B DCNM Installation Guide For San 11-0-1
B DCNM Installation Guide For San 11-0-1
0(1)
First Published: 2018-07-12
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (1110R)
© 2018 Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1 Overview 1
Introduction 1
Installation Options 2
Deployment Options 2
Upgrade Paths 3
System Requirements for Cisco DCNM, Release 11.0(1) 3
Clearing Browser Cache 7
CHAPTER 3 Prerequisites 11
General Prerequisites 11
Before you begin 11
Initial Setup Routine 12
Preparing to Configure the Switch 13
Default Login 14
Setup Options 14
Assigning Setup Information 15
Configuring Out-of-Band Management 15
Antivirus exclusion 25
Oracle Database for DCNM Servers 25
Oracle SQLPlus Command-Line Tool 26
init.ora File 26
Backing up the Oracle Database 27
Preparing the Oracle Database 27
Logging Into Oracle 27
Increasing the SYSTEM Tablespace 28
Increasing the Number of Sessions and Processes to 150 Each 29
Increasing the Number of Open Cursors to 1000 29
PART I Appendix 55
CHAPTER 8 Certificates 65
Retaining the CA Signed Certificate 65
Configuring Certificates for Cisco DCNM 66
Using a self signed SSL Certificate 66
Using a SSL Certificate when certificate request is generated using Keytool on Windows 66
Using an SSL Certificate When Certificate Request Is Generated Using Keytool on Linux 67
Using a SSL Certificate when certificate request is generated using OpenSSL on Linux 68
Collecting PM Data 69
Introduction
Cisco DCNM provides an alternative to the command-line interface (CLI) for switch configuration commands.
In addition to complete configuration and status monitoring capabilities for Cisco MDS 9000 switches, Cisco
DCNM-SAN provides powerful Fiber Channel troubleshooting tools. These in-depth health and configuration
analysis capabilities leverage unique MDS 9000 switch capabilities: Fiber Channel Ping and Traceroute.
Cisco DCNM includes these management applications:
Device Manager
Cisco DCNM-SAN automatically installs the Device Manager. Device Manager provides two views of a
single switch:
• Device View—displays a graphic representation of the switch configuration and provides access to
statistics and configuration information.
• Summary View—displays a summary of xE ports (Inter-Switch Links), Fx ports (fabric ports), and Nx
ports (attached hosts and storage) on the switch, as well as Fibre Channel and IP neighbor devices.
Summary or detailed statistics can be charted, printed, or saved to a file in tab-delimited format.
Performance Manager
Performance Manager presents detailed traffic analysis by capturing data with SNMP. This data is compiled
into various graphs and charts that can be viewed with any web browser. In Release 11.0(1), Performance
Manager collection will backup files on Elastic Search which aids in better scalability and API access.
Installation Options
In the Cisco DCNM Release 11.0(1), the images are packaged with the Cisco DCNM installer, signature
certificate, and signature verification script. You must unzip the desired Cisco DCNM Installer image zip file
to a directory. Image signature can be verified by following the steps in README file. The installer from
this package installs the Cisco DCNM software.
Deployment Options
The installer available for Cisco DCNM Release 11.0(1) can be deployed in one of the below modes.
Standalone Server
All types of installers are packaged along with PostgreSQL database. The default installation steps for the
respective installers result in this mode of deployment.
Upgrade Paths
Prior to Cisco DCNM Release 11.0(1), DCNM OVA and ISO supported SAN functionality. Beginning with
Cisco DCNM 11.0(1), OVA and ISO does not ship with SAN support. You can upgrade to Release 11.0(1)
only from DCNM Release 10.4(2).
The following table summarizes the upgrade options for Cisco DCNM 11.0(1).
LAN, SAN, Auto-Config Classic LAN • Upgrade is not possible if SAN is used or is
BottomUp configuration is used in 10.4(2).
• Upgrade is possible to LAN Fabric Deployment if
SAN and TopDown configurations is used in
10.4(2).
• Upgrade is possible to Classic LAN Deployment
if SAN and TopDown configurations are not used
in 10.4(2).
DCNM_root_directory/java/jre1.8
Server Requirements
Cisco DCNM, Release 11.0(1), supports the Cisco DCNM Server on these 64 bit operating systems:
• SAN Deployments:
• Microsoft Windows 2012 R2
• Red Hat Enterprise Linux Release 7.0, 7.3 and 7.4
Note Cisco DCNM Release 11.0(1) does not support Oracle 12c pluggable database
version installation.
Note Cisco DCNM 11.0(1) for LAN is not supported with an external database.
Note The ISO/OVA installation only supports the embedded PostreSQL database.
Note The Cisco DCNM database size is not limited, and increases according to the number of nodes and ports that
the DCNM manages with Performance Manager Collections enabled. You cannot restrict the database size.
If you choose Oracle database, we recommend that you use Oracle SE or Enterprise edition, instead of Oracle
XE due to table space limitations.
Note You are responsible for all the support that is associated with the Oracle databases, including maintenance,
troubleshooting, and recovery. We recommend that customers perform regular database backups, either daily
or weekly, to ensure that all the data is preserved.
Cisco UCS C240 M5S UCSC-C240-M5SX 24G / 500G 8-vCPU Cores with
Cisco hardware RAID Controller
[UCSC-SAS-M5] for RAID
operation (small)
Cisco DCNM Release 11.0(1) supports the running of the Cisco DCNM Server on the following hypervisors:
• VMware ESXi 5.5
• VMware ESXi 6.0
• VMware ESXi 6.5
• VMware vCenter 6.0
• VMware vCenter 6.5
Note • When you log into the VMware vSphere Web Client, the Adobe Shockwave Flash crashes with the latest
Google Chrome 62.0.3202.62 (64 bit), Mozilla Firefox 56.0.1 (64 bit), and Internet Explorer
8.0.7601.17514. Hence you cannot install Cisco DCNM on VMware ESX using VMware vSphere Web
Client. This is a known issue with Adobe Shockwave Flash version 27.0.0.159. For more information,
see https://kb.vmware.com/s/article/2151945.
Note Small deployment scenario for Classic LAN and SAN—Fewer than 50 switches
Small deployment scenario for LAN Fabric—Fewer than 15 switches
The Cisco DCNM Release 11.0(1) does not support OVA for SAN.
Client Requirements
Cisco DCNM SAN desktop client and Cisco Device Manager support Windows 2012, Windows 10, and Red
Hat Linux. The following table lists the minimum hardware requirements for these client systems.
If you install Cisco DCNM in a virtual machine, you must reserve resources equal to the server resource
requirements to ensure a baseline with the physical machines.
Some Cisco DCNM features require a license. Before using the licensed features, you must install a Cisco
DCNM license for each Nexus-managed or MDS-managed platform.
Additionally, Cisco DCNM supports EMC call-home events, fabric change events, and events that are forwarded
by traps and email.
Based on your browser, you can perform the following task to clear the browser cache.
Mozilla Firefox
To clear cache on the Mozilla Firefox browser, perform the following task:
1. From the History menu, select Clear Recent History.
If the menu bar is hidden, press Alt to make it visible.
2. From the Time range to clear: drop-down list, select the desired range. To clear your entire cache, select
all options.
3. Click the down arrow next to Details to choose which elements of the history to clear. To clear the entire
cache, select all items.
