No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
OceanStor 18000 and 18000F Series V500R007 Kunpeng Installation Guide
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the NTP Service in Windows

Configuring the NTP Service in Windows

Configure the NTP service on a Windows server, import the NTP certificate and configure the NTP parameters on DeviceManager, and enable the storage system to properly synchronize the time.

Configuring an NTP Service on a Server

Log in to the Windows command window of a storage device through a management network port and generate the NTP certificate and private key file.

Prerequisites

  • You have logged in to a Windows operating system through the management network port.
  • The NTP server has been set up on the Windows server. You can download the NTP software from Meinberg website. For details, see the installation guide at https://www.satsignal.eu/ntp/setup.html.
  • Before installation, run the net stop w32Time command to disable the Windows Time (w32Time) service.
  • In the following example, NTP is installed in the C:\Tools\ directory.

Procedure

  1. Log in to the Windows server remotely through the maintenance terminal.

    1. Choose Start > All Programs > Accessories > Remote Desktop Connection.

      The Remote Desktop Connection dialog box is displayed.

    2. In Computer, enter the IP address of the management network port on the Windows server, and press Enter.
    3. Type the user name and password, and press Enter.

      The main interface of the server is displayed.

  2. On the Windows desktop, double-click Computer, select a proper disk partition, and create the directory for saving the certificate and private key file.

    For example, you can create folder ntp_config in disk partition D.

  3. Generate the NTP certificate and private key file.

    1. Open the command window.
      1. Press Windows+R to open the Run dialog box.
      2. Type cmd and press Enter.

        The command window is displayed.

    2. Run the d: command to enter disk D.
    3. Run the cd ntp_config command to open the ntp_config folder.
    4. Run the ntp-keygen -c RSA-SHA256 -m 2048 -p server_password -T -H -l 3650 command to generate the private key file.

      In the command, server_password is the private key encryption password when the NTP certificate is generated and 3650 indicates the validity period and is variable.

      The execution result is as follows:

      C:\Users\xxx>D: 
D:\>cd ntp_config 
D:\ntp_config>ntp-keygen -c RSA-SHA256 -m 2048 -p server_password -T -H -l 3650 
Unable to initialize .rnd file 
Using OpenSSL version OpenSSL 1.0.2k  26 Jan 2017 
Using host ctuy5y002941131 group ctuy5y002941131 
Generating RSA keys (2048 bits)... 
RSA                                             3 1 2 
Generating new host file and link 
ntpkey_host_ctuy5y002941131->ntpkey_RSAhost_ctuy5y002941131.3707467127 
Using host key as sign key 
Generating new certificate ctuy5y002941131 RSA-SHA256 
X509v3 Basic Constraints: critical,CA:TRUE 
X509v3 Key Usage: digitalSignature,keyCertSign 
X509v3 Extended Key Usage: trustRoot 
Generating new cert file and link 
ntpkey_cert_ctuy5y002941131->ntpkey_RSA-SHA256cert_ctuy5y002941131.3707467127

    For the NTP server in Windows, if the certificate length is set to 2048, the generated certificate fails to be signed, causing the storage system synchronization time to slow down. Besides, an alarm indicating that the time server cannot be used is reported. If the certificate length is set to 1024, such problem will not occur but the certificate security decreases. If a certificate with higher security level is required, you are advised to use the NTP server in the Linux operating system and generate related certificates on this server.

  4. Run the hostname command to obtain the host name.

    This section uses host name Storage as an example.

  5. Modify the NTP configuration file.

    Enter C:\Tools\NTP\etc\, open the ntp.conf file in a text editor, and add the following information at the beginning and end of the file:

    • Add the following information at the beginning of the file:

      crypto pw server_password host Storage ident Storage

      keysdir "D:\ntp_config"

    • Add the following information at the end of the file:

      server 127.127.1.0

      fudge 127.127.1.0 stratum 10

    server_password is the private key encryption password used in generating the certificate (which can be specified by the user), Storage is the host name, and D:\ntp_config is the directory where the certificate and private key files are saved.

