"
tab to query the patch version information.
z Install the Solaris operating system patch:
First, visit sunsolve.sun.com to download the latest patch released by SUN
Corporation, and transfer it by ftp to the NMS workstation in binary mode. To add the
patch, use the command # patchadd patch to add the patch; to delete the patch, use
the command patchrm patch; to check the patch, use the command Showrev
-p|gerp patch.
10-14
Caution:
After adding the patch, you are required to restart the workstation. Whether to carry out it depends on the
actual conditions. Generally, it should be performed when the NMS is in low load.
z Prohibit the authority of user root to log on to FTP and Telnet;

To prohibit the authority to log on to FTP: use the vi tool to edit the /etc/ftpusers file, in
which if there is no "root" line, add it; if there is, ensure that no "#" is added at the
beginning of the line.
To prohibit the authority to log on to Telnet: use the vi tool to edit the /etc/default/login
file, in which if there is no "CONSOLE=/dev/console" line, add it; if there is, ensure
that no "#" is added at the beginning of the line.
z Close all insecure service ports.
To close the FTP port of Telnet: use the vi tool to edit the /etc/inetd.conf file, and add
"#" at the beginning of the following two lines:
ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd
telnet stream tcp6 nowait root /usr/sbin/in.telnetd in.telnetd
Search the process number of inetd by the ps -ef|grep inetd command, and stop and
then restart the inetd process by the command Kill-HUP + process number, these two
services can be prohibited. To prohibit the other services, use similar method.
10.4.3 Checking NMS Installation Disk
I. Purpose
To find the installation disks of operating system and database quickly in case of
emergency.
Put the installation disks in a fixed and easy-to-find place.
The installation disks of operating system and database (such as Windows, Solaris,
Sybase, SQL Server) are delivered with the corresponding equipment, and they
should be put together a fixed and easy-to-find place after the NMS is established.
Generally, three Solaris installation CDs are used, namely software (1/2), software
(2/2), and software language. Generally, only one CD is used to install Sybase server.
10-15
10.4.4 Saving or Deleting History Data in NMS Database
I. Purpose
Generally, performance data occupy a large space in the NMS database, so they
should be cleared periodically. In addition, performance data are very important and
provide basis for you to know the equipment status, analyze services and functions,
and finally make decisions, therefore, useful history data should be saved in other
format.
Depending on your need, part of the history performance data can be saved monthly,
and some performance data exported weekly can be deleted.
In the client interface, select [Performance/Performance data management]. In the

performance data management window that pops up, select the equipment that has
been set with a performance collection task, and select a performance query mode to
query the required performance statistics data, and then click <Save> to save the
data in HTML or Excel.
Refer to Chapter 4 Performance Management for specific operations.
10.4.5 Exporting or Clearing Data Files
I. Purpose
During daily maintenance and weekly maintenance, a large quantity of NMS database
files and NE configuration files are backed up in the NMS workstation, and they will
occupy too much disk space. Therefore, you need to save these files in other media to
minimize data loss and occupy less space of the NMS workstation.
The database files and NMS configuration files that are backed up can be
downloaded and saved in a dedicated data backup server regularly.
Export the backup files of NMS data and NE data, and delete the daily backup data
and weekly backup data of the last month from the dedicated data backup server.
10-16
The NMS workstation adopts the Solaris operating system, which can download the
files by FTP tools. However, you need create a user with read authority to the
directory for storing data files before downloading them. Refer to Solaris Operation
Manual or other related documentary for creating the user. Or you may adopt
superuser download, before which you need to add "#" at the beginning of the "root"
line in the Solaris operating system file /etc/ftpusers by use of the vi tool. Refer to
Solaris Operation Manual or other related documentary for the use of vi. To delete a
file on the NMS workstation, use the command rm file name. To delete a folder, use
the command rm –r folder name.
For example, the command to delete the file temp in the root directory is #rm temp,
and the command to delete the folder test in the root directory is #rm –r test.
10.4.6 Checking Hardware, Power Supply and Equipment Room

Environment of Workstation
I. Purpose
By checking the running status of the workstation, auxiliary equipment and the UPS,
to ensure the normal and reliable running of the whole NMS.
Temperature within the equipment room: 15-30 °C; humidity within the equipment
room: 40%-65%; dustproof situation: good or bad.
UPS and standby power supply are configured in the server, and the sockets are fixed
tightly.
Check the running environment as described in the daily maintenance guidance,

including the temperature, humidity and dustproof situation in the NMS equipment
room. Check the position of the workstation, and check the keyboard, mouse, display,
network adapter, serial port, power cable, network cable and disk drive of the
workstation.
Check whether the server is configured with UPS, whether the NMS is configured with
standby power supply; check whether the power cable is in good condition ,whether
the NMS standby power supply is plugged, whether the connection point is not rusted,
whether the socket is fixed tightly, whether the switch functions well, whether the
display of voltage and current is right.
10-17
10.4.7 Checking SUN Terminal and PC Terminal of NMS
I. Purpose
The status of SUN terminal and PC terminal of the NMS workstation is important for
the running of the NMS, so you need to check the running status of them and their
auxiliary equipment periodically, ensuring normal maintenance and application.
None.
Check them as described in the NMS workstation check guidance. For PC terminal,
you also need to check the items about its auxiliary equipment and Windows. Run
defrag to ensure enough available disk space.
10.4.8 Outputting Monthly Report
I. Purpose
To analyze and summarize the data collected within a month, as a basis for making
decision; to collect the fault symptom and emergency handling measures and
summarize them in a document, as a reference for future maintenance.
The monthly report and a summary document for fault handling measures should be
outputted.
Customize a monthly report template, in which you need to summarize the monthly
and weekly maintenance work, to globally analyze the NMS running status within the
month, and to point out the key problems. Summarize and output the fault symptom
and emergency handling measures in paper document or electronic document for
reference and learning.
It is recommended to carry out these operations every month, as a summary of the

