No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00 Maintenance Guide 08

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Changing the eSight System User Password

Changing the eSight System User Password

The eSight and maintenance tool provide default users and their initial passwords. To ensure account security, you need to change the initial password the first time you log in. Changing passwords periodically prevents theft of the passwords and unauthorized access.

Changing the eSight User Password

After logging in to the eSight for the first time, you need to change the initial password to ensure the eSight security. Periodically changing the eSight password can improve user information security.

Prerequisites

You have logged in to the eSight.

Context

eSight provides initial user names admin and openApiUser. The admin user has all the operation rights of eSight. The openApiUser user is used to invoke the Open API to access open eSight resources and develop other functions in addition to legacy functions.

NOTE:

To change the openApiUser password, log in as the admin user and change the password by referring to the description in Changing the openApiUser password periodically.

Procedure
  • Changing the initial password:

    After you log in to the eSight for the first time, the page for changing the initial password is displayed.

    1. On the Change Password page, set Old password, New password, and Confirm password.
    2. Click Apply.
  • Changing the admin password periodically:
    1. Choose System > System Management > User Management from the main menu.
    2. In the navigation tree on the left, choose My Settings.
    3. In the Change Password area in the right pane, click Settings.
    4. Set Old password, New password, and Confirm password.
    5. Click OK.
  • Changing the openApiUser password periodically:
    1. Choose System > System Management > User Management from the main menu.
    2. In the navigation tree on the left, choose User.
    3. Click in the Operation column of openApiUser.
    4. Set New password, and Confirm password.
    5. Click OK.

Changing the Maintenance Tool User Password

You need to change the initial password the first time you log in to the maintenance tool. Periodically changing the user password of the maintenance tool can improve user information security.

Prerequisites

You have logged in to the maintenance tool.

Context

By default, the maintenance tool provides a unique user sys, and its initial user password is Changeme123. The sys user has the operation rights of all object groups of the maintenance tool.

Procedure
  • Change the initial password

    At first login to the maintenance tool, the page for changing the initial password is displayed.

    1. On the Change Password page, set Old password, New password, and Confirm password.
    2. Click Apply.
  • Periodically change the password
    1. Choose System > User Management from the main menu.
    2. On the Change Password page, set Old Password, New Password, and Confirm Password.
      NOTE:

      The password validity period is 90 days. A password must be forcibly changed after it expires.

    3. Click Apply.

Changing the Northbound User Password

You are advised to change the northbound user password at the first login to the eSight to ensure user security. Changing passwords periodically prevents theft of the passwords and unauthorized access.

Changing the Password of the FTP or SFTP User

You can use the BME tool to generate the ciphertext and then copy it to the configuration file for changing the password of the File Transfer Protocol (FTP) or Secure File Transfer Protocol (SFTP) user.

Context
  • The northbound admin account is used for FTP/SFTP service authentication between a northbound interface module and the upper-level NMS. You can change the password by setting the configuration item AuthInfo in the nbi.xml file.
  • The FTP or SFTP account lock policies are as follows:
    • When the admin user attempts to log in to the FTP/SFTP using an Internet Protocol (IP) address that is not on the eSight server, the IP address is locked for five minutes by default if the user enters an incorrect password for five consecutive times.
    • When a user other than admin attempts to log in to the FTP/SFTP, the account is locked for five minutes by default if the user enters incorrect passwords for five consecutive times.
NOTE:
  • The FTP protocol has security risks. Using SFTP or FTPS is recommended.
  • When the admin user is used, you are advised to enable only the northbound FTP/SFTP server. If the southbound FTP/SFTP server is enabled, the admin user conflicts with the southbound admin user.
  • In an HA scenario, change only the FTP/SFTP user password on the active server. The standby server automatically synchronizes the change.
Procedure
  • Windows
    1. Log in to the server as the Administrator user.
      NOTE:

      Log in to the server as the SWMaster user if the Windows is hardened.

    2. Run the following command to open the directory of the encrypt tool:

      cd /d eSight installation directory/AppBase/tools/bmetool/encrypt

    3. Run the following command to generate the ciphertext of the new password:
      1. encrypt.bat 0
      2. Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      NOTE:
    4. Replace the old password ciphertext with the new one.
      1. Open the configuration file eSight installation directory/AppBase/etc/oms.nbi/nbi.xml.
      2. Replace the value of AuthInfo with the generated ciphertext.

        A configuration example is as follows:

          <AuthInfo>9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d</AuthInfo>      
      3. Save and close the configuration file.
    5. Restart eSight.
  • Linux
    1. Log in to the server as the ossuser user.
    2. Run the following command to open the directory of the encrypt tool:

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

    3. Run the following command to generate the ciphertext of the new password:
      1. ./encrypt.sh 0
      2. Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      NOTE:
    4. Replace the old password ciphertext with the new one.
      1. Open the nbi.xml configuration file.

        vi eSight installation directory/AppBase/etc/oms.nbi/nbi.xml

      2. Replace the value of AuthInfo with the generated ciphertext.

        A configuration example is as follows:

          <AuthInfo>9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d</AuthInfo>      
      3. Run the :wq! command to save and close the configuration file.
    5. Restart eSight.
Changing the Password of a Northbound SNMPv3 User

You can use the northbound encryption tool to generate the ciphertext and then copy it to the configuration file to change the password for the SNMPv3 account.

Context

The passwords for the northbound SNMPv3 user include the authentication key and private key.

  • Configure your own keys to enhance network security.
  • In an HA scenario, change only the northbound SNMPv3 user password on the active server. The standby server automatically synchronizes the change.
Procedure

Windows

  • Change the authentication key.
    1. Log in to the server as the Administrator user.
      NOTE:

      Log in to the server as the SWMaster user if the Windows is hardened.

    2. Run the following command to open the directory of the GenerateNBPass.bat tool:

      cd /d eSight installation directory/AppBase/app/nbi/bin

    3. Run the following command to generate the ciphertext of the new password:
      1. GenerateNBPass.bat -e
        NOTE:
      2. Enter a new password, and confirm the password as prompted.
    4. Replace the old password ciphertext with the new one.
      1. Open the configuration file eSight installation directory/AppBase/etc/nbi/snmp/snmpagent.xml.
      2. Replace the value of the configuration item AuthPassword with the generated ciphertext.

        A configuration example is as follows:

        <param name="AuthPassword">9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d</param> 
             
      3. Save and close the configuration file.
    5. Restart eSight.
  • Change the private key.
    1. Log in to the server as the Administrator user.
      NOTE:

      Log in to the server as the SWMaster user if the Windows is hardened.

    2. Run the following command to open the directory of the GenerateNBPass.bat tool:

      cd /d eSight installation directory/AppBase/app/nbi/bin

    3. Run the following command to generate the ciphertext of the new password:
      1. GenerateNBPass.bat -e
        NOTE:
        • The reversible advanced encryption algorithm (AES) is used in this command.
        • For details about the password change rules, see Password Changing Scenarios and Policies.
        • It is recommended that the private key be different from the authentication key.
      2. Enter a new password, and confirm the password as prompted.
    4. Replace the old password ciphertext with the new one.
      1. Open the configuration file eSight installation directory/AppBase/etc/nbi/snmp/snmpagent.xml.
      2. Replace the value of the configuration item PrivPassword with the generated ciphertext.

        A configuration example is as follows:

        <param name="PrivPassword">9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d</param>  
             
      3. Save and close the configuration file.
    5. Restart eSight.

Linux

  • Change the authentication key.
    1. Log in to the server as the ossuser user.
    2. Run the following command to open the directory of the GenerateNBPass tool:

      cd eSight installation directory/AppBase/app/nbi/bin

    3. Run the following command to generate the ciphertext of the new password:
      1. ./GenerateNBPass -e
        NOTE:
      2. Enter a new password, and confirm the password as prompted.
    4. Replace the old password ciphertext with the new one.
      1. Open the snmpagent.xml configuration file.

        vi eSight installation directory/AppBase/etc/nbi/snmp/snmpagent.xml

      2. Replace the value of the configuration item AuthPassword with the generated ciphertext.

        A configuration example is as follows:

        <param name="AuthPassword">9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d</param>  
             
      3. Run the :wq! command to save and close the configuration file.
    5. Restart eSight.
  • Change the private key.
    1. Log in to the server as the ossuser user.
    2. Run the following command to open the directory of the GenerateNBPass tool:

      cd eSight installation directory/AppBase/app/nbi/bin

    3. Run the following command to generate the ciphertext of the new password:
      1. ./GenerateNBPass -e
        NOTE:
        • The reversible advanced encryption algorithm (AES) is used in this command.
        • For details about the password change rules, see Password Changing Scenarios and Policies.
        • It is recommended that the private key be different from the authentication key.
      2. Enter a new password, and confirm the password as prompted.
    4. Replace the old password ciphertext with the new one.
      1. Open the snmpagent.xml configuration file.

        vi eSight installation directory/AppBase/etc/nbi/snmp/snmpagent.xml

      2. Replace the value of the configuration item PrivPassword with the generated ciphertext.

        A configuration example is as follows:

        <param name="PrivPassword">9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d</param>  
             
      3. Run the :wq! command to save and close the configuration file.
    5. Restart eSight.

Changing the Southbound User Password

You are advised to change the southbound user password at the first login to the eSight to ensure user security. Changing passwords periodically prevents theft of the passwords and unauthorized access.

Changing the Password of the FTP, FTPS, or SFTP User

You can use the BME tool to generate the ciphertext and then copy it to the configuration file for changing the password of the File Transfer Protocol (FTP), File Transfer Protocol over SSL (FTPS), or Secure File Transfer Protocol (SFTP) user.

Context
  • The initial FTP, FTPS, or SFTP user is admin, and its password is Changeme123.
  • The FTP, SFTP, or FTPS account lock policies are as follows:
    • When the admin user attempts to log in to the FTP, SFTP, or FTPS using an IP address that is not on the eSight server, the IP address is locked for five minutes by default if the user enters incorrect passwords for five consecutive times.
    • When a user other than admin attempts to log in to the FTP/SFTP, the account is locked for five minutes by default if the user enters incorrect passwords for five consecutive times.
NOTE:
  • The FTP protocol has security risks. Using SFTP or FTPS is recommended.
  • In an HA scenario, change only the FTP, FTPS, or SFTP user password on the active server. The standby server automatically synchronizes the change.
Procedure
  • Windows
    1. Log in to the server as the Administrator user.
      NOTE:

      Log in to the server as the SWMaster user if the Windows is hardened.

    2. Change the password in the ftpusers.properties file.
      1. Run the following command to open the directory of the encrypt tool:

        cd /d eSight installation directory/AppBase/tools/bmetool/encrypt

      2. Perform the following operations to generate the ciphertext of the new password:

        encrypt.bat 0

        Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
        NOTE:
        • The reversible Advanced Encryption Standard (AES) algorithm is used in this command.
        • The new password must meet complexity requirements of eSight and devices. For details about password complexity requirements on eSight, see Password Changing Scenarios and Policies. For details about password requirements on devices, see the corresponding device product documentation.
      3. Open the configuration file eSight installation directory/AppBase/etc/ftpusers.properties.
      4. Replace the value of admin.password with the generated ciphertext.

        A configuration example is as follows:

        admin.password=9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      5. Save and close the configuration file.
    3. Restart eSight.
  • Linux
    1. Log in to the server as the ossuser user.
    2. Change the password in the ftpusers.properties file.
      1. Run the following command to open the directory of the encrypt tool:

        cd eSight installation directory/AppBase/tools/bmetool/encrypt

      2. Perform the following operations to generate the ciphertext of the new password:

        ./encrypt.sh 0

        Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
        NOTE:
        • The reversible Advanced Encryption Standard (AES) algorithm is used in this command.
        • The new password must meet complexity requirements of eSight and devices. For details about password complexity requirements on eSight, see Password Changing Scenarios and Policies. For details about password requirements on devices, see the corresponding device product documentation.
      3. Open the configuration file eSight installation directory/AppBase/etc/ftpusers.properties.

        # vi eSight installation directory/AppBase/etc/ftpusers.properties

      4. Replace the value of admin.password with the generated ciphertext.

        A configuration example is as follows:

        admin.password=9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      5. Run the :wq! command to save and close the configuration file.
    3. Restart eSight.
Changing the Password of the Mediation Authentication Account

You can use the BME tool to generate the ciphertext and then copy it to the configuration file to change the password for the Mediation authentication account.