  6. In the Windows command window, run the net stop ntp and net start ntp commands to restart the NTP service.

    If multiple NTP servers need to be configured, you can copy the ntpkey_cert_Storage and ntpkey_host_Storage files generated in Step 3 to the corresponding directory of other NTP servers and change the file permission to be the same as that on the original server. Configure the ntp.conf file under this server and restart the NTP service.

  7. Share the ntp_config directory.

    1. In the Windows system, enter D:\, select ntp_config and right-click the option.
    2. In the displayed dialog box, click the Share tab.
    3. Click Share....

      The File Sharing dialog box is displayed.

    4. In the drop-down box, select Everyone or enter the user name to which the directory is shared and click Add.
    5. Click Share, and wait about ten seconds.

      The Your folder is shared. message is displayed.

    6. Click Done. In the Map Properties dialog box, click Close to complete sharing of the ntp_config directory.

Configuring NTP Parameters on the Storage System

If the time of a storage system is inaccurate, adjust it so that you can accurately determine the generation time of alarms, if any, based on the alarm log. This section describes how to set the NTP service on the maintenance terminal and enable the storage system to synchronize the server time.

Prerequisites

  • The IP address of the NTP server has been obtained.
  • The login user name and password of the NTP server have been obtained.
  • You have configured the maintenance terminal in a Windows operating system.
  • The maintenance terminal is communicating with the storage system properly.
  • If the storage system has been added to a domain, the NTP server communicates with the domain server properly, and NTP synchronization has been completed.

Procedure

  1. Obtain the certificate from the NTP server and copy it to the maintenance terminal.

    1. On the maintenance terminal, press Win+R.

      The Run dialog box is displayed.

    2. Enter \\NTP server IP address and click OK.

      The maintenance terminal attempts to remotely access the NTP server.

    3. Type the user name and password of the NTP server and click OK to enter the shared directory.
    4. Enter the ntp_config folder and select the NTP certificate that contains the ntpkey_cert field and press Ctrl+C to copy the certificate.
    5. Go back to the maintenance terminal desktop and press Ctrl+V to copy the NTP certificate to the maintenance terminal.
    6. Right-click the NTP certificate file and then select Rename from the shortcut menu. Add the .crt extension to the file name, and click Enter.

  2. Log in to DeviceManager through the maintenance terminal.
  3. Import the NTP certificate.

    1. Choose Settings > Storage Settings > Value-added Service Settings > Credential Management.
    2. Click Import and Activate.

      The Import Certificate dialog box is displayed.

    3. In Certificate Type, select NTP certificate.
    4. Click Select next to CA Certificate File.

      In the dialog box that is displayed, find the NTP file directory, select the NTP certificate, and click Open.

    5. Click OK.

      The security alert dialog box is displayed.

    6. Select I have read and understand the consequences associated with performing this operation, and click OK.

      The Success dialog box is displayed.

    7. Click OK.

      The certificate list shows imported certificates.

  4. Configure the NTP parameters.

    1. Choose Settings > Basic Information > Device Time.
    2. Select Set NTP automatic synchronization.
    3. Type the IPv4 address, IPv6 address, or domain name of the NTP server in NTP Server Address.
      • A maximum of two NTP servers can be added. If the time of one NTP server cannot be automatically synchronized to the device, the system synchronizes the time from another NTP server.
      • Ensure that the time of two NTP servers is consistent.
    4. In NTP Authentication, select Enable.

    Some device models do not support this function. Only when NTPv4 or later is used, NTP authentication can be enabled to complete identity authentication for the NTP server and automatically synchronize the system time to the storage device.

  5. Confirm the NTP configuration.

    1. Click Save.

      The Warning dialog box is displayed.

    2. Select I have read and understand the consequences associated with performing this operation, and click OK.

      The Execution Result dialog box is displayed, indicating that the operation succeeded.

    3. Click Close.

Download
Updated: 2023-09-19

Document ID: EDOC1100123474

Views: 89293

Downloads: 93

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :