No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Single-Node System Software Installation Guide (SUSE Linux) 09

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Commissioning the eSight Infrastructure Manager

(Optional) Commissioning the eSight Infrastructure Manager

After installing the eSight Infrastructure Manager, commission the Infrastructure Management functions before using eSight to manage data center facilities.

Configuring the Communication Security Between Devices and the Infrastructure Management

Configuring Infrastructure Management Protocol

By default, the Infrastructure Management communicates with devices only through security protocols and arithmetic. If the Infrastructure Management wants to communicate with devices through non-secure protocols or arithmetic, perform operations described in this section.

Prerequisites

You have logged in to the eSight Infrastructure Management Maintenance Tool client using a browser.

Context

This operation will undermine the security of the transmission between the NetEco and NEs. Therefore, exercise caution when deciding to perform this operation.

NOTE:
If the Infrastructure Management protocol is not configured, the site cannot be displayed on the Configuration > Configuration Management > Uncreated Device Information page of the Infrastructure Management client.

Procedure

  1. In the navigation tree on the left side, choose Infrastructure Management System Maintenance > Neteco Protocol And Algorithm Switch.
  2. Set the NetEco protocol to ON or OFF based on the following scenarios, and click Confirm.

    Protocol and Algorithm

    Description

    TLSv1 Protocol(Control Base Station)

    By default, base stations are not allowed to connect to the Infrastructure Management server using TLSv1. If base stations can connect to the Infrastructure Management server only using TLSv1, enable the protocol or upgrade base stations to a version supporting TLSv1.1 or later.

    SSLv3 Protocol

    By default, base stations are not allowed to connect to the Infrastructure Management server using SSLv3. If base stations can connect to the Infrastructure Management server only using SSLv3, enable the protocol or upgrade base stations to a version supporting TLSv1.1 or later.

    Weak algorithm suite

    By default, base stations are not allowed to connect to the Infrastructure Management server in SSL mode using a weak algorithm suite. If base stations can connect to the Infrastructure Management server in SSL mode only using a weak algorithm suite, enable the weak algorithm suite or upgrade base stations to a version supporting a strong algorithm suite.

    Anonymous authentication algorithm suite

    By default, base stations are not allowed to connect to the Infrastructure Management server in SSL mode using an anonymous authentication algorithm suite. If base stations can connect to the Infrastructure Management server in SSL mode only using an anonymous authentication algorithm suite, enable the anonymous authentication algorithm suite.

    Weak identity authentication

    By default, weak identity authentication is not allowed between base stations and the Infrastructure Management server. If only weak identity authentication can be used between base stations and the Infrastructure Management server, enable weak identity authentication or upgrade base stations to a version supporting strong identity authentication.

    TLSv1 Protocol(Control Energy Controller)

    By default, energy controllers are not allowed to connect to the Infrastructure Management server using TLSv1. If energy controllers can connect to the Infrastructure Management server only using TLSv1, enable the protocol or upgrade energy controllers to a version supporting TLSv1.1 or later.

    Connection in non-SSL mode

    By default, connection in non-SSL mode is not allowed between energy controllers and the Infrastructure Management server. If only connection in non-SSL mode can be used between energy controllers and the Infrastructure Management server, enable connection in non-SSL mode or upgrade energy controllers to a version supporting connection in SSL mode.

    Adaptive mode

    By default, the connection between energy controllers and the Infrastructure Management server does not support the adaptive mode. If the default connection between energy controllers and the Infrastructure Management server supports only the adaptive mode, enable the adaptive mode.

    FTP Services

    By default, the FTP service uses ciphertext transmission. If the FTP service supports only plaintext transmission, enable plaintext transmission.

    non-transport layer security protocol

    Modbus, Telcom, or access control NE mediation software that does not support the TLS protocol exists in the system. Please determine whether to turn on this switch.

    SNMP protocol

    NE mediation software that supports the insecure SNMP protocol exists in the system. Please determine whether to turn on this function.

    IPMI 1.5 protocol

    NE mediation software that supports the IPMI 1.5 protocol does not exist in the system. You do not need to turn on this function.

