NN10470 303

Nortel Multiservice Data Manager
Administration
NN10470-303
Document status: Standard
Document issue: 01.03
Document date: May 2007
Product release: 16.2
Job function: Administration and Security
Type: NTP
Language type: U.S. English
Sourced in Canada and the United States of America.
Copyright 2007 Nortel Networks. All Rights Reserved
NORTEL, the Nortel logo, and the Globemark are trademarks of Nortel Networks.
Contents
New in this release 11
Features 11
Other changes 11
New chapters 11
New procedures 11
Updated chapters 11
Updated procedures 12
Updated task flows 12
Deleted procedures 12
Introduction 14
Routine administration 16
Shared memory configuration 17
Using the config_sys_script to configure shared memory 18
Specifying the shared memory required by a network model 19
Specifying the shared memory required by FDTM 20
Specifying the shared memory required by PCMS 21
Configuring the maximum heap size for MDM toolset 22
UNIX account configuration for MDM 23

Creating a group using the groupadd command 24
Creating a group using Solaris Management Console 25
Creating a UNIX account with the default MDM user environment by using the
useradd command 27
Creating a new user account with Solaris Management Console 29
Setting up the root account temporarily 31
Setting up the root account permanently 32
Updating an existing UNIX user account by adding the skeleton files 33
Updating an existing UNIX user account by modifying the accounts set-up files 34
Creating an RNCS user account using the useradd command 35
Creating an RNCS user account using Solaris Management Console 36
Ensuring that MDM dialog boxes are visible 38

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Copyright 2007, Nortel Networks Nortel Confidential
-4-
Contents
Software licensing 41
Setting user privileges for Java Sun Access Manager license files 42
Generating a temporary license key 43
Adding a new license key 44
Listing the options enabled by a license 45
Verifying the customer name in the license key and customer identifier files 46
Displaying all license keys, their validity, and deleting invalid licenses 47
Listing the packages that your licenses allow you to run 49
MDM software management 50

Stopping MDM 59
Disabling access to the MDM Administration Database 60
Backing up the MDM desktop 61
Backing up the MDM restore utility 63
Backing up the security service 64
Restoring security services on an Operator Client 65
Restoring security services on a standalone security server 68
Restoring security services on a replicated pair of security servers 70
Java Sun Access Manager system recovery 73
Restoring the MDM desktop 74
Starting MDM 75
Backing up MDM 76
Restoring MDM 78
Enabling access to the MDM Administration Database 81
Removing MDM software 82
Operating system and server infrastructure security 84

Unhardening the Solaris 10 OS with SST prior to an MDM installation or upgrade 85
Unhardening the Solaris 10 operating system 86
Hardening the Solaris 10 operating system 87
Creating customized OS hardening scripts 89
Auditing the OS hardening status of the Solaris 10 operating system 92
Installing SST v4.2.0 93
Unhardening the Solaris 9 operating systems 94
Hardening the Solaris 9 operating systems 95
Customizing OS hardening for Solaris 9 97
Viewing the status of the Solaris operating system 98
Generating secure passwords for MDM servers 99
Setting encrypted passwords on MDMservers 100
Changing encrypted passwords for MDM servers 101
Disabling SNMP agents 102
Network time synchronization 103

Determining the XNTP version 104
Synchronizing the time between Multiservice Switch and the workstation 105

Administration
NN10470-303 01.03 Standard
16.2 May 2007
-5-
Contents
Setting up the primary time server to provide the time to DPN 108
Setting up the backup and secondary backup time servers to provide the time to
DPN 110
Defining a DPN OA as a time source on all time servers 112
Operator Client default port settings modification 114

Changing the sendmail server default port 116
Changing the Apache server default SSL port 117
Changing the DS server default non-encrypted port 118
Changing the DS admin default port 124
Changing the Tomcat http client port 125
Changing the Tomcat server default port 126
Changing the Apache web server default port 127
Changing the RADIUS server default port 129
Changing the Java Sun Access Manager default port 131
Changing the Java Sun Access Manager admin default port 134
Operator Client ports 135
Server process administration overview 137

MDM workstation threshold configuration 138
Multi-nodal naming service configuration 141
Ensuring that the file /etc/hosts contains the host names of the workstations in a
domain 142
Setting up a level 2 MNSD process 143
Configuring a range of TCP/UDP ports 144
Configuring named-service TCP/UDP ports 146
MDM Toolset customization 148

Log and alarm management 149
Setting up global alarm clearing for Multiservice Switch 150
Setting up global alarm clearing for MPE 153
Setting/Reloading alarm auto acknowledgement configuration through a macro 156
Reloading the alarm auto acknowledgement through the HUP signal 158
Setting up server alarm distribution through GMDR 160
Setting up server alarm distribution through NCS and surveillance using NCS status
probing 162
Cleaning up log files 164
Cleaning up log files using mdmlogclean 165
Retrieving an alarm helpset for a specific MPE release version 166
Cleaning up alarm helpset files using mpegetmod 167
Menu customization 168

Adding a new toolset entry 170
Changing an existing toolset entry or submenu 171
Changing the toolsets primary menu 172

Administration
NN10470-303 01.03 Standard
16.2 May 2007
-6-
Contents
Changing the default toolset definition file 173

Adding a new entry to a Start Tool menu 175
Changing an existing Start Tool menu 176
Creating a customized icon bar definition file 177
MDM tool resource customization 179

Distributing operators to different MDM servers 180
Setting the color map from the Options menu 181
Selecting the color map with the useMDMColormap resource 182
Fault tools configuration 183

Network Viewer display customization 183
Background pixmap image selection 183
Node icon pixmap image changes 184
Default view selection 185
Start Tool menu and icon bar modification 185
Network Viewer resource customization 186
Color and display attribute customization 193
Alarm Display Start Tool submenu customization 193
Resource customization 195
Toolset Alarm Acknowledgment Dialog customization 195
Resource Files 196
Toolset Auto Acknowledgment Dialog in Toolset customization 196
Resource Files 198
Toolset Troubled Components pop-up menu customization 198
Toolset Network Status Bar resource customization 198
Toolset Component Information Viewer display customization 200
Alarm list 200
Related components list menu 201
Information for field pop-up menu 201
Component Information Viewer Diagnostic Command menu 202
Other resources 202
Component Status Display customization 204
Components List Start Tool menu customization 205
Other resource customization 205
Network element grouping 207

Configuring servers for Multiservice Switch network access, surveillance access, and
provisioning access 209
Defining Multiservice Switch 7400/15000/20000 hosts and groups with the
passport.frconfig script in no-prompt mode 213
Defining Multiservice Switch 7400/15000/20000 hosts and groups with the
passport.frconfig script in prompt mode 218
Defining hosts and groups with the passport.atmconfig script 222
Deleting a Multiservice Switch network element 230
Modifying a Multiservice Switch network element 232

Administration
NN10470-303 01.03 Standard
16.2 May 2007
-7-
Contents
Configuring servers for network access, surveillance access, and provisioning access
to MPE nodes 234
Configuring MPE 9500 hosts and groups with the mpe.config script in no-prompt
mode 237
Configuring MPE 9500 hosts and groups with the mpe.config script in prompt
mode 241
Deleting an MPE node 245
Modifying an MPE node 247
Configuring the SNMP proxy agent (SPA) 249
Reloading the SPA configuration files 251
Redefining the selected log levels for SPA 252
Generating statistical log messages for SPA 253
Network backup and restore setup 254

Adding a backup group 256
Configuring the backup group 257
Changing server startup options for backup and restore 260
Enabling the Data Synchronization server 263
Verifying the Default backup group configuration 265
Changing the location of the Data Synchronization server 266
Setting the Default User Authentication 267
Setting the Software Distribution Site for network element recovery 268
Changing default information for Passport/SNMP backup 269
Changing default information for Passport/SNMP restore 270
Changing backup options for a Passport 4400/4460 271
Changing restore options for an Passport 4400/4460 272
Configuring connectivity between Passport 4400/4460 and a provider 273
Modifying the device information file for Passport 4400/4460 274
Modifying the interface mapping file for Passport 4400/4460 277
Specifying the device information file for Passport 4400/4460 279
Changing the Passport/SNMP backup and restore Provider ports 280
Modifying the remote mapping (controller.cfg) file 283
MDM workstation troubleshooting 286

Troubleshooting global alarm clearing on DPN 287
Troubleshooting global alarm clearing on Multiservice Switch 291
Troubleshooting global alarm clearing on Multiservice Provider Edge 295
Troubleshooting a global alarm clearing problem (Global Clear tool) 299
Troubleshooting server alarm distribution through NCS and workstation surveillance
using NCS status probing 300
Security service backup and restore utility 303

Command syntax 303
Exit codes 305

Administration
NN10470-303 01.03 Standard
16.2 May 2007
-8-
Contents
MDM files backup and restore utility 306

MDM backup utility 306
Command syntax 306
Requirements 308
Example 308
Exit codes 308
MDM restore utility 308
Command syntax 308
Requirements 309
Restoring security services 310
Example 310
Exit codes 310
Exportautoacklist utility 312

Command syntax 312
Example: Exporting the Auto-ack node list from the GMDR server 313
Customization tasks for DPN network elements 315