maintenance work of a month.
10-18
10.5 Quarterly Maintenance Suggestions
10.5.1 Checking NMS by Remote Logon
I. Purpose
Besides the routine maintenance of the local NMS by the local office, it is
recommended that the central office check the maintenance work of all the offices
quarterly by remote logon. In addition, the users in warranty can also ask the
maintenance engineer of Huawei for check by remote logon, so as to eliminate
potential faults and facilitate interchange of experience and information.
None.
Check the running status of the NMS and the NMS workstation, daily/weekly/monthly
maintenance work and some deliverables. Summarize the experience in a document
and share it. Check the items as specified in the daily, weekly and monthly
maintenance guidance. Generally, the central office checks the regional offices
directly by using Telnet in intranet or by using X-winpro. If the intranet cannot be used,
remote dialing mode can be adopted. For the SUN workstation, it is necessary to
configure the parameters such as serial port number and so on.
10.5.2 Communicating Maintenance Experience
I. Purpose
To share the maintenance experience, discuss maintenance problems and solutions,

and output them in a document.
Summarize the maintenance experience in a document.
Hold a conference to discuss and review the documents written by the maintenance
personnel, summarize the maintenance work, write the conference summary, output
the reviewed cases and tutorials to share them as internal resources or to submit
them to the Huawei support website for technical intercommunications.
10-19
10.5.3 Outputting Quarterly Report
Customize a report template and fill in the quarterly running report.
10.6 Yearly Maintenance Suggestions
10.6.1 Summarizing Yearly Maintenance Experience
I. Purpose
By summarizing the yearly maintenance work, to prepare for the maintenance work of
the next year.
Output various maintenance reports of the year and organize corresponding trainings.
Discuss the policy for the maintenance work of the next year, collect the maintenance
related documents and records, summarize the maintenance work of the year, and
evaluate the work of the maintenance personnel. You can send the excellent
maintenance personnel to participate the trainings organized by Huawei, so as to
improve their skills.
10.6.2 Outputting Yearly Report
Customize a yearly report template and fill in it.
10-20
HUAWEI iManager N2000 Fixed Network Integrated Management System Remote Maintenance
Chapter 11 Remote Maintenance
When a fault occurs to the iManager N2000 and its devices, the remote maintenance
function helps you to locate and solve the problems as quickly as possible. This lowers
the maintenance cost. In addition, this function helps Huawei Technologies Co., Ltd. to
check devices periodically to ensure the security of the devices.
11.1 Setting Up Remote Maintenance Channels
Currently, the major communication mode is the Public Switched Telephone Network
(PSTN) dial-up service connection mode. The server platform of the NMS can either be
SUN Solaris system or Microsoft Windows 2000 system. Both support the PSTN
dial-up service connection mode. The dial-up client is usually PC/Windows 98/2000
platform. The dial server can be PC/Windows 98/2000 or SUN Solaris operating
system.
First check which end, the remote end or the local end, provides the dial-up access
function. Currently, the NMS operating on the workstation platform only serves as the
dial-up access server, as shown in mode (1). If the NMS operates on Windows platform,
the end with the dial-up access function serves as the dial-up access server, as shown
in modes (2) and (3). The dial-up client dials in the dial-up access server to establish
communication connections.
-----------------Remote End-----------------------------Local End------------ ----------

1) PC/Windows98/2000 ---PSTN---> WS as Dial-up Server---> Gateway NE
2) PC/Windows98/2000 ---PSTN---> PC/Windows98/2000 ---> Gateway NE
3) PC/Windows98/2000 <--PSTN---- PC/Windows98/2000 ---> Gateway NE
----------------------------------------------------------------------------------------------------
11.2 Hardware Requirements and Connection Methods
Based on the above mentioned communication modes, the hardware requirements are
as follows: one Robotics, Sportster 33.6K, Hayes or Etek modem at each side. The
modems are delivered together with an NMS computer or workstation. The correct
connection methods are introduced below.
11-1
11.2.1 PC and PC workstation
For a PC or PC workstation, connect the serial port cable accompanying the modem to
the PC or PC workstation, plug the telephone line into the Line socket of the modem,
and then use the accompanying transformer to feed the modem.
11.2.2 SUN workstation
For a SUN workstation, do not use the serial port cable accompanying the modem. Use
the delivery attached DB25 serial port cable instead. Serial port A or B and serial port of
the modem are usually DB25 (female). Because the cable accompanying the modem is
usually female--------male, it cannot be used here. A DB25(male)------DB25(male) is
needed to connect the workstation and the modem. The connection method is as
shown in Figure 11-1. Pins 1~8 and 20 must be connected to their counterparts one by
one. For the currently delivered modem cables, pins 1~25 correspond to their
counterparts one by one. Plug the telephone line into the Line port of the modem. Use
the accompanying transformer to feed the modem.
Ground (GND)
1 1
Transmit Data (TD)
2 2
Receive Data (RD)
3 3
Request To Send (RTS)
4 4
Clear To Send (CTS)
5 5
Date Set Ready (DSR)

6 6
Signal Ground (SG)

7 7
Data Carrier Detect (DCD)
8 8
Data Terminal Ready (DTR)
20 20
Figure 11-1 Connections between the workstation and the modem
11-2
11.3 Software Configuration for Communication

Connections
Note:
Before configuring the software for communication connections, please connect the Modem with the
computer and install the Modem driver.
11.3.1 PC/Windows2000 as PSTN dial-up access server
I. Software requirement
No other software is needed because it is an inherent function of the system.
II. Configuration procedure
Follow the connection wizard to set up a dial-up connection