  3. Click Confirm in the displayed version.
  4. Restart the eSight service to bring the configurations into effect.
Configuring Reauthentication

To enable a device to access the Infrastructure Management through the energy control center (ECC) over the Modbus, Telcom, or access control protocol, configure the ECC reauthentication password on the device and Infrastructure Management. Keep the password consistent on the device and Infrastructure Management so that the device and Infrastructure Management can mutually authenticate each other.

Prerequisites

  • The eSight Infrastructure Manager has been installed.
  • You have logged in to the Infrastructure Management client using a web browser.

Context

Table 9-2 lists the preset user names and passwords for reauthentication in the scenarios where devices access the Infrastructure Management through the ECC over the Modbus, Telcom, or access control protocol.

Change the user passwords periodically (every three or six months for example) to improve system security and prevent security risks such as brute force cracking of passwords.

Table 9-2 Preset user names and passwords for reauthentication

Device

User Name

Preset Password

Description

ECC500

emscomm

.3N:{Se7q4152H5X

Preset user name and password used for reauthentication when a device accesses the Infrastructure Management through ECC transparent transmission over the Modbus or Telcom protocol.

ECC800

emscomm

Modifyme_123

Default user name and password used for reauthentication when a device accesses the Infrastructure Management through ECC transparent transmission over the Modbus or Telcom protocol.

UPS2000-G

emscomm

Modifyme_123

Preset user name and password used for reauthentication when a UPS2000-G accesses the Infrastructure Management through ECC transparent transmission over the Modbus-TCP protocol.

UPS5000-E

emscomm

Modifyme_123

Preset user name and password used for reauthentication when a UPS5000-E accesses the Infrastructure Management through ECC transparent transmission over the Modbus-TCP protocol.

CIM

emscomm

Modifyme_123

Preset user name and password used for reauthentication when a CIM accesses the Infrastructure Management through ECC transparent transmission over the Modbus-TCP protocol.

ACC

emscomm

Modifyme_123

Preset user name and password used for reauthentication when an ACC accesses the Infrastructure Management through ECC transparent transmission over the Modbus-TCP protocol.

Procedure

  1. Configure the reauthentication passwords on devices. For details, see Infrastructure Management Device Commissioning Guide.
  2. Configure the reauthentication passwords on the Infrastructure Management.
    1. Choose Business > Facility > Facility Management to open the Facility Management page.
    2. Choose Configuration > Configuration Management > Data Transfer Setting to open the Data Transfer Setting page.
    3. On the Energy Controller Transparent Channel Settings tab, click Refresh.
    4. Select the ECC for which a reauthentication password needs to be configured, and click Modify.
    5. In the displayed Modify dialog box, set Connection mode to Security protocol, enter the reauthentication password, confirm the password, and click Confirm.
  3. Restart the eSight service for the configuration to take effect.

Installing the NE Mediation

This topic describes how to install the network element (NE) mediation on the Infrastructure Management server.

Prerequisites

Context

NOTE:

Log in to the Infrastructure Management client. On the Configuration > Configuration Management > Uncreated Device Information page:

  • If the icon for Add Device is , you do not need to install the mediation.
  • If the icon for Add Device is , you need to install the mediation. Based on the Device Version information displayed on the Uncreated device Information page, search for the mapping mediation version in iManager NetEco 6000 V600R007 Version Mapping, and download NE mediation software package of the corresponding version from the http://support.huawei.com/enterprise or http://support.huawei.com.

Procedure

  1. Upload the NE mediation software package to the server.
    1. In the navigation tree on the left side, choose Infrastructure Management Installation&Upgrade > Upload File.
    2. Click Add files on the Upload File page and select the files to be uploaded.

      NOTE:

      To delete an installation package, click in the entry of the installation package.

    3. Click Upload to upload the files.
  2. Installing the NE mediation
    1. In the navigation tree on the left side, choose Infrastructure Management Installation&Upgrade > Install Infrastructure Management And Mediation.
    2. Click Refresh to refresh the software package list.
    3. Select the NE mediation software in the Uninstall state, click One-Click Installation, and click Confirm in the displayed dialog box.

      The installation information is displayed in the Details area. The installation completes in about 1 minute.

      NOTE:
      If you want to change the installed NE mediation, uninstall the installed one and install the new NE mediation.

  3. Start the eSight service.
Download
Updated: 2019-05-17

Document ID: EDOC1100011860

Views: 92928

Downloads: 138

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next