Configuring servers for DPN 316
Servers required to support network access, surveillance access, and provisioning
access 317
Planning OA groups 317
Grouping OAs for network access 318
Grouping OAs for surveillance access 319
Guidelines for grouping OAs for surveillance access 321
Adding DMDR server redundancy for surveillance access 324
Example: Adding DMDR server redundancy 325
Distributing servers among workstations on a LAN 326
Task list for configuring servers 326
Configuring the NCS hierarchy for surveillance 327
Defining the OA groups and OA members 328
Launching the Host Group Administration tool 328
Access from the command line 328
Loading and merging a remote HGDS file 329
Clearing the window data 330
Adding a DPN OA 330
Changing a DPN OA definition 331
Removing a DPN OA 332
Displaying DPN OA attributes 332
Adding a DPN OA group 332
Adding a DPN OA to a DPN OA group 333
Removing a DPN OA from a DPN OA group 333
Removing a DPN OA group 334
Saving the HGDS file 334

Administration
NN10470-303 01.03 Standard
16.2 May 2007
-9-
Contents
Closing the Host Group Administration tool 335

Configuring and starting the servers 335
Setting up special processing of alarms 338
Preloading CNMIDs to filter status records 339
Setting up CNMIDs for VPNs 340
Configuring DPN alarm clearing 342

About alarm clearing 342
Types of alarm clearing 342
How alarms from DPN are collected and stored 343
How a Multiservice Data Manager operator uses alarm clearing 343
Local alarm clearing 344
Global alarm clearing 344
Clearing alarms from a VT100 or from the Command Console 344
Clearing alarms using the Global Clear tool 344
Setting up local alarm clearing 344
Setting up global alarm clearing for DPN 345
345
Setting up global alarm clearing 345
Configuring server alarm distribution and workstation status

probing for DPN network elements 349
About server alarm distribution and workstation status probing 349
Setting up server alarm distribution through NCS and workstation surveillance using
NCS status probing 350
Setting up server alarm distribution through NCS and surveillance using NCS
status probing 351
Troubleshooting server alarm distribution through NCS and workstation surveillance
using NCS status probing 353
Isolating a problem with server alarm distribution through NCS, and workstation
surveillance using NCS status probing 354
Configuring the Disruptive Command Safeguard 357

About the Disruptive Command Safeguard feature 357
The /opt/MagellanNMS/cfg/DCS.cfg configuration file 358
File format 358
The default /opt/MagellanNMS/cfg/DCS.cfg file 359
Checking, enabling, and disabling the Disruptive Command Safeguard 359
Multiservice Data Manager Disruptive Command Safeguard menu 359
Using the Disruptive Command Safeguard 360
Querying, enabling, or disabling the Disruptive Command Safeguard from the UNIX
command line 360
Configuring automatic DBNL disabling 361

About the automatic DBNL disabling feature 361
Operation of the automatic DBNL disabling feature 362
Types of DBNL activation handled by the automatic DBNL disabling feature 365

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 10 -
Contents
Compatibility of DPN software with the automatic DBNL disabling feature 366
Log files produced by the automatic DBNL disabling feature 366
Setting up the automatic DBNL disabling feature 369
Configuring automatic DBNL disabling and starting DBNLWatch 369
Obtaining a list of the DBNLs that are currently being watched 370
Cleaning up accumulated log files 371
Cleaning up log files manually 371
Cleaning up log files with a cron job 371
Time-of-day updates for seasonal time changes 373

Configuring the servers 376
Implementing the time change 379
Monitoring the script 381

Administration
NN10470-303 01.03 Standard
16.2 May 2007
New in this release
The following sections detail whats new in Nortel Multiservice Data Manager
Administration (NN10470-303) for release 16.2.
Features (page 11)
Other changes (page 11)
Features
There are no feature-related changes in this release.
Other changes
References to Nortel Multiservice Data Manager technical publications were
updated with new document numbers.
See the following sections for information about changes that are not releated
to a feature.
New chapters (page 11)
New procedures (page 11)
Updated task flows (page 12)
Updated procedures (page 12)
Deleted procedures (page 12)
New chapters
MDM files backup and restore utility (page 306)
Time-of-day updates for seasonal time changes (page 373)
New procedures
Java Sun Access Manager system recovery (page 73)
Updated chapters
Updated command syntax in Security service backup and restore utility
(page 303)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 12 -
New in this release
Updated procedures
Backing up the MDM desktop (page 61)
Backing up the MDM restore utility (page 63)
Backing up the security service (page 64)
Restoring security services on an Operator Client (page 65)
Restoring security services on a standalone security server (page 68)
Restoring security services on a replicated pair of security servers
(page 70)
Restoring the MDM desktop (page 74)
Backing up MDM (page 76)
Restoring MDM (page 78)
Removing MDM software (page 82)
Cleaning up log files using mdmlogclean (page 165)
Changing the sendmail server default port (page 116)
Changing the Apache server default SSL port (page 117)
Changing the Tomcat http client port (page 125)
Changing the Tomcat server default port (page 126)
Changing the Apache web server default port (page 127)
Changing the RADIUS server default port (page 129)
Changing the Java Sun Access Manager default port (page 131)
Changing the Java Sun Access Manager admin default port (page 134)
Updated task flows

Restoring MDM (2 of 2) (page 53)
MDM software downgrade (1 of 2) (page 54)
Disaster recovery (1 of 2) (page 56)
Deleted procedures
Restoring the MDM desktop after a downgrade
Configuring the server port in the java system DS console
Configuring the client process

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 13 -
New in this release
Configuring the client process in the Java System DS console

Restarting the servers
Changing the Java System DS admin default port
Configuring the server port in the Java System DS console
Configuring the client process
Changing the Java Sun Access Manager default port
Changing the Java Sun Access Manager admin default port
Changing the DS server default non-encrypted port
Changing the DS admin default port
Changing the Sun Access Manager default port

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Introduction
The tasks listed below show the high level tasks used to administer Nortel
Multiservice Data Manager software. Select the appropriate task area. This
document also contains information on two utilities.
Prerequisites
For conceptual information relating to the procedures in these tasks, see
Nortel Multiservice Data Manager AdministrationFundamentals
(NN10470-305). For a description of the tools references in any of the tasks
described in this document, see Nortel Multiservice Data Manager
AdministrationTools (NN10470-300).
Navigation
Routine administration (page 16). Use these tasks to perform routine
MDM administrative functions.
Shared memory configuration (page 17)
UNIX account configuration for MDM (page 23)
Software licensing (page 41)
MDM software management (page 50)
Operating system and server infrastructure security (page 84)
Network time synchronization (page 103)
Operator Client default port settings modification (page 114)
Server process administration overview (page 137). Use the tasks in this
section to manage Multiservice Data Manager servers and to set
parameters for the workstations support server processes.
MDM workstation threshold configuration (page 138)
Multi-nodal naming service configuration (page 141)
Log and alarm management (page 149)
MDM Toolset customization (page 148). Use the tasks in this section to
change the default settings for administrative functions that were
established when Multiservice Data Manager software was installed.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 15 -
Introduction
Menu customization (page 168)

MDM tool resource customization (page 179)
Fault tools configuration (page 183)
Network element grouping (page 207)
Network backup and restore setup (page 254)
MDM workstation troubleshooting (page 286). Use the tasks in this
section to troubleshoot problems relating to alarms.
Utilities:
Security service backup and restore utility (page 303)
Exportautoacklist utility (page 312)
Customization tasks for DPN network elements (page 315). The tasks in
this section relate to DPN network elements only.
Configuring servers for DPN (page 316)
Configuring DPN alarm clearing (page 342)
Configuring server alarm distribution and workstation status probing
for DPN network elements (page 349)
Configuring the Disruptive Command Safeguard (page 357)
Configuring automatic DBNL disabling (page 361)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Routine administration
Perform the tasks listed in this section to perform basic administration of
Nortel Multiservice Data Manager software and applications.
Re-configure the shared memory segment in the kernel of the Solaris

operating system.
Prerequisites
Default values for many administrative functions were established
automatically when Multiservice Data Manager software was installed. To
alter these settings and applications to meet the specific needs of your
network, see MDM Toolset customization (page 148).
Before performing any of the procedures in this section, you must be
familiar with the description of shared memory configuration in Nortel
Multiservice Data Manager AdministrationFundamentals
(NN10470-305).
If you are unfamiliar with any of the concepts relating to the tasks listed
here, see Nortel Multiservice Data Manager Administration
Fundamentals (NN10470-305).
Navigation
Shared memory configuration (page 17)
UNIX account configuration for MDM (page 23)
Software licensing (page 41)
MDM software management (page 50)
Operating system and server infrastructure security (page 84)
Network time synchronization (page 103)
Operator Client default port settings modification (page 114)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Shared memory configuration
Re-configure the shared memory segment in the kernel of the Solaris
operating system.
Prerequisites
Before performing any of the procedures in this section, you must be familiar
with the description of shared memory configuration in Nortel Multiservice
Data Manager AdministrationFundamentals (NN10470-305).
Navigation
Using the config_sys_script to configure shared memory (page 18)
Specifying the shared memory required by a network model (page 19)
Specifying the shared memory required by FDTM (page 20)
Specifying the shared memory required by PCMS (page 21)
Configuring the maximum heap size for MDM toolset (page 22)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 18 -
Using the config_sys_script to configure shared memory

Reconfigure the amount of shared memory in the kernel to specify the amount
of memory an application can create as a shared memory segment.
Do not use this script to decrease the amount of shared memory. To decrease
the shared memory, use a UNIX editor to edit the system kernel file /etc/
system.
Procedure steps
Step Action
1 Log in as root.
2 In a UNIX access window, enter the following commands:
/opt/MagellanNMS/system/config/\
config_sys_shmem <size>
/opt/MagellanNMS/system/config/config_sys_semaphores
3 Reboot the workstation, and make the new shared memory available.
init 6
--End--
Variable definitions
Variable Value
size The maximum amount of shared memory, in megabytes, to be allocated per
segment. The suggested size is 256 Mbyte. This amount of shared memory
is sufficient for both surveillance and configuration tools.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 19 -
Specifying the shared memory required by a network model

Specify the amount of shared memory that the server uses for network models
in the startup command for the Network Coordinator (DNMNMC) server.
Procedure steps
Step Action
1 Specify the amount of shared memory that the server uses for network
models by starting the server with the following command:
/opt/MagellanNMS/bin/dnmnmc [-s <shm size in MB>]
Attention: If this option is not specified, the DNMNMC server reserves the largest
possible shared memory segment allowed by the kernel. Therefore, it is important to
specify a specific amount of shared memory for the DNMNMC server.
Attention: For the shared memory to take effect, you must also set it in the startup
command for Network Model Coordinator (DNMNMC). See Nortel Multiservice Data
Manager AdministrationServer Management (NN10470-310).
2 Using the following formula as a guide, calculate the shared memory

requirements for each network model that runs on the workstation. The
amount of shared memory required by a network model is proportional to
the number of components in the network.
(270 + 20% x ( 25 x #PM + 60 x #EM + 8 x #other ))/1024 MB
3 Nortel Multiservice Data Manager software provides a shared memory
utilization tool that displays the amount of shared memory occupied by the
current network model. To access this tool, from the MDM main window
select System -> Utilities-> Network Model Shared Memory Utilization.
--End--
Variable Value
sh size in MB The maximum amount of shared memory to reserve. This number must be
less than or equal to the maximum shared memory segment size configured
in the workstations kernel. The default is 24 Mbyte.
#PM, #EM, and #other The number of DPN modules, the number of Multiservice Switch modules,
and the number of all other components (such as links) in the network.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 20 -
Specifying the shared memory required by FDTM

In the startup command for Nortel Multiservice Switch Communications
Manager (FDTM), you can specify the amount of shared memory that the
server uses for each model that is loaded.
Currently, the models for all Multiservice Switch releases supported by Nortel
Multiservice Data Manager are all smaller than the default size of 20 Mbyte
used by FDTM. It is not necessary to provide a different value.
Procedure steps
Step Action
1 Specify a value other than the default value for FDTM shared memory.
/opt/MagellanNMS/bin/fdtm [-segSize <size>] (other
options...)
--End--
Variable Value
size The size, in Mbyte, of each segment of shared memory segment. The default
value is 20 Mbyte.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 21 -
Specifying the shared memory required by PCMS

In the startup command for Nortel Multiservice Switch Configuration Model
Server (PCMS), specify, if required, the amount of shared memory that the
server uses for loading models.
When the server starts, it allocates the shared memory up front using the
following formula:
Number of models x model size
Currently, the model size of each of the Multiservice Switch releases

supported by Multiservice Data Manager is smaller than 20 Mbyte. It is not
necessary to provide a different value.
Procedure steps
Step Action
1 Specify a value other than the default value for PCMS shared memory.
/opt/MagellanNMS/bin/pcms [-numOfModels <n>] [-
modelSize <size>] (other options...)
--End--
Variable Value
n The number of different Multiservice Switch software releases active in the
network. The default for PCMS is 2.
size The size, in Mbyte, of one Multiservice Switch model. The default is 25 Mbyte.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 22 -
Configuring the maximum heap size for MDM toolset

Configure the maximum heap size to ensure that Java processes do not run
out of heap space when running simultaneous Java processes.
Prerequisites
You must be familiar with the material on maximum heap size
configuration in Nortel Multiservice Data Manager Administration
Change the heap size only after carefully analyzing total workstation RAM,
swap space, and user session requirements. For more information, refer
to Nortel Multiservice Data Manager Planning (NN10470-102).
You must be logged in as root.
Procedure steps
Step Action
1 Stop all the Nortel Multiservice Data Manager tools (for example, Data
Viewer, Shelf View, and Nodal Provisioning) running in the shared JVM
environment.
2 Copy the default configuration file from the default directory
/opt/MagellanNMS/lib/cfg/SharedJVM.cfg.
cp /opt/MagellanNMS/lib/cfg/SharedJVM.cfg /opt/
MagellanNMS/cfg/SharedJVM.cfg
3 Edit the new file.
vi /opt/MagellanNMS/cfg/SharedJVM.cfg
4 Set MAXHEAPSIZE to a new value.
Attention: The maximum heap size cannot be less than 20M (the hard-coded
minimum).
5 Save the changes.

6 Launch any Multiservice Data Manager tools in shared JVM. The new heap
size is now in effect.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
UNIX account configuration for MDM
Create and modify UNIX accounts to run the Multiservice Data Manager
software.
If you want to establish secured access for MDM users, see Nortel
Multiservice Data Manager SecurityFundamentals (NN10470-605), Nortel
Multiservice Data Manager Network SecurityUser Access (NN10470-606),
and Nortel Multiservice Data Manager Network SecuritySecure
Communications (NN10470-607).
Prerequisites
Before performing the procedures in this section, you must be familiar with
the information on setting up and maintaining UNIX accounts for MDM in
(NN10470-305).
Navigation
Creating a group using the groupadd command (page 24)
Creating a group using Solaris Management Console (page 25)
Creating a UNIX account with the default MDM user environment by using
the useradd command (page 27)
Creating a new user account with Solaris Management Console (page 29)
Setting up the root account temporarily (page 31)
Setting up the root account permanently (page 32)
Updating an existing UNIX user account by adding the skeleton files
(page 33)
Updating an existing UNIX user account by modifying the accounts set-up
files (page 34)
Creating an RNCS user account using the useradd command (page 35)
Creating an RNCS user account using Solaris Management Console
(page 36)
Ensuring that MDM dialog boxes are visible (page 38)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 24 -
Creating a group using the groupadd command

Create a UNIX group dedicated to MDM users with the groupadd command.
Creating a UNIX group dedicated to MDM user accounts prevents
unauthorized use of MDM tools.
Prerequisites
You must be able to log in as root.
Procedure steps
Step Action
1 Log in as root.
2 Create the group.
/usr/sbin/groupadd -g <group ID> <group name>
3 Display the return code to determine if the group was added successfully:
If the root account is running C-shell, enter:
echo $status
If the root account is running Korn shell or Bourne shell, enter:
echo $?
A return code of 0 indicates that the command was successful.
--End--
Variable Value
group ID A unique numerical identifier for the UNIX group that is greater than
99. Numbers 0 to 99 are reserved for special Sun applications. Use
group ID 101 as a starting point.
group name The name of the group. This identifier must be unique and can
consist of two to eight letters or numbers. The group name nmsop is
recommended.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 25 -
Creating a group using Solaris Management Console

Create a UNIX group dedicated to MDM users using Solaris Management
Console Group tool. Creating a UNIX group dedicated to MDM user accounts
prevents unauthorized use of MDM tools.
Prerequisites
Procedure steps
Step Action
1 Log in as root.
2 Using the Common Desktop Environment (CDE) window manager, open a
UNIX window.
3 Start the Solaris Management Console (SMC).
/usr/sbin/smc &
The SMC main window opens.
4 Navigate to Management Tools > This Computer > System Configuration >
Users.
The Log In: User Name screen appears.
5 Log in as root and click OK.
6 Click the Groups icon.
7 On the General tab, in the Group Name field, type the name for this group.
8 In the Group ID field, type a unique number to identify this group.
9 Click OK.
10 Select Console > Exit.
The SMC window closes.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 26 -
Variable Value
group ID A unique numerical identifier for the UNIX group that is greater than
99. Numbers 0 to 99 are reserved for special Sun applications. Use
group ID 101 as a starting point.
group name The name of the group. This identifier must be unique and can consist
of two to eight letters or numbers. The group name nmsop is
recommended.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 27 -
Creating a UNIX account with the default MDM user environment by

