No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
eSight V300R010C00SPC600 Remote HA System Software Installation Guide (SUSE Linux + GaussDB + OMMHA) 19
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring the NTP Server (eLTE Management Scenarios)

(Optional) Configuring the NTP Server (eLTE Management Scenarios)

To synchronize the time between eSight and devices, you need to configure the eSight server as the NTP server. The NTP server needs to be configured only when the eLTE component of eSight is installed and you need to use eSight as the network clock source.

Prerequisites

If the active and standby servers are connected, separate the servers by referring to "Disconnecting the Active and Standby Servers " in Appendix.

Configuring NTP Server (Security Authentication Mode)

This section describes how to configure NTP server with security authentication mode.

Context

The NTP server needs to be configured only when the eLTE component of eSight is installed and you need to use eSight as the network clock source.

Procedure

  1. Log in to the active server and the standby server as the root user, perform the following steps.
  2. Access the tool configuration directory.

    # cd eSight installation directory/AppBase/tools/ewl

    In the preceding command, eSight installation directory indicates the actual eSight installation directory. Change it based on the site requirements.

  3. Configure the NTP server.

    # ./configSecNTPServer.sh

    If "NTP server configured successfully." is displayed, the basic information of NTP server is configured successfully.

  4. Run the following commands to edit the /etc/ntp.keys file:

    # vi /etc/ntp.keys

    Define the identifier, key type, and authentication code for an NE to synchronize time with eSight. Write only one data item in each line in the following format.

    identifier key type key data
    • An identifier refers to a positive integer ranging from 1 to 4294967295. Each line in the file must contain one unique identifier.
    • A key type is a character, which refers to the encryption algorithm for calculating NTP transactions. S refers to the DES algorithm in standard format, N refers to the DES algorithm in NTP format, A refers to the ASCII algorithm, and M refers to the MD5 algorithm.
    • For details about the key data algorithm, see Introduction to Key Types and Key Data.

  5. Save the ntp.keys file and exit the vi editor.

    After editing the file, press Esc, and then run the :wq! command to save the file and exit.

  6. Run the following commands to edit the /etc/ntp.conf file:

    # vi /etc/ntp.conf

  7. Write the key file path and key identifier to /etc/ntp.conf and delete the comment mark # in front of the key file path and key identifier.

    For example, if the key file path is /etc/ntp.keys and the key identifiers are 100 and 101, add the identifiers in the following format:

    #keys /etc/ntp.keys                      # path for keys file 
#trustedkey 100 101                      # define trusted keys

  8. Save the ntp.conf file and exit the vi editor.

    After editing the file, press Esc, and then run the :wq! command to save the file and exit.

  9. Run the following command to start the NTP service:

    # service ntpd restart

    If any problem occurs when configuring the NTP server, you need to roll back the configuration first. And then configuring NTP server again. For details about rolling back the NTP server, see the section (Optional) Rolling Back the NTP Server Configuration (eLTE Management Scenarios).

Configuring NTP Server (Without Security Authentication Mode)

This topic describes how to configure NTP server without security authentication mode.

Precautions

NTP service without secure authentication function cannot guarantee the security and integrity of time information during the synchronization process.Ensure that the eSight server works on a safe and reliable network. Otherwise, you are advised not to enable the function.Please use the NTP server with security authentication mode or set up your own NTP server with other security authentication function.

Context

The NTP server needs to be configured only when the eLTE component of eSight is installed and you need to use eSight as the network clock source.

Procedure

  1. Log in to the active server and the standby server as the root user, perform the following steps.
  2. Access the tool configuration directory.

    # cd eSight installation directory/AppBase/tools/ewl

    In the preceding command, eSight installation directory indicates the actual eSight installation directory. Change it based on the site requirements.

  3. Configure the NTP server.

    # ./configNTPServer.sh

    If the information "NTP server configured successfully" is displayed successfully, the NTP server is configured successfully.

    If any problem occurs when configuring the NTP server, you need to roll back the configuration first. And then configuring NTP server again. For details about rolling back the NTP server, see the section about (Optional) Rolling Back the NTP Server Configuration (eLTE Management Scenarios).

Verifying NTP Server Configuration

  1. Log in to a local computer as the Administrator user.
  2. Click the date and time area in the toolbar. The date and time window is displayed, as shown in Figure 5-1.

    Figure 5-1 The date and time window

  3. Click Change date and time settings. The Date and Time dialog box is displayed.

    Click the Internet Time tab, as shown in Figure 5-2.

    Figure 5-2 Internet Time

  4. Click Change settings. The Internet Time Settings dialog box is displayed, as shown in Figure 5-3.

    Figure 5-3 Internet Time Settings

  5. In the Server drop-down list box, enter the IP address of the server where the NTP server has been configured, click Update now. When a message indicating synchronization success is displayed, the NTP server has been configured successfully.