Context
  • The initial account and password of the Mediation are admin and Changeme_123, respectively.
  • When changing the authentication account information used for connections between the Med Center and Med Node, settings of medUser and medUserPassword must be consistent between the Mediation_1_svc.xml and med_node_1_svc.xml files.
  • The lock policy for a Mediation authentication account is as follows:
    • When the admin user attempts to pass authentication from the Med Node to the Med center using an IP address that is not on the eSight server, the IP address is locked for five minutes by default if the user enters an incorrect password for five consecutive times.
    • When a non-admin user attempts to pass authentication from the Med Node to the Med center, the account is locked for five minutes by default if the user enters an incorrect password for five consecutive times.
NOTE:

In an HA scenario, change only the mediation authentication password on the active server. The standby server automatically synchronizes the change.

Procedure
  • Windows
  1. Log in to the server as the Administrator user.
    NOTE:

    Log in to the server as the SWMaster user if the Windows is hardened.

  2. Run the following command to open the directory of the encrypt tool:

    cd /d eSight installation directory/AppBase/tools/bmetool/encrypt

  3. Run the following command to encrypt the password of the Med Node account:
    1. encrypt.bat 0
    2. Enter a new password, and confirm the password as prompted.

      Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

      9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
    NOTE:
    • The reversible Advanced Encryption Standard (AES) algorithm is used in this command.
    • The new password must meet complexity requirements of eSight and devices.
  4. Replace the old password ciphertext with the new one.
    1. Run the following command to go to the directory for storing the configuration file:

      cd /d eSight installation directory/AppBase/sysagent/etc/sysconf/svcbase

    2. Open the med_node_1_svc.xml configuration file.
    3. Replace the value of the configuration item medUserPassword with the generated ciphertext.

      A configuration example is as follows:

      <param name="medUserPassword">9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d</param>     
    4. Save and close the configuration file.
  5. Run the following command to encrypt the password of the Med Center account:
    1. encrypt.bat 2
    2. Enter a new password, and confirm the password as prompted.

      The first line is the irreversible ciphertext, and the second line is the salt value.

    NOTE:
    • This command uses the irreversible Password-Based Key Derivation Function (PBKDF2) algorithm.
    • The new password must meet complexity requirements of eSight and devices. For details about password complexity requirements on eSight, see Password Changing Scenarios and Policies. For details about password requirements on devices, see the corresponding device product documentation.
  6. Replace the ciphertext and salt of the new password.
    1. Run the following command to go to the directory for storing the configuration file:

      cd /d eSight installation directory/AppBase/sysagent/etc/sysconf/svcbase

    2. Open the Mediation_1_svc.xml configuration file.
    3. Replace the value of the configuration item medUserPassword with the generated ciphertext.

      A configuration example is as follows:

      <param name="medUserPassword">NvTNKamwZfca0P+OpiVRpggbDYI+XeRxycgloUjfIMo=</param>     
    4. Replace the value of the configuration item saltValue with the generated salt.

      A configuration example is as follows:

      hyGs3Az23ka9WaUe6pxxiDCyhzCiU1KXNUvEq5Qxje4=     
    5. Save and close the configuration file.
  7. Restart eSight.
  • Linux
  1. Log in to the server as the ossuser user.
  2. Run the following command to open the directory of the encrypt tool:

    cd eSight installation directory/AppBase/tools/bmetool/encrypt

  3. Run the following command to encrypt the password of the Med Node account:
    1. ./encrypt.sh 0
    2. Enter a new password, and confirm the password as prompted.

      Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

      9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
    NOTE:
    • The reversible Advanced Encryption Standard (AES) algorithm is used in this command.
    • The new password must meet complexity requirements of eSight and devices.
  4. Replace the old password ciphertext with the new one.
    1. Run the following command to go to the directory for storing the configuration file:

      cd eSight installation directory/AppBase/sysagent/etc/sysconf/svcbase

    2. Run the vi command to open the med_node_1_svc.xml configuration file.
    3. Replace the value of the configuration item medUserPassword with the generated ciphertext.

      A configuration example is as follows:

      <param name="medUserPassword">9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d</param>     
    4. Run the :wq! command to save and close the configuration file.
  5. Run the following command to encrypt the password of the Med Node account:
    1. ./encrypt.sh 2
    2. Enter a new password, and confirm the password as prompted.

      The first line is the irreversible ciphertext, and the second line is the salt value.

    NOTE:
    • This command uses the irreversible Password-Based Key Derivation Function (PBKDF2) algorithm.
    • The new password must meet complexity requirements of eSight and devices. For details about password complexity requirements on eSight, see Password Changing Scenarios and Policies. For details about password requirements on devices, see the corresponding device product documentation.
  6. Replace the ciphertext and salt of the new password.
    1. Run the following command to go to the directory for storing the configuration file:

      cd eSight installation directory/AppBase/sysagent/etc/sysconf/svcbase

    2. Run the vi command to open the Mediation_1_svc.xml configuration file.
    3. Replace the value of the configuration item medUserPassword with the generated ciphertext.

      A configuration example is as follows:

      <param name="medUserPassword">NvTNKamwZfca0P+OpiVRpggbDYI+XeRxycgloUjfIMo=</param>     
    4. Replace the value of the configuration item saltValue with the generated salt.

      A configuration example is as follows:

      hyGs3Az23ka9WaUe6pxxiDCyhzCiU1KXNUvEq5Qxje4=     
    5. Run the :wq! command to save and close the configuration file.
  7. Restart eSight.

Changing the Integration User Password

You are advised to change the integration user password at the first login to the eSight to ensure user security. Changing passwords periodically prevents theft of the passwords and unauthorized access.

Changing the Password for the Co-deployment SSO Account

You can use the BME tool to generate the ciphertext and then copy it to the configuration file to change the password for the co-deployment SSO account.

Context

The initial name and password of the co-deployment SSO account is JsonName and Changeme_123, respectively.

NOTE:

In a two-node cluster, you only need to change the password for the co-deployment SSO account on the active server. The standby server automatically synchronizes the change.

Procedure
  • Windows
  1. Log in to the server as the Administrator user.
    NOTE:

    Log in to the server as the SWMaster user if the Windows is hardened.

  2. Run the following command to open the directory of the encrypt tool:

    cd /d eSight installation directory/AppBase/tools/bmetool/encrypt

  3. Perform the following operations to generate the ciphertext of the new password:
    1. Run the encrypt.bat 2 command.
    2. Enter a new password, and confirm the password as prompted.

      The first line is the irreversible ciphertext, and the second line is the salt value.

    NOTE:
    • This command uses the irreversible Password-Based Key Derivation Function (PBKDF2) algorithm.
    • The new password must meet complexity requirements of eSight and devices. For details about password complexity requirements on eSight, see Password Changing Scenarios and Policies. For details about password requirements on devices, see the corresponding device product documentation.
  4. Replace the old password ciphertext with the new one.
    1. Open the configuration file eSight installation directory/AppBase/etc/oms.sm/sm.xml.
    2. Replace the value of randomCode with the generated salt value.

      A configuration example is as follows:

      <param name="randomCode">hyGs3Az23ka9WaUe6pxxiDCyhzCiU1KXNUvEq5Qxje4=</param>     
    3. Replace the value of jsonPassword with the generated ciphertext.

      A configuration example is as follows:

      <param name="jsonPassword">NvTNKamwZfca0P+OpiVRpggbDYI+XeRxycgloUjfIMo=</param>
    4. Save and close the configuration file.
  5. Modify the agile report client.
    1. Go to the directory where the agile report encryption tool is located.

      cd /d eSight installation directory/AppBase/UniBI_Server/tools

    2. Run the following command:

      encryptreversible.bat -i

      Enter the password, confirm password, and keyPath as prompted. The value of keyPath is eSight installation directory\AppBase\UniBI_Server\unibi-solutions\security\conf. After the command is executed, a ciphertext character string is generated.

    3. Open the configuration file eSight installation directory/AppBase/UniBI_Server/etc/sso.sm/ssoConfig.properties.

      Replace information next to sm.auth.pwd= with the newly generated password ciphertext to change the user password.

    4. Save and close the configuration file.
  6. Restart eSight.
  • Linux operating system
  1. Log in to the server as the ossuser user.
  2. Run the following command to open the directory of the encrypt tool:

    cd eSight installation directory/AppBase/tools/bmetool/encrypt

  3. Perform the following operations to generate the ciphertext of the new password:
    1. Run the ./encrypt.sh 2 command.
    2. Enter a new password, and confirm the password as prompted.

      The first line is the irreversible ciphertext, and the second line is the salt value.

    NOTE:
    • This command uses the irreversible PBKDF2 algorithm.
    • The new password must meet complexity requirements of eSight and devices. For details about password complexity requirements on eSight, see Password Changing Scenarios and Policies. For details about password requirements on devices, see the corresponding device product documentation.
  4. Replace the old password ciphertext with the new one.
    1. Open the sm.xml configuration file.

      vi eSight installation directory/AppBase/etc/oms.sm/sm.xml

    2. Replace the value of randomCode with the generated salt value.

      A configuration example is as follows:

      <param name="randomCode">hyGs3Az23ka9WaUe6pxxiDCyhzCiU1KXNUvEq5Qxje4=</param>     
    3. Replace the value of jsonPassword with the generated ciphertext.

      A configuration example is as follows:

      <param name="jsonPassword">NvTNKamwZfca0P+OpiVRpggbDYI+XeRxycgloUjfIMo=</param>
    4. Run the :wq! command to save and close the configuration file.
  5. Modify the agile report client.
    1. Go to the directory where the agile report encryption tool is located.

      cd eSight installation directory/AppBase/UniBI_Server/tools

    2. Run the following command:

      sh encryptreversible.sh -i

      Enter the password, confirm password, and keyPath as prompted. The value of keyPath is eSight installation directory\AppBase\UniBI_Server\unibi-solutions\security\conf. After the command is executed, a ciphertext character string is generated.

    3. Run the following commands to open the configuration file ssoConfig.properties:

      vi eSight installation directory/AppBase/UniBI_Server/etc/sso.sm/ssoConfig.properties

      Replace information next to sm.auth.pwd= with the newly generated password ciphertext to change the user password.

    4. Run the :wq! command to save and close the configuration file.
  6. Restart eSight.
Changing the Password of an Integrated Account of Agile Reporter

The admin account is used when eSight invokes agile reporter interfaces. You need to periodically change the account password to prevent system passwords from being stolen and ensure system security.

Context
In Windows, log in to the server as an administrator. In Linux, log in to the server as user root.
NOTE:
  • Log in to the server as the SWMaster user if the Windows is hardened.
  • Remotely log in to the server as the ossuser and switch to the root user if the Linux is hardened.

The default user name is admin and the default password is eSight@123.

Procedure
  • Windows
    1. Run the following command to go to the directory of encryption tool encrypt:

      cd /d eSight installation directory\AppBase\UniBI_Server\tools

    2. Run the following command to generate the ciphertext of the new password:

      encryptirreversible.bat -i

      Enter the user name and password, and confirm the password as prompted. After the command is executed, a ciphertext character string is generated.

      NOTE:

      This command uses the irreversible PBKDF2 encryption algorithm.

      The user name and password must comply with the following rules:

      • The user name cannot be blank.
      • The new password can contain 8 to 30 characters, including only letters, digits, spaces, and special characters.
      • The new password must contain at least the following characters:
      • Uppercase letters
      • Lowercase letters
      • Digits
      • Special characters: !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
      • The new password cannot contain more than three same consecutive characters.
      • The password cannot be the user name or the user name in reverse order.
      • All special characters in the password must be escaped.

        For example:

        In Linux:

      • If the password contains special characters, enclose all the characters in a pair of single quotation marks, for example, '#Password@123'.
      • If the password contains special character ', enclose all the characters in a pair of double quotation marks, for example, "Pa'ssword123".
      • If the password contains special characters " or ' and all the characters have been enclosed in a pair of double quotation marks, use \ to escape the " or ' character. Example: "past'yh\"gf\` jkh"

        In Windows:

      • If the password contains special characters, enclose all the characters in a pair of double quotation marks, for example, "#Password@123".
      • If the password contains special characters " and all the characters have been enclosed in a pair of double quotation marks, use "" to escape the password, for example, "Password""hjk1 2".
    3. Open configuration file eSight installation directory\AppBase\UniBI_Server\unibi-solutions\system\conf\backendFilter.properties.

      Change the password as follows:

      Replace the value following APIKey= with the newly generated ciphertext.

    4. Save and close the configuration file.
    5. Run the following command to go to the directory of encryption tool encrypt:

      cd /d eSight installation directory\mttools\tools\bmetool\encrypt

    6. Run the following command to generate the ciphertext for the new password:

      encrypt 0

      Enter and confirm the password as prompted.

    7. Open configuration file eSight installation directory\AppBase\etc\report\report_unibi.properties.

      Change the user name and password as follows:

      • Replace the value following unibi.auth.user= with the user name.
      • Replace the information next to unibi.auth.pwd= with the newly generated ciphertext.
    8. Restart the eSight server for the new password to take effect.
  • Linux
NOTE:

In an HA scenario, change only the password of an integrated account of agile reporter on the active server. The standby server automatically synchronizes the change.