Click Clear Now.
4. Restart browser.
Google Chrome
To clear cache on the Google Chrome browser, perform the following task:
1. In the browser bar, enter chrome://settings/clearBrowserData, and press Enter.
2. On the Advanced tab, select the following:
• Cookies and other site data
• Cached images and files
3. From the Time range drop-down list, you can choose the period of time for which you want to clear
cached information. To clear your entire cache, select All time.
4. Click Clear Data.
5. Restart browser.
Internet Explorer
To clear cache on the Internet Explorer browser, perform the following task:
1. Select Tools > Safety > Delete browsing history....
If the menu bar is hidden, press Alt to make it visible.
2. Deselect Preserve Favorites website data, and select Cookies or Cookies and website data.
3. Click Delete. You will see a confirmation at the bottom of the window when the process is complete.
4. Restart browser.
• Do not interrupt the boot process (such as pressing the Ctrl+ALT + DELETE keys) when installing
DCNM. If you interrupt, you must restart the installation process.
• Ensure that you configure the timezone after installation or upgrade, before performing any other operations
on the Cisco DCNM Appliance.
• Clear the browser cache before you launch the Cisco DCNM Web UI using the Management Network
IP address, after upgrade. For instructions on how to clear the browser cache, see Clearing Browser
Cache, on page 7.
Fresh Installation
• For Windows and Linux installers, the installer installs Cisco DCNM-SAN and Cisco SMI-S agent on
your system.
Upgrade
• For Windows and Linux installers, the default is to upgrade to the latest version of Cisco DCNM.
General Prerequisites
This section includes the following topics:
Note If Oracle RAC is chosen as the database for Cisco DCNM, ensure that the database
host IP addresses and virtual IP addresses are added to the hosts file with their
host-names.
• For RHEL, the maximum shared memory size must be 256 MB or more. To configure the maximum
shared memory to 256 MB, use the following command:
sysctl -w kernel.shmmax=268435456
This setting, kernel.shmmax=268435456, should be saved in the /etc/sysctl.conf file. If this setting is not
present or if it is less than 268435456, the Cisco DCNM server will fail after the server system is rebooted.
For more information, visit the following URL:
http://www.postgresql.org/docs/8.3/interactive/kernel-resources.html
The server system must be registered with the DNS servers. The server hosting DCNM application must
be dedicated to run DCNM alone and must not be shared with any other applications which utilizes
memory and system resources.
• While using Remote PostgreSQL Database server, ensure that the Cisco DCNM Host IP addresses are
added to the pg_hba.conf file present in the PostgreSQL installation directory. After the entries are added,
restart the DB.
• Users installing Cisco DCNM must have full administrator privileges to create user accounts and start
services. Users should also have access to all ports. These ports are used by Cisco DCNM Server and
the PostgreSQL database: 1098, 1099, 4444, 4445, 8009, 8083, 8090, 8092, 8093, 514, 5432.
• When you connect to the server for the first time, Cisco DCNM checks to see if you have the correct
Sun Java Virtual Machine version installed on your local workstation. Cisco DCNM desktop clients look
for version 1.8(x) during installation. If required, install the Sun Java Virtual Machine software.
Note When launching the Cisco DCNM installer, the console command option is not
supported.
Note Using the Cisco DCNM installer in GUI mode requires that you must log in to
the remote server using VNC or XWindows. Using Telnet or SSH to install Cisco
DCNM in GUI mode is not possible.
Before you can use Cisco DCNM to manage network switches, you must complete the following tasks:
• Install a supervisor module on each switch that you want to manage.
• Configure the supervisor module with the following values using the setup routine or the CLI:
• IP address assigned to the mgmt0 interface
• SNMP credentials (v3 user name and password or v1/v2 communities), maintaining the same user
name and password for all the switches in the fabric.
Note IP address for a Cisco Nexus switch or a Cisco MDS switch can be set via CLI or USB key or POAP.
• IP address for the switch management interface—The management interface can be an out-of-band
Ethernet interface or an in-band Fibre Channel interface (recommended).
• Subnet mask for the switch's management interface (optional).
• IP addresses, including:
• Destination prefix, destination prefix subnet mask, and next-hop IP address if you want to enable
IP routing. Also, provide the IP address of the default network (optional).
• Otherwise, provide an IP address of the default gateway (optional).
• SSH service on the switch—To enable this optional service, select the type of SSH key (dsa/rsa/rsa1)
and number of key bits (768 to 2048).
• DNS IP address (optional).
• Default domain name (optional).
• NTP server IP address (optional).
• SNMP community string (optional).
• Switch name—This is your switch prompt (optional).
Note Be sure to configure the IP route, the IP default network address, and the IP default gateway address to enable
SNMP access. If IP routing is enabled, the switch uses the IP route and the default network IP address. If IP
routing is disabled, the switch uses the default gateway IP address.
Note You should verify that the Cisco DCNM-SAN Server host name entry exists on the DNS server, unless the
Cisco DCNM-SAN Server is configured to bind to a specific interface during installation.
Default Login
All Cisco Nexus and Cisco MDS 9000 Family switches have the network administrator as a default user
(Admin). You cannot change the default user at any time (see the Security Configuration Guide, Cisco DCNM
for SAN).
You have an option to enforce a secure password for any switch in the Cisco MDS 9000 Family. If a password
is trivial (short, easy-to-decipher), your password configuration is rejected. Be sure to configure a secure
password (see the Security Configuration Guide, Cisco DCNM for SAN). If you configure and subsequently
forget this new password, you have the option to recover this password (see the Security Configuration Guide,
Cisco DCNM for SAN).
Note Adhere to the following password requirements. If you do not comply with the requirements, the DCNM
application might not function properly:
• It must be at least 8 characters long and contain at least one alphabet and one numeral.
• It can contain a combination of alphabets, numerals, and special characters.
• Do not use any of these special characters in the DCNM password for any deployment mode: <SPACE>
&$%‘“^=<>;:
Setup Options
The setup scenario differs based on the subnet to which you are adding the new switch. You must configure
a Cisco MDS 9000 Family switch or a Cisco Nexus switch with an IP address to enable management
connections from outside of the switch (see Figure 1: Management Access to Switches, on page 15).
Note Press Ctrl + C at any prompt to skip the remaining configuration options and proceed with what is configured
until that point. Entering a new password for the administrator is a requirement and cannot be skipped.
Tip If you do not wish to answer a previously configured question, or if you wish to skip answers to any questions,
press Enter. If a default answer is not available (for example, switch name), the switch uses what was previously
configured and skips to the next question.
Procedure
Step 1 Power on the switch. Switches in the Cisco Nexus and Cisco MDS 9000 Family boot automatically.
Note The password can contain a combination of alphabets, numeric, and special characters. Do not
use any of these special characters in the DCNM password for any deployment mode: <SPACE>
&$%‘“^=<>;:
b) Confirm the administrator password.
Confirm the password for admin: 2008asdf*lkjh17
Tip If a password is trivial (short, easy to decipher), your password configuration is rejected. Be
sure to configure a secure password as shown in the sample configuration. Passwords are case
sensitive.
The setup utility guides you through the basic configuration process. Press Ctrl + C at any prompt to end the
configuration process.
Step 4 Enter the new password for the administrator (Admin is the default).
Enter the password for admin: admin
While configuring your initial setup, you can create an additional user account (in the network administrator
role) in addition to the administrator’s account. See the Security Configuration Guide, Cisco DCNM for SAN
for information on default roles and permissions.
Note User login IDs must contain non-numeric characters.
a) Enter the user login ID [administrator].
Enter the user login ID: user_name
The password can contain a combination of alphabets, numeric, and special characters. Do not use any
of these special characters in the DCNM password for any deployment mode: <SPACE> & $ % ‘ “ ^ =
<>;:
c) Confirm the user password.
Confirm the password for user_name: user-password
b) Enter the SNMPv3 password (minimum of eight characters). The default is admin123.
SNMPv3 user authentication password: admin_pass
Step 7 Enter yes (no is the default) to configure the read-only or read-write SNMP community string.
Configure read-write SNMP community string (yes/no) [n]: yes
Step 10 Enter yes (yes is the default) to configure the default gateway (recommended).
Configure the default-gateway: (yes/no) [y]: yes
Step 11 Enter yes (no is the default) to configure advanced IP options such as in-band management, static routes,
default network, DNS, and domain name.
Configure Advanced IP options (yes/no)? [n]: yes
Note Be sure to configure the IP route, the default network IP address, and the default gateway IP
address to enable SNMP access. If IP routing is enabled, the switch uses the IP route and the
default network IP address. If IP routing is disabled, the switch uses the default gateway IP
address.
d) Enter yes (no is the default) to configure the default network (recommended).
Configure the default network: (yes/no) [n]: yes
Step 13 Enter yes (no is the default) to enable the SSH service.
Enabled SSH server? (yes/no) [n]: yes
Step 15 Enter the number of key bits within the specified range.
Enter the number of key bits? (768 to 2048): 768
Step 16 Enter yes (no is the default) to configure the NTP server.
Configure NTP server? (yes/no) [n]: yes
Configure clock? (yes/no) [n] :yes
Configure clock? (yes/no) [n] :yes
Configure timezone? (yes/no) [n] :yes
Configure summertime? (yes/no) [n] :yes
Configure the ntp server? (yes/no) [n] : yes
Step 17 Enter noshut (shut is the default) to configure the default switch port interface to the shut state.
Configure default switchport interface state (shut/noshut) [shut]: noshut
Step 18 Enter on (on is the default) to configure the switch port trunk mode.
Configure default switchport trunk mode (on/off/auto) [on]: on
Step 20 Enter permit (deny is the default) to deny a default zone policy configuration.
Configure default zone policy (permit/deny) [deny]: permit
This step permits traffic flow to all members of the default zone.
Step 21 Enter yes (no is the default) to disable a full zone set distribution (see the Fabric Configuration Guide, Cisco
DCNM for SAN). Disables the switch-wide default for the full zone set distribution feature.
Enable full zoneset distribution (yes/no) [n]: yes
You see the new configuration. Review and edit the configuration that you have just entered.
Step 22 Enter no (no is the default) if you are satisfied with the configuration.
The following configuration will be applied:
username admin password admin_pass role network-admin
username user_name password user_pass role network-admin
snmp-server community snmp_community ro
switchname switch
interface mgmt0
ip address ip_address subnet_mask
no shutdown
ip routing
ip route dest_prefix dest_mask dest_address
ip default-network dest_prefix
ip default-gateway default_gateway
ip name-server name_server
ip domain-name domain_name
telnet server enable
ssh key dsa 768 force
ssh server enable
ntp server ipaddr ntp_server
system default switchport shutdown
system default switchport trunk mode on
system default port-channel auto-create
zone default-zone permit vsan 1-4093
zoneset distribute full vsan 1-4093
Would you like to edit the configuration? (yes/no) [n]: no
Step 23 Enter yes (yes is default) to use and save this configuration:
Use this configuration and save it? (yes/no) [y]: yes
Caution If you do not save the configuration at this point, none of your changes are updated the next time
the switch is rebooted. Enter yes to save the new configuration to ensure that the kickstart and system
images are also automatically configured.
switch should have its VSAN 1 interface that is configured with an IP address in the same subnetwork. A
default route that points to the switch that provides access to the IP network should be configured on every
switch in the Fibre Channel fabric (see Fabric Configuration Guide, Cisco DCNM for SAN).
Note You can configure both in-band and out-of-band configuration together by entering in the following procedure.
Procedure
Step 1 Power on the switch. Switches in the Cisco MDS 9000 Family boot automatically.
Step 2 Enter the new password for the administrator.
Enter the password for admin: 2004asdf*lkjh18
The password can contain a combination of alphabets, numeric, and special characters. The password can
contain a combination of alphabets, numeric, and special characters. Do not use any of these special characters
in the DCNM password for any deployment mode: <SPACE> & $ % ‘ “ ^ = < > ; :
The setup utility guides you through the basic configuration process. Press Ctrl-C at any prompt to end the
configuration process.
Step 4 Enter no (no is the default) if you do not wish to create more accounts.
Create another login account (yes/no) [no]: no
Step 7 Enter no (yes is the default) at the configuration prompt to configure out-of-band management.
Continue with Out-of-band (mgmt0) management configuration? [yes/no]: no
Step 8 Enter yes (yes is the default) to configure the default gateway.
Configure the default-gateway: (yes/no) [y]: yes
Step 9 Enter yes (no is the default) to configure advanced IP options such as in-band management, static routes,
default network, DNS, and domain name.
Configure Advanced IP options (yes/no)? [n]: yes
a) Enter yes (no is the default) at the in-band management configuration prompt.
Continue with in-band (VSAN1) management configuration? (yes/no) [no]: yes
f) Enter no (no is the default) to skip the default domain name configuration.
Configure the default domain name? (yes/no) [n]: no
Step 11 Enter yes (no is the default) to enable the SSH service.
Enabled SSH service? (yes/no) [n]: yes
Step 12 Enter the SSH key type (see the Security Configuration Guide, Cisco DCNM for SAN) that you want to
generate.
Type the SSH key you would like to generate (dsa/rsa/rsa1)? rsa
Step 13 Enter the number of key bits within the specified range.
Enter the number of key bits? (768 to 1024): 1024
Step 15 Enter shut (shut is the default) to configure the default switch port interface to the shut state.
Configure default switchport interface state (shut/noshut) [shut]: shut
Note The management Ethernet interface is not shut down at this point—only the Fibre Channel, iSCSI,
FCIP, and Gigabit Ethernet interfaces are shut down.
Step 16 Enter auto (off is the default) to configure the switch port trunk mode.
Step 17 Enter deny (deny is the default) to deny a default zone policy configuration.
Configure default zone policy (permit/deny) [deny]: deny
This step denies traffic flow to all members of the default zone.
Step 18 Enter no (no is the default) to disable a full zone set distribution.
Enable full zoneset distribution (yes/no) [n]: no
This step disables the switch-wide default for the full zone set distribution feature.
You see the new configuration. Review and edit the configuration that you have entered.
Step 19 Enter no (no is the default) if you are satisfied with the configuration.
The following configuration will be applied:
username admin password admin_pass role network-admin
snmp-server community snmp_community rw
switchname switch
interface vsan1
ip address ip_address subnet_mask
no shutdown
ip default-gateway default_gateway
no telnet server enable
ssh key rsa 1024 force
ssh server enable
no system default switchport shutdown
system default switchport trunk mode auto
no zone default-zone permit vsan 1-4093
no zoneset distribute full vsan 1-4093
Would you like to edit the configuration? (yes/no) [n]: no
Step 20 Enter yes (yes is default) to use and save this configuration.