Introduction to Key Types and Key Data

This section describes the key types and key data for setting the Network Time Protocol (NTP) in security authentication mode. Learning the meanings of the key types and the algorithms of the key data helps you correctly set NTP in security authentication mode.

A key type is a character, which refers to the encryption algorithm for calculating NTP transactions. The NTP v3 standard supports the following key types:

  • S: indicates the Data Encryption Standard (DES) algorithm in standard format.
  • N: indicates the DES algorithm in NTP format.
  • A: indicates the American Standard Code for Information Interchange (ASCII) algorithm.
  • M: indicates the message digest algorithm 5 (MD5).

The NTP v4 standard supports only the key type M.

Requirements for the key data of each key type are as follows:

  • S: a 16-character hexadecimal number in DES standard format.

    The key data for this key type must be calculated with raw data using the DES algorithm in standard format.

The raw data is a 16-character string containing digits 0 through 9 and letters a through f.

The raw data 0123456789abcdef is used as an example to describe how to calculate the key data of the key type S.

  1. Convert each character in the raw data to a four-bit binary number. The raw data then becomes a 64-bit binary number.

    The 64-bit binary number for 0123456789abcdef is 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111.

  2. Convert the 64-bit binary number for the raw data to a new 64-bit binary number by byte.
    1. Use the least significant seven bits in each byte of the 64-bit binary number for the raw data as the most significant seven bits in the byte of the new 64-bit binary number. Then, append the eighth bit as the odd parity bit in the byte of the new 64-bit binary number. The odd parity bit is represented by X temporarily.

      0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111 0000 001X 0100 011X 1000 101X 1100 111X 0001 001X 0101 011X 1001 101X 1101 111X

    2. Modify the odd parity bit in each byte of the new 64-bit binary number. If the number of 1 among the most significant seven bits in a byte of the new 64-bit binary number is an even number, set the odd parity bit to 1. Otherwise, set the odd parity bit to 0.

      0000 001X 0100 011X 1000 101X 1100 111X 0001 001X 0101 011X 1001 101X 1101 111X 0000 0010 0100 0110 1000 1010 1100 1110 0001 0011 0101 0111 1001 1011 1101 1111

    3. Then, convert the eight bytes of the new 64-bit binary number to a hexadecimal number.
       
0000 0010 0100 0110 1000 1010 1100 1110 0001 0011 0101 0111 1001 1011 1101 1111 
0    2    4    6    8    a    c    e    1    3    5    7    9    b    d    f 
02468ace13579bdf

      According to the preceding calculation process, the key data for the raw data 0123456789abcdef is 02468ace13579bdf.

  • N: a 16-character hexadecimal number in DES NTP format.

    The key data for this key type must be calculated with raw data using the DES algorithm in NTP format.

The raw data is a 16-character string containing digits 0 through 9 and letters a through f.

The raw data 0123456709abcde0 is used as an example to describe how to calculate the key data of the key type N.

  1. Convert each character in the raw data to a four-bit binary number. The raw data then becomes a 64-bit binary number.

    The 64-bit binary number for 0123456709abcde0 is 0000 0001 0010 0011 0100 0101 0110 0111 0000 1001 1010 1011 1100 1101 1110 0000.

  2. Convert the 64-bit binary number for the raw data to a new 64-bit binary number by byte.
    1. Use the least significant seven bits in each byte of the 64-bit binary number for the raw data as the least significant seven bits in the byte of the new 64-bit binary number. Then, append the first bit in each byte of the 64-bit binary number for the raw data as the odd parity bit in the byte of the new 64-bit binary number. The odd parity bit is represented by X temporarily.

      0000 0001 0010 0011 0100 0101 0110 0111 0000 1001 1010 1011 1100 1101 1110 0000 X000 0001 X010 0011 X100 0101 X110 0111 X000 1001 X010 1011 X100 1101 X110 0000

    2. Modify the odd parity bit in each byte of the new 64-bit binary number. If the number of 1 among the least significant seven bits in a byte of the new 64-bit binary number is an even number, set the odd parity bit to 1. Otherwise, set the odd parity bit to 0.

      X000 0001 X010 0011 X100 0101 X110 0111 X000 1001 X010 1011 X100 1101 X110 0000 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 0000

    3. Then, convert the eight bytes of the new 64-bit binary number to a hexadecimal number.
       
0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 0000 
0    1    2    3    4    5    6    7    8    9    a    b    c    d    e    0 
0123456789abcde0

      According to the preceding calculation process, the key data for the raw data 0123456709abcde0 is 0123456789abcde0.

  • A: an ASCII string of one to eight characters.

    For example, true*123.

  • M: an ASCII string of one to eight characters.

    For example, true*123.

Translation
简体中文
Download
Updated: 2022-09-30

Document ID: EDOC1100117933

Views: 108154

Downloads: 293

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :