No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Operation Guide 09

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Setting the System

Setting the System

Configuring the LDAP-based Remote Synchronization

After LDAP-based remote authentication is configured, eSight Infrastructure Manager uses LDAP to authenticate users in the LDAP authentication server.

Prerequisites

  • You have the information configuration permission.
  • You have collected the following information on the LDAP server:
    • LDAP version number
    • LDAP server type, IP address, and port number
    • LDAP root directory BaseDN
    • User object class name
    • User name attributes
    • LDAP user group BaseDN
    • LDAP authentication mode: user name and password or Secure Sockets Layer (SSL)
    • (Optional, required in case of SSL connection) Client certificate
    • (Optional, required in case of administrator DN authentication) DN and password for the user who is able to query all LDAP directory users and user groups.

Context

In the LDAP authentication mode, eSight Infrastructure Manager manages roles and associated role permissions rather than users. The LDAP server manages users and roles, and authenticates user names and passwords used for eSight Infrastructure Manager login. Figure 21-101 shows the LDAP authentication process.

Figure 21-101 LDAP authentication process

The LDAP authentication process is as follows:

  1. The eSight Infrastructure Manager Client sends the user name and password to the eSight Infrastructure Manager Server.
  2. When receiving the request, the eSight Infrastructure Manager Server establishes a connection with the LDAP Server as the LDAP Client. The connection can be based on user name and password or SSL.

    When the connection is established, the eSight Infrastructure Manager Server transmits user data to the LDAP Server for authentication. When the authentication is complete, the LDAP Server sends the result to the eSight Infrastructure Manager Server.

  3. The eSight Infrastructure Manager Server sends the authentication result to the user through the eSight Infrastructure Manager Client. The authentication results are as follows:
    • Authentication succeeded: Users can use eSight Infrastructure Manager functions within the user permission scope.
    • Authentication failed: Users receive a login failure prompt on the eSight Infrastructure Manager Client, including that the user name or password is wrong or that the central authentication server is not connected.

Procedure

  1. Choose System > Authentication Server Configuration.
  2. Select Authentication to LDAP.
  3. Set LDAP authentication parameters in terms of the basic settings, connection and authentication.

    Table 21-68 LDAP authentication parameters

    Parameter

    Description

    How to Set

    Basic settings

    LDAP version

    LDAP version number used by the authentication server. eSight Infrastructure Manager supports the following LDAP versions:
    • LDAPv2
    • LDAPv3

    Default value: LDAPv3.

    Use the same value as that on the LDAP authentication server.

    LDAP server type

    eSight Infrastructure Manager supports the following authentication server types:
    • Universal LDAP server
    • Microsoft AD

    Default value: Universal LDAP server.

    Use the same value as that on the LDAP authentication server.

    Server IP

    IP address used by the authentication server.

    Use the same value as that on the LDAP authentication server.

    Basic DN

    LDAP root directory BaseDN.

    • For Universal LDAP server, set Basic DN as required
    • For Microsoft AD:
      NOTE:
      The group with the same name as role eSight Infrastructure Manager has been created on the LDAP server. Users in this group can use the LDAP authentication function.
      1. Log in to the LDAP server as an operating system user in the Administrators group.
      2. Right-click Computer, and choose Manage from the shortcut menu. The Server Manager page is displayed.
      3. Choose Roles > Active Directory Domain Services > Active Directory Users and Computer from the navigation tree, and select the domain controller where the account exists. as shown in Figure 21-102.
        Figure 21-102 Query Basic DN

        .
      4. Set Basic DN as required. For example, set Basic DN to DC=man,DC=sunrise,DC=com, as shown in Figure 21-102.

    Location format

    User directory format of the LDAP authentication server.

    -

    Directory/Email suffix

    Suffix of the user directory/email, used to form a complete DN with the login user name.

    • If LDAP server type is set to Universal LDAP server, set Directory as required. For example, set Directory to DC=man,DC=sunrise,DC=com, as shown in Figure 21-102.
    • If LDAP server type is set to Microsoft AD, set Email suffix as required. For example, set Email suffix to @man.sunrise.com.

    Connection

    Connection type

    The connection types between the LDAP authentication server and eSight Infrastructure Manager are as follows:
    • Common: User name and password
    • Secure: SSL
    -

    Authentication server port

    Port for data communication between the authentication server and eSight Infrastructure Manager server.

    The authentication server port number is determined by the connection type between the LDAP server and eSight Infrastructure Manager. Use the same value as that on the LDAP authentication server.

    • The default port for secure connection is 636.
    • The default port for common connection is 389.

    Secure protocol

    eSight Infrastructure Manager complies with the following protocols:
    • TLSv1.1
    • TLSv1.2
    This parameter is mandatory when secure connection is used. In this case, place the self-made certificate or the certificate applied from the Certificate Authority (CA) to /opt/neteco/server/etc/certificate directory.
    • Secure protocol: Use the same value as that on the LDAP authentication server.
    • Public key certificate name: Set this parameter based on actual needs. Generally speaking, the extension name of an LDAP local certificate is p12. The certificate is saved in the OpenLDAP installation directory/ssl directory.
    • Private key certificate name: Set this parameter based on actual needs. Generally speaking, the extension name of an eSight Infrastructure Manager local certificate is cer. The certificate is saved in the /opt/neteco/server/etc/certificate/ directory.
    • Library protection password and Private key password: Use the actual passwords.

    Public key certificate name

    LDAP server certificate name.

    Private key certificate password

    Used to decrypt the LDAP server certificate file.

    Private key certificate name

    eSight Infrastructure Manager local certificate name.

    Public key certificate password

    Used to decrypt the private key stored on the LDAP server.

    Authentication

    Administrator DN

    The administrator DN and password of the LDAP server. DN and password for the user who is able to query all LDAP directory users and user groups.

    Use the same value as that on the LDAP authentication server.

    Administrator password

    User name flag

    Keyword of the user information to be queried on the LDAP server

    Default value: uid

    User object class name

    Keyword for configuring the field of the user information in the LDAP database

    Default value: EmsPerson

  4. Click Test to verify the connection between eSight Infrastructure Manager and the authentication server.

    NOTE:
    This test function can be used only to text the network connection between the eSight Infrastructure Manager and authentication server, that is, to test whether the connection using the IP address and port is normal.

    If the connection failed, verify that the authentication server IP address, port number, and basic DN are the same as values on the LDAP authentication server. You also need to verify the administrator DN and password when the DN integrity during administrator login and query mode is used.

  5. Click Apply.

    LDAP-based remote authentication is enabled immediately.

Setting eSight Infrastructure Manager Data Overflow Dump

Normally, sufficient database space has been allocated based on the network scale to ensure proper eSight Infrastructure Manager service running. Even so, it is still possible that network monitoring will be compromised as new data cannot be written to the database when the data in it accumulates with time. eSight Infrastructure Manager data overflow dump provides a mechanism to cope with the problem. It is advisable to plan and set this function based on the network scale and hardware configuration of the eSight Infrastructure Manager server after eSight Infrastructure Manager is installed.

Prerequisites

You have the operation rights for Database Overflow Dump.

Context

Figure 21-103 shows the working mechanism of eSight Infrastructure Manager data overflow dump.

Figure 21-103 Working Mechanism of Data Overflow Dump
  • At the preset time every day, the eSight Infrastructure Manager checks whether the database tablespace usage exceeds the preset threshold, that is, whether overflow occurs. If the usage exceeds the threshold, the eSight Infrastructure Manager dumps the earliest data to the files in a specified path and deletes the data from the database until the database tablespace usage is below the threshold.

  • Dump path can be an absolute path or a relative path.
    • The relative path is relative to the eSight Infrastructure Manager installation path eSight Infrastructure Manager installation directory/server/var/iemp/data/dump (on Linux). If you specify Dump path to AAA, the file is saved to eSight Infrastructure Manager installation directory/server/var/iemp/data/dump/AAA.
    • If an absolute path is specified (on Linux), it must be a subpath of eSight Infrastructure Manager installation directory/server/var/iemp/data/dump.
  • Before saving dump files to a specified directory, the eSight Infrastructure Manager checks whether the file size or the retention period exceeds the preset thresholds. If so, it will delete the earliest file until they are below the threshold. File size and Save period settings can help you manage file directory size based on available space of hard disks.

Because the eSight Infrastructure Manager deletes the dumped data from the database, the dumped data cannot be queried from the GUI. You can view it in the dump file during the storage period. If overflow dump occurs on a database, the database tablespace will exhaust soon. Expanding the database is recommended to ensure proper operation of the eSight Infrastructure Manager.

Procedure

  1. Choose Resource > Infrastructure > System > System Settings > System Configuration from the main menu. The System Configuration window is displayed.
  2. In the navigation tree in the left pane, choose Log Database Dump, Alarm Database Dump or Performance Database Dump.
  3. In the right pane, set dump parameters.
  4. Click Apply.

Result

When data is dumped, the eSight Infrastructure Manager automatically generates a folder named in the format of the current date, save the data to the folder, and place the folder in the directories whose names are the months in which the data is generated.

Download
Updated: 2019-05-17

Document ID: EDOC1100011877

Views: 283838

Downloads: 542

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next