Use this configuration and save it? (yes/no) [y]: yes
Caution If you do not save the configuration at this point, none of your changes are updated the next time
the switch is rebooted. Enter yes to save the new configuration. To ensure that the kickstart and
system images are also automatically configured.
The setup utility guides you through the basic configuration process.
Note You must use the CLI for initial switch start up.
Procedure
Step 1 Verify the following physical connections for the new Cisco MDS 9000 Family switch:
• The console port is physically connected to a computer terminal (or terminal server).
• The management 10/100 Ethernet port (mgmt0) is connected to an external hub, switch, or router.
Tip Save the host ID information for future use (for example, to enable licensed features). The host ID
information is provided in the Proof of Purchase document that accompanies the switch.
Step 2 Verify that the default console port parameters are identical to those of the computer terminal (or terminal
server) attached to the switch console port:
• 9600 baud
• 8 data bits
• 1 stop bit
• No parity
After initial configuration, you can access the switch in one of three ways (see Figure 2: Switch Access
Options, on page 24):
• Serial console access—You can use a serial port connection to access the CLI.
• In-band IP (IPFC) access—You can use Telnet or SSH to access a switch in the Cisco MDS 9000 Family
or use Cisco DCNM-SAN to access the switch.
• Out-of-band (10/100BASE-T Ethernet) access—You can use Telnet or SSH to access a switch in the
Cisco MDS 9000 Family or use Cisco DCNM-SAN to access the switch.
• Telnet Client application is not installed by default on Microsoft Windows Vista. To install Telnet Client,
choose Start > Programs > Control Panel > Click Turn Windows features on or off (if you have
UAC turned on, you need to give it the permission to continue). Check the Telnet Client check box and
then click OK.
• You can run CiscoWorks on the same PC as Cisco DCNM even though the Java requirements are different.
When installing the later Java version for Cisco DCNM, make sure that it does not overwrite the earlier
Java version required for CiscoWorks. Both versions of Java can coexist on your PC.
Antivirus exclusion
Scanning the Cisco DCNM includes the scanning of the database files. This process will hamper the
performance on the DCNM while operation. While scanning the Cisco DCNM on Linux RHEL server, exclude
the directory /usr/local/cisco/dcm/db and /var/lib/dcnm.
For more information, refer to
https://wiki.postgresql.org/wiki/Running_%26_Installing_PostgreSQL_On_Native_Windows#Antivirus_software.
Note We recommend you to stop Anti-Virus scanning while installing DCNM because the port being used or
blocked might cause failures. After the installation, you can enable or install Anti-Virus application with
specific guidelines to avoid DCNM directories as part of the scan.
Note This section is not applicable for Cisco DCNM Native HA installation.
You can change from the local database to an external Oracle database, if required.
The Cisco DCNM Database size is not limited and increases based on the number of nodes and ports that the
DCNM manages with Performance Manager Collections enabled. You cannot restrict the database size. Cisco
recommends that you use Oracle SE or Enterprise edition, instead of Oracle XE, due to table space limitations.
This section contains the following:
init.ora File
The init.ora file specifies startup parameters. The default name and location of the file is platform specific,
as shown in Table 5: Name and Default Location of init.ora File , on page 26.
Linux /usr/lib/oracle/orcl/app/oracle/product/11.1.0/db_1/dbs/i
The init.ora file should contain only one line, which is the full path of the server parameter file, as shown in
the following table.
Linux SPFILE='/usr/lib/oracle/orcl/app/oracle/product/11.1.0/db_1/dbs/spfileXE.ora
Procedure
Step 1 Increase the number of sessions and processes to 150 each. For more information, see the Increasing the
Number of Sessions and Processes to 150 Each, on page 29.
Step 2 Increase the number of open cursors to 1000. For more information, see the Increasing the Number of Open
Cursors to 1000, on page 29.
Procedure
Step 4 Enter the password for the username that you specified.
For example, if the Oracle administrator username is system and the password is oracle, you would log in as
follows:
Example:
What to do next
For more information about using SQL*Plus, see the documentation for the Oracle database version that you
are using.
Procedure
Step 1 Use the SQL*Plus command-line tool to log in to the Oracle database. For more information, see the Oracle
SQLPlus Command-Line Tool, on page 26.
Step 2 Enter the following command:
select file_name, bytes, autoextensible, maxbytes
from dba_data_files where tablespace_name='SYSTEM';
where file_name is the filename from the output of the select command in the previous step.
The SYSTEM tablespace is increased.
Procedure
Step 1 Ensure that the init.ora file exists and that it contains the single line that is applicable for your Oracle
database installation. If there are additional lines, remove them.
For more information, see the init.ora File, on page 26.
Step 2 Use the SQL*Plus command-line tool to log in to the Oracle database. For more information, see the Oracle
SQLPlus Command-Line Tool, on page 26.
Step 3 Shut down the system by entering the shutdown command. If the command fails, use the shutdown abort
command.
Step 4 Enter the following command:
startup pfile='init_file_name';
where init_file_name is the init.ora filename for your Oracle database installation. For more information, see
the init.ora File, on page 26.
Step 5 Set the number of sessions to 150 by entering the following command:
alter system set sessions = 150 scope=spfile;
Step 6 Shut down the system by entering the shutdown command. If the command fails, use the shutdown abort
command.
Step 7 Start up the system by entering the startup command.
Step 8 Verify that the number of sessions and processes is changed to 150 by entering the following command:
show parameter sessions
Procedure
Step 1 Ensure that the init.ora file exists and that it contains the single line that is applicable for your Oracle database
installation. If there are additional lines in the file, remove them.
For more information, see the init.ora File, on page 26.
Step 2 Use the SQL*Plus command-line tool to log in to the Oracle database. For more information, see the Oracle
SQLPlus Command-Line Tool, on page 26.
Step 3 Shut down the system by entering the shutdown command. If the command fails, use the shutdown abort
command.
Step 4 Enter the following command:
startup pfile='init_file_name'
where init_file_name is the init.ora filename for your Oracle database installation. For more information, see
the init.ora File, on page 26.
Step 5 Set the number of open cursors to 1000 by entering the following command:
alter system set open_cursors = 1000 scope=spfile;
Step 6 Shut down the system by entering the shutdown command. If the command fails, use the shutdown abort
command.
Step 7 Start up the system by entering the startup command.
Step 8 Verify that the number of open cursors is changed to 1000 by entering the following command:
show parameter open_cursors
Note Ensure you set the Oracle_SID and Oracle_Home and enter the values for the DB Username and password
fields.
Note When a DBA account cannot be created, an account with DML/DDL/schema privilege is sufficient.
Note Ensure that you do not provide multicast addresses to form the federation.
Note User scripts under dcnm/bin can be run only by administrator user.
Note User scripts under dcnm/bin can be run only by administrator user.
Note If you plan to use Federation application functions, you must deploy the dcnm.exe file twice.
Procedure
Step 3 Click on Data Center Network Manager from the search results.
A list of the latest release software for Cisco DCNM available for download is displayed.
Step 6 Locate the DCNM Silent Installer Property Files and click the Download icon.
This file will be used during Silent Installation.
Step 7 Save both the files to your directory that will be easy to find when you begin the installation.
Procedure
Step 2 On the Introduction screen, read the instructions and click Next.
Step 3 Check Add server to existing federation checkbox if DCNM is installed as a secondary appliance in a
Federation setup.
Step 4 Check Secure Ciphers checkbox to allow only switches with strong ciphers to be discovered by DCNM.
Step 5 To install DCNM-SAN and SMI-S for the first time, choose the location for installation. In the Install Location
field, click Choose and provide the appropriate folder path. Click Restore Default Folder if DCNM is installed
as a part of the Federation setup.
Click Next.
In the Service Name field, enter the service name of the Oracle RAC server. Enter a maximum of three host
IP addresses. Click OK. The DB URL is generated.
If the Cisco DCNM installer detected an existing RDBMS installation, the DB URL field shows the hostname.
Note Cisco DCNM installation with existing PostgresSQL requires an existing schema with the same
name as the DCNM username, owned by the same username. When there are no schema existing
with the DCNM username, or if you do not have the ownership of the schema with the same dcnmuser
name, the tables are created in the default schema, known as “public”.
If the tables are created in the default schema, you may encounter authentication issues after upgrading Cisco
DCNM. You will have to create a schema with the sane name as the DCNM username owned by the same
username. For instructions, see User and Schemas, on page 63.
Note In Oracle, when a new user is created, a schema name with the same name as the username is created
automatically.
In the DCNM DB User field, enter the username that Cisco DCNM should use to access the database. In the
DCNM DB Password field, enter the password for the database user account that you specified. If user selects
“Add Server to an existing federation”, modify the database URL by selecting the corresponding RDBMS
option. Because all the servers in federation refer to the same database, you must provide the dcnmuser name
and password of the primary server.
Click Next. Review the limitations with Oracle Database and click OK.
Click Next.
Step 7 In the Port Configuration Options screen, choose the interface and web ports for Cisco DCNM.
• From the Server IP Address list, choose the IP address that you want to use for the Cisco DCNM server.
The list shows only the IP addresses currently that are assigned to network interfaces on the server system.
• If you want to change the port that the Cisco DCNM-SAN web server listens to, enter the new port
number in the SAN Web Server Port field. By default, the Cisco DCNM-SAN web server listens to TCP
port 443.
Note During Cisco DCNM installation, use port numbers that are free. For example, 87 and 23 are
reserved or restricted web ports.
Click Next.
Step 8 In the Choose archive Folder for DCNM screen, provide a folder path to store device configuration files, user
preferences and so on.
Perform one of the following:
• Click Choose to select a path to store the DCNM archive directory.
Note If you must choose a remote system, provide the UNC path. for example:
//Server/Share/directorypath.
• Click on Restore Default Folder to retain the default folder.
Click Next.
Step 9 In the Local User Credentials screen, provide a valid username and password to access DCNM SAN appliances.
• In the Admin Username field, enter a name for a Cisco DCNM server user. The installer creates the Cisco
DCNM server user and assigns the Administrator role to it.
• In the Password field, enter a password for the user, and in the Confirm Password field, reenter the
password.
Adhere to the following password requirements. If you do not comply with the requirements, the DCNM
application might not function properly:
• It must be at least 8 characters long and contain at least one alphabet and one numeral.
• It can contain a combination of alphabets, numerals, and special characters.
• Do not use any of these special characters in the DCNM password for any deployment mode:
<SPACE> & $ % ‘ “ ^ = < > ; :
Click Next.
Step 10 In the Authentication Settings screen, choose the authentication method that the Cisco DCNM server should
use to authenticate users who logon to the Cisco DCNM client. You can choose one of the following:
• Local—Cisco DCNM client users are authenticated by the Cisco DCNM server user accounts only.
• RADIUS—Cisco DCNM client users are authenticated by a RADIUS server.
• TACACS+—Cisco DCNM client users are authenticated by a TACACS+ server.
Step 12 In the Choose Shortcut Folder screen, specify path where you want to create the DCNM icons.
If you want the installer to create the shortcuts for all users who can log into the server system, check the
Create icons for All Users check box.
Click Next.
Step 14 On the confirmation window, click Yes to begin the DCNM installation.
The progress bar description shows the process during the installation.
Step 15 On the Install Complete screen, the installed components are listed. Click Done to start the DCNM server.
Wait until the DCNM is deployed on the system.
Procedure
Step 1 While installing DCNM on the Secondary server, check Add server to existing federation checkbox.
This makes the DCNM installed as a secondary appliance in a Federation setup.
Step 2 Check Secure Ciphers checkbox to allow only switches with strong ciphers to be discovered by DCNM, only
if the Secure Ciphers was enabled on the Primary.
Cisco DCNM uses both strong and weak ciphers when connecting to switches. If user you wants to use only
strong ciphers for network, select the checkbox. Ensure that the switches in your network support strong
ciphers before you select checkbox, as DCNM will not be able to connect to switches which do not support
strong ciphers.
Step 3 Modify the database URL by selecting the corresponding RDBMS option.
Note All the servers in federation refer to the same database, and therefore you must provide the DCNM
user name and password of the primary server. Also, you must provide the database user name and
password of the primary server.
The user name and password of the database are same for all the server installation forming the federation.
Similarly, the user name and password of DCNM are same for all the server installation forming the federation.
Procedure
Step 1 Unzip, extract and open the installer.properties file and update the following properties.
#-----------------BASIC Properties---------------------
DCNM_IP_ADDRESS=<ip_address_of_host_machine>
USER_INSTALL_DIR=C:\\Program Files\\Cisco Systems
INSTALLATION_TYPE=NEW_INSTALL
#INSTALLATION_TYPE=UPGRADE
SAN_FEDERATION=FALSE
#SAN_FEDERATION=TRUE
#----------New Postgres---------------------------------
DCNM_DB_URL=jdbc\:postgresql\://localhost\:5432/dcmdb
DCNM_DB_NAME=dcmdb
SELECTED_DATABASE=postgresql
DCNM_DB_USERNAME=dcnmuser
DCNM_DB_USER_PASSWORD=dcnmuser
PG_DB_PATH=C:\\oraclexe\\app\\oracle\\product\\10.2.0\\server
DECRYPT_PASSWORDS=FALSE
DCNM_ADMIN_USER=admin
DCNM_ADMIN_USER_PASSWORD=admin123
#-----------------User Configuration-----------------
#-----------------------------------------------------------------------
SECURE_CIPHER=FALSE
#SECURE_CIPHER=TRUE
#-----------------------------------------------------------------------
Step 5 Navigate to the directory where you downloaded the Cisco DCNM Windows software and run the appropriate
installer by using the following command:
dcnm-release.exe -i silent -f path_of_installer.properties_file
You can check the status of installation in the Task Manager process.
Procedure
Step 1 On the Secondary server, unzip, extract and open the installer.properties file and update the
following properties.
#-----------------BASIC Properties---------------------
DCNM_IP_ADDRESS=<ip_address_of_host_machine>
USER_INSTALL_DIR=C:\\Program Files\\Cisco Systems
INSTALLATION_TYPE=NEW_INSTALL
#INSTALLATION_TYPE=UPGRADE
#SAN_FEDERATION=FALSE
SAN_FEDERATION=TRUE
Step 4 Navigate to the directory where you downloaded the Cisco DCNM software and run the appropriate installer
by using the following command:
dcnm-release.exe -i silent -f path_of_installer.properties_file
You can check the status of installation in the Task Manager process. The prompt will return after the silent
install is complete.
Note If you plan to use Federation application functions, you must deploy the dcnm.bin file twice.
Procedure
Step 3 Click on Data Center Network Manager from the search results.
A list of the latest release software for Cisco DCNM available for download is displayed.
Step 6 Locate the DCNM Silent Installer Property Files and click the Download icon.
This file will be used during Silent Installation.
Step 7 Save both the files to your directory that will be easy to find when you begin the installation.
Procedure
Step 2 On the Introduction screen, read the instructions and click Next.
Step 3 Check Add server to existing federation checkbox if DCNM is installed as a secondary appliance in a
Federation setup.
Step 4 Check Secure Ciphers checkbox to allow only switches with strong ciphers to be discovered by DCNM.
Step 5 To install DCNM-SAN and SMI-S for the first time, choose the location for installation. In the Install Location
field, click Choose and provide the appropriate folder path. Click Restore Default Folder if DCNM is installed
as a part of the Federation setup.
Click Next.
In the Service Name field, enter the service name of the Oracle RAC server. Enter a maximum of three host
IP addresses. Click OK. The DB URL is generated.
If the Cisco DCNM installer detected an existing RDBMS installation, the DB URL field shows the hostname.
Note Cisco DCNM installation with existing PostgresSQL requires an existing schema with the same
name as the DCNM username, owned by the same username. When there are no schema existing
with the DCNM username, or if you do not have the ownership of the schema with the same dcnmuser
name, the tables are created in the default schema, known as “public”.
If the tables are created in the default schema, you may encounter authentication issues after upgrading Cisco
DCNM. You will have to create a schema with the sane name as the DCNM username owned by the same
username. For instructions, see User and Schemas, on page 63.
Note In Oracle, when a new user is created, a schema name with the same name as the username is created
automatically.
In the DCNM DB User field, enter the username that Cisco DCNM should use to access the database. In the
DCNM DB Password field, enter the password for the database user account that you specified. If user selects
“Add Server to an existing federation”, modify the database URL by selecting the corresponding RDBMS
option. Because all the servers in federation refer to the same database, you must provide the dcnmuser name
and password of the primary server.
Click Next. Review the limitations with Oracle Database and click OK.
Click Next.
Step 7 In the Port Configuration Options screen, choose the interface and web ports for Cisco DCNM.
• From the Server IP Address list, choose the IP address that you want to use for the Cisco DCNM server.
The list shows only the IP addresses currently that are assigned to network interfaces on the server system.
• If you want to change the port that the Cisco DCNM-SAN web server listens to, enter the new port
number in the SAN Web Server Port field. By default, the Cisco DCNM-SAN web server listens to TCP
port 443.
Note During Cisco DCNM installation, use port numbers that are free. For example, 87 and 23 are
reserved or restricted web ports.
Click Next.
Step 8 In the Choose archive Folder for DCNM screen, provide a folder path to store device configuration files, user
preferences and so on.
Perform one of the following:
• Click Choose to select a path to store the DCNM archive directory.
Note If you must choose a remote system, provide the UNC path. for example:
//Server/Share/directorypath.
• Click on Restore Default Folder to retain the default folder.
Click Next.
Step 9 In the Local User Credentials screen, provide a valid username and password to access DCNM SAN appliances.
• In the Admin Username field, enter a name for a Cisco DCNM server user. The installer creates the Cisco
DCNM server user and assigns the Administrator role to it.
• In the Password field, enter a password for the user, and in the Confirm Password field, reenter the
password.
Adhere to the following password requirements. If you do not comply with the requirements, the DCNM
application might not function properly:
• It must be at least 8 characters long and contain at least one alphabet and one numeral.
• It can contain a combination of alphabets, numerals, and special characters.
• Do not use any of these special characters in the DCNM password for any deployment mode:
<SPACE> & $ % ‘ “ ^ = < > ; :
Click Next.
Step 10 In the Authentication Settings screen, choose the authentication method that the Cisco DCNM server should
use to authenticate users who logon to the Cisco DCNM client. You can choose one of the following:
• Local—Cisco DCNM client users are authenticated by the Cisco DCNM server user accounts only.
• RADIUS—Cisco DCNM client users are authenticated by a RADIUS server.
• TACACS+—Cisco DCNM client users are authenticated by a TACACS+ server.
a) In the primary server address field, enter the IPv4 address of the server in dotted-decimal format.
b) In the primary server key field, enter the shared secret of the server.
c) (Optional) If you want to ensure that Cisco DCNM can communicate with the server, click Verify.
d) In the secondary server address field, enter the IPv4 address of the server in dotted-decimal format.
e) In the secondary server key field, enter the shared secret of the server.
f) (Optional) If you want to ensure that Cisco DCNM can communicate with the server, click Verify.
g) In the tertiary server address field, enter the address of the server in the dotted-decimal format.
h) In the tertirary server key field, enter the shared secret of the server.
i) (Optional) If you want to ensure that Cisco DCNM can communicate with the server, click Verify.
Click Next.
The Choose Link Folder will be skipped and by default the location is /root directory.
Step 13 On the confirmation window, click Yes to begin the DCNM installation.
The progress bar description shows the process during the installation.
Step 14 On the Install Complete screen, the installed components are listed. Click Done to start the DCNM server.
Wait until the DCNM is deployed on the system.
Procedure
Step 1 While installing DCNM on the Secondary server, check Add server to existing federation checkbox.
This makes the DCNM installed as a secondary appliance in a Federation setup.
Step 2 Check Secure Ciphers checkbox to allow only switches with strong ciphers to be discovered by DCNM, only
if the Secure Ciphers was enabled on the Primary.
Cisco DCNM uses both strong and weak ciphers when connecting to switches. If user you wants to use only
strong ciphers for network, select the checkbox. Ensure that the switches in your network support strong
ciphers before you select checkbox, as DCNM will not be able to connect to switches which do not support
strong ciphers.
Step 3 Modify the database URL by selecting the corresponding RDBMS option.
Note All the servers in federation refer to the same database, and therefore you must provide the DCNM
user name and password of the primary server. Also, you must provide the database user name and
password of the primary server.
The user name and password of the database are same for all the server installation forming the federation.
Similarly, the user name and password of DCNM are same for all the server installation forming the federation.
Procedure
Step 1 Unzip, extract and open the installer.properties file and update the following properties.
#-----------------BASIC Properties---------------------
DCNM_IP_ADDRESS=<ip_address_of_host_machine>
INSTALLATION_TYPE=NEW_INSTALL
#INSTALLATION_TYPE=UPGRADE
SAN_FEDERATION=FALSE
#SAN_FEDERATION=TRUE
#-----------------User Configuration-----------------
#DCNM User Configuration Properties
#If you want to use special characters in DCNM_ADMIN
#credentials,Please use escape character(\) before
#the symbol [For eg. Password "an$6x12" must be specified as "an\$6x12" ].
#----------------------------------------------------
DECRYPT_PASSWORDS=FALSE
DCNM_ADMIN_USER=admin
DCNM_ADMIN_USER_PASSWORD=admin123
#-----------------User Configuration-----------------
#-----------------------------------------------------------------------
SECURE_CIPHER=FALSE
#SECURE_CIPHER=TRUE
#-----------------------------------------------------------------------
Step 5 Navigate to the directory where you downloaded the Cisco DCNM Linux software and run the appropriate
installer by using the following command:
dcnm-release.bin -i silent -f path_of_installer.properties_file
You can check the status of installation by using the following command ps -ef | grep ‘LAX’. The prompt
will return after the silent install is complete.
Procedure
Step 1 On the Secondary server, unzip, extract and open the installer.properties file and update the
following properties.
#-----------------BASIC Properties---------------------
DCNM_IP_ADDRESS=<ip_address_of_host_machine>
INSTALLATION_TYPE=NEW_INSTALL
#INSTALLATION_TYPE=UPGRADE
#SAN_FEDERATION=FALSE
SAN_FEDERATION=TRUE
Cisco DCNM Installer version Release from which you can upgrade
You can migrate Cisco DCNM with a local PostgreSQL database and an external Oracle database and Cisco
DCNM in a High Availability (HA) environment. You must provide username and password for external
oracle database.
Note When upgrading to a newer DCNM version, you should use the same administrative password (as used in the
existing setup) for the new DCNM setup. If you want to use a different password in the new setup, change
the password in the existing DCNM setup before taking a backup and initiating the upgrade process.
Prior to Cisco DCNM Release 11.0(1), DCNM OVA and ISO supported SAN functionality. Beginning with
Cisco DCNM 11.0(1), OVA and ISO does not ship with SAN support. You can upgrade to Release 11.0(1)
only from DCNM Release 10.4(2).
The following table summarizes the upgrade options for Cisco DCNM 11.0(1).
LAN, SAN, Auto-Config Classic LAN • Upgrade is not possible if SAN is used or is
BottomUp configuration is used in 10.4(2).
• Upgrade is possible to LAN Fabric Deployment if
SAN and TopDown configurations is used in
10.4(2).
• Upgrade is possible to Classic LAN Deployment
if SAN and TopDown configurations are not used
in 10.4(2).
Adhere to the following password requirements. If you do not comply with the requirements, the DCNM
application might not function properly:
• It must be at least 8 characters long and contain at least one alphabet and one numeral.
• It can contain a combination of alphabets, numerals, and special characters.
• Do not use any of these special characters in the DCNM password for all platforms:
<SPACE> & $ % ‘ “ ^ = < > ; :
Clear the browser cache before you launch the Cisco DCNM Web UI using the Management Network IP
address, after upgrade. For instructions on how to clear the browser cache, see Clearing Browser Cache, on
page 7.
This chapter contains the following:
• Retaining the CA Signed Certificate, on page 48
• Upgrading Cisco DCNM on Windows, on page 49
• Upgrading Cisco DCNM on Linux, on page 52
Procedure
Procedure
Note Ensure that both primary and secondary database properties are same.
Procedure
Step 5 On the secondary server, perform run the Cisco DCNM Release 11.0(1) executable file.
Upgrade notification window appears.
Note Cisco DCNM supports Silent installation and upgrade only on Local Authorization mode and not on Remote
Authorization mode.
Procedure
Step 3 Go to the directory where you downloaded the Cisco DCNM software and run the appropriate installer by
using the following command:
Note Cisco DCNM supports Silent installation and upgrade only on Local Authorization mode and not on Remote
Authorization mode.
Note Ensure that both primary and secondary database properties are same.
Procedure
INSTALLATION_TYPE=UPGRADE
USE_EXISTING_DB=TRUE
Step 3 Go to the directory where you downloaded the Cisco DCNM software and run the appropriate installer by
using the following command:
dcnm-release.exe -i silent -f <path_of_installer.properties>
You can check the status of the upgrade in the Task Manager process.
The Cisco DCNM Release 11.0(1) services will start automatically on the primary server.
Step 4 On the secondary server, open the installer.properties file and update the following properties:
INSTALLATION_TYPE=UPGRADE
USE_EXISTING_DB=TRUE
Step 5 Go to the directory where you downloaded the Cisco DCNM software and run the appropriate installer by
using the following command:
dcnm-release.exe -i silent -f <path_of_installer.properties>
You can check the status of the upgrade in the Task Manager process.
The Cisco DCNM Release 11.0(1) services will start automatically on the secondary server.
Note Ensure that you clear the browser cache before you launch the Cisco DCNM Web UI using the
Management Network IP address. For instructions on how to clear the browser cache, see Clearing
Browser Cache, on page 7.
Procedure
Note Ensure that both primary and secondary database properties are same.
Procedure
The Cisco DCNM Release 11.0(1) services will start automatically on the primary server.
Step 5 On the secondary server, perform run the Cisco DCNM Release 11.0(1) executable file.
Upgrade notification window appears.
Note Cisco DCNM supports Silent installation and upgrade only on Local Authorization mode and not on Remote
Authorization mode.
Note You must use the same database for Release 11.0(1) as in Release 10.4(2).
Procedure
Step 3 Go to the directory where you downloaded the Cisco DCNM software and run the appropriate installer by
using the following command:
dcnm-release.bin -i silent -f <path_of_installer.properties>
The Cisco DCNM Release 11.0(1) services will start after the upgrade is complete.
You can check the status of the upgrade process by using the following command: ps -ef | grep ‘LAX’. The
prompt will return after the silent install is complete.
Note Ensure that you clear the browser cache before you launch the Cisco DCNM Web UI using the
Management Network IP address. For instructions on how to clear the browser cache, see Clearing
Browser Cache, on page 7.
Note Cisco DCNM supports Silent installation and upgrade only on Local Authorization mode and not on Remote
Authorization mode.
Note Ensure that both primary and secondary database properties are same as in 10.4(x).
Procedure
INSTALLATION_TYPE=UPGRADE
USE_EXISTING_DB=TRUE
Step 3 Go to the directory where you downloaded the Cisco DCNM software and run the appropriate installer by
using the following command:
dcnm-release.bin -i silent -f <path_of_installer.properties>
You can check the status of the upgrade process by using the following command: ps -ef | grep ‘LAX’. The
prompt will return after the silent install is complete.
The Cisco DCNM Release 11.0(1) services will start automatically on the primary server.
Step 4 On the primary server, click Done after the upgrade is complete.
The Cisco DCNM Release 11.0(1) services will start automatically on the primary server.
Step 5 On the secondary server, open the installer.properties file and update the following properties:
INSTALLATION_TYPE=UPGRADE
USE_EXISTING_DB=TRUE
Step 6 Go to the directory where you downloaded the Cisco DCNM software and run the appropriate installer by
using the following command:
dcnm-release.bin -i silent -f <path_of_installer.properties>
You can check the status of the upgrade process by using the following command: ps -ef | grep ‘LAX’. The
prompt will return after the silent install is complete.
The Cisco DCNM Release 11.0(1) services will start automatically on the secondary server.
Note Ensure that you clear the browser cache before you launch the Cisco DCNM Web UI using the
Management Network IP address. For instructions on how to clear the browser cache, see Clearing
Browser Cache, on page 7.
DCNM managed devices. The following tables list the ports which are used for communication between Cisco
DCNM and managed devices, such as switches and storage devices.