1) Select [Setting/Network and Dial-up/New Connection] from the [Start] menu to
start a setup Wizard. Click <Next>.
2) Select “Accept IN Connection”, and then click <Next>.
3) Select “Standard Modem”, and then click <Next>.
4) Select “Not Allowed Virtual Private Connection”, and then click <Next>.
5) Click <Add> to add a new user, and set the user name and password.
6) Click <Next>. Then a dialog box appears for you to select network components.
7) Select all network components, and then click <Next>.
8) Click <Finish>.
11.3.2 PC/Windows2000 as PSTN dial-up client
I. Software requirement
No other software is needed because it is an inherent function of the system.
If Windows 2000 serves as the dial-up client, follow the operation guide to configure it.
The following part describes the configuration procedure of the dial-up client in
Windows 2000. For Windows 98, the procedure is almost the same.
11-3
1) Select [Setting/Network and Dial-up/New Connection] from the [Start] menu to

start a setup Wizard. Click <Next>.
2) Select “Dial to Private Network” and then click <Next>.
3) Type in the area code of the telephone you dial in the “Zone No. (A)” box and
telephone number of the dial-up server in the “Telephone No.” box. Select in the
country/region code list. For a toll call, select the ”Use Dial-up Principle” check box;
for a local call, clear the ” Use Dial-up Principle” check box. Click <Next>.
4) Select “All Users Use the Connection” or “Only My Connection”, and then click
<Next>. “Only My Connection” is recommended.
5) Type “Remote Maintenance Client” in the “Type in the Connection Name” edit box,
select the “Add Shortcut on My Desktop” check box, and then click <Finish>.
To place a call, double click the “Remote Maintenance Client” icon. Then a login
interface appears. Enter your user name and password in the “User Name” and
“Password" boxes respectively. Type the telephone number you want to dial in the
“Dial” box, including the area code. Then click <Dial>.
11.3.3 SUN workstation as PSTN dial-up access server
I. Configuration requirement
1) When SUN workstation serves as the Point to Point Protocol (PPP) server, there
are two kinds of virtual network interfaces: ipdptpn and ipdn (where n indicates the
device number. Serial port A corresponds to 0 and serial port B to 1). For ipdptpn
interface, one modem can only connect to one PPP client. For ipdn interface, one
modem can connect to multiple PPP clients.
2) For the time being, only the configuration of static IP-based PPP client is
supported. If a PC serves as the PPP client, set "PPP" as the server type when
setting connection attributes, and select the specified IP address when setting
TCP/IP attributes. Other settings remain unchanged.
3) The dial-up script should be compiled in consistency with the type of modem. It is
hard to do so during the configuration of workstation dial-up service. Three types
of modems are recommended: Robotics, Hayes, and Etek. Here we introduce the
configuration of Hayes modem.
4) Unix to Unix Copy Protocol (UUCP) software and PPP software should be
pre-installed on the workstation (they are already installed on the current
workstations). If necessary, use this command to install the PPP software:
#: pkginfo | grep ppp
1) Check the connection of modem.

Connect the modem to the serial port, and then use this command to check whether the
modem is properly connected (assume that the modem is connected to serial port A):
11-4
# tip /dev/cua/a
connected
If “connected” is displayed, it indicates that the modem is connected to serial port A. In

this case, if the modem can be configured by using AT commands, it indicates that the
modem is connected properly. Otherwise, check whether the serial port cable and the
modem are normal. Type “~” to quit the command “tip”.
2) Configure the PPP.
Default settings of configuration script:
z The IP addresses of the PPP server and PPP client are set to “192.168.55.1” and
“192.168.55.2” respectively.
z The PPP server adopts ipdptpn network interfaces.
z The login user name of the PPP client is “ppp_user”.
These parameters can be changed if necessary.
Set the server:

z On the PC, load the file “ppp.tar” to the directory “/usr/local/rms/” as the user “root”.
Note that this file is transmitted in binary system.
z Log in to the workstation as a super user, and then decompress the file “ppp.tar”.
# cd /usr/local/rms
# tar xvf ppp.tar

z Connect the modem to the workstation and telephone line, and then power on the
modem. On the workstation, enter the PPP directory, and then configure the PPP
server as below:
# cd PPP
# sh setup_ppp.sh (or use “./setup_ppp.sh”).

z Specify the computer as the remote monitor server (options are client and server.
By default it serves as the client): server
z Input the serial port used (a or b. It is “a” by default): b
z Rate of serial communication (19200bps, 9600bps, or 38400bps. It is 19200bps
by default (We recommend that you press <Enter> to accept the default value
19200bps).
z Input the type of the used modem (Hayes, Robotics, or Etek. It is Hayes by default):
(case-sensitive).
z The PPP user is “ppp_user” by default.
z Input the password of "ppp-user":
z New password: (input the password of the PPP user.)
z Re-enter new password: (Input the password of the PPP user again)
11-5
Note:
If you have forgotten the password of "ppp_user", log in as a super user and then change the password
using the command “passwd ppp_user”. We recommend that you set the default password to “abcd”.
Input these two commands to control the Hayes modem (we recommend that you copy
and paste them).
AT&FN0Q2X0&C1&D2S0=1&W&y<CR>: Set parameters of modem
~.<CR>: End the session with modem
Note:
Input the above two commands from the beginning of the line. <CR> stands for Carriage Return.
If a Robotics modem is used, we recommend that the AT command used to

communicate with the modem be changed to:
AT&F1&B1&C1&D2X0S0=1&W
If an Etek modem is used, we recommend that the AT commands used to communicate

with the modem be changed to:
ATX0&C1&D2S0=1&W
connected
AT&FN0Q2X0&C1&D2S0=1&W&y
OK
~.
[EOT]
#
Note:
z Both serial ports a and b are okay. We recommend using 19200bps as the serial communication rate.
z The modem type is case sensitive.
z We recommend that you input the AT commands for communicating modem with “Copy” and “Paste”.
To end the session with the modem, type “~” at the beginning of the line.
3) Establish and end connections

z Check if the process “asppp” is started:
# ps -ef | grep asppp
11-6
z Start “asppp”
# /etc/init.d/asppp start
z Stop “asppp”
# /etc/init.d/asppp stop
z After "asppp” is started on both the server and the client, ping the server to
establish the dial-up connection.
# ping ppp_server [N]
Note:
The dial-up may take a tong time. If you ping the server for the first time, a time-out might occur. "N" is used
to set the time-out period of the command “ping”. You can check whether the connection is made by
viewing the log files (see "Troubleshooting" later in this manual) or the status indicator in the mode.
III. Change default settings
1) Change the default telephone number of the client

Modify the file “/etc/uucp/Systems” . The last row of the file is:
UNIX Any PPP 19200 0,163 ...
Where “0,163” indicates the telephone number of the PPP server. Modify it directly.
2) Change the IP address
The server and the client should be synchronized.
z Modify the IP address of the server.
Log in as a superuser, and then edit the file “/etc/hosts”:
...
192.168.55.1 ppp_server
192.168.55.2 ppp_client
...
Change the corresponding IP addresses of ppp_server and ppp_client.

z If the client is a workstation, change the IP address in the above way. If the client is
a PC, enter the IP address of the ppp.chient in the file ”/etc/hosts” at the server.
z The IP addresses of the PPP server and all PPP clients should be within the same
subnet.
3) Rename the server and client
The name is only valid at the local end. The IP addresses of the server and client
should be consistent.
11-7
z Modify the server:

Step 1: Log in as a superuser, and then modify the file “/etc/hosts”:
...
192.168.55.1 ppp_server
192.168.55.2 ppp_client
...
Modify ppp_server and ppp_client
Step 2: Change the file “/etc/asppp.cf”:

...
ifconfig ipdptp0 plumb ppp_server ppp_client up
...
Modify ppp_server and ppp_client
Note:
If the virtual network interface is ipdn, the format of the file “ asppp.c” is different from the one listed above.
Simply modify ppp_server and ppp_client.
z Modify the client (workstation):

Step 1: The same as Step 1 in modifying the server.
Step 2: The same as Step 2 in modifying the server. The virtual network interface of the
client can only be ipdptpn. Do not change the format of asppp.cf.
4) Change the type of the virtual network interface of the server to ipdn
Log in as a superuser, and then modify the file “/etc/asppp.cf”:
ifconfig ipdptp0 plumb ppp_server ppp_client up
path
...
interface ipdptp0
...
Change the above information to:

ifconfig ipd0 plumb ppp_server up
path
...
interface ipd0
peer_ip_address ppp_client
...
5) Connect the server with multiple clients
11-8
z Change the interface type to ipdn.

z Log in as a superuser, and then add the IP addresses of the clients to the file
“/etc/hosts”.
...
192.168.55.1 ppp_server
192.168.55.2 ppp_client
192.168.55.3 ppp_client2
192.168.55.4 ppp_client3
...
z Log in as a superuser, and then add the description of the paths to the file
“/etc/asppp.cf”,
#Connection parameter setting of ppp_client(192.168.55.2)
path
...
peer_ip_address ppp_client
...
#Connection parameter setting of ppp_client1(192.168.55.3)
path
...
peer_ip_address ppp_client1
...
For all the paths, the peer_ip_address is different but other parameters are identical.
IV. Configure the PPP server as a router
1) Add ppp network number

Log in as a superuser, and then add the ppp network number to the file “/etc/networks ”,
...
pppnet 192.168.55 ppp #ppp network
2) Set subnet mask
Log in as a superuser, and then modify the file “/etc/netmasks”.
...
192.168.55.0 255.255.255.0
3) Add PPP host name
If the virtual network interface is ipdn, create the file “/etc/hostname.ipdn”. If it is
ipdptpn , create the file “/etc/hostname.ipdptpn ”.
Enter the PPP host name, and then log in as a super user.
# vi /etc/hostname.ipdn
ppp_server
Save the file, and then restart the workstation.
11-9
4) Start the routing process

Check whether the routing process (in.routed, in.rdisc) of the access server has been
started.
# ps -ef | grep in.routed
# ps -ef | grep in.rdisc
If not, run these commands:
# /usr/sbin/ndd -set /dev/ip ip_forwarding 1
# /usr/sbin/in.routed -s
# /usr/sbin/in.rdisc -r
5) Set default route at the client
Set a default route at the PPP client, with the gateway being ppp_server.
# route add default ppp_server

6) Set default route at the host
At the LAN host side, set a route to the PPP network, with the gateway being the
Ethernet IP address of the PPP server.
# route add 192.168.55.0 xxx.xxx.xxx.xxx
11.4 Remote Maintenance Schemes
The remote maintenance mode varies with the operating system platform and the
remote maintenance tool software. This section details the remote maintenance modes
of the iManager N2000 (Client/Server).
11.4.1 SUN workstation serves as the dial-up server
This mode is used in situations where the server of the operator is a SUN workstation.
It features high connection rate and high security. First set up the corresponding dial-up
connection (see Section 10.1.3), and then follow these steps to perform the
maintenance.
1) Both parties establish communication connections in between. The remote
maintenance client should get information such as the telephone number of the
opposite end, dial-up user name and password. Then dial in the iManager N2000
NMS Workstation of the operator.
2) The remote maintenance engineer runs the iManager N2000 Client, inputs
“192.168.55.1: 9801” in the server input box, and then the user name and
password provided by the operator, and clicks <Login>. After logging in
successfully, the maintenance engineer can perform remote maintenance.
11-10
Note:
z Both parties establish communication connections in between. The remote maintenance client should
get information such as the telephone number of the opposite end, dial-up user name and password.
Then dial in iManager N2000 NMS Workstation of the operator.
z For the sake of security, set one TELNET connection for the SUN workstation and disable the FTP
function.
11.4.2 PC/Windows2000 serves as the dial-up server
This mode is used in situations where the server of the operator is a PC. It features high
connection rate and high security. First set up the corresponding dial-up connection
(see Section 10.1.2), and then follow these steps to perform the maintenance.
1) Both parties establish communication connections in between. The remote
maintenance client should get information such as the telephone number of the
opposite end, dial-up user name and password. Then dial in the network
management PC of the operator.
2) The remote maintenance engineer runs the iManager N2000 Client, inputs
“192.168.55.1: 9801” in the server input box, and then the user name and
password provided by the operator, and click <Login>. After logging in successfully,
the maintenance engineer can perform remote maintenance.
Note:
z If the dial-up connection at the server side is disconnected, restart the SS module of the NMS Server.
z For the sake of security, the number of the login users is limited.
11.5 Troubleshooting
I. Failed to connect to SUN workstation
1) Check whether the connections are correct, especially the connection of the SUN
workstation. Check whether the modem is connected properly. The telephone line
should be connected to the jacket marked “line”.
2) Make sure that connection of the modem is normal. If a message similar to
tip: /dev/cua/b: No such device or address
all ports busy
11-11
appears during the setup, it means that the modem is improperly connected. In this
case, check the condition of the lines and make sure that the modem is switched on.
Use
tip termb (or terma, respectively indicates that the modem is connected to serial port
b or a)
or
tip -19200 /dev/cua/b (a)
to connect the modem. If the message “connected” appears, it indicates that the
modem is connected. In this case, you can input “AT”. If "OK” is returned, it indicates
that the modem is normal. Input “~” to exit, and then set setup_ppp.sh again. If no “OK”
is returned after you input “AT”, input “ATE1Q0”. If still no response is returned, replace
the port or re-connect the modem.
For more information about debugging modem, please see the document
“Modem_conf.pl”. You can open this file with an HTML browser.
Note:
To use terma or termb, the setup_ppp.sh must be set correspondingly. terma or termb is an entry to file
“‘/etc/remote”.
3) Make sure that the password of ppp_user input at the client side is identical to the
one set at the server side. run “vi” to view the file “/etc/uucp/Systems”. The
password of ppp_user is located at the last row (login: ppp_user word:) of the file.
It must be identical to the one set at the server side. To change the password of
ppp_user without setting PPP again, log in as a superuser, and use
“/usr/bin/passwd ppp_user” to change the password of ppp_user.
4) The file “/var/adm/log/asppp.log” (the same as etc/log/asppp.log) records the
operations performed by the PPP user. You can view the dial-up connection
progress in ”tail -f /var/adm/log/asppp.log”.
5) If no change occurs in “tail -f /var/adm/log/asppp.log” when the client dials, it
means that the PPP user has not logged in or the login shell is not
“/usr/sbin/aspppls”. Modify the file “/etc/passwd” directly, or change the login shell
of the PPP user to “/usr/sbin/aspppls“ in “admintool”.
6) If the following message is displayed in “/var/adm/log/asppp.log”:
10:13:22 get_fifo_msg: can't find path with peer_system_name ppp_user
It means that the PPP user name set at he client side might be inconsistent with the one
set in ”peer_system_name” in “/etc/asppp.cf” at the server side. Please make them
consistent.
11-12
II. No display in the SUN workstation login window
The cause is possibly related to cables. Check whether the cables meet the hardware
requirements.
III. Frequent problems with the PC workstation serving as the dial-up client
1) Illegible characters appear in the PC client login window. The likely reason is that
the rate of the PC client is not set to 19200.
2) Make sure that the dial-up server is correctly installed and is bound with TCP/IP.
Problems may occur if multiple dial-up servers are installed.
IV. How to check wether the PPP software has been installed
UUCP software and PPP software should be pre-installed on the workstation (currently,
they are already installed on the workstation). Run this command to check whether the
PPP software has been installed:
# pkginfo | grep ppp
The system prompts that the PPP software has been installed.
V. The modem at the server side does not answer.
Set the modem to auto answer mode. For Robotics, Hayes and Etek modems, run the
scripts again and select a correct modem type (case-sensitive). For another modem
type, set the corresponding AT commands by referring to the configuration manual.
11-13
User Manual
HUAWEI iManager N2000 Fixed Network Integrated Management System Appendix A FAQ
Appendix A FAQs
A.1 Workstation
A.1.1 How to Start Sun Workstation from CD-ROM (Sun/Solaris)
1) Power on the workstation. When the startup screen appears, key in the
<Stop+A> key combination. The prompt "OK" then appears.
2) Put the Solaris installation CD-ROM into the CD-ROM drive, key in the command
"boot cdrom" and press <Enter>. The workstation then starts from the CD-ROM.
A.1.2 Sun Workstation Abnormally Shut Down (Sun/Solaris)
Always take the correct procedure to shut down your workstation. Incorrect
operations, such as directly switching off, or power failure may damage the file system.
If there is a power failure, it is necessary to restore the operating system and
database to maintain the normal functioning of the entire system. While re-booting,
the system will automatically check and restore the file system. Now, use the fsck
command to manually check the file system. Log in as a root user and execute the
following commands.
1) Execute the fsck -y command to check the file system
Input the following command in the terminal window:
# fsck -y
The system begins to correct the errors in the file system until the completion of the
correction.
A.1.3 How to Set IP Address of Sun Workstation (Sun/Solaris)
Two methods are available:
Method 1: Enter the NIC IP address of the Sun workstation correctly in the "Configure
Network" option while installing the operating system.
Method 2: Set the IP address by modifying the corresponding file.

1) Open the "/etc/hosts" file and change the IP address corresponding to the host
name.
A-1
User Manual
2) Open the "/etc/netmasks" file and change the network mask corresponding to the
host. If the corresponding item is unavailable, add "host IP network mask", like
"10.110.1.1 255.255.0.0".
3) Restart the workstation.
A.1.4 How to Change Host Name of Sun Workstation (Sun/Solaris)
Changing host name of the Sun workstation involves changing the following three
files:
z /etc/hostname.hme0
z /etc/hosts
z /etc/nodename
Change the host name of the three files to the desired one Restart the workstation to
validate your change.
A.1.5 Failed to Connect PC to Sun Workstation through Direct-connect

Cable (Sun/Solaris)
Direct-connecting Sun workstation to some network devices may fail due to mismatch.
In this case, do not use the direct-connect cables. Add a hub and use ordinary
network cables to connect the related devices.
A.1.6 Keyboard No Response for Sun Workstation (Sun/Solaris)
This problem may occur when you click <Stop> on the left part of the keyboard. In this
case, click it again.
A.1.7 How to Configure Maximum Terminals for Sun Workstation

(Sun/Solaris)?
Add the following settings to the "/etc/system" file:
set npty=100
set pt_cnt=100
Restart the NMS workstation to validate your settings.
A.1.8 How to Use CD-ROM Drive (Sun/Solaris)
z If a CD-ROM drive is embedded in the Sun workstation, the system will

automatically install it to the "/cdrom" directory. If a CD-ROM is put in the
CD-ROM drive, you can enter the "/cdrom" directory and then access to the
CD-ROM.
A-2
User Manual
z If an external CD-ROM driver is installed, connect SCSI cables, power on the

CD-ROM driver and then the workstation. Then the system can detect it
automatically and install it to the "/cdrom" directory.
z If a CD-ROM is put in the CD-ROM driver, use the corresponding command to
open the CD-ROM drive. First make sure the CD-ROM is not in use, exit the
directory where the CD-ROM is located, and then run the following command as
a superuser:
# eject
z Then the CD-ROM driver is opened. Extract the CD-ROM.
z If the prompt "Device busy" appears and the CD-ROM is not ejected, run the
following command as a superuser:
# /etc/rc2.d/S92volmgt stop
z Then press the eject button on the front panel of the CD-ROM drive, extract the
CD-ROM. The CD-ROM drive is not running now. To run the CD-ROM driver, run
this command:
# /etc/rc2.d/S92volmgt start
z To run or start the system from CD-ROM, put the boot CD-ROM into the
CD-ROM drive. When the prompt "OK" appears on the workstation, enter:
OK boot cdrom
z Then the system is started from the CD-ROM.
z Enter the following command at the "OK" prompt:
OK probe-scsi
z This is to check if SCSI devices (usually CD-ROM) are well connected to the
workstation.
A.1.9 How to Use Tape Drive (Sun/Solaris)
The command "tar" is usually used to operate tape drive. Assume the tape drive is
well connected and the device No. is /dev/rmt/0. The general operations include:
z Backing up a directory or a file to a tape (the original contents are corrupted,
starting from the tape header):
tar cvf /dev/rmt/0 <directory name or filename>
z Adding a directory or a file to an existing non-empty tape (the new contents are
appended to the original contents):
tar rvf /dev/rmt/0 <directory name or filename>
z Viewing the contents of a tape:
tar tvf /dev/rmt/0
z Extracting a directory or a file from a tape:
A-3
User Manual
tar xvf /dev/rmt/0 <directory name or filename>
A.1.10 Failed to Log in to the System as a Root User While Using FTP
(Sun/Solaris)
For the sake of security, FTP service is unavailable to the root user by default after
Solaris 8 is installed. To use FTP as a root user, follow this procedure:
Log in as a root user, edit the “/etc/ftpusers” file, comment out the root user line, save
the setting, and then log out. Then you can log in as a root user by using FTP.
We recommend that you undo the comment operation after use of the FTP service.
A.1.11 Can’t Use Services Such as Telnet After the NMS is Installed
For the sake of security, when iManager N2000 is installed on Solaris OS, services
such as telnet, FTP, finger, and so on, are disabled.
To use these services, follow this procedure:
#cd /etc/inet
#cp inetd.conf inet.conf.bak
#cp inetd.conf.021204.034801.bak inetd.conf
Where the file name "inetd.conf.021204.034801.bak” varies with the date on which
the NMS is installed.
View the process used to enable the service and make the process to re-read the file.
#ps -ef | grep inet

root 144 1 0 12 04 ? 0:00 /usr/sbin/inetd -s
#kill -HUP 144
Now, you can use the corresponding services. After use, follow this procedure to
disable the services:
#cp inet.conf.bak inetd.conf
#kill -HUP 144
A.1.12 File Size Changed When FTP is Used to Send Files
When FTP is used to send files with binary contents (for example, NMS Setup and
database interface files), the files must be sent in binary format. Otherwise the
transmission error will occur. When you enter the FTP program, the default
A-4
User Manual
transmission mode is ASCII. In this case, before sending the files, use the command
“bin” to change the transmission mode to binary format.
A.1.13 Execution Authority of Files is Lost When FTP is Used to Send Files
If the execution authority of Setup is lost when the Setup is copied to a hard disk
through FTP program, change the authority of the file. Take the installation script of
the NMS as an example, run this command:
# chmod +x setup.sh
If the system prompts that the authority of another file is lost, change it in the same
way.
A.2 Database
A.2.1 How to Change the Password of "sa" (Sun/Solaris/Sybase)?
"sa" is the user name of the Sybase system administrator. After the Sybase database
is installed, the password of "sa" is null by default. Please follow these steps to set or
change the password to "abc123", for example.
$ isql -Usa –P
1> sp_password null, abc123
2> go
The password is set correctly.
(return status=0)
1>quit
The password of "sa" cannot be changed back to null after setting. Please remember
the new password.
A.2.2 How to Set the sa Password (Windows/SQL Server 2000)
If you have not set the sa password during the installation of SQL Server 2000, you
can set it through the following methods after installation.
Method 1:
Select [Program/Microsoft SQL Server/Enterprise Manager] from the [Start] menu to

pop up "SQL Server Enterprise Manager" window. Unfold the directory tree on the left
and locate the security node. Click "Login" and double click "sa" on the right of the
window. Set password in the pop-up "SQL Server Login Properties" dialog box.
A-5
User Manual
Method 2:
Modify the password through "isql" application. It is just the same as the operations for
Sybase. Please refer to How to Change the Password of "sa" (Sun/Solaris/Sybase)?
A.2.3 Sun Workstation Abnormally Shut Down (Sun/Solaris/Sybase)
Use the fsck command to manually check the file system. Log in as a root user and
execute the following commands.
1) Execute the fsck -y command to check the file system
Input the following command in the terminal window:
# fsck -y
The system begins to correct the errors in the file system until the completion of the
correction.
2) If the Sybase database does not start, delete the
"/opt/sybase/N2000DBServer.krg" file (Herein, the N2000DBServer is a
Database Server name, which is set while installing Sybase). Then execute the
/usr/sbin/shutdown -y -g0 -i6 command to restart the WS.
A.2.4 Unable to Start Sybase(Sun/Solaris/Sybase)
Check the shared memory in the "/etc/system" file for the following contents (usually
at the end of this file):
set shmsys:shminfo_shmmax = 131072000
Herein, "131072000" is calculated with the following formula based on the memory of
128M.
Y=X*1024*1000 (where X is the physical memory, measured in MB).
If the set shared memory is lower than the value that is calculated based on the
physical memory, the Sybase will fail to be started. Calculate the shared memory on
the basis of the physical memory, set it again, and then restart the OS.
A.3 NMS
A.3.1 No Response from Left Mouse Button
The left mouse button may give no response after the following operations:
1) Move the cursor onto a topological object. Click the left and right mouse buttons
concurrently, then the right-click menu appears.
A-6
User Manual
2) Hold on these two buttons and move the cursor to another area. Release the
buttons simultaneously.
3) Move the cursor out of the popup menu area, click and see whether the left
button (selection operation) still functions.
I. Solution
Right click, and then left mouse button will become normal. Do not click the left mouse
button and the right mouse button at the same time.
A.3.2 Some NMS Functions Abnormal Due to OS Time Changed
In case of any change to the operating system time of the NMS Server while the NMS
is running, some NMS functions based on timer (operation log auto dumping, for
example) might be abnormal.
I. Solution
Shut down the NMS and databases and restart the NMS Server.
Please set accurately the system time while installing the OS. Do not change system
time of the NMS Server when the NMS is running. If you really need to do so, first exit
the NMS, change the system time, and then restart.
A.3.3 Alarm Window Display Abnormal Due to Alarm Panel Closed
After adjusting the real-time alarm window to show both unacknowledged alarm pane
and acknowledged alarm pane, open and then close the alarm panel. Then the
acknowledged alarm pane maybe restores the original size.
I. Solution
Drag to resize the acknowledged alarm pane.
A.3.4 Installation Interface No Response (Windows)
Sometimes the installation interface may stop refreshing (becomes blank, for
example) while installing the NMS under Windows.
I. Solution
While installing the NMS under Windows 2000 Server, the installation is started with a
".bat" file, and a DOS window pops up. Do not click in the DOS window. Otherwise the
above problem may occur.
A-7
User Manual
If it happens, please switch to the DOS window and press <Enter>. The installation
will continue.
A.3.5 Shortcut No Response
There are shortcuts for some right-click menu items, but it may be no response when
you click the shortcut key.
I. Solution
At present, the function is still not supported by Java Development Kit (JDK). It is
suggested using mouse click to select in the right-click menu instead of clicking the
shortcut key.
A.3.6 Help Window No Response
This problem may occur when doing following operations:

1) Select [Help/Topic] to access the online help.
2) Perform some operations on iManager N2000, and switch to the opened help
window during the operations. In this case, the help window may be no response.
For example, open the "Create Current Alarm Querying Profile" dialog box, then
switch to the help window, you will find that you cannot operate on the help
window.
II. Solution
Finish the operation. For example, close all the opened dialog boxes. The help
window will recover normal.
To browse help during the operations, please press <F1> to access the online help.
A.3.7 Topology Display Abnormal
The problem may occur when you open a dialog box then draw the roll bar in the
topology window. Because there are many topological objects in the topology, the
status refreshing may delay.
I. Solution
Switch to other window then return. The topological view will be displayed normally.
A.3.8 Nonstop Alarm Sound
Alarm sound will last till it is cleared. How to stop alarm sound?
A-8
User Manual
I. Solution
Select [Fault/Audio&Visual/Stop Alarm Box Sound] to stop the current alarm sound.
But when a new alarm occurs, the alarm sound will ring again.
To stop all the alarm sounds, you can select {Fault/Fault Setting/Local Property] to
pop up "Local Property" dialog box. Click "Audio&Visual Setting" tab, uncheck the
audio alarms of all the severities. This is not recommended in case that some faults
maybe ignored.
A.3.9 How to View Text Completely
In some text boxes that cannot be edited, the long text may be not shown completely.
How to view the text completely?
I. Solution
Click the mouse on the text, there is no cursor icon. But you can click and drag to view
the covered text.
A.3.10 Abnormality Occurs When Selecting Multiple Records in Table
In the window of displaying information table, drag your mouse to select multiple
records continuously. Some records in the middle may not be selected.
I. Solution
Drag slowly and do not select too many records at one time.
A.3.11 Failed to Restore Database
Use the database backup tool to restore the database from the backup but the
operation failed.
I. Solution
Please shut down SQL Server Enterprise Manager before the restoration.
A.3.12 "Admin" Fails to Log in
In the “Login“ dialog box, enter "admin" and "Admin" to log in. For Windows version,
both "admin" and "Admin" can log in. For Solaris version, the user "Admin" does not
exist, so it cannot log in.
A-9
User Manual
I. Solution
In Windows system , user names are case insensitive, so "admin" and "Admin"
indicate the same user. In Solaris system, user names are case sensitive, so "admin"
and "Admin" indicate two different users, and only "admin" can log in.
A.3.13 Device Name Overlap
In the topological view, if the device names are short, they will not overlap after auto
layout. If they are very long, they might overlap after auto layout.
I. Solution
Drag the icon with the long device name to a free place until they device names do not
overlap.
A-10
User Manual
HUAWEI iManager N2000 Fixed Network Integrated Management System Appendix B Abbreviations
Appendix B Abbreviations
Abbreviations Full Name