using the useradd command
Create a new UNIX user account and copy the skeleton files to the account
home directory. The skeleton files are included with the MDM software and are
used to set up the UNIX user account environment to start an MDM session
and to open the MDM main window when the user logs in.
Prerequisites
Procedure steps
Step Action
1 Log in as root.
2 Set up the user account and copy the skeleton files into the home directory
of the new user account.
/usr/sbin/useradd \
-u <user ID> \
-g <primary group> \
-s <login shell> \
-d <path> \
-m \
-k <skeleton path> \
<user name>
3 Set the password.
passwd <user name>
You are prompted for a new password twice.
4 Enter the new password twice.
The new user account is set up to run the default MDM user environment
and provides the user with access to the default English language toolset,
called Full.tsets. This toolset provides access to the full set of MDM tools,
except those for administration.
If you wish to use this toolset, continue at step 5.
If you wish to use a different toolset, including a toolset for languages
other than English, change the default toolset definition file (see
Changing the default toolset definition file (page 173)).
5 Provide the new user with the password you set up in step 3, and ask the
user to log in. When the user logs in, an MDM session starts and the main
window opens on the desktop.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 28 -
--End--
Variable Value
login shell The full pathname of the program used as the user account shell when
you log in. Values are /bin/csh for C-shell, /bin/sh for Bourne shell, and
/bin/ksh for Korn shell. C-shell is preferred.
path The full path name for the home directory of the new user account. For
example, /localdisk/<user name>. Solaris configures /home as an
auto-mounted partition. Refer to the Sun Solaris Administrator Guide
for information about the correct way to use /home.
primary group The group ID set up for UNIX user accounts that are dedicated to
running MDM software. This is the number or name you entered when
you set up the group in Creating a group using the groupadd
command (page 24) or Creating a group using Solaris Management
Console (page 25).
skeleton path The full path name of the directory that contains skeleton information
that can be copied into the user accounts home directory to get the
MDM user environment. The path name is /opt/MagellanNMS/system/
skel.
user ID A numerical unique identifier greater than 99 for the new user account.
Numbers 0 to 99 are reserved for special Sun applications.
user name A unique name for the new user account consisting of from two to
eight numbers or letters.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 29 -
Creating a new user account with Solaris Management Console

Create a new UNIX user account and copy the skeleton files to the account
home directory using the Solaris Management Console.
The skeleton files are included with the MDM software and are used to set up
the UNIX user account environment to start an MDM session and to open the
MDM main window when the user logs in.
Follow this procedure to create a new MDM user account, and to allow a user
at an ASCII terminal to manage the network from a Remote Network
Communication System (RNCS).
Prerequisites
Procedure steps
Step Action
1 If the Solaris Management Console is already displayed on the screen, go

to step 7. Otherwise, go to step 2.
2 Log in as root.
3 Using the CDE window manager, open a UNIX window.
4 Start the Solaris Management Console (SMC).
/usr/sbin/smc &
The main window opens.
5 Navigate through Management Tools > This Computer > System
Configuration and click Users.
6 Log in as root, and click OK.
7 Click the User Accounts icon.
8 From the menu, select Action> Add User > With Wizard.
9 At the User Name prompt, type the user name or login name.
10 (Optional) At the Full Name prompt, type the user's full name.
11 (Optional) At the Description prompt, type a further description of this user
and click Next.
12 At the User ID Number prompt, type the user ID.
13 Select this option, User Must Use This Password At First Login.
14 At the Password prompt, type the password for the user, confirm the
password at the Confirm Password prompt and click Next.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 30 -
15 Select the user's primary group and click Next.

16 Type the path for the user's home directory, and click Next.
17 Review the information you provided and go back to correct the information,
if necessary.
18 Click Finish.
19 In the main window of the SMC, select Console -> Exit.
20 In the UNIX access window, run a script to copy the skeleton files into the
home directory of the new user account by typing this command:
/opt/MagellanNMS/bin/nmsuser <User Name>
The new user account is configured to run the default MDM user
environment and provide the user access to the default English language
toolset, called Full.tsets. This toolset provides access to the full set of MDM
tools, except those for administration.
21 If you wish to use Full.tsets, go to step 23.
22 If you wish to use a different toolset, including a toolset for a language other
than English, change the default toolset definition file, as described in Nortel
(NN10470-305).
23 Provide the new user with the password you set up earlier in this procedure.
Verify that the user can log in, and that a MDM session starts, and the main
window opens.
--End--
Variable Value
user name A unique name for the new user account consisting of from two to
eight numbers or letters.
user ID A numerical unique identifier greater than 99 for the new user
account. Numbers 0 to 99 are reserved for special Sun applications.
password is a field to select a method for setting the password for the new user
account. Set the password by moving to the Password field, clicking
the mouse, and selecting Normal Password. Enter the new password
and click OK.
path Sets the home path for the user account. See Service parameters to
create a UNIX account with the default MDM user environment in
(NN10470-305).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 31 -
Setting up the root account temporarily

Temporarily set up the root account for installing, configuring, and maintaining
the MDM software. When the user logs out or the session terminates, the user
must enter the commands again after logging back in.
Procedure steps
Step Action
1 Enter one of the following commands to source the Nortel Multiservice Data
Manager (MDM) user environment according to the login shell that the root
account is running:
If the root account is running Bourne shell or Korn shell:
. /opt/MagellanNMS/bin/nmssh
If the root account is running C-shell:
source /opt/MagellanNMS/bin/nmscsh
2 Enter commands to start an MDM session.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 32 -
Setting up the root account permanently

Modify the set-up files to create a permanent root account to be used for
installing, configuring, and maintaining the MDM software. Do not modify the
set-up files if the root account is used for managing workstations other than
those that run MDM.
Procedure steps
Step Action
1 Log in as root.
2 Add the skeleton files to the existing user account.
/opt/MagellanNMS/bin/nmsuser root
The skeleton files are copied into the existing user account. Any existing set-
up files that have the same names as the skeleton files are saved with the
extension .old before the skeleton files are copied into the account.
3 The root account can now run the default MDM user environment and
provides the user access to the default MDM toolset, called Full.tsets. This
toolset provides access to the full set of tools, except those for
administration.
To use this toolset, go to step 4.
To use a different toolset, change the default toolset definition file (see
Changing the default toolset definition file (page 173)).
4 Log out and log back in again.

When you log back in, an MDM session starts and the main window opens
on the desk top.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 33 -
Updating an existing UNIX user account by adding the skeleton files

Update an existing UNIX user account to use the Multiservice Data Manager
(MDM) by copying skeleton files.
Procedure steps
Step Action
1 Log in as root.
2 Add the skeleton files to the existing user account.
/opt/MagellanNMS/bin/nmsuser <User Name>
The skeleton files are copied into the existing user account. Any existing set-
up files that have the same names as the skeleton files are saved with the
extension .old before the skeleton files are copied into the account.
The new user account is set up with the default Nortel Multiservice Data
Manager (MDM) user environment. When the user logs in, an MDM session
starts automatically and the main window opens.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 34 -
Updating an existing UNIX user account by modifying the accounts

set-up files
Update an existing UNIX user account to use the default Multiservice Data
Manager by the set-up files.
Use the MDM skeleton set-up files (.login, .cshrc, and so on) in directory /opt/
MagellanNMS/system/skel as a model when modifying the set-up files for the
existing account.
When you have updated the existing account to source the MDM user
environment, you must provide a means to start an MDM session. The
recommended approach is to modify the .dtprofile file (for CDE) so that it
automatically starts a session and opens the main window when the user logs
in. Use the skeleton files for making these modifications.
Procedure steps
Step Action
1 The MDM software contains two scripts that you can source in the user
accounts setup files to supply the user accounts environment with the
symbols and values needed to run MDM. The script you choose depends
on the shell that the user account runs on.
If the account runs Korn or Bourne shell, add a statement to set-up file
.profile that includes the source command:
. /opt/MagellanNMS/bin/nmssh
If the account runs C-shell, add a statement to set-up file .cshrc that includes
the source command:
/opt/MagellanNMS/bin/nmscsh
Because these scripts augment the user environment with the symbols and
values for MDM, add the statements to source the symbols and values after
all other statements that set up the user account environment. For a
description of the values and symbols for MDM, see Nortel Multiservice
2 When you have updated the existing account to source the MDM user
environment, you must provide a means to start an MDM session. The
recommended approach is to modify the .dtprofile file (for CDE) so that it
automatically starts a session and opens the main window when the user
logs in. Use the skeleton files for making these modifications.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 35 -
Creating an RNCS user account using the useradd command

Create a UNIX user account that lets a user at an ASCII terminal manage the
network from a Remote Network Communication System (RNCS).
Prerequisites
See Nortel Multiservice Data Manager Fault ManagementRemote
Network Communication System (NN10470-013) for the instructions to
establish an RNCS session once the account is set up.
Procedure steps
Step Action
1 If you have not done so, create a UNIX group for Nortel Multiservice Data
Manager (MDM) users, as described in Creating a group using the
groupadd command (page 24).
2 Perform the procedure Creating a UNIX account with the default MDM user
environment by using the useradd command (page 27). Specify /opt/
MagellanNMS/bin/rncs for parameter -s <login shell>.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 36 -
Creating an RNCS user account using Solaris Management Console

Create a UNIX user account that lets a user at an ASCII terminal manage the
network from a Remote Network Communication System (RNCS) using
Solaris Management Console.
Prerequisites
See Nortel Multiservice Data Manager Fault ManagementRemote
Network Communication System (NN10470-013)for the instructions to
establish an RNCS session after the account is set up.
You must log in with userID root.
Procedure steps
Step Action
1 Got to procedure Creating a new user account with Solaris Management

Console (page 29) and perform steps 1 through 19, and return to this
procedure.
2 To select the user, navigate through Management Tools > This Computer >
System Configuration and click Users.
3 Log in as root and click OK.
4 Click the User Accounts icon and double-click the user.
5 On the General tab, click the Shell drop-down list and select Other.
A field for specifying the login shell path opens in the dialog.
6 Type this pathname for the login shell:
/opt/MagellanNMS/bin/rncs [-T <idle timeout>]
7 From the menu select Console > Exit.
8 Copy the skeleton files into the home directory of the new RNCS user
account by typing this command:
/opt/MagellanNMS/bin/rncsuser <user name>
<home directory> <unix access> <CID>
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 37 -
Variable Definitions
CID The customer network management identifier (CNMID) associated
with the RNCS account. The range of values is 0 to 8191.
T Indicates a timeout value. RNCS automatically
terminates if no command input occurs during the
specified number of minutes.
unix access Specifies whether the RNCS user account is to
have UNIX access. The values are Y or N.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 38 -
Ensuring that MDM dialog boxes are visible

Change a Solaris Common Desktop Environment (CDE) window manager
setting to prevent dialog boxes from being hidden.
Procedure steps
Step Action
1 Click on the Style Manager icon on the CDE tool bar.

2 Click on Window.
3 Disable Allow Primary Windows On Top.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 39 -

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 40 -

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Software licensing
Use the information in this section to delete and query Mulitservice Data
Manager licences.
Prerequisites
For conceptual information about software licensing, see Nortel Multiservice
Data Manager AdministrationFundamentals (NN10470-305). For
information about planning requirements for software licensing, see Nortel
Multiservice Data Manager Planning (NN10470-102).
Navigation
Setting user privileges for Java Sun Access Manager license files
(page 42)
Generating a temporary license key (page 43)
Adding a new license key (page 44)
Listing the options enabled by a license (page 45)
Verifying the customer name in the license key and customer identifier
files (page 46)
Displaying all license keys, their validity, and deleting invalid licenses
(page 47)
Listing the packages that your licenses allow you to run (page 49)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 42 -
Software licensing
Setting user privileges for Java Sun Access Manager license files
The adm user must have read privileges for the LIClicense.cfg and the
LICcustName.cfg files for the Java Sun Access Manager server to function
properly. You can either allow all users read privileges for these files or you
can change the group permissions so that only adm group members have
permission to view the license files.
Procedure steps
Step Action
1 Log in as root user.

2 Navigate to the directory containing the license files.
cd /etc/opt/Magellan
3 If you are allowing all users read privileges for these files, use the following
command:
chmod o+r LIClicense.cfg LICcustName.cfg
If you are changing the ownership of these files so that only the adm group
members (root and adm) have permission to view these files, use the
following commands:
chgrp adm LIClicense.cfg LICcustName.cfg
chmod g+r LIClicense.cfg LICcustName.cfg
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 43 -
Software licensing
Generating a temporary license key

Generate a 30-day temporary license to run Nortel Multiservice Data
Manager. The license is not renewable and at the end of 30 days you must
install a new license key obtained from Nortel.
Procedure steps
Step Action
1 Log in as root.
2 Start the c-shell.
csh
3 Enter the following command:
/opt/MagellanNMS/system/config/nmsTmpInstall
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 44 -
Software licensing
Adding a new license key

Add a new license key from Nortel to an installed version of Nortel Multiservice
Data Manager.
Procedure steps
Step Action
1 Log in as root.
2 Start the c-shell.
csh
3 Access the license directory.
cd /etc/opt/Magellan
4 Open the LIClicenses.cfg file with a UNIX editor such as vi.
5 Add the license key to the file.
6 Check what you have entered twice.
7 Save the file and exit from the file.
8 Have all users end their Multiservice Data Manager sessions and restart
them.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 45 -
Software licensing
Listing the options enabled by a license

Determine which options are enabled by a license.
Procedure steps
Step Action
1 List the packages that are represented by a given license.

/opt/MagellanNMS/system/config/nms_list_activ_opt
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 46 -
Software licensing
Verifying the customer name in the license key and customer

identifier files
Verify that the customer name matches both files for Nortel Multiservice Data
Manager software. The customer name must match in both files for Nortel
Multiservice Data Manager software in order to run.
Procedure steps
Step Action
1 Display the customer name entered in the license key file and in the
customer identifier file.
/opt/MagellanNMS/system/config/nms_list_cust_names
This command produces a response similar to
Customer name written in the MDM customer name file:
MDMDEV
Customer names occurring in the license file for product
MDM:
MDMDEV
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 47 -
Software licensing
Displaying all license keys, their validity, and deleting invalid licenses
Determine which license keys are valid and which can be deleted.
Prerequisites
You must be logged in as root.
Procedure steps
Step Action
1 Display a report of the license keys and determine if the licenses are valid.
/opt/MagellanNMS/system/config/nms_file_report [-c]
--End--
Variable Definitions
-c Prompts you for permission to delete expired licenses.
Procedure job aid

The report produced indicates if the license is valid, or why it is invalid. The
reasons a license is invalid include:
License for customer other than <cust_id>
The customer name does not match in files /etc/opt/Magellan/
LICcustName.cfg and /etc/opt/Magellan/LIClicenses.cfg.
License for release other than <release>
The encrypted license information applies to a release other than the one
entered into the <release> field of the license key.
Invalid license password
A non-valid password entered into the password field
Invalid date
The syntax of the date entered in the <start_date> or <expiry date> field
is incorrect.
Invalid option bitmap
An unrecognized bitmap is entered into the <options> field.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 48 -
Software licensing
License not yet valid

The date entered in the <start_date> field has not yet arrived.
License expired
The date entered in the <expiry date> field has passed.
Entering the command without the -c option may produce a response similar
to the following example:
LICENSES:
________
NMS R12 NMSDEV ANY 19991124 20300101 FFFFFFFF
C77G6102052
License for non-MDM product
NMS R13 NMSDEV ANY 20001204 20300101 FFFFFFFF
076A76F515G
License for non-MDM product
MDM R13 NMSDEV ANY 20010119 20300101 FFFFFFFF
F893H7352257
License currently valid
Entering the command with the -c option while logged in as root displays each
non-valid license, one at a time, followed by the prompt:
Do you want to delete this entry? (y on n [n])
Enter y to delete the license or n to keep it.
When the command has run through all of the non-valid licenses in the file,
the following response appears:
You have made some changes to the licenses file
The modified file has been written in /etc/opt/Magellan/
LIClicenses.new
Please execute the following steps to activate it:
1- type: cd /etc/opt/Magellan
2- type: cat LIClicenses.new
3- if the contents are satisfactory, type:
cp LIClicenses.cfg LIClicenses.old
mv LIClicenses.new LIClicenses.cfg
Log in as root and follow the prompts.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 49 -
Software licensing
Listing the packages that your licenses allow you to run

Display a list of the packages a license key allows you to run.
Prerequisites
For more information about MDM software sets, refer to Nortel
Procedure steps
Step Action
1 Display a list of the packages (options) that the license key entitles you to
run.
/opt/MagellanNMS/system/config/nms_list_activ_opt
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
MDM software management
This section describes how to manage the Nortel Multiservice Data Manager
(MDM) software.
The following task flows are provided:

Restoring MDM (1 of 2) (page 52)
MDM software management task flows

These task flows show you the sequence of procedures you perform to
manage the Nortel Multiservice Data Manager (MDM) software.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 51 -
Backing up MDM
Backing up
MDM
Disabling access to
Is an MDM Disabling access to
the MDM
Administration Yes the MDM
Administration
Database installed? Administration
Database
Database
(page(page
60) 59)
No
Backing
Backing up up the
the
Stopping
Stopping MDM
MDM Backing
Backing up
up MDM
MDM MDM
MDM restore
restore
(page 59)
(page 58) (page
(page 76)
75) utility (page 61)
utility (page 63)
Backing up the If this workstation includes the

Is this Backing up the
security service security service, be sure to back
workstation a Yes security service
security server?
(page 64)
(page 62) up the security serviceafter you
back up the MDM software.
No
Enabling access to
Backing up the
Backing up the Is an MDM
Starting MDM
Starting MDM the MDM
Enabling the MDM
MDM
MDM desktop
desktop Yes
(page 75)
(page 74) Administration Administration
Administration
(page 61)
(page xx) Database installed? Database
Database (page 80)
(page 81)
No
End
MDM-5100-006-AA

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 52 -
Restoring MDM (1 of 2)
Restoring MDM
Disabling access
to the MDM
Is an MDM Administration
Administration Yes Database
Database installed? (page 60)
No
Stopping MDM
(page 59)
Is this
Restoring MDM A
workstation a No
(page 78)
security server?
Yes
If this workstation includes
the security service, ensure
that you restore the security Select the type of
service -after- you restore security service
the MDM software. to restore
Restoring Restoring security

Restoring security security services services on a
services on an on a standalone replicated pair of
Operator Client security server security servers
(page 65) (page 68) (page 70)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 53 -
Restoring MDM (2 of 2)
Restoring the
MDM desktop
(page 74)
Starting MDM
(page 75)
Enabling access to
the MDM
No
End

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 54 -
MDM software downgrade (1 of 2)
MDM software
downgrade procedures
Is an MDM Disabling
Disabling access
access to
Administration tothe
theMDM
MDM
Yes
Database Administration
Administration
installed? Database
Database (page 59)
(page 60)
No
Stopping MDM
Stopping MDM
(page 59)
(page 58)
Backing
Backing up
up MDM
MDM (page
(page xx) 76)
Backing
Backing up upthe
the
MDM
MDM restore
restore utility
utility (page
(page xx) 63)
Backing up the
Backing up the
Is this workstation security service
Yes security server
a security server? (page 64)
(page xx)
Use the "Installing MDM software" procedure found in the

applicable version of NN10470-100 Nortel Multiservice Data
No Manager Installation and Commissioning - Software . For
example. if you are downgrading to 15.1, refer to document
release 16.1.
Backing up Removing MDM
Backing up the Rmoving MDM Restoring
the MDM Restoring
MDM desktop software
soeftwared (page Installing MDM MDMMDM A
desktop
(page xx) (page
81) 82) software (page 77)
(page 78)
(page 61)
Remove all other Restore the back

MDM software up files that were
releases, not only created proor to
the current one. the upgrade. MDM-5100-007-AA

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 55 -
MDM software downgrade (2 of 2)
Is this
workstation a No B
security server?
Yes
Restore the backup
Select the type of files created by the
security service MDM Installer
to restore during the MDM
software upgrade.
Restoring security Restoring security Restoring security

services on an services on a services on a
Operator Client standalone replicated pair of
(page 65) security server security servers
(page 68) (page 70)
Restoring the
MDM desktop Starting MDM
B (page 74) (page 75)
Enabling access
to the MDM
No
End

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 56 -
Disaster recovery (1 of 2)
MDM A new workstation has been installed or the hardware of the

original workstation has been restored, see Nortel Multiservice
software
Data Manager Engineering (NN10470-101) and Nortel
disaster
Use the applicable version recovery
The Solaris operating system is installed, see
of this procedure as found Nortel Multiservice Data Manager Installation and
in Nortel Multiservice Data CommissioningSoftware (NN10470-100).
Manager Installation and Network connectivity has been restored, see Nortel
CommissioningSoftware Multiservice Data Manager Installation and Commissioning
(NN10470-100) Installing MDM Software (NN10470-100).
For example, if recovering software The MDM configuration and data backups from the original
to MDM 15.1, use the 15.1 workstation are available.
version of this procedure. Ensure that the new workstation uses the same IP address as
the old workstation or if a new IP address must be used by the
new workstation, ensure that all affected network management
Restore the backup Restoring MDM workstations and network elements are
Restoring MDM
(page 78) reconfigured to address this new workstation using the new IP
files created before
the disaster. address.
Is this
workstation a No A
security server?
Yes
Restore the
backup files
created before the
disaster
Select the type of

service to restore
Restoring Restoring security Restoring security

security Restoring security Restoring
servicessecurity
on a Java Sun Access
Restoring services on a
services services on a services on
paira of Java Sun Access
Manager system
services on
on an
an standalone replicated
Operator standalone replicated pair of Manager(page
recovery system
73)
Operator Client
Client security server security servers
(page security server security servers recovery (page xx)
(page65)
65) (page 68) (page 70)
(page 68) (page 70)
A
MDM 5100 010 AA

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 57 -
Disaster recovery (2 of 2)
Restoring the
MDM desktop
(page 74)
Starting MDM
(page 75)
Enabling access to
the MDM
No
End

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 58 -
Navigation
Stopping MDM (page 59)
Disabling access to the MDM Administration Database (page 60)
Backing up the MDM desktop (page 61)
Backing up the MDM restore utility (page 63)
(page 70)
Restoring the MDM desktop (page 74)
Starting MDM (page 75)
Enabling access to the MDM Administration Database (page 81)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 59 -
Stopping MDM
Record the current state of the Nortel Multiservice Data Manager (MDM)
servers and stop the servers.
Prerequisites
Ensure that an alternate Nortel Multiservice Data Manager server
workstation is performing the tasks of this workstation, if this workstation
is part of one of the following network management architectures:
redundant fault management
redundant fault management with aggregation
client-server configuration
Procedure steps
Step Action
1 Log in to the MDM workstation as root.

2 Record the current state of the MDM servers.
/opt/MagellanNMS/bin/svmcmd -list > /opt/MagellanNMS/
serverList
A list of the MDM servers configured on this workstation is recorded in file
/opt/MagellanNMS/serverList.
3 Exit from all MDM applications.
4 Stop the MDM servers.
/etc/init.d/nmssvm.server stop
5 Stop the Tomcat server.
/opt/nortel/3rd_party/apache/current_tomcat/bin/
shutdown.sh
6 If this MDM workstation hosts the Java Web Start (JWS) software, stop the
Apache server.
/opt/nortel/3rd_party/apache/current_apache/bin/
apachectl stop
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 60 -
Disabling access to the MDM Administration Database

Disable access to the Nortel Multiservice Data Manager (MDM)
Administration Database to prevent possible corruption of database contents.
This task is required only if the Multiservice Data Manager Administration

Database is installed on this workstation.
Procedure steps
Step Action
1 From the MDM Toolset, select System->Administration->MDM Database

Administration.
The MDM Database Administration window opens.
2 From the MDM Database Administration window pull-down menus, select
Options->Configuration.
The Configuration Options window opens.
3 Using the Database tab, select the radio button Database disabled: true.
4 Click OK.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 61 -
Backing up the MDM desktop

Back up the Nortel Multiservice Data Manager (MDM) desktop configuration.
You can perform this task independently of other MDM software backups.
Prerequisites
This task is necessary only if
the MDM release running is version 15.3 or later
you have customized the MDM desktop settings
If you are backing up the MDM software, ensure that you perform Backing
up MDM (page 76) before you back up the MDM desktop configuration.
A safe location to store the backup files.
Procedure steps
Step Action

2 In a UNIX xterm, type
/opt/MagellanNMS/bin/backup_mft_files.sh -release
<release> -desktop -file <tar_file_name> -log <log_file>
Attention: The desktop applications are not interrupted during this backup.
3 Move the backup file to the safe storage location.

mv <tar_file_name> <safe_location>
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 62 -
Variable Value
log_file The absolute pathname of the backup log file (for example, /opt/
desktop_backup.log).
release The current MDM software release (for example, 15.3).
safe_location Any location or device that can be accessed during a disaster
recovery or downgrade of the software.
tar_file_name The absolute pathname of the backup tar file.
Procedure job aid

Directories
/opt/nortel/data/applications/desktop
/opt/nortel/logs/applications/desktop
/opt/nortel/config/applications/desktop

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 63 -
Backing up the MDM restore utility

Back up the Nortel Multiservice Data Manager (MDM) restore utility.
Prerequisites
This task is necessary only if the Multiservice Data Manager release running
is version 15.3 or later.
Procedure steps
Step Action

cd /opt/MagellanNMS/bin
cp restore_mft_files.sh /opt
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 64 -
Backing up the security service

Back up the Nortel Multiservice Data Manager (MDM) security service
including all user, role, policy, Identity Server (IS) configuration, Netscape
Directory Server (NDS) configuration and database, and security settings
information/configurations that are stored in LDAP and on the file system.
You can perform this backup independently of other MDM software backups.
Prerequisites
If you are backing up the MDM software, ensure that you perform Backing
up MDM (page 76) before you backup the security service.
Procedure steps
Step Action

/opt/nortel/applications/security/current_isclient/
swmgmt/bin/brr_security.sh -backup <tar_file_name>
Attention: The security services are not interrupted during this backup.
For more information about the brr_security.sh command, see Security

service backup and restore utility (page 303).
--End--
Variable Value
tar_file_name The absolute pathname of the backup tar file

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 65 -
Restoring security services on an Operator Client

Restore Operator Client security services on a UNIX workstation.
Prerequisites
If you are not performing this task as part of a downgrade of the MDM
software, perform Backing up the security service (page 64).
If you are performing this task as part of a downgrade of the MDM
software, perform Backing up the MDM restore utility (page 63) before you
begin the downgrade.
If you are restoring the MDM software, ensure that you perform Restoring
MDM (page 78) before you restore the security service.
You can automate the restored client configuration using the response file
/opt/nortel/applications/security/current_isclient/swmgmt/resources/
isclient.isclient.rsp.
The isclient.isclient.rsp file name is hard-coded within the brr_security.sh
script. You cannot use any other response file.
If you use the common port number (58080 or 58081), you can use the
default responses in the file /opt/nortel/applications/security/
current_isclient/swmgmt/resources/isclient.isclient.rsp.
Procedure steps
Step Action

2 If you are performing this task as part of an MDM software downgrade and
if you do not have a prepared restore configuration response file, in a UNIX
xterm, type
swmgmt/bin/brr_security.sh -restore <tar_file_name>
You are prompted for configuration information.
Attention: If you change the configuration of the restored client to point to a different
security server, you may also need to change the configuration of applications that
use the security client (for example, the Desktop application).

Proceed to step 6.
3 If you are not performing this task as part of an MDM software downgrade
and if you have a prepared restore configuration response file, in a UNIX
xterm, type

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 66 -
-r /opt/nortel/applications/security/current_isclient/
swmgmt/resources/isclient.isclient.rsp

Proceed to step 6.
4 If you are performing this task as part of a downgrade of the MDM software
and if the utility restore_mft_files.sh is not in the directory
/opt/MagellanNMS/bin, in a UNIX xterm type
cd /opt
cp restore_mft_files.sh /opt/MagellanNMS/bin
5 If you are performing this task as part of an MDM software downgrade, in a
UNIX xterm, type
/opt/MagellanNMS/bin/restore_mft_files.sh -release
<release> -user_admin -file <Installer_tar_file_name>
-log <log_file>
6 Client passwords must be aligned with the server passwords. A client

restore may replace the client password files and destroy the alignment with
the server. Change the amadmin account password. In a UNIX xterm, type
/opt/nortel/applications/security/current_isclient/bin/
is_passwd.sh local -is_passwd write
7 At the prompt, type the corresponding server password.
the server. Change the ndsadmin account password. In a UNIX xterm, type
/opt/nortel/applications/security/current_isclient/bin/
is_passwd.sh local -nds_passwd write
the server. Change the nsssaml account password. In a UNIX xterm, type

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 67 -
/opt/nortel/applications/security/current_nsssaml/
swmgmt/bin/configure_nsssaml.sh -subcomponent password
--End--
Variable Value
Installer_tar_file_name The absolute pathname of the backup tar file created by the MDM
Installer during the last MDM software upgrade. Use the file
/opt/user_administration_backup.tar or, if multiple versions of this file
exist, select the latest version as identified by
/opt/<increment>user_administration_backup.tar.
log_file The absolute pathname of the restore log file (for example,
/opt/user_administration_restore.log).
release The release being restored (for example, 15.3).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 68 -
Restoring security services on a standalone security server

Restore security services on a standalone security server.
Prerequisites
software, perform Backing up the security service (page 64).
If you are performing this task as part of a downgrade of the MDM
software, perform Backing up the MDM restore utility (page 63) before you
begin the downgrade.
Procedure steps
Step Action
1 Log in to the Multiservice Data Manager workstation as root.
Attention: Restoring the Netscape Directory Server (NDS) database overwrites

existing database and security service files. Any modifications since the last backup
are lost.
cd /opt
3 Restore the backup file on the standalone security server.
software, in a UNIX xterm, type
If you are performing this task as part of a downgrade of the MDM software,
in a UNIX xterm, type
-log <log_file>
4 If you obtained the security information backup from a replicated security
server, you must deactivate the replication. To determine if this security
server is part of a replicated pair, in a UNIX xterm, type

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 69 -
grep nsDS5ReplicaHost /opt/nortel/3rd_party/netscape/

current_nds/slapd-*/config/dse.ldif
If this security configuration is not part of a replicated server, the following
error messages are displayed and can be ignored.
ERROR: Could not get fully qualified hostname of remote
LDAP server from replication agreement.
ERROR: Therefore, cannot completely remove S1IS
replication configuration.

ERROR: Operation failed
If there is no response from this command, this backup file was not from a
replicated server and you have completed this procedure.
If there is a response to this command, deactivate the replication on the
security server. In a UNIX xterm on the security server, type
/opt/nortel/applications/security/current_core/bin/
config_s1is_replica.sh -nds_passwd
To the first prompt, reply delete.
To the second prompt, reply y.
--End--
Variable Value
/opt/user_administration_restore.log)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 70 -

Restore security services on a replicated pair of security servers.
Prerequisites
software, Backing up the security service (page 64).
If are performing this task as part of a downgrade of the MDM software,
perform Backing up the MDM restore utility (page 63) before you begin the
downgrade.
Procedure steps
Step Action
Attention: Restoring the Netscape Directory Server (NDS) database overwrites

existing database and security service files. Any modifications since the last backup
are lost.
2 Deactivate replication on each of the security servers in the replicated pair.

In a UNIX xterm on each of the security servers, type
If the security configuration is not part of a replicated pair or if the security
configuration is corrupt, the following error messages are displayed. Ignore
the messages and proceed to the next security server or if you have
deactivated both of the servers in the replicated pair, proceed to the next
step.

cd /opt

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 71 -
4 Restore the backup file on each of the security servers in the replicated pair.
software, in a UNIX xterm on each of the security servers, type
If you are performing this task as part of a downgrade of the MDM software,
in a UNIX xterm on each of the security servers, type
-log <log_file>
5 If you obtained the security information backup from a replicated security
server, you must deactivate the replication. In a UNIX xterm on each of the
security servers, type
grep nsDS5ReplicaHost /opt/nortel/3rd_party/netscape/
current_nds/slapd-*/config/dse.ldif
If there is no response from this command, the backup file was not from a
replicated server and you can proceed to the next security server.
If both of the replicated security servers have been checked and neither
displayed a response, proceed to the next step.
If there is a response to this command, deactivate the replication on the
security server. In a UNIX xterm on the security server, type
If the security configuration is not part of a replicated pair or if the security
configuration is corrupt, the following error messages are displayed. Ignore
the messages and proceed to the next security server or if you have
deactivated both of the servers in the replicated pair, proceed to the next
step.

6 Reactivate replication on the first security server. In a UNIX xterm on one of
the security servers in the replicated pair, type

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 72 -
To the first prompt, reply setup.
To the second prompt, reply <host_name>.
To the third prompt, reply y.
7 Reactivate replication on the next security server. In a UNIX xterm on the
next security server in the replicated pair (that is, not the security server
configured in the step above), type
--End--
Variable Value
host_name The redundant fully qualified host name of this server.
log_file The absolute pathname of the restore log file
(for example,
/opt/user_administration_restore.log).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 73 -
Java Sun Access Manager system recovery

Follow this procedure to recover the system after an uncontrolled shut down.
If the Java Sun Access Manager experiences an uncontrolled shutdown, the

DBVERSION files may become corrupted and users may not be able to login
to Operator Client or to the Java Sun Access Manager console.
Procedure steps
Step Action
1 Log on to the security server as the root user and open a console window.
2 Change directories, type:
cd /opt/nortel/applications/security/current_isclient/
swmgmt/bin
3 To execute the recovery, type:
./brr_security.sh -recover
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 74 -
Restoring the MDM desktop

Restore the Nortel Multiservice Data Manager (MDM) desktop configuration.
Perform this task if you have customized the Multiservice Data Manager
desktop settings and you have previously created a backup of these settings.
Prerequisites
This taks is necessary only if the Multiservice Data Manager release
running is 15.3 or later.
You have performed Backing up the MDM restore utility (page 63).
MDM (page 78) before you restore the Multiservice Data Manager
desktop.
Procedure steps
Step Action

<release> -desktop -file <tar_file_name> -log <log_file>
--End--
Variable Value
/opt/desktop_restore.log).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 75 -
Starting MDM
Restart the Nortel Multiservice Data Manager (MDM) workstation.
Procedure steps
Step Action

2 Reboot the MDM workstation.
init 6
3 Start the MDM Toolset.
4 From the MDM main menu, select
System -> Administration -> Server Administration.
5 Select File -> Refresh Server list.
6 Verify that the same servers that indicated a status of Running in Stopping
MDM (page 59) now indicate a status of Running.
7 Start the Tomcat server.
/opt/nortel/3rd_party/apache/current_tomcat/bin/
startup.sh
8 If this MDM workstation hosts the Java Web Start (JWS) software, start the
Apache server.
apachectl start
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 76 -
Backing up MDM
Back up all of the critical Nortel Multiservice Data Manager (MDM) software
configuration and data files.
Prerequisites
You have prepared a safe location to store the backup files.
If you are backing up the security service and/or MDM desktop
configuration, ensure that you perform this task first.
Procedure steps
Step Action
If Then
If this workstation is running MDM go to step 2.
release 16.2 or later
If this workstation is running an go to step 3 and complete this procedure.
MDM release prior to 16.2
2 Perform this step if this workstation is running release 16.2 or later.