The following table lists all ports used for communication between DCNM Web Client, DCNM SAN Client,
Device Manager, SSH Client and DCNM Server.
The following table lists all ports used for communication between the Cisco DCNM Server and other services
which can be hosted on either side of the firewall.
The following table lists all ports used for communication between Cisco DCNM Server and Managed devices.
Procedure
Example
The following example shows the sample output for creating new users
dcnm# create user user1
password: password
dcnm# create schema user1 authorization user1;
dcnm# grant all on schema user1 to user1;
Procedure
Example
The following example shows the sample output for creating new users
dcnm# drop user user_old cascade
dcnm# drop schema user_old cascade
dcnm# create user user_new
password: password
dcnm# create schema user_new authorization user_new;
dcnm# grant all on schema user_new to user_new;
Procedure
to
<DCNM_install_root>\dcm\wildfly-10.1.0.Final\standalone\configuration\fmserver.jks.old
Step 3 From command prompt, navigate to the appropriate folder:
<DCNM install root>\dcm\java\jre1.8\bin\
Step 4 Generate the public-private key pair in DCNM keystore by using the following command:
keytool -genkey -keyalg RSA -sigalg SHA256withRSA -alias sme -keystore
"<DCNM_install_root>\dcm\wildfly-10.1.0.Final\standalone\configuration\fmserver.jks" -storepass
fmserver_1_2_3 -validity 360 -keysize 2048
Step 5 Generate the certificate-signing request (CSR) from the public key generated in Step 7, on page 67.
keytool -certreq -alias sme -file dcnm.csr -keystore "<DCNM install
root>\dcm\wildfly-10.1.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3
Note The dcnm.csr file is created in the keytool directory, located at
/usr/local/cisco/dcm/java/jre1.8/bin.
Step 6 Submit the CSR to CA, and download the signed certificate chain in Base-64 format which creates the .p7b
file.
CA may provide the certificate and signing certificate as certificate chain in PKCS 7 format ( .p7b file) or
PEM ( .pem ) file. If CA provided PKCS 7 format go to Step 7, on page 67 to convert it to PEM format. If
CA provided PEM format, then go to Step 8, on page 67.
Step 7 Convert the PKCS 7 certificate chain to X509 certificate chain using openssl.
openssl pkcs7 -print_certs -in cert-chain.p7b -out cert-chain.pem
Note Ensure that the user provides either absolute or relative path to the correct location of
cert-chain.p7b file in the above command.
Step 8 Import the intermediate certificate first, then the root certificate, and finally the signed certificate by following
these steps:
keytool -importcert -trustcacerts -file cert-chain.pem -keystore
"<DCNM_install_root>\dcm\wildfly-10.1.0.Final\standalone\configuration\fmserver.jks" -storepass
fmserver_1_2_3 -alias sme
Note Ensure that the user provides either the absolute path or relative path to the correct location of the
cert-chain.pem file in the above command.
Step 1 Stop the DCNM services, or the DCNM application by using the appmgr stop dcnm command.
Step 2 Rename the keystore that is located at:
<DCNM_install_root>/dcm/wildfly-10.1.0.Final/standalone/configuration/fmserver.jks
To
<DCNM_install_root>/dcm/wildfly-10.1.0.Final/standalone/configuration/fmserver.jks.old
Step 3 From command prompt, navigate to the appropriate folder:
<DCNM install root>/dcm/java/jre1.8/bin/
Step 4 Generate the public-private key pair in DCNM keystore by using the following command:
./keytool -genkey -keyalg RSA -sigalg SHA256withRSA -alias sme -keystore
<DCNM_install_root>/dcm/wildfly-10.1.0.Final/standalone/configuration/fmserver.jks -storepass
fmserver_1_2_3 -validity 360 -keysize 2048
Step 5 Generate the certificate-signing request (CSR) from the public key that is generated in Step 7, on page 68.
./keytool -certreq -alias sme -file dcnm.csr -keystore "<DCNM install
root>/dcm/wildfly-10.1.0.Final/standalone/configuration/fmserver.jks" -storepass fmserver_1_2_3
Note The dcnm.csr file is created in the keytool directory, which is located at
/usr/local/cisco/dcm/java/jre1.8/bin.
Step 6 Submit the CSR to CA, and download the signed certificate chain in Base-64 format which creates the .p7b
file.
CA may provide the certificate and signing certificate as a certificate chain in PKCS 7 format (.p7b file) or
PEM (.pem) file. If CA provided the certificate chain in PKCS 7 format, go to Step 7, on page 68 to convert
it to PEM format. If CA provided the certificate chain in PEM format, then go to Step 8, on page 68.
Step 7 Convert the PKCS 7 certificate chain to the X509 certificate chain using OpenSSL.
openssl pkcs7 -print_certs -in cert-chain.p7b -out cert-chain.pem
Note Ensure that the user provides either absolute or relative path to the correct location of
cert-chain.p7b file in the above command.
Step 8 Import the intermediate certificate first, then the root certificate, and finally the signed certificate by following
these steps:
./keytool -importcert -trustcacerts -file cert-chain.pem -keystore
<DCNM_install_root>/dcm/wildfly-10.1.0.Final/standalone/configuration/fmserver.jks -storepass
fmserver_1_2_3 -alias sme
Note Ensure that the user provides either the absolute path or relative path to the correct location of the
cert-chain.pem file in the above command.
Step 9 Start the applications in the server by using the appmgr start dcnm command.
Procedure
Step 1 Stop the DCNM services, or the DCNM application by using the appmgr stop dcnm command.
Step 2 Rename the keystore located at:
<DCNM_install_root>/dcm/wildfly-10.1.0.Final/standalone/configuration/fmserver.jks
to
<DCNM_install_root>/dcm/wildfly-10.1.0.Final/standalone/configuration/fmserver.jks.old
Step 3 From command prompt, navigate to <DCNM install root>/dcm/java/jre1.8/bin/.
Step 4 Generate the RSA private key using OpenSSL.
openssl genrsa -out dcnm.key 2048
Step 9 Import the intermediate certificate, the root certificate, and the signed certificate in the same order.
./keytool -importkeystore -srckeystore dcnm.p12 -srcstoretype PKCS12 -destkeystore
<DCNM_install_root>/dcm/wildfly-10.1.0.Final/standalone/configuration/fmserver.jks -deststoretype
JKS -name sme
Note Ensure that the user provides either absolute path or relative path to the correct location of
cert-chain.pem, dcnm.key, and dcnm.p12 files in the above command.
Step 10 Start the DCNM services, or the DCNM applications in the server by using the appmgr start dcnm command.
Collecting PM Data
To setup a shared rrd path to collect PM data, perform these steps:
Procedure
What to do next
Once PM server is ready, the new shared location will be used by the PM server to save .rrd files. PM will
create a new directory called db under pm. Ensure you do not open or change these .rrd files as PM server is
actively writing into the .rrd files.
Note You must enable SSL/HTTPS on the Cisco DCNM before you add a CA signed SSL certificate. Therefore,
perform the procedure in the below mentioned order.
Procedure
Step 1 Configure the primary server with a self signed SSL certificate.
Note In a CA signed certificate, each server has their own certificate generated. Ensure that the certificate
is signed by the signing certificate chain which is common for both the servers.