ACL Access Control List
ADSL Asymmetric Digital Subscriber Line
AMG Access Media Gateway
ATM Asynchronous Transfer Mode
BAM Back Administration Module
BAS Broadband Access Server
BML Business Management Layer
BMS Broadband Management System
CDE Common Desktop Environment
CES Circuit Emulation Service
CLI Command Line Interface
CNM Client Network Management
CORBA Common Object Request Broker Architecture
DCN Data Communications Network
DDN Digital Data Network
DHCP Dynamic Host Configuration Protocol
DMS Data Management System
DNS Domain Name Server
EMF Element Management Framework
EML Element Management Layer
EMS Element Management System
ETG Edge Trunk Gateway
FR Frame Relay
FTP File Transfer Protocol
GK Gatekeeper
GUI Graphic User Interface
HGMP Huawei Group Management Protocol
HTTP Hyper Text Transport Protocol
B-1
User Manual

JDK Java Development Kit
IAD Integrated Access Device
IADMS Integrated Access Device Management System
ID Identity
IDS Intrusion Detection System
iGWB iGateway Bill
IMA Inverse Multiplexing on ATM
IP Internet Protocol
IPOA IP Over ATM
ITA Intruder Alert
LAN Local Area Network
MA Multi-service Access
MAU Media Attachment Unit
MDC Message Distribution Center
MG Media Gateway
MGCP Media Gateway Control Protocol
MIB Management Information Base
MML Man Machine Language
MRS Media Resource Server
MTBF Mean Time Between Failures
MTTR Mean Time To Recovery
NAT Network Address Translation
NE Network Element
NFS Network File System
NGN Next Generation Network
NML Network Management Layer
NMS Network Management System
OAM Operations, Administration and Maintenance
OSS Operation Support System
POS Packet Over SDH
PPP Point to Point Protocol
PSTN Public Switched Telephone Network
B-2
User Manual

PVC Permanent Virtual Connection
PVC Permanent Virtual Channel
PVP Permanent Virtual Path
RAS Remote Access Server
SG Signaling Gateway
SLA Service Level Agreement
SML Service Management Layer
SMTP Simple Mail Transfer Process
SNMP Simple Network Management Protocol
SQL Structured Query Language
SoftX Soft Switch
TFTP Trivial File Transfer Protocol
TMF Tele Management Forum
TMG Trunk Media Gateway
TMN Telecommunications Management Network
UDP User Datagram Protocol
UMG Universal Media Gateway
UMS U-SYS Management System
UPS Uninterrupted Power Supply
UUCP Unix to Unix Copy Protocol
VLAN Virtual Local Area Network
VPN Virtual Private Network
WAN Wide Area Network
XML Extensible Mark-up Language
B-3

N2000 System User Manual

Uploaded by

Document Informationclick to expand document information

Document Informationclick to expand document information

Copyright:

Available Formats

N2000 System User Manual

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

N2000 System User Manual

Uploaded by

Copyright:

Available Formats

Chapter 1 System Description........................................................................

HUAWEI iManager N2000 Fixed Network Integrated

Manual Version T2-100140-20040430-C-2.30

Product Version V200R003

Huawei Technologies Co., Ltd.

Address: Administration Building, Huawei Technologies Co., Ltd.,

Bantian, Longgang District, Shenzhen, P. R. China

Postal Code: 518129

All Rights Reserved

No part of this manual may be reproduced or transmitted in any form or by any

, HUAWEI, C&C08, EAST8000, HONET, , ViewPoint, INtess, ETS, DMC,

This manual applies to iManager N2000 Fixed Network Integrated Management

It introduces the basic operations of iManager N2000,

Chapter 1 System Description covers function features, architecture of iManager

Chapter 2 Topology Management describes basic concepts, function features of

Chapter 3 Fault Management describes basic concepts, function features of fault

Chapter 5 Security Management introduces the user authority management of

Chapter 6 Environment Monitoring Management presents the integrated

Chapter 10 Routine Maintenance gives suggestions and guides to routine

Chapter 11 Remote Maintenance introduces the methods of remote maintenance on

The manual is intended for the following readers:

II. GUI conventions

III. Keyboard operation

IV. Mouse operation

Note, Comment, Tip, Knowhow, Thought: Means a complementary description.

Chapter 1 System Description ..................................................................................................... 1-1

Chapter 2 Topology Management................................................................................................ 2-1

Chapter 3 Fault Management ....................................................................................................... 3-1

3.2.4 Setting Automatic Alarm Dumping .......................................................................... 3-7

Chapter 4 Performance Management.......................................................................................... 4-1

4.7 Other Functions ............................................................................................................... 4-20

Chapter 5 Security Management.................................................................................................. 5-1

Chapter 6 Environment Monitoring Management ...................................................................... 6-1

6.4.2 Synchronizing Monitoring Unit List.......................................................................... 6-6

Chapter 7 Database Backup Tool ................................................................................................ 7-1

Chapter 8 System Monitor............................................................................................................ 8-1

Chapter 9 NMS Security Policy .................................................................................................... 9-1

Chapter 10 Routine Maintenance............................................................................................... 10-1

10.2.2 Checking Network Running Status ..................................................................... 10-2

Chapter 11 Remote Maintenance............................................................................................... 11-1

11.3.3 SUN workstation as PSTN dial-up access server............................................... 11-4

Appendix A FAQs ..........................................................................................................................A-1

Appendix B Abbreviations ...........................................................................................................B-1

Chapter 1 System Description

1.1 Product Introduction

The iManager N2000 Fixed Network Integrated Management System (called

Residing at the management layer of network solutions, the iManager N2000

The iManager N2000 provides different network management solutions:

It employs the mature and widely-used client/server architecture. Therefore, it

With a multi-process design mechanism, the iManager N2000 can be flexibly

The iManager N2000 provides a concise and consistent management mode. It

The functions are shown below.

The Data Management System (DMS) is developed on the same NM platform. It is

1.2.1 Software Architecture

Figure 1-1 shows the software architecture of the iManager N2000.

Figure 1-1 Software architecture of the iManager N2000

1.2.2 Hardware Architecture

Figure 1-2 shows the hardware architecture of the iManager N2000.