  1. Run the following command to go to the directory of encryption tool encrypt:

    cd eSight installation directory/AppBase/UniBI_Server/tools

  2. Run the following command to generate the ciphertext for the new password:

    sh encryptirreversible.sh -i

    Enter the user name and password, and confirm the password as prompted. After the command is executed, a ciphertext character string is generated.

    NOTE:

    This command uses the irreversible PBKDF2 encryption algorithm.

    The user name and password must comply with the following rules:

    • The user name cannot be blank.
    • The new password can contain 8 to 30 characters, including only letters, digits, spaces, and special characters.
    • The new password must contain at least the following characters:
    • Uppercase letters
    • Lowercase letters
    • Digits
    • Special characters: !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
    • The new password cannot contain more than three same consecutive characters.
    • The password cannot be the user name or the user name in reverse order.
    • All special characters in the password must be escaped.

      For example:

      In Linux:

    • If the password contains special characters, enclose all the characters in a pair of single quotation marks, for example, '#Password@123'.
    • If the password contains special character ', enclose all the characters in a pair of double quotation marks, for example, "Pa'ssword123".
    • If the password contains special characters " or ' and all the characters have been enclosed in a pair of double quotation marks, use \ to escape the " or ' character. Example: "past'yh\"gf\` jkh"

      In Windows:

    • If the password contains special characters, enclose all the characters in a pair of double quotation marks, for example, "#Password@123".
    • If the password contains special characters " and all the characters have been enclosed in a pair of double quotation marks, use "" to escape the password, for example, "Password""hjk1 2".
  3. Run the following command to open configuration file backendFilter.conf:

    vi eSight installation directory/AppBase/UniBI_Server/unibi-solutions/system/conf/backendFilter.properties

    Change the password as follows:

    Replace the value following APIKey= with the newly generated ciphertext.

  4. Run the wq! command to save and close the configuration file.
  5. Save the setting and close the configuration file.
  6. Run the following command to go to the directory of encryption tool encrypt:

    cd eSight installation directory/mttools/tools/bmetool/encrypt

  7. Run the following command to generate the ciphertext for the new password:

    ./encrypt.sh 0

    Enter and confirm the password as prompted.

  8. Open configuration file eSight installation directory/AppBase/etc/report/report_unibi.properties.

    Change the password as follows:

    • Replace the value following unibi.auth.user= with the user name.
    • Replace the value following unibi.auth.pwd= with the newly generated ciphertext.
  9. Restart the eSight server for the new password to take effect.

Changing the JMS User Password

Upon the first login to the eSight, you are advised to change the default JMS user password to ensure account security. You need to periodically change the account password to prevent system passwords from being stolen and ensure system security.

Context
  • You can use the BME tool to generate the ciphertext and then copy it to the configuration file for changing the password of the JMS user.
  • The initial JMS account and password are iempAdmin and Changeme_123, respectively.
  • The password before encryption must be the same for the JMS server and client.
NOTE:

In an HA scenario, change only the JMS user password on the active server. The standby server automatically synchronizes the change.

Procedure
  • Windows
  1. Log in to the server as the Administrator user.
    NOTE:

    Log in to the server as the SWMaster user if the Windows is hardened.

  2. Run the following command to open the directory of the encrypt tool:

    cd /d eSight installation directory/AppBase/tools/bmetool/encrypt

  3. Run the following command to generate ciphertext of the new password for the JMS client user:
    1. encrypt.bat 0
    2. Enter a new password, and confirm the password as prompted.

      Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

      9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
    NOTE:
  4. Run the following command to generate ciphertext of the new password for the user on the JMS server:
    1. encrypt.bat 2
    2. Enter a new password, and confirm the password as prompted.

      The first line is the irreversible ciphertext, and the second line is the salt value.

      l/fuEbHSbIcvqnc5QSXzM+7w/JehIVg2w/c8K+UAc7A= 
      8rKVMFDMi9D680C7aMjDqts1uXi81YwKmzVPj8sKiHQ=
    NOTE:
    • This command uses the irreversible Password-Based Key Derivation Function (PBKDF2) algorithm.
    • The password entered in the command must be the same as that in Step 3.
    • For details about the password change rules, see Password Changing Scenarios and Policies.
  5. Replace the old password ciphertext with the new one.
    1. Open the configuration file eSight installation directory/AppBase/etc/iemp.framework/acl_user/hornetq-users.xml.
    2. Change the value of password to salt;ciphertext. Separate the salt and ciphertext by semicolons (;).

      A configuration example is as follows:

      <user name="iempAdmin" password="l/fuEbHSbIcvqnc5QSXzM+7w/JehIVg2w/c8K+UAc7A=;8rKVMFDMi9D680C7aMjDqts1uXi81YwKmzVPj8sKiHQ=">     
    3. Save and close the configuration file.
    4. Open the configuration file eSight installation directory/AppBase/etc/iemp.framework/messaging-client-config.xml.
      NOTE:

      Check whether the configuration item aclPassword exists.

      • If it exists, modify it as follows.
      • If it does not exist, no further action is required.
    5. Replace the value of the configuration item aclPassword with the generated ciphertext.

      A configuration example is as follows:

      <param name="aclPassword">9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d</param>      
    6. Save and close the configuration file.
  6. Restart eSight.
  • Linux
  1. Log in to the server as the ossuser user.
  2. Run the following command to open the directory of the encrypt tool:

    cd eSight installation directory/AppBase/tools/bmetool/encrypt

  3. Run the following command to generate ciphertext of the new password for the JMS client user:
    1. ./encrypt.sh 0
    2. Enter a new password, and confirm the password as prompted.

      Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

      9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
    NOTE:
  4. Run the following command to generate ciphertext of the new password for the user on the JMS server:
    1. ./encrypt.sh 2
    2. Enter a new password, and confirm the password as prompted.

      The first line is the irreversible ciphertext, and the second line is the salt value.

      l/fuEbHSbIcvqnc5QSXzM+7w/JehIVg2w/c8K+UAc7A= 
      8rKVMFDMi9D680C7aMjDqts1uXi81YwKmzVPj8sKiHQ=
    NOTE:
    • This command uses the irreversible Password-Based Key Derivation Function (PBKDF2) algorithm.
    • The password entered in the command must be the same as that in Step 3.
    • For details about the password change rules, see Password Changing Scenarios and Policies.
  5. Replace the old password ciphertext with the new one.
    1. Open the hornetq-users.xml configuration file.

      vi eSight installation directory/AppBase/etc/iemp.framework/acl_user/hornetq-users.xml

    2. Change the value of password to salt;ciphertext. Separate the salt and ciphertext by semicolons (;).

      A configuration example is as follows:

      <user name="iempAdmin" password="l/fuEbHSbIcvqnc5QSXzM+7w/JehIVg2w/c8K+UAc7A=;8rKVMFDMi9D680C7aMjDqts1uXi81YwKmzVPj8sKiHQ=">     
    3. Run the :wq! command to save and close the configuration file.
    4. Open the messaging-client-config.xml file.

      vi eSight installation directory/AppBase/etc/iemp.framework/messaging-client-config.xml

    5. Replace the value of the configuration item aclPassword with the generated ciphertext.

      A configuration example is as follows:

      <param name="aclPassword">9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d</param>      
    6. Run the :wq! command to save and close the configuration file.
  6. Restart eSight.

Changing the JMX User Password

Upon the first login to the eSight, you are advised to change the default JMX user password to ensure account security. You need to periodically change the account password to prevent system passwords from being stolen and ensure system security.

Context
  • You can use the BME tool to generate the ciphertext and then copy it to the configuration file for changing the password of the JMX communication user.
  • The initial JMX account and password are jmxAdmin and Changeme_123, respectively.
NOTE:

In an HA scenario, change only the JMX user password on the active server. The standby server automatically synchronizes the change.

Procedure
  • Windows
  1. Log in to the server as the Administrator user.
    NOTE:

    Log in to the server as the SWMaster user if the Windows is hardened.

  2. Run the following command to open the directory of the encrypt tool:

    cd /d eSight installation directory/AppBase/tools/bmetool/encrypt

  3. Run the following command to generate ciphertext of the new password for the JMX client user:
    1. encrypt.bat 0
    2. Enter a new password, and confirm the password as prompted.

      Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

      9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
    NOTE:
  4. Run the following command to generate ciphertext of the new password for the user on the JMX server:
    1. encrypt.bat 2
    2. Enter a new password, and confirm the password as prompted.

      The first line is the irreversible ciphertext, and the second line is the salt value.

      63175w8c+iXa+ESJ86NqT7OW+0UnsRV0/bd+pdKAj2w= 
      9zLndMwB3Axrogj5ciCWZIB6nL5O0cbnPkATFyYl5/8=
    NOTE:
    • This command uses the irreversible Password-Based Key Derivation Function (PBKDF2) algorithm.
    • The password entered in the command must be the same as that in Step 3.
    • For details about the password change rules, see Password Changing Scenarios and Policies.
  5. Replace the old password ciphertext with the new one.
    1. Open the configuration file eSight installation directory/AppBase/etc/oms.core/jmx.user.properties.
    2. Replace the value of the configuration item jmxAdmin with the generated ciphertext.

      A configuration example is as follows:

      jmxAdmin=9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
    3. Save and close the configuration file.
    4. Open the configuration file eSight installation directory/AppBase/sysagent/etc/sysconf/jmx.user.properties.
    5. Replace the value of the configuration item jmxAdmin with the generated ciphertext.

      A configuration example is as follows:

      jmxAdmin=9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
    6. Save and close the configuration file.
    7. Open the configuration file eSight installation directory/mttools/etc/oms.core/jmx.user.properties.
    8. Replace the value of the configuration item jmxAdmin with the generated ciphertext.

      A configuration example is as follows:

      jmxAdmin=9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
    9. Save and close the configuration file.
    10. Open the eSight installation directory/mttools/etc/iemp.framework/jmx-server-configuration.xml and eSight installation directory/AppBase/etc/iemp.framework/jmx-server-configuration.xml files.
    11. Change the value of salt to the irreversible salt value.

      A configuration example is as follows:

      <param name="salt">9zLndMwB3Axrogj5ciCWZIB6nL5O0cbnPkATFyYl5/8=</param>
    12. Change the value of secret to the irreversible ciphertext.

      A configuration example is as follows:

      <param name="secret">63175w8c+iXa+ESJ86NqT7OW+0UnsRV0/bd+pdKAj2w=</param>
    13. Save and close the configuration file.
  6. Restart eSight.
  • Linux
  1. Log in to the server as the ossuser user.
  2. Run the following command to open the directory of the encrypt tool:

    cd eSight installation directory/AppBase/tools/bmetool/encrypt

  3. Run the following command to generate ciphertext of the new password for the JMX client user:
    1. ./encrypt.sh 0
    2. Enter a new password, and confirm the password as prompted.

      Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

      9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
    NOTE:
  4. Run the following command to generate ciphertext of the new password for the user on the JMX server:
    1. ./encrypt.sh 2
    2. Enter a new password, and confirm the password as prompted.

      The first line is the irreversible ciphertext, and the second line is the salt value.

      63175w8c+iXa+ESJ86NqT7OW+0UnsRV0/bd+pdKAj2w= 
      9zLndMwB3Axrogj5ciCWZIB6nL5O0cbnPkATFyYl5/8=
    NOTE:
    • This command uses the irreversible Password-Based Key Derivation Function (PBKDF2) algorithm.
    • The password entered in the command must be the same as that in Step 3.
    • For details about the password change rules, see Password Changing Scenarios and Policies.
  5. Replace the old password ciphertext with the new one.
    1. Open the jmx.user.properties configuration file.

      vi eSight installation directory/AppBase/etc/oms.core/jmx.user.properties

    2. Replace the value of the configuration item jmxAdmin with the generated ciphertext.

      A configuration example is as follows:

      jmxAdmin=9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
    3. Run the :wq! command to save and close the configuration file.
    4. Open the jmx.user.properties configuration file.

      vi eSight installation directory/AppBase/sysagent/etc/sysconf/jmx.user.properties

    5. Replace the value of the configuration item jmxAdmin with the generated ciphertext.

      A configuration example is as follows:

      jmxAdmin=9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
    6. Run the :wq! command to save and close the configuration file.
    7. Open the jmx.user.properties configuration file.

      vi eSight installation directory/mttools/etc/oms.core/jmx.user.properties

    8. Replace the value of the configuration item jmxAdmin with the generated ciphertext.

      A configuration example is as follows:

      jmxAdmin=9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
    9. Run the :wq! command to save and close the configuration file.
    10. Open the jmx-server-configuration.xml file.
      • vi eSight installation directory/mttools/etc/iemp.framework/jmx-server-configuration.xml
      • vi eSight installation directory/AppBase/etc/iemp.framework/jmx-server-configuration.xml
    11. Change the value of salt to the irreversible salt value.

      A configuration example is as follows:

      <param name="salt">9zLndMwB3Axrogj5ciCWZIB6nL5O0cbnPkATFyYl5/8=</param>
    12. Change the value of secret to the irreversible ciphertext.

      A configuration example is as follows:

      <param name="secret">63175w8c+iXa+ESJ86NqT7OW+0UnsRV0/bd+pdKAj2w=</param>
    13. Run the :wq! command to save and close the configuration file.
  6. Restart eSight.

Changing the Password of the admin User on the Veritas

You are advised to change the initial password of the admin user on the Veritas upon the first login to the high availability (HA) system to enhance account security. You need to periodically change the account password to prevent system passwords from being stolen and ensure system security.

Prerequisites

The HA system is installed successfully.

Context

The initial Veritas account is admin and initial password is Changeme123.

NOTE:

In an HA system, if a user password has been used by the eSight and the configuration file containing the password is synchronized between the active and standby servers, you must keep the password consistent between the active and standby servers.

To ensure that the passwords of these users can be completely changed, you are advised to disconnect the active and standby servers, modify the passwords on the two servers separately, and then connect to the two servers.

Procedure
  1. Log in to the operating system of the server as the root user.
  2. Ensure that the VCS service has been started. If the VCS service is not started, run the following commands to start the VCS service:

    # hastart -onenode

  3. Run the following commands to modify the password for the admin user:

    # haconf -makerw > /dev/null 2>&1

    # /opt/VRTSvcs/bin/hauser -update admin

    # Enter Password:

    Enter the new password.

    # Enter Again:

    Re-enter the new password.

    # haconf -dump -makero

    The configuration is saved.

Changing Storage Management User Password

Changing the itSftpUser User Password

You are commended to change the SFTP user password at the first login to the eSight to ensure user security. Changing passwords periodically prevents theft of the passwords and unauthorized access.

Prerequisite

On Windows, this operation is performed as the administrator. On Linux, this operation is performed as the ossuser user.

Context

SFTP default account is itSftpUser and default password is Huawei@123.

Procedure
  • Windows
    1. Run the following command to switch the encrypt directory.

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext for the new password.
      1. encrypt.bat 0
      2. Enter and confirm the new password as prompted.

        Assume that the new password is Changeme_123. After the command is successfully executed, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d

        NOTE:

        The reversible Advanced Encryption Standard (AES) is used in this command.

    3. Open the configuration file eSight installation directory\AppBase\lib\com.huawei.eSight.it.framework\config\SftpAndFtp.conf.
    4. Modify the password as follows.

      Modify SFTP password: Replace the value of the configuration item sftpValue= with the generated ciphertext.

    5. Save and close the configuration file.
    6. Restart the eSight server.
  • Linux
    1. Run the following command to switch the encrypt directory.

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext for the new password.
      1. encrypt.sh 0
      2. Enter and confirm the new password as prompted.

        Assume that the new password is Changeme_123. After the command is successfully executed, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d

        NOTE:

        The reversible Advanced Encryption Standard (AES) is used in this command.

    3. Run the following command to open the configuration file SftpAndFtp.conf.

      vi eSight installation directory/AppBase/lib/com.huawei.eSight.it.framework/config/SftpAndFtp.conf

    4. Modify the password as follows.

      Modify SFTP password: Replace the value of the configuration item sftpValue= with the generated ciphertext.

    5. Run the wq! command to save and close the configuration file.
    6. Restart the eSight server to effective the new password.
Modifying the Encryption Algorithm Key

The key of an encryption algorithm is used to encrypt and decrypt the password of the agile reporter's Tomcat certificate, agile reporter client password of the co-deployment SSO account, and password for storing report data. After the key is changed, the password of the agile reporter's Tomcat certificate, agile reporter client password of the co-deployment SSO account, and password for storing report data need to be regenerated.

Prerequisites

You have logged in to the server as the administrator (in the Windows operating system) or ossuser user (in the Linux operating system).

NOTE:

If security hardening has been performed for the Windows operating system, you need to log in to the server as the SWMaster user.

Context

Changing the key of an encryption algorithm affects the password of the agile reporter's Tomcat certificate, agile reporter client password of the co-deployment SSO account, and password for storing report data. If the key of an encryption algorithm is different from that for encrypting the password of the agile reporter's Tomcat certificate, agile reporter client password of the co-deployment SSO account, and password for storing report data, the server running eSight agile reporter cannot be started.

Procedure
  • Windows operating system
    1. Stop the eSight server if it is running.
    2. Run the following command to go to eSight installation directory\AppBase\UniBI_Server\tools.

      cd eSight installation directory\AppBase\UniBI_Server\tools

    3. Run the following command to generate an algorithm key:

      encryptreversible.bat -k

      Enter key and keyPath as prompted. The value of keyPath is eSight installation directory\AppBase\UniBI_Server\unibi-solutions\security\conf. After the command is executed, a key file is generated.

      NOTE:

      All special characters in the password must be correctly escaped.

      • The key can contain only letters, digits, space characters, and special characters.
      • If the key contains special characters, enclose the key in a pair of double quotation marks, for example, "#Password@123".
      • If the key contains special character " and the password has been enclosed in a pair of double quotation marks, use " to escape the " character, for example, "Password""hjk1 2".
    4. Run the following commands to encrypt the password of the agile reporter's Tomcat certificate, password of the co-deployment SSO account, and password for storing report data.

      encryptreversible.bat –i

      Enter the password, confirm password, and keyPath as prompted. The value of keyPath is eSight installation directory\AppBase\UniBI_Server\unibi-solutions\security\conf.

      NOTE:
      • The initial password of the Tomcat certificate of the agile reporter is Changeme_123.
      • The initial password of the co-deployment SSO account is Changeme_123.
      • The initial password for storing report data is Changeme123.
    5. Update the encrypted password character string in the configuration file.
      • Go to eSight installation directory\AppBase\UniBI_Server\unibi-solutions\system\conf, and set keystorePass in the sysytem.properties file to the encrypted password of the Tomcat certificate password.
      • Go to eSight installation directory\AppBase\UniBI_Server\etc\sso.sm and set sm.auth.pwd in the ssoConfig.properties file to the encrypted password of the co-deployment SSO account.
      • Go to eSight installation directory\AppBase\UniBI_Server\unibi-solutions\system\dbconnection and set DBPassword of the database connection whose Name is molapmysqlcon1 in the dbconnection.xml file to the encrypted password for storing report data.
    6. Restart the eSight server for the modification to take effect.
  • Linux operating system
    1. Stop the eSight server if it is running.
    2. Run the following command to go to eSight installation directory/AppBase/UniBI_Server/tools.

      cd eSight installation directory/AppBase/UniBI_Server/tools

    3. Run the following command to generate an algorithm key:

      ./encryptreversible.sh -k

      Enter key and keyPath as prompted. The value of keyPath is eSight installation directory\AppBase\UniBI_Server\unibi-solutions\security\conf. After the command is executed, a key file is generated.

      NOTE:

      All special characters in the password must be correctly escaped.

      • The key can contain only letters, digits, space characters, and special characters.
      • If the key contains special characters, enclose the key in a pair of single quotation marks, for example, '#Password@123'.
      • If the key contains special character ', enclose the key in a pair of double quotation marks, for example: "Pa'ssword123".
      • If the key contains special characters " or ' and the password has been enclosed in a pair of double quotation marks, use \ to escape the " or ' character, for example, "past'yh\"gf\` jkh".
    4. Run the following commands to encrypt the password of the agile reporter's Tomcat certificate, password of the co-deployment SSO account, and password for storing report data.

      ./encryptreversible.sh –i

      Enter the password, confirm password, and keyPath as prompted. The value of keyPath is eSight installation directory\AppBase\UniBI_Server\unibi-solutions\security\conf.

      NOTE:
      • The initial password of the Tomcat certificate of the agile reporter is Changeme_123.
      • The initial password of the co-deployment SSO account is Changeme_123.
      • The initial password for storing report data is Changeme123.
    5. Update the encrypted password character string in the configuration file.
      • Go to eSight installation directory/AppBase/UniBI_Server/unibi-solutions/system/conf, and set keystorePass in the sysytem.properties file to the encrypted password of the Tomcat certificate password.
      • Go to eSight installation directory/AppBase/UniBI_Server/etc/sso.sm and set sm.auth.pwd in the ssoConfig.properties file to the encrypted password of the co-deployment SSO account.
      • Go to eSight installation directory/AppBase/UniBI_Server/unibi-solutions/system/dbconnection and set DBPassword of the database connection whose Name is molapmysqlcon1 in the dbconnection.xml file to the encrypted password for storing report data.
    6. Restart the eSight server for the modification to take effect.
Changing the agentlessResult User Password

You are commended to change the SFTP user password at the first login to the eSight to ensure user security. Changing passwords periodically prevents theft of the passwords and unauthorized access.

Prerequisite

On Windows, this operation is performed as the administrator. On Linux, this operation is performed as the ossuser user.

NOTE:

Log in to the server as the SWMaster user if the Windows is hardened.

Context

SFTP default account is agentlessResult and default password is Huawei@123.

Procedure
  • Windows
    1. Run the following command to switch the encrypt directory.

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext for the new password.
      1. encrypt.bat 0
      2. Enter and confirm the new password as prompted.

        Assume that the new password is Changeme_123. After the command is successfully executed, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d

        NOTE:

        The reversible Advanced Encryption Standard (AES) is used in this command.

    3. Open the configuration file eSight installation directory\AppBase\lib\com.huawei.esight.it.hostaccess\config\Hostftp.conf.
    4. Modify the password as follows.

      Modify SFTP password: Replace the value of the configuration item hostResultPwd= with the generated ciphertext.

    5. Save and close the configuration file.
    6. Restart the eSight server.
  • Linux
    1. Run the following command to switch the encrypt directory.

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext for the new password.
      1. encrypt.sh 0
      2. Enter and confirm the new password as prompted.

        Assume that the new password is Changeme_123. After the command is successfully executed, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d

        NOTE:

        The reversible Advanced Encryption Standard (AES) is used in this command.

    3. Run the following command to open the configuration file HostSftp.conf.

      vi eSight installation directory/AppBase/lib/com.huawei.esight.it.hostaccess/config/HostSftp.conf

    4. Modify the password as follows.

      Modify SFTP password: Replace the value of the configuration item hostResultPwd= with the generated ciphertext.

    5. Run the wq! command to save and close the configuration file.
    6. Restart the eSight server to effective the new password.
Changing the Password for the Host Management SNMP V3 Protocol

Periodically change the password to prevent the system password from being stolen and ensure system security.

Prerequisite

In Windows, log in to the server as an administrator. In Linux, log in to the server as user ossuser.

NOTE:

Log in to the server as the SWMaster user if the Windows is hardened.

Context

The default user name and password are Kaimse and Changeme123, respectively.

Procedure
  • Windows
    1. Run the following command to go to the directory of the encryption tool:

      cd eSight installation directory/mttools/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext for the new password:
      1. encrypt.bat 0
      2. Enter and confirm the new password as prompted.

        Assume that the new password is Changeme_123. After the command is successfully executed, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d

        NOTE:

        This command uses the reversible Advanced Encryption Standard (AES) encryption algorithm.

    3. Run the following command to enter the host component installation directory:

      cd eSight/AppBase/app/com.huawei.esight.it.hostaccess/repository/as

    4. Use WinRAR to open package com.huawei.esight.it.host.be.as.base-1.0-SNAPSHOT.jar, enter directory META-INF, and open configuration file host_agent_alarm_info.xml.
    5. Change the key. The password change parameters are described as follows:
      • Secusername: SNMP V3 user name
      • authpro: authentication protocol, HMAC_SHA or HMAC_MD5
      • authkey: encrypted authentication password
      • privpro: data encryption protocol, CBC_DES or AES_128
      • privkey: encrypted data encryption password

        authkey and privkey map to passwords encrypted using the encryption tool.

    6. Save the setting and close the configuration file.
    7. Restart the eSight server for the new password to take effect.
  • Linux
    1. Run the following command to go to the directory of the encryption tool:

      cd eSight installation directory/mttools/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext for the new password:
      1. encrypt.sh 0
      2. Enter and confirm the new password as prompted.

        Assume that the new password is Changeme_123. After the command is successfully executed, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d

      NOTE:

      This command uses the reversible AES encryption algorithm.

    3. Use the SFTP tool to download the com.huawei.esight.it.host.be.as.base-1.0-SNAPSHOT.jar package from the server path eSight/AppBase/app/com.huawei.esight.it.hostaccess/repository/as to a local path. Use WinRAR to open package com.huawei.esight.it.host.be.as.base-1.0-SNAPSHOT.jar, enter directory META-INF, and open configuration file host_agent_alarm_info.xml.
    4. Change the key. The password change parameters are described as follows:
      • Secusername: SNMP V3 user name
      • authpro: authentication protocol, HMAC_SHA or HMAC_MD5
      • authkey: encrypted authentication password
      • privpro: data encryption protocol, CBC_DES or AES_128
      • privkey: encrypted data encryption password

        authkey and privkey map to passwords encrypted using the encryption tool.

    5. Save the setting and close the configuration file. Use the SFTP tool to upload the com.huawei.esight.it.host.be.as.base-1.0-SNAPSHOT.jar package to the eSight/AppBase/app/com.huawei.esight.it.hostaccess/repository/as directory on the server.
    6. Restart the eSight server for the new password to take effect.
Modifying the Registered User of a Distributed Storage Device

When logging in to a distributed storage device for the first time, you need to change the initial password of the registered user of the device to ensure security of the user. Regularly changing the password can prevent malicious password theft and protect the system against unauthorized intrusions.

Prerequisites

You have logged in to the server as the administrator (in the Windows operating system) or ossuser user (in the Linux operating system).

NOTE:

If security hardening has been performed for the Windows operating system, you need to log in to the server as the SWMaster user.

Context

The initial user name and password of the registered user of the distributed storage are admin and Huawei@123, respectively.

Procedure
  • Windows operating system
    1. Run the following command to open the directory of the encrypt tool:

      cd Installation directory/AppBase/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext of the new password:
      1. encrypt.bat 0
      2. Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d

        NOTE:

        The reversible Advanced Encryption Algorithm (AES) algorithm is used in this command.

    3. Open the Installation directory\AppBase\etc\esight.storage\NorthUser\UserInfo.properties file.
    4. Change the password as follows:

      Replace information next to password= with the newly generated password ciphertext to change the registered user password of the distributed storage device.

    5. Save and close the configuration file.
    6. Restart the server for the new password to take effect.
  • Linux operating system
    1. Run the following command to open the directory of the encrypt tool:

      cd Installation directory/AppBase/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext of the new password:
      1. encrypt.sh 0
      2. Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d

        NOTE:

        The reversible AES algorithm is used in this command.

    3. Run the following command to open the UserInfo.properties file:

      vi Installation directory/AppBase/etc/esight.storage/NorthUser/UserInfo.properties

    4. Change the password as follows:

      Replace information next to password= with the newly generated password ciphertext to change the registered user password of the distributed storage device.

    5. Run the wq! command to save the file and exit.
    6. Restart the server for the new password to take effect.

Changing Server Management User Password

You need to change your initial password at the first login, and change your password periodically to ensure the security of your account the system.

Changing the Password of the Automatic Detection Service User

The V300R010C00SPC500 version does not support this function. The V300R010C00SPC500 version having a patch version later than V300R010C00SPC500 installed also does not support this function.

Prerequisites
  • You have logged in to eSight.
  • The broadcast function has been enabled for the device for which the password of the automatic detection service needs to be changed.
Context
  • The default user and password for using the automatic detection service of eSight are root and Huawei12#$, respectively.
  • For security purposes, it is recommended the password be changed to one that meets the following requirements:
    • Contain 8 to 20 characters.
    • Contain at least one space character or one of the following special characters:

      `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

    • Be a combination of at least two of the following characters:

      At least one lowercase letter

      At least one uppercase letter

      At least one digit

    • Be different from the user name or the user name in reverse order.
    • Contain at least two different characters from the old password.
NOTE:
  • If the password complexity requirements on the device are different from those on eSight, the new password must meet the password complexity requirements on both the device and eSight.
  • The password complexity requirements vary depending on the device type. For details, see the specific device requirements.
Procedure
  1. Choose Resource > Server from the menu.
  2. Choose Service Settings > Auto Detection Service from the navigation tree.
  3. Click Modify next to the user name.
  4. Enter the new password in Password and Confirm Password.
  5. Click Apply to complete the operation.
Changing the SimpleOS User Password

The V300R010C00SPC500 version does not support this function. The V300R010C00SPC500 version having a patch version later than V300R010C00SPC500 installed also does not support this function.

Prerequisites
  • You have logged in to the server.
  • The SimpleOS has been loaded on the server.
Context
  • The default user name and password of the SimpleOS are root and Huawei@123, respectively.
  • The password must contain at least eight characters, and must include uppercase letters, lowercase letters, and digits.
Procedure
  1. Log in to the KVM of the server on eSight.

    NOTE:

    You can also log in to the KVM of the server on the iMana 200 page.

  2. Log in to the SimpleOS as the default user.
  3. Run the passwd root command to change the user password of the SimpleOS.
  4. Enter the new password in New Password.
  5. Enter the new password again in Reenter New Password.

    The new password takes effect when you log in to the SimpleOS again.

    NOTE:

    After the SimpleOS is reloaded, the password is automatically restored to the initial one.

Changing the Password for an iMana/iBMC User

To remotely control blade servers using eSight, you need to configure the eSightMgmt user in the iMana/iBMC after the servers are added to eSight.

Context
  • The management page and operation command format are different for different types of blades in the blade servers. For example, the iMana 200 page is used for CH121 and CH140 blades, and the iBMC page is used for CH121 V3 and CH140 V3 blades. For details about the used management page and command format, download Huawei server product documentation from the Huawei technical support website. To download the product documentation from the Huawei technical support website, perform the following operations:
  • For security purposes, it is recommended the password be changed to one that meets the following requirements:
    • Contain 8 to 20 characters.
    • Contain at least one space character or one of the following special characters:

      `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

    • Be a combination of at least two of the following characters:

      At least one lowercase letter

      At least one uppercase letter

      At least one digit

    • Be different from the user name or the user name in reverse order.
    • Contain at least two different characters from the old password.
    NOTE:
    • If the password complexity requirements on the device are different from those on eSight, the new password must meet the password complexity requirements on both the device and eSight.
    • The password complexity requirements vary depending on the device type. For details, see the specific device requirements.
Procedure on the iMana Page

For devices such as V1 and V2 servers, perform the following operations on the iMana 200 page:

  1. Choose Configuration > User from the navigation tree on the left.
  2. Click next to the eSightMgmt user in the area on the right.

    The dialog box for modifying user information is displayed.

  3. Change the password.

    1. Enter the current password in the Current User Password text box.
    2. Select Change Password.
    3. Enter a new password in the New Password text box.
    4. Enter the new password in the Confirm Password text box.
    5. Click OK.

Procedure on the iBMC Page

For devices such as V3 and V5 servers, perform the following operations on the iBMC page:

  1. Choose System from the menu and choose Local User from the navigation tree on the left.
  2. In the user list, select the eSightMgmt user and click .
  3. In the Modify User Information dialog box, modify the basic attributes of users.

    • In Current User Password, enter the password of the current login user.
    • In User Name, enter the name of the target user.
    • Select the check box next to Change Password, and enter the password of the target user in the New Password text box.
    • In Confirm Password, enter the password of the target user again.

  4. Click Save. The Local User page is displayed, and the user information is modified successfully.
Procedure on eSight
After changing the password of the iMana/iBMC user on the server, you need to change the password on eSight accordingly.
NOTE:
  • In the Windows operating system, you need to log in to the server as the administrator. If security hardening has been performed on the Windows operating system, you need to log in to the server as the SWMaster user.
  • In the Linux operating system, you need to log in to the server as the ossuser user.
  1. Use the encryption tool to encrypt the new password.

    • Windows operating system
      1. Run the following command to open the directory of the encrypt tool:

        cd eSight installation directory/AppBase/tools/bmetool/encrypt

      2. Run the following command to encrypt the new password:

        encrypt.bat 0

        Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
        NOTE:

        The reversible Advanced Encryption Standard (AES) algorithm is used in this command.

      3. Open the configuration file eSight installation directory/AppBase/lib/resources/default_data/defaultData.xml.
      4. Change the value of pwd to the generated ciphertext.
      5. Save and close the configuration file.

        The new password takes effect upon next startup of eSight.

    • Linux operating system
      1. Run the following command to open the directory of the encrypt tool:

        cd eSight installation directory/AppBase/tools/bmetool/encrypt

      2. Run the following command to encrypt the new password:

        ./encrypt.sh 0

        Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
        NOTE:

        The reversible Advanced Encryption Standard (AES) algorithm is used in this command.

      3. Run the following command to open the configuration file defaultData.xml:

        vi eSight installation directory/AppBase/lib/resources/default_data/defaultData.xml

      4. Change the value of pwd to the generated ciphertext.
      5. Run the wq! command to save and close the configuration file.

        The new password takes effect upon next startup of eSight.

  2. On eSight, change the passwords of all involved iMana/iBMC server users to the new passwords.

    1. Log in to eSight. Choose Resource > Server from the menu.
    2. Choose Server Device > Blade Server from the navigation tree. Click the IP address of a blade server in the area on the right.
    3. Choose Component > Hardware from the navigation tree on the left. Click a blade name in the Blade area on the right.
    4. Choose Settings > Protocol Parameters from the navigation tree on the left.
    5. Enter the new password of the eSightMgmt user in Authentication password and Data encryption password in the SNMP protocol area.
    6. Click Test when the configuration is successful. Click Apply to confirm the operation.
    7. Repeat the preceding steps to change the password of the eSightMgmt user for all blades on the blade server.

Changing the Password for a Switch Board SNMP User

When an E9000 server is added to eSight for the first time, the eSightSwitch user is configured on the service plane of the switch board.

Prerequisites
You have changed the user name and password of the switch board, and the change result has been recorded. For details, see the Huawei server product documentation that can be downloaded from the Huawei technical support website. To download the product documentation from the Huawei technical support website, perform the following operations:
Context
For security purposes, it is recommended the password be changed to one that meets the following requirements:
  • Contain 8 to 20 characters.
  • Contain at least one space character or one of the following special characters:

    `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

  • Be a combination of at least two of the following characters:

    At least one lowercase letter

    At least one uppercase letter

    At least one digit

  • Be different from the user name or the user name in reverse order.
  • Contain at least two different characters from the old password.
NOTE:
  • If the password complexity requirements on the device are different from those on eSight, the new password must meet the password complexity requirements on both the device and eSight.
  • The password complexity requirements vary depending on the device type. For details, see the specific device requirements.
Procedure
After changing the password of the eSightSwitch user on the server, you need to change the password on eSight accordingly.
NOTE:
  • In the Windows operating system, you need to log in to the server as the administrator. If security hardening has been performed on the Windows operating system, you need to log in to the server as the SWMaster user.
  • In the Linux operating system, you need to log in to the server as the ossuser user.
  • Windows operating system
    1. Go to the eSight installation directory/AppBase/tools/bmetool/encrypt directory where the encryption tool encrypt is located.
    2. Run the following command in the CLI to encrypt the new password:

      encrypt.bat 0

      Enter a new password, and confirm the password as prompted.

      Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

      9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      NOTE:

      The reversible Advanced Encryption Standard (AES) algorithm is used in this command.

    3. Open the configuration file eSight installation directory/AppBase/lib/resources/default_data/SwitchData.xml.

      The parameters for configuring the SNMP user name and password are as follows:

      <snmp>
      <name>eSightSwitch</name>
      <pkey>@010200000000f3f5c68b407d2ac08628e91de393b849642fc960c6337c3ad295909b27d98117</pkey>
      </snmp>
    4. Change the value of name to the new user name.
    5. Change the value of pkey to the ciphertext of the new password.
    6. Save and close the configuration file.

      Update the server switch board information for the modification to take effect.

  • Linux operating system
    1. Run the following command to open the directory of the encrypt tool:

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

    2. Run the following command to encrypt the new password:

      ./encrypt.sh 0

      Enter a new password, and confirm the password as prompted.

      Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

      9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      NOTE:

      The reversible Advanced Encryption Standard (AES) algorithm is used in this command.

    3. Run the following command to open the configuration file SwitchData.xml:

      vi eSight installation directory/AppBase/lib/resources/default_data/SwitchData.xml

      The parameters for configuring the SNMP user name and password are as follows:

      <snmp>
      <name>eSightSwitch</name>
      <pkey>@010200000000f3f5c68b407d2ac08628e91de393b849642fc960c6337c3ad295909b27d98117</pkey>
      </snmp>
    4. Change the value of name to the new user name.
    5. Change the value of pkey to the ciphertext of the new password.
    6. Run the wq! command to save and close the configuration file.

      Update the server switch board information for the modification to take effect.

Changing the Password for a Switch Board SSH/sTelnet User

When an E9000 server is added to eSight, the default administrator root of the switch board is used.

Prerequisites
You have changed the user name and password of the switch board, and the change result has been recorded. The switch board user is the authentication user for eSight to connect switch board devices. The switch board user information on eSight must be consistent with that on the switch board device. For details, see the Huawei server product documentation that can be downloaded from the Huawei technical support website. To download the product documentation from the Huawei technical support website, perform the following operations:
Context
For security purposes, it is recommended the password be changed to one that meets the following requirements:
  • Contain 8 to 20 characters.
  • Contain at least one space character or one of the following special characters:

    `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

  • Be a combination of at least two of the following characters:

    At least one lowercase letter

    At least one uppercase letter

    At least one digit

  • Be different from the user name or the user name in reverse order.
  • Contain at least two different characters from the old password.
NOTE:
  • If the password complexity requirements on the device are different from those on eSight, the new password must meet the password complexity requirements on both the device and eSight.
  • The password complexity requirements vary depending on the device type. For details, see the specific device requirements.
Procedure
  1. Use the encryption tool to encrypt the new password.

    • Windows operating system
      1. Run the following command to open the directory of the encrypt tool:

        cd eSight installation directory/AppBase/tools/bmetool/encrypt

      2. Run the following command to encrypt the new password:

        encrypt.bat 0

        Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
        NOTE:

        The reversible Advanced Encryption Standard (AES) algorithm is used in this command.

      3. Open the configuration file eSight installation directory/AppBase/lib/resources/default_data/SwitchData.xml.

        The parameters for configuring the switch board user name and password are as follows:

        <data>
        <name>root</name>
        <pkey>@010200000000f3f5c68b407d2ac08628e91de393b849642fc960c6337c3ad295909b27d98117</pkey>
        </data>
      4. Change the value of name to the new user name.
      5. Change the value of pkey to the ciphertext of the new password.
      6. Save and close the configuration file.

        Update the server for the modification to take effect.

    • Linux operating system
      1. Run the following command to open the directory of the encrypt tool:

        cd eSight installation directory/AppBase/tools/bmetool/encrypt

      2. Run the following command to encrypt the new password:

        ./encrypt.sh 0

        Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
        NOTE:

        The reversible Advanced Encryption Standard (AES) algorithm is used in this command.

      3. Run the following command to open the configuration file SwitchData.xml:

        vi eSight installation directory/AppBase/lib/resources/default_data/SwitchData.xml

        The parameters for configuring the switch board user name and password are as follows:

        <data>
        <name>root</name>
        <pkey>@010200000000f3f5c68b407d2ac08628e91de393b849642fc960c6337c3ad295909b27d98117</pkey>
        </data>
      4. Change the value of name to the new user name.
      5. Change the value of pkey to the ciphertext of the new password.
      6. Run the wq! command to save and close the configuration file.

        Update the server for the modification to take effect.

  2. Change the switch board user password of the blade server to the new password on eSight.

    1. Log in to eSight. Choose Resource > Server from the menu.
    2. Choose Server Device > Blade Server from the navigation tree. Click the IP address of the server where the switch board to be managed is located.
    3. Choose Settings > Switchboard Protocol Parameters from the navigation tree on the left.
    4. Click the corresponding switch board name in the area on the right.
    5. Enter the changed user name of the switch board in the Username text box.
    6. Enter the changed password of the switch board in the Password text box.
    7. Click Test. Click OK to confirm the operation.
    8. Click Apply.

Changing the itSftpUser User Password

Upon first login, you are advised to change the initial password for the SFTP user to ensure user security. Regularly changing the password can prevent malicious password theft and protect the system against unauthorized intrusions. The V300R010C00SPC500 version does not support this function. The V300R010C00SPC500 version having a patch version later than V300R010C00SPC500 installed also does not support this function.

Prerequisites

In the Windows operating system, you have logged in to the server as the administrator. In the Linux operating system, you have logged in to the server as the ossuser user.

Context

The initial SFTP user and password are itSftpUser and Huawei@123, respectively.

NOTE:

If security hardening has been performed for the Windows operating system, you need to log in to the server as the SWMaster user.

Procedure
  • Windows operating system
    1. Go to the directory where the encryption tool encrypt is stored.

      eSight installation directory/AppBase/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext of the new password:
      1. encrypt.bat 0
      2. Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d

        NOTE:

        The reversible Advanced Encryption Algorithm (AES) algorithm is used in this command.

    3. Open the configuration file eSight installation directory\AppBase\lib\com.huawei.esight.it.framework\config\SftpAndFtp.conf.
    4. Change the password as follows:

      Replace information next to sftpValue= with the newly generated password ciphertext to change the SFTP user password.

    5. Save and close the configuration file.
    6. Restart the server for the new password to take effect.
  • Linux operating system
    1. Run the following command to open the directory of the encrypt tool:

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext of the new password:
      1. encrypt.sh 0
      2. Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d

        NOTE:

        The reversible AES algorithm is used in this command.

    3. Run the following command to open the configuration file SftpAndFtp.conf:

      vi eSight installation directory/AppBase/lib/com.huawei.esight.it.framework/config/SftpAndFtp.conf

    4. Change the password as follows:

      Replace information next to sftpValue= with the newly generated password ciphertext to change the SFTP user password.

    5. Run the wq! command to save the file and exit.
    6. Restart the server for the new password to take effect.
Changing the batchCopyUser User Password

Upon first login, you are advised to change the initial password for the SFTP user to ensure user security. Regularly changing the password can prevent malicious password theft and protect the system against unauthorized intrusions. The V300R010C00SPC500 version does not support this function. The V300R010C00SPC500 version having a patch version later than V300R010C00SPC500 installed also does not support this function.

Prerequisites

In the Windows operating system, you have logged in to the server as the administrator. In the Linux operating system, you have logged in to the server as the ossuser user.

NOTE:

If security hardening has been performed for the Windows operating system, you need to log in to the server as the SWMaster user.

Context

The initial SFTP user and password are batchCopyUser and Huawei@123, respectively.

Procedure
  • Windows operating system
    1. Go to the directory where the encryption tool encrypt is stored.

      eSight installation directory/AppBase/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext of the new password:
      1. encrypt.bat 0
      2. Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d

        NOTE:

        The reversible AES algorithm is used in this command.

    3. Open the configuration file eSight installation directory\AppBase\lib\com.huawei.esight.it.serverbusiness.base\config\ServerSftp.conf.
    4. Change the password as follows:

      Replace information next to sftpValue= with the newly generated password ciphertext to change the SFTP user password.

    5. Save and close the configuration file.
    6. Restart the server for the new password to take effect.
  • Linux operating system
    1. Run the following command to open the directory of the encrypt tool:

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext of the new password:
      1. encrypt.sh 0
      2. Enter a new password, and confirm the password as prompted.

        Assume that the new password is Changeme_123. After the command is executed successfully, the following information is displayed:

        9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d

        NOTE:

        The reversible AES algorithm is used in this command.

    3. Run the following command to open the configuration file SftpAndFtp.conf:

      vi eSight installation directory/AppBase/lib/com.huawei.esight.it.serverbusiness.base/config/ServerSftp.conf

    4. Change the password as follows:

      Replace information next to sftpValue= with the newly generated password ciphertext to change the SFTP user password.

    5. Run the wq! command to save the file and exit.
    6. Restart the server for the new password to take effect.

Changing the Collaborations Passwords

To ensure account security, you need to change the initial password the first time you log in. Changing passwords periodically prevents theft of the passwords and unauthorized access. Some passwords have been predefined in the eSight configuration file. To change the passwords, use the encryption tool to encrypt planned passwords and replace the passwords in the configuration file with encrypted passwords to ensure system security.

Changing Passwords on the eSight Server Running on Linux
  1. Log in to the eSight server as the ossuser user.

    NOTE:

    Remotely log in to the server as the ossuser user and switch to the root user if the Linux is hardened.

  2. Run the following command to encrypt the new password:

    • The reversible Advanced Encryption Standard (AES) is used in this command.

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

      ./encrypt.sh 0

      The following information is displayed:

      please input the password: 
       
      Please input the password again: 
       
      @010200000000b44ed1400e851e03c88cf7b8c4c6adb9d380124b56deab03a8dc220e152ac5a6

      In the preceding information, @010200000000b44ed1400e851e03c88cf7b8c4c6adb9d380124b56deab03a8dc220e152ac5a6 indicates the ciphertext for the password.

    • The irreversible Hash-based Message Authentication Code-SHA256 (HMAC-SHA256) algorithm is used in this command.

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

      ./encrypt.sh 1

      The following information is displayed:

      please input the password: 
       
      Please input the password again: 
       
      FKo827lZCtox08O3ueMh/9BvD0OIEJDwPlSu999VDmo=
      Un827+r7ARyOjqSV4IaZCySd3ajZ8duEyme+/5QNyg8=

      In the preceding information, FKo827lZCtox08O3ueMh/9BvD0OIEJDwPlSu999VDmo= indicates the ciphertext for the password, Un827+r7ARyOjqSV4IaZCySd3ajZ8duEyme+/5QNyg8= indicates the salt value.

    • The irreversible Password-Based Key Derivation Function (PBKDF2) algorithm is used in this command.

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

      ./encrypt.sh 2

      The following information is displayed:

      please input the password: 
       
      Please input the password again: 
       
      ZvBdkowi3RJEcngT0a41xcezpa+WnRcN+SFyw8GjYIs\=
      yrxbpEh3IjP/Cu6RdK/BDv1XVokG0IrtVXXUmDFXjFg\=

      In the preceding information, ZvBdkowi3RJEcngT0a41xcezpa+WnRcN+SFyw8GjYIs\= indicates the ciphertext for the password, yrxbpEh3IjP/Cu6RdK/BDv1XVokG0IrtVXXUmDFXjFg\= indicates the salt value.

  3. Use the encrypted password to replace the original password.
Changing Passwords on the eSight Server Running on Windows
  1. Log in to the eSight server as the Administrator user.

    NOTE:

    Log in to the server as the SWMaster user if the Windows is hardened.

  2. Choose Start > Run on your PC, enter cmd, and press Enter.
  3. Run the following command to encrypt the new password:

    • The reversible Advanced Encryption Standard (AES) is used in this command.

      cd /d eSight installation directory\AppBase\tools\bmetool\encrypt

      ./encrypt.bat 0

      The following information is displayed:

      please input the password: 
       
      Please input the password again: 
       
      @010200000000b44ed1400e851e03c88cf7b8c4c6adb9d380124b56deab03a8dc220e152ac5a6

      In the preceding information, @010200000000b44ed1400e851e03c88cf7b8c4c6adb9d380124b56deab03a8dc220e152ac5a6 indicates the ciphertext for the password.

    • The irreversible Hash-based Message Authentication Code-SHA256 (HMAC-SHA256) algorithm is used in this command.

      cd /d eSight installation directory\AppBase\tools\bmetool\encrypt

      ./encrypt.bat 1

      The following information is displayed:

      please input the password: 
       
      Please input the password again: 
       
      FKo827lZCtox08O3ueMh/9BvD0OIEJDwPlSu999VDmo=
      Un827+r7ARyOjqSV4IaZCySd3ajZ8duEyme+/5QNyg8=

      In the preceding information, FKo827lZCtox08O3ueMh/9BvD0OIEJDwPlSu999VDmo= indicates the ciphertext for the password, Un827+r7ARyOjqSV4IaZCySd3ajZ8duEyme+/5QNyg8= indicates the salt value.

    • The irreversible Password-Based Key Derivation Function (PBKDF2) algorithm is used in this command.

      cd /d eSight installation directory\AppBase\tools\bmetool\encrypt

      ./encrypt.bat 2

      The following information is displayed:

      please input the password: 
       
      Please input the password again: 
       
      ZvBdkowi3RJEcngT0a41xcezpa+WnRcN+SFyw8GjYIs\=
      yrxbpEh3IjP/Cu6RdK/BDv1XVokG0IrtVXXUmDFXjFg\=

      In the preceding information, ZvBdkowi3RJEcngT0a41xcezpa+WnRcN+SFyw8GjYIs\=yrxbpEh3IjP/Cu6RdK/BDv1XVokG0IrtVXXUmDFXjFg\= indicates the ciphertext for the password.

  4. Use the encrypted password to replace the original password.

Changing Video Surveillance User Passwords

To ensure account security, you need to change the initial password the first time you log in. You need to periodically change the account password to prevent system passwords from being stolen and ensure system security. Some passwords are preset in the eSight configuration file. If you need to change these passwords, use the encryption tool to encrypt the passwords planned onsite. Then, replace the original default passwords. This feature ensures system security.

Changing Passwords on the eSight Server Running the Linux Operating System
  1. Log in to the eSight server as the ossuser user.

    NOTE:

    If the Linux operating system is hardened, you need to remotely log in to the server as the ossuser and switch to the root user.

  2. Use the encryption tool to encrypt the passwords.

    • The reversible Advanced Encryption Standard (AES) algorithm is used.

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

      ./encrypt.sh 0

      The following information is displayed:

      please input the password: 
       
      Please input the password again: 
      @010200000000b44ed1400e851e03c88cf7b8c4c6adb9d380124b56deab03a8dc220e152ac5a6

      @010200000000b44ed1400e851e03c88cf7b8c4c6adb9d380124b56deab03a8dc220e152ac5a6 indicates an encrypted password.

    • The irreversible Hash-based Message Authentication Code-SHA256 (HMAC-SHA256) encryption algorithm is used.

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

      ./encrypt.sh 1

      The following information is displayed:

      please input the password: 
       
      Please input the password again: 
       
      FKo827lZCtox08O3ueMh/9BvD0OIEJDwPlSu999VDmo=
      Un827+r7ARyOjqSV4IaZCySd3ajZ8duEyme+/5QNyg8=

      FKo827lZCtox08O3ueMh/9BvD0OIEJDwPlSu999VDmo= is the encrypted password. Un827+r7ARyOjqSV4IaZCySd3ajZ8duEyme+/5QNyg8= is the encrypted salt.

    • The irreversible Password-Based Key Derivation Function (PBKDF2) algorithm is used.

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

      ./encrypt.sh 2

      The following information is displayed:

      please input the password: 
       
      Please input the password again: 
       
      ZvBdkowi3RJEcngT0a41xcezpa+WnRcN+SFyw8GjYIs\=
      yrxbpEh3IjP/Cu6RdK/BDv1XVokG0IrtVXXUmDFXjFg\=

      ZvBdkowi3RJEcngT0a41xcezpa+WnRcN+SFyw8GjYIs\= is the encrypted password. yrxbpEh3IjP/Cu6RdK/BDv1XVokG0IrtVXXUmDFXjFg\= is the encrypted salt.

  3. Replace preset passwords with cipher-text passwords.
Changing Passwords on the eSight Server Running the Windows Operating System
  1. Log in to the eSight server as the Administrator user.

    NOTE:

    If security hardening has been performed for the Windows operating system, you need to log in to the eSight server as the SWMaster user.

  2. Choose Start > Run. In the Run dialog box, enter cmd and press Enter.
  3. Use the encryption tool to encrypt the passwords.

    • The reversible AES algorithm is used.

      cd /d eSight installation directory\AppBase\tools\bmetool\encrypt

      ./encrypt.bat 0

      The following information is displayed:

      please input the password: 
       
      Please input the password again: 
      @010200000000b44ed1400e851e03c88cf7b8c4c6adb9d380124b56deab03a8dc220e152ac5a6

      @010200000000b44ed1400e851e03c88cf7b8c4c6adb9d380124b56deab03a8dc220e152ac5a6 indicates an encrypted password.

    • The irreversible HMAC-SHA256 encryption algorithm is used.

      cd /d eSight installation directory\AppBase\tools\bmetool\encrypt

      ./encrypt.bat 1

      The following information is displayed:

      please input the password: 
       
      Please input the password again: 
       
      FKo827lZCtox08O3ueMh/9BvD0OIEJDwPlSu999VDmo=
      Un827+r7ARyOjqSV4IaZCySd3ajZ8duEyme+/5QNyg8=

      FKo827lZCtox08O3ueMh/9BvD0OIEJDwPlSu999VDmo= is the encrypted password. Un827+r7ARyOjqSV4IaZCySd3ajZ8duEyme+/5QNyg8= is the encrypted salt.

    • The irreversible PBKDF2 algorithm is used.

      cd /d eSight installation directory\AppBase\tools\bmetool\encrypt

      ./encrypt.bat 2

      The following information is displayed:

      please input the password: 
       
      Please input the password again: 
       
      ZvBdkowi3RJEcngT0a41xcezpa+WnRcN+SFyw8GjYIs\=
      yrxbpEh3IjP/Cu6RdK/BDv1XVokG0IrtVXXUmDFXjFg\=

      ZvBdkowi3RJEcngT0a41xcezpa+WnRcN+SFyw8GjYIs\= is the encrypted password. yrxbpEh3IjP/Cu6RdK/BDv1XVokG0IrtVXXUmDFXjFg\= is the encrypted salt.

  4. Replace preset passwords with cipher-text passwords.

Changing the eIMS Management User Password

Changing passwords periodically prevents theft of the passwords and unauthorized access. This topic describes the method of changing the eIMS management user passwords.

Changing the emscomm User Password

This topic describes the steps of changing the emscomm user password.

Prerequisites
  • You have logged in to eSight.
  • You have the permission to change the password of the emscomm user.
Precautions

The emscomm user is used by eSight to connect NEs. The password must be the same as the password of the emscomm user on the NEs.

Procedure
  1. Choose Resource > Collaboration Resource from the main menu.
  2. Choose Network Element Device Management > eIMS Management > eIMS Device from the navigation tree on the left.
  3. Click next to the target device.
  4. On the page that is displayed, modify the password of the emscomm account.

    NOTE:

  5. Click OK.
Changing the soapuser User Password

This topic describes the steps of changing the soapuser user password.

Prerequisites
  • You have logged in to eSight.
  • You have the permission to change the password of the soapuser user.
Precautions

The soapuser user is used by eSight to connect NEs. The password must be the same as the password of the soapuser user on the NEs.

Procedure
  1. Choose Resource > Collaboration Resource from the main menu.
  2. Choose Network Element Device Management > eIMS Management > eIMS Device from the navigation tree on the left.
  3. Click next to the target device.
  4. On the page that is displayed, modify the password of the soapuser account.

    NOTE:

  5. Click OK.
Changing the eimsFtpuser User Password

This topic describes the steps of changing the eimsFtpuser user password.

Context

eimsFtpuser is the account for file transfer between eSight and NEs of the eIMS device, and the default password is Huawei@123.

Procedure
  1. Log in to the eSight server as the ossuser user.
  2. Change the password stored in the ftpusers.properties file.

    1. Run the following command to open the directory of the encrypt tool.

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext for the new password:

      ./encrypt.sh 2

      Please input the password:password
      
      Please input the password again:password

      In the command output, the first line is the irreversible ciphertext, and the second line is the salt.

      NOTE:
    3. Open the configuration file eSight installation directory/AppBase/etc/ftpusers.properties.

      vi eSight installation directory/AppBase/etc/ftpusers.properties

    4. Replace the value of the configuration item eimsFtpuser.password with the ciphertext generated in 2.b.
    5. Replace the value of the configuration item eimsFtpuser.slatValue with the salt generated in 2.b.
    6. Run the :wq command to save and close the configuration file.

  3. Change the password stored in the eimsNE.properties file.

    1. Run the following command to open the directory of the encrypt tool.

      cd eSight installation directory/AppBase/tools/bmetool/encrypt

    2. Run the following command to generate the ciphertext for the new password:
      NOTE:

      The password must be the same as that set in 2.b.

      ./encrypt.sh 0

      Please input the password:password
      
      Please input the password again:password
      NOTE:

      The reversible Advanced Encryption Standard (AES) is used in this command.

    3. Open the configuration file eSight installation directory/AppBase/etc/eims/eimsne/eimsNE.properties.

      vi eSight installation directory/AppBase/etc/eims/eimsne/eimsNE.properties

    4. Replace the value of the configuration item eimsFtpPsd with the ciphertext generated in 3.b.
    5. Run the :wq command to save and close the configuration file.

  4. Restart the eSight server.

Changing the eLTE Management User Password

This topic describes the method of changing the eLTE management user passwords. To ensure account security, you need to change the initial password upon first login. Change the password regularly to prevent the system password from being stolen and ensure system and user security.

Changing the Industry Terminal File Server User Password

This topic describes the steps of changing the Industry Terminal user password.

Prerequisites
  • You have logged in to eSight.
  • You have been assigned the operation rights.
NOTE:

Only the user admin has right to perform this task.

Precautions

The password must meet the following rules:

  • The password cannot contain the user name in normal or reverse order.
  • The password ranges from 8 to 32 characters.
  • No character can exceed 2 occurrences in the password.
  • The password must contain at least one uppercase letter, lowercase letter and digit.
  • The new password cannot be the same as the old password.
Changing the Industry Terminal File Server User Password
  1. Choose Resource > eLTE > eLTE System Settings > Global Parameters from the main menu. The Parameters Setting page is displayed.
  2. In Industry Terminal File Server Info, Enter Old password, New user name, New password and Confirm password.

    NOTE:

    The default password of Industry Terminal file server user is Changeme123. Do not change the file server user name or password during file loading and firmware upgrading.

  3. Click Apply.
Changing the emscomm User Password

This topic describes the steps of changing the emscomm user password.

Prerequisites
  • You have logged in to eSight.
  • You have been assigned the operation rights.
Precautions

The emscomm user is used by eSight to connect NEs. The password must be the same as the password of the emscomm user on the NEs.

The password must meet the following rules:

  • The password cannot contain the user name in normal or reverse order.
  • The password ranges from 8 to 32 characters.
  • No character can exceed 2 occurrences in the password.
  • The password must contain at least one uppercase letter, lowercase letter and digit.
NOTE:

The password settings must comply with the password policy of device. You can run the LST PWDPOLICY or LST PWDCFG MML command to query the NE user password policy. The MML command varies according to the NE type. You can use the corresponding MML command to query the NE user password policy based on the actual NE type.

Changing the emscomm User Password of eNodeB
  1. Choose Resource > eLTE > Resource Monitor > eNodeB from the main menu.
  2. Click next to the target eNodeB.
  3. On the page that is displayed, modify the password of the emscomm account.

    NOTE:

    The default password of emscomm user is ei*b+@b#6Nh(tS1j.

  4. Click OK.
Changing the emscomm User Password of eCNS
  1. Choose Resource > eLTE > Resource Monitor > eSE from the main menu.
  2. Click in the Operation column for the desired eCNS.
  3. On the page that is displayed, modify the password of the emscomm account.

    NOTE:

    The default password of emscomm user is ei*b+@b#6Nh(tS1j.

  4. Click OK.
Changing the elteFtpuser User Password

This topic describes how to change the eLTE management component elteFtpuser default user password.

Context

elteFtpuser is the account for file transfer between eSight and eNodeB, eCNS or eSE, and the default password is ei*b+@b#6Nh(tS1j.

Procedure
  • Windows
    1. Log in to the eSight server as the Administrator user.
      NOTE:

      Log in to the server as the SWMaster user if the Windows is hardened.

    2. Change the password stored in the ftpusers.properties file.
      1. Run the following command to open the directory of the encrypt tool.

        > cd /d Installation directory/AppBase/tools/bmetool/encrypt

      2. Run the following command to generate the ciphertext for the new password:

        > encrypt.bat 2 password

        In the command output, the first line is the irreversible ciphertext, and the second line is the salt.

        NOTE:
        • This command uses the irreversible Password-Based Key Derivation Function (PBKDF2) algorithm.
        • For details on the password changing rules, see Password Change Scenario and Policy.
      3. Open the configuration file installation directory/AppBase/etc/ftpusers.properties.
      4. Replace the value of the configuration item elteFtpuser.password with the generated ciphertext.

        Configuration example:

        elteFtpuser.password=fu+/ve+/vXczfgfvv70Be++/vS/vv73vv73vv71XPmDvv73vv71LUO+/ve+/vSle77+9P++/vU3vv70\=

      5. Replace the value of the configuration item elteFtpuser.slatValue with the generated salt.

        Configuration example:

        elteFtpuser.slatValue=HyISDiSyMuPMiuHtMob46fYiT8rHUV/DOqLYBSlU8d8\=

      6. Save and close the configuration file.
    3. Change the password stored in the primaryNE.properties file.
      1. Run the following command to open the directory of the encrypt tool.

        > cd /d Installation directory/AppBase/tools/bmetool/encrypt

      2. Run the following command to generate the ciphertext for the new password:

        The password must be the same as that set in 2.b.

        > encrypt.bat 0 password

      3. Open the configuration file installation directory/AppBase/etc/ewl/primaryne/primaryNE.properties.
      4. Replace the value of the configuration item elteFtpPsd with the ciphertext generated in 3.b

        Configuration example:

        elteFtpPsd=Hugg4P1s9+T/zQosnT8BMJylaVI+OBc1mEK+VSLeq8E=

      5. Save and close the configuration file.
    4. Restart the eSight server.
  • Linux
    1. Log in to the eSight server as the ossuser user.
    2. Change the password stored in the ftpusers.properties file.
      1. Run the following command to open the directory of the encrypt tool.

        > cd Installation directory/AppBase/tools/bmetool/encrypt

      2. Run the following command to generate the ciphertext for the new password:

        > ./encrypt.sh 2 password

        In the command output, the first line is the irreversible ciphertext, and the second line is the salt.

        NOTE:
        • This command uses the irreversible Password-Based Key Derivation Function (PBKDF2) algorithm.
        • For details on the password changing rules, see Password Change Scenario and Policy.
      3. Open the configuration file installation directory/AppBase/etc/ftpusers.properties.

        vi installation directory/AppBase/etc/ftpusers.properties

      4. Replace the value of the configuration item elteFtpuser.password with the generated ciphertext.

        Configuration example:

        elteFtpuser.password=MO+/vWjGge+/ve+/vUMQKA5YRFPvv705C0jvv70r77+9Fte477+977+977+977+9dwfvv73vv70\=

      5. Replace the value of the configuration item elteFtpuser.slatValue with the generated salt.

        Configuration example:

        elteFtpuser.slatValue=jUAfPQ18/pKcVUsmCwZSCikLikvgtnnS6Ff9Yj+sMAw\=

      6. Run the :wq! command to save and close the configuration file.
    3. Change the password stored in the primaryNE.properties file.
      1. Run the following command to open the directory of the encrypt tool.

        > cd Installation directory/AppBase/tools/bmetool/encrypt

      2. Run the following command to generate the ciphertext for the new password:

        The password must be the same as that set in 2.b.

        > ./encrypt.sh 0 password

      3. Open the configuration file installation directory/AppBase/etc/ewl/primaryne/primaryNE.properties

        vi installation directory/AppBase/etc/ewl/primaryne/primaryNE.properties

      4. Replace the value of the configuration item elteFtpPsd with the ciphertext generated in 3.b.

        Configuration example:

        elteFtpPsd=Hugg4P1s9+T/zQosnT8BMJylaVI+OBc1mEK+VSLeq8E=

      5. Run the :wq! command to save and close the configuration file.
    4. Restart the eSight server.
Changing the soapuser User Password

This topic describes the steps of changing the soapuser user password.

Prerequisites
  • You have logged in to eSight.
  • Only CGP devices have the soapuser user.
  • You have the permission to change the password of the soapuser user.
Precautions

The soapuser user is used by eSight to connect NEs. The password must be the same as the password of the soapuser user on the NEs.

The password must meet the following rules:

  • The password cannot contain the user name in normal or reverse order.
  • The password ranges from 8 to 32 characters.
  • No character can exceed 2 occurrences in the password.
  • The password must contain at least one uppercase letter, lowercase letter and digit.
NOTE:

The password settings must comply with the password policy of device. You can run the LST PWDPOLICY or LST PWDCFG MML command to query the NE user password policy. The MML command varies according to the NE type. You can use the corresponding MML command to query the NE user password policy based on the actual NE type.

Procedure
  1. Choose Resource > eLTE > Resource Monitor > eSE from the main menu.
  2. Click in the Operation column for the desired eCNS.
  3. On the page that is displayed, modify the password of the soapuser account.

    NOTE:

    The default password of the soapuser user is soap800@HW.

  4. Click OK.
Changing the Industry Terminal User Password

This topic describes the steps of changing the Industry Terminal user password.

Prerequisites
  • You have logged in to eSight.
  • You have been assigned the operation rights.
Precautions

The password must meet the following rules:

  • The password cannot contain the user name in normal or reverse order.
  • The password ranges from 8 to 32 characters.
  • No character can exceed 2 occurrences in the password.
  • The password must contain at least one uppercase letter, lowercase letter and digit.
Changing the Industry Terminal User Password
  1. Choose Resource > eLTE > Resource Monitor > Industry Terminal from the main menu. Click the Reset credential. The Reset credential page is displayed.
  2. In Reset credential, select Applicable range.

    NOTE:

    The Applicable range includes NMS, Device and all three cases.

  3. In NMS Authentication Information and Device Authentication Information, set New mode, Complexity check, New authentication user, New user name, New credential, and Confirm credential.
  4. Click OK.

Changing Driver User Password

Changing the eSight User Password for Interacting with the DriverFramework Service

To improve account security, you are advised to change the eSight user password for interacting with the DriverFramework service periodically to prevent it from being stolen and prevent the system from being illegally accessed. You need to change the eSight user password with the System Access function on CloudOpera, and change the password on eSight accordingly.

Context

By default, eSight provides open service interfaces so that eSight can interact with DriverFramework service in digest authentication mode. The default user name for digest authentication is eSight, and default password is Changeme_123.

The password must meet the following complexity requirements:

  • The password cannot contain the user name or the user name in reverse order.
  • The password must range from 8 to 32 characters.
  • The same character can be used for a maximum of twice.
  • The password must contain at least one uppercase letter (A to Z), at least one lowercase letter (a to z), and at least one digit (0 to 9).
  • The password must contain at least one special character (including spaces and !"#$%&'()*+,-./:;<=>?@[]^`{_|}~).
Procedure
  1. Log in to the eSight server as user ossuser.

    NOTE:

    In a two-node cluster scenario, you just need to change the password on the active eSight server.

  2. Run the following commands to generate an encryption password using the encryption tool:

    cd /opt/eSight/AppBase/tools/bmetool/encrypt

    ./encrypt.sh 0

    1. the new password and press Enter if the following information is displayed:
      Please input the password:
    2. Enter the new password again and press Enter if the following information is displayed:
      Please input the password again:   

      The system displays the encrypted password and records the password.

  3. Modify the rosinternal_config_ies.xml file.

    1. Run the following commands to open the rosinternal_config_ies.xml file:

      cd /opt/eSight/AppBase/etc/oms.ros/

      vi rosinternal_config_ies.xml

    2. Press i to enter the edit mode.
    3. Change the password of the eSight user under the digistAuthUser module to the encryption password generated in 2.
        <config name="digistAuthUsers">
                      <param name="eSight">Encrypted password of eSight user for interacting with the DriverFramework service</param>
              </config>
    4. Press Esc to exit the edit mode, and then run the :wq command to save the file.

  4. Modify the config.properties file.

    1. Run the following commands to open the config.properties file:

      cd /opt/eSight/AppBase/etc/ies

      vi config.properties

    2. Press i to enter the edit mode.
    3. Change the value of DigestUserPwd to the encryption password generated in 2.
      DigestUserPwd=Encrypted password of eSight user for interacting with the DriverFramework service
    4. Press Esc to exit the edit mode, and then run the :wq command to save the file.

  5. Restart eSight to make the configuration take effect.
Follow-up Procedure

Log in to the CloudOpera O&M plane, and change the password of the eSight system access user on the Access Management page.

Changing the eSight User Password for Interacting with the ApiGateway

To improve account security, you are advised to change the eSight user password for interacting with the ApiGateway periodically to prevent it from being stolen and prevent the system from being illegally accessed. You need to change the eSight user password with the User Management function on CloudOpera, and change the password on eSight accordingly.

Context

Service requests sent by eSight to the ApiGateway must contain a token for authentication. The token needs to use the user name and password allocated by the CloudOpera to eSight for login.

The password must meet the following complexity requirements:

  • The password cannot contain the user name or reversed user name.
  • The password must range from 8 to 32 characters.
  • The same character can be used for a maximum of twice.
  • The password must contain at least one uppercase letter (A to Z), at least one lowercase letter (a to z), and at least one digit (0 to 9).
  • The password must contain at least one special character (including spaces and !"#$%&'()*+,-./:;<=>?@[]^`{_|}~).
Procedure
  1. Log in to the eSight server as user ossuser.

    NOTE:

    In a two-node cluster scenario, you just need to change the password on the active eSight server.

  2. Perform the following operations to modify the config.properties file.

    1. Run the following commands to modify the configuration parameters:

      cd /opt/eSight/AppBase/tools

      ./modifyConfig.sh

      The following information is displayed:

      No    Key                     Value
      1     ER_IP                   
      2     ER_port                 
      3     PmdataNotToDB           false
      4     Performance_Select      true
      5     Alarm_Select            true
      6     ApiGateway_Host_IP      192.168.10.12
      7     ApiGateway_Host_Port    26335
      8     ApiGateway_StandBy_IP   
      9     ApiGateway_StandBy_Port 
      10    ApiGateway_Retry_Times  3
      11    eSight_Token_Name       eSightAPI
      12    eSight_Token_Value      
      13    ApiGateway_Token_Time   10
      14    KeyStorePath            /opt/eSight/AppBase/etc/ies/server.p12
      15    KeyStorePwd             9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      16    TrustStorePath          /opt/eSight/AppBase/etc/ies/trust.jks
      17    TrustStorePwd           9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      Please input the number of key(q to quit):
    2. Enter the sequence number (that is, 12) of the eSight_Token_Value parameter and press Enter. The following information is displayed:
      Please input the value of eSight_Token_Value(q to cancel):
    3. Enter the value (that is, the password of eSight user for interacting with the ApiGateway) of the eSight_Token_Value parameter and press Enter.

      The corresponding Value column of eSight_Token_Value shows the entered value, indicating that the configuration is successful, as following:

      No    Key                     Value
      1     ER_IP                   
      2     ER_port                 
      3     PmdataNotToDB           false
      4     Performance_Select      true
      5     Alarm_Select            true
      6     ApiGateway_Host_IP      192.168.10.12
      7     ApiGateway_Host_Port    26335
      8     ApiGateway_StandBy_IP   
      9     ApiGateway_StandBy_Port 
      10    ApiGateway_Retry_Times  3
      11    eSight_Token_Name       eSightAPI
      12    eSight_Token_Value      9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      13    ApiGateway_Token_Time   10
      14    KeyStorePath            /opt/eSight/AppBase/etc/ies/server.p12
      15    KeyStorePwd             9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      16    TrustStorePath          /opt/eSight/AppBase/etc/ies/trust.jks
      17    TrustStorePwd           9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d
      Please input the number of key(q to quit):
    4. Enter q to save the modification and exit.

  3. Restart eSight to make the configuration take effect.
Follow-up Procedure

Log in to the CloudOpera O&M plane, and change the password of eSight user for interacting with the ApiGateway on the User Management page.

Changing Passwords Related to 3rd Party OpenStack

To keep eSight and RabbitMQ users secure, it is advisable to regularly change passwords in accordance with password complexity requirements.

NOTE:

V300R010C00SPC500 does not support virtualization management (3rd Openstack).

Default User Information

This topic explain the default user and password information of 3rd Party OpenStack.

The eSight 3rd Party OpenStack provides default accounts and initial passwords

Type

User

Default Password

Description

DB User

openstack

Changeme_123

User openstack is used to access the eSight 3rd Party OpenStack related tables & views

Linux user

rabbitmq

<user can set the password while creation>

user rabbitmq is used to login to RabbitMQ server

Changing the Password for RabbitMQ Connection User

This topic explains the steps to change the RabbitMQ connection user password.

User creates RabbitMQ user and their password during installation. To ensure account security, changing password periodically prevents theft of the password and unauthorized access.

Prerequisites
  • RabbitMQ Server is up and running.
  • Having the access to change the password in all sensu cleint nodes.
  • Having access to change the RabbitMQ configuration in eSight server.
Context

Changing password of RabbitMQ need the corresponding password changes in eSight and sensu clients of all the nodes. Detail steps are given in below sections.

Procedure

Syntax:

./rabbitmqctl change_password {username} {newpassword}

Path:

/opt/rabbitmq/rabbitmq_server-3.7.9/sbin

Parameter Description

Parameter

Description

username

The name of the user whose password is to be changed.

newpassword

The new password for the user.

Precautions:

Ensure the operation done at the system maintenance period, since during this period communication to collect alarms and some of the resource information will be interrupted.

Example:

  1. Login to eSight server using rabbitmq user.Move to sbin folder.

    > cd /opt/rabbitmq/rabbitmq_server-3.7.9/sbin

  2. Change the rabbitmq password using below command.

    > ./rabbitmqctl change_password sensu1 Changeme_123

    After the command is successfully executed, the following information is displayed.
    Changing password for user "sensu1" ....

Change the RabbitMQ Password in eSight

Steps to change the RabbitMQ password in eSight server.

Procedure

Changing RabbitMQ connection user password with below procedure to setup connection between eSight and RabbitMQ.

  1. Login to eSight GUI with valid user. Go to Resource > Virtual Resource > Redhat OpenStack > Rabbit MQ Setting
  2. Click on Finally Test and select Apply button.

    NOTE:

    Proper RabbitMQ certificate must be placed before changing the RabbitMQ Password according to commissioning guide to ensure the successful RabbitMQ connection.

Translation
Download
Updated: 2019-08-03

Document ID: EDOC1100044373

Views: 26710

Downloads: 84

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next