No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Installation Guide

OceanStor 5000, 5000F, 6000, and 6000F V5 Series V500R007

This document is applicable to OceanStor 5110 V5, 5110F V5, 5300 V5, 5300F V5, 5500 V5, 5500F V5, 5600 V5, 5600F V5, 5800 V5, 5800F V5, 6800 V5, and 6800F V5 storage systems. It describes hardware installation of those storage systems for helping you easily and quickly finish the installation.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the NTP Service (Windows)

Configuring the NTP Service (Windows)

This section describes how to configure the NTP service on the Windows server, import the NTP certificate and configure the NTP parameter on DeviceManager, and enable the storage system to normally synchronize time.

Configuring an NTP Service on the Server

This section describes how to log in to the CLI of a storage device through a management network port of a server running Windows for device management and maintenance.

Prerequisites
  • You have logged in to a Windows operating system through the management network port.
  • The NTP server has been set up on the Windows server. You can download the NTP software from Meinberg website. See the installation guide at https://www.satsignal.eu/ntp/setup.html.
NOTE:
  • Before installation, run the net stop w32Time command to disable the Windows Time (w32Time) service.
  • In this section, NTP is installed in C:\Tools\ as an example.
Procedure
  1. Log in to the server remotely through the maintenance terminal.

    1. Choose Start > All Programs > Accessories > Remote Desktop Connection.

      The Remote Desktop Connection dialog box is displayed.

    2. In Computer, enter the IP address of the management network port on the server, and press Enter.
    3. Enter the user name and password, and press Enter.

      The main interface of the server is displayed.

  2. On the Windows desktop, double-click Computer, select the proper disk, and create the directory for saving certificate and private key files.

    For example, you can create folder ntp_config in disk D.

  3. Generate the certificate and private key file.

    1. Open the command window.
      1. Press Windows+R to open the Run dialog box.
      2. Type cmd and press Enter.

        The command window is displayed.

    2. Run d: to enter disk D.
    3. Run the cd ntp_config command to open the folder ntp_config.
    4. Run the ntp-keygen -c RSA-SHA256 -m 2048 -p server_password -T -H -l 3650 command to generate the private key file.

      server_password is the private key encryption password when the certificate is generated. 3650 indicates the validity period and is variable.

      The execution result is as follows:

      C:\Users\xxx>D: 
      D:\>cd ntp_config 
      D:\ntp_config>ntp-keygen -c RSA-SHA256 -m 2048 -p server_password -T -H -l 3650 
      Unable to initialize .rnd file 
      Using OpenSSL version OpenSSL 1.0.2k  26 Jan 2017 
      Using host ctuy5y002941131 group ctuy5y002941131 
      Generating RSA keys (2048 bits)... 
      RSA                                             3 1 2 
      Generating new host file and link 
      ntpkey_host_ctuy5y002941131->ntpkey_RSAhost_ctuy5y002941131.3707467127 
      Using host key as sign key 
      Generating new certificate ctuy5y002941131 RSA-SHA256 
      X509v3 Basic Constraints: critical,CA:TRUE 
      X509v3 Key Usage: digitalSignature,keyCertSign 
      X509v3 Extended Key Usage: trustRoot 
      Generating new cert file and link 
      ntpkey_cert_ctuy5y002941131->ntpkey_RSA-SHA256cert_ctuy5y002941131.3707467127     

    The NTP server on the Windows operating system has a problem. When the certificate length is set to 2048, the generated certificate fails to be signed, causing the storage system synchronization time to be slow. Besides, an alarm indicating that the time server cannot be used is reported. If the certificate length is set to 1024, such problem will not occur but the certificate security decreases. If a certificate with higher security level is required, it is advised to use the NTP server on the Linux operating system and generate related certificates on this server.

  4. Run the hostname command to obtain the host name.

    This section uses the host name Storage as an example.

  5. Modify the NTP configuration file.

    Enter C:\Tools\NTP\etc\, open the ntp.conf file in a text editor, and add the following information at the beginning and end of the file:

    • Add the following information at the beginning of the file:

      crypto pw server_password host Storage ident Storage

      keysdir "D:\ntp_config"

    • Add the following information at the end of the file:

      server 127.127.1.0

      fudge 127.127.1.0 stratum 10

    NOTE:

    server_password is the private key encryption password used in generating the certificate (which can be specified by the user), Storage is the host name, and D:\ntp_config is the directory where the certificate and private key files are saved.

  6. On CLI, run the net stop ntp and net start ntp commands to restart the NTP service.

    NOTE:

    If multiple NTP servers need to be configured, you can copy ntpkey_cert_Storage and ntpkey_host_Storage files generated in Step 3 to the corresponding directory of other NTP servers and change the file permission to be the same as on the original server. Configure the ntp.conf file under this server and restart the NTP service.

  7. Share the ntp_config directory.

    1. On the Windows system, enter D:\, select ntp_config and right-click.
    2. In the displayed dialog box, click the Share tab.
    3. Click Share..., and the File Sharing dialog box is displayed.
    4. In the drop box, select Everyone or enter the user name to whom the directory is shared and click Add.
    5. Click Share, and wait about ten seconds. Then Your folder is shared. is displayed.
    6. Click Done and click Close in the Map Properties dialog box to complete sharing the ntp_config directory.

Configuring NTP Parameters on the Storage System

If the time of a storage system is inaccurate, adjust it. In this way, when alarms are generated, you can accurately determine the alarm generation time based on alarm logs. This section describes how to set the NTP service on the maintenance terminal and enable the storage system to synchronize the server time.

Prerequisites
  • The IP address of a network time protocol (NTP) server has been obtained.
  • The login user name and password of the NTP server have been obtained.
  • You have configured the maintenance terminal with a Windows operating system.
  • The maintenance terminal communicates with the storage system properly.
Procedure
  1. Obtain the certificate from the NTP server and copy it to the maintenance terminal.

    1. On the maintenance terminal, press Win+R.

      The Run dialog box is displayed.

    2. Enter \\NTP server IP address and click OK.

      The maintenance terminal attempts to remotely access the NTP server.

    3. Enter the Username and Password of the NTP server and click OK to enter the shared directory.
    4. Enter the ntp_config folder and select the NTP certificate that contains the ntpkey_cert field and press Ctrl+C to copy the certificate.
    5. Go back to the maintenance terminal desktop and press Ctrl+V to copy the NTP certificate to the maintenance terminal.
    6. Right-click the NTP certificate file and then select Rename from the shortcut menu. Add the .crt extension to the file name, and click Enter.

  2. Log in to DeviceManager through the maintenance terminal.
  3. Import and activate the signed certificate.

    1. Choose Settings > Storage Settings > Value-added Service Settings > Credential Management.
    2. Click Import and Activate.

      The Import Certificate dialog box is displayed.

    3. In Certificate Type, select NTP certificate.
    4. Click Select next to CA Certificate File.

      In the dialog box that is displayed, find the NTP file directory, select the NTP certificate, and click Open.

    5. Click OK.

      The security alert dialog box is displayed.

    6. Confirm the information of the dialog box and select I have read and understand the consequences associated with performing this operation, and then click OK.

      The Success dialog box is displayed.

    7. Click OK.

      The certificate list shows imported certificates.

  4. Configure the NTP parameter.

    1. Choose Settings > Basic Information > Device Time.
    2. Select Set NTP automatic synchronization.
    3. Type the IPv4 address, IPv6 address or domain name of the NTP server in NTP Server Address.
      NOTE:
      • A maximum of two NTP servers can be added. If the time of the one NTP server cannot be automatically synchronized to devices, the system synchronizes the time of another NTP server to devices.
      • Ensure that the time of two NTP servers is consistent.
    4. In NTP Authentication, select Enable.
    NOTE:

    Some device models do not support this function. Only when NTPv4 or later is used, NTP authentication can be enabled to complete identity authentication for the NTP server and automatically synchronize the system clock to storage devices.

  5. Confirm the NTP configuration.

    1. Click Save.

      The Warning dialog box is displayed.

    2. Confirm the information in the dialog box and select I have read and understand the consequences associated with performing this operation.
    3. Click OK.

      The Execution Result dialog box is displayed, indicating that the operation succeeded.

    4. Click Close.

Translation
Download
Updated: 2019-07-11

Document ID: EDOC1000181531

Views: 93560

Downloads: 869

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next