Type this command to back up the MDM software configuration files:
/opt/MagellanNMS/bin/backup_mdm_files -mdm
-file <tar_file_name> -log <log_file>
This procedure is complete.
3 Type this command to back up software configuration files:
cd /opt/MagellanNMS/cfg
tar cvfp mdmcfg_<release>.tar ./*
mv mdmcfg_<release>.tar <safe_location>
4 Type this command to back up the MDM software data files:
cd /opt/MagellanNMS/data
tar cvfp mdmdata_<release>.tar ./*
mv mdmdata_<release>.tar <safe_location>
5 If this workstation includes Management Data Provider (MDP) software,
type this command to back up the MDP software configuration files:
cd /opt/MagellanMDP/cfg
tar cvfp mdpcfg_<release>.tar ./*
mv mdpcfg_<release>.tar <safe_location>
type this command to back up the MDP software data files.
cd /opt/MagellanMDP/data
tar cvfp mdpdata_<release>.tar ./*

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 77 -
mv mdpdata_<release>.tar <safe_location>
7 If this workstation is running release 15.1 or later, type this command to back
up additional MDM software configuration files:
cd /opt/nortel/config
tar cvfp nortelconfig_<release>.tar ./*
mv nortelconfig_<release>.tar <safe_location>
up additional MDM software data files.
cd /opt/nortel/data
tar cvfp norteldata_<release>.tar ./*
mv norteldata_<release>.tar <safe_location>
up the MDM log files.
cd /opt/nortel/logs
tar cvfp nortellogs_<release>.tar ./*
mv nortellogs<release>.tar <safe_location>
up the MDM EPIC configuration files:
cd /opt/nortel/EPIC/cfg
tar cvfp nortelEPICcfg_<release>.tar ./*
mv nortelEPICcfg<release>.tar <safe_location>
--End--
Variable Value
tar_file_name The absolute pathname of the backup tar file, for example
/opt/nortel/data/mdm/mdm_backup.tar.
log_file The absolute pathname of the log file, for example
/opt/mdm_backup.log.
release The MDM software release, for example, 161.
safe_location Any location or device that can be accessed during a disaster

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 78 -
Restoring MDM
Restore all of the critical Nortel Multiservice Data Manager (MDM) software
configuration and data files.
Prerequisites
You have performed Stopping MDM (page 59).
Ensure that you have the MDM software configuration and data file
backups.
If this workstation includes the security service, ensure that you restore
the security service after you restore the software.
If you have a backup of the MDM desktop configuration, ensure that you
restore the MDM desktop configuration after you restore the MDM
software.
Procedure steps
Step Action
If Then
If this workstation is running MDM go to step 2.
release 16.2 or later
If this workstation is running an go to step 3 and complete this procedure.
MDM release prior to 16.2
2 Perform this step is this workstation is running MDM release 16.2 or later.
Type this command to restore the MDM software configuration files:
/opt/MagellanNMS/bin/restore_mdm_files -mdm -file
<tar_file_name> -log <log_file>
This procedure is complete.
3 Type this command to restore the MDM configuration files:
cp <safe_location>/mdmcfg_<release>.tar
/opt/MagellanNMS/cfg cd /opt/MagellanNMS/cfg
tar xvfp mdmcfg_<release>.tar
4 Type this command to restore the MDM software data files:
cp <safe_location>/mdmdata_<release>.tar
/opt/MagellanNMS/data
cd /opt/MagellanNMS/data
tar xvfp mdmdata_<release>.tar
type this command to restore the MDP software configuration files:

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 79 -
cp <safe_location>/mdpcfg_<release>.tar
/opt/MagellanMDP/cfg
cd /opt/MagellanMDP/cfg
tar xvfp mdpcfg_<release>.tar
type this command to restore the MDP software data files:
cp <safe_location>/mdpdata_<release>.tar
/opt/MagellanMDP/data
cd /opt/MagellanMDP/data
tar xvfp mdpdata_<release>.tar
7 If this workstation is running release 15.1 or later, type this command to
restore additional MDM software configuration files:
cp <safe_location>/nortelconfig_<release>.tar
/opt/nortel/config
cd /opt/nortel/config
tar xvfp nortelconfig_<release>.tar
restore additional MDM software data files:
cp <safe_location>/norteldata_<release>.tar
/opt/nortel/data
cd /opt/nortel/data
tar xvfp norteldata_<release>.tar
restore the MDM log files:
cp <safe_location>/nortellogs_<release>.tar
/opt/nortel/logs
cd /opt/nortel/logs
tar xvfp nortellogs_<release>.tar
restore the MDM EPIC configuration files:
cp <safe_location>/nortelEPICcfg_<release>.tar
/opt/nortel/EPIC/cfg
cd /opt/nortel/EPIC/cfg
tar xvfp nortelEPICcfg_<release>.tar
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 80 -
Variable Value
tar_file_name The absolute pathname of the compressed or uncompressed backup
tar file, for example
/opt/nortel/data/mdm/mdm_backup.tar.Z
log_file The absolute pathname of the log file, for example
/opt/mdm_restore.log.
release The MDM software release, for example, 151.
safe directory Any location or device that can be accessed during a disaster

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 81 -
Enabling access to the MDM Administration Database

Enable access to the Nortel Multiservice Data Manager (MDM) Administration
Database.
Procedure steps
Step Action
1 From the MDM Toolset, select System->Administration->MDM Database

Administration.
The MDM Database Administration window opens.
2 From the MDM Database Administration window pull-down menus, select
Options->Configuration.
The Configuration Options window opens.
3 Using the Database tab, select the radio button Database disabled: false.
4 Click OK.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 82 -
Removing MDM software

Remove selected Nortel Multiservice Data Manager (MDM) packages or all of
the MDM software.
Procedure steps
Step Action
1 On the MDM workstation, log on as userID root and open a UNIX xterm.
2 If Secure Shell (SSH) software is installed on this workstation, remove the
SSHinit software package.
/usr/sbin/pkgrm SSHinit
3 If Secure Shell (SSH) software is installed on this workstation and this
workstation uses the Solaris 8 operating system, remove the MagOSSH
software package.
/usr/sbin/pkgrm MagOSSH
4 Change directories to the directory that contains the uninstall tool for the
software release to be removed.
cd /opt/MDM<release>_INST
5 Start the software removal tool InstallAnywhere Uninstaller.
./uninstall_mdm
If you are running Multiservice Data Manager release 16.1 or late, you
are prompted to confirm the DISPLAY environment variable, for
example:
Enter the environment DISPLAY to launch the MDM installer
GUI [:0.0]
The InstallAnywhere Uninstaller window opens.
6 Select Uninstall.
A window opens that indicates the MDM packages available for removal.
7 Select the MDM packages to remove and click Uninstall Selected
Packages.
Attention: If the purpose of this software removal is to remove obsolete versions of

the MDM software while retaining the current version, identify the MDM software
packages to remove by referring to the MDM Installer logs created during the
installation of the current version. For details, see the MDM Installer logs. Select only
those software packages that have had a newer version installed. Do not remove
MDM software packages that have not been replaced during the MDM software
upgrade.
A progress bar indicates the stage of removal for each package.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 83 -
A popup window indicates completion.

8 Click Ok.
9 Click Done.
The Uninstaller logs are located in the directory /opt/MagellanNMS/data/log/
<release>_Install_logs. For more information about uninstaller logs, see
MDM Uninstaller logs (page 83).
If you cannot successfully remove any software packages, contact Nortel
support.
10 Remove the contents of the directory /opt/nortel. In a UNIX xterm, type
cd /opt/nortel; \rm -rf *
--End--
Variable Value
release The MDM software release number (for example, 152).
Procedure job aid

MDM Uninstaller logs
Log Description
stopServers The MDM servers stopped during a software upgrade.
Package_logs The detailed log files for each package uninstall. For example:
uninstall_MDM143Pbp, uninstall_MDMHELP.
Uninstall_summary.log A summary of the software uninstall indicating the package versions
uninstalled and the package uninstalls success or failure.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Operating system and server
infrastructure security
Use the procedures in this section as tools for securing the infrastructure.
Prerequisites
If you workstation is already running Solaris 10 with SST v4.2, you must
unharden the system before installing Multiservice Data Manager.
Navigation
Procedures for Solaris 10
Unhardening the Solaris 10 OS with SST prior to an MDM installation
or upgrade (page 85)
Unhardening the Solaris 10 operating system (page 86)
Hardening the Solaris 10 operating system (page 87)
Creating customized OS hardening scripts (page 89)
Auditing the OS hardening status of the Solaris 10 operating system
(page 92)
Installing SST v4.2.0 (page 93)
Procedures for Solaris 9
Unhardening the Solaris 9 operating systems (page 94)
Hardening the Solaris 9 operating systems (page 95)
Viewing the status of the Solaris operating system (page 98)
Procedures that apply to all versions of Solaris
Generating secure passwords for MDM servers (page 99)
Setting encrypted passwords on MDMservers (page 100)
Changing encrypted passwords for MDM servers (page 101)
Disabling SNMP agents (page 102)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 85 -
Operating system and server infrastructure security
Unhardening the Solaris 10 OS with SST prior to an MDM installation

or upgrade
Unharden the Solaris 10 operating system with Solaris Security Toolkit 4.2.
(SST) before you install to new version of Nortel Multiservice Data Manager
to ensure that you are using the most current version of the hardening script
that is included with the latest version of MDM.
Prerequisites
You are already running Solaris 10 OS with SST, on the workstation where you
plan to installNortel Multiservice Data Manager.
Procedure steps
Step Action
1 Log in as root.
2 Enter the root password.
3 Run the OS unhardening script.
# ${JASS_HOME}/bin/jass-execute -u
For more information, see the Solaris Security Toolkit Administration Guide.
4 Backup all the customized SST scripts located in /opt/SUNWjass/ to prevent
these custom scripts from being accidentally overwritten.
Attention: Customer specific scripts for SST do not operate properly with MDM OS
hardening scripts unless the customers scripts are developed strictly following the
steps described in Creating customized OS hardening scripts (page 89).
5 Uninstall SST on the target workstation if the SST version is not 4.2. If the
version is 4.2, this step is optional.
--End--
Variable Definition
{JASS_HOME} "/opt/SUNWjass", is ordinarily the location of the unharden script for a
system that has not yet been installed with MDM.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 86 -
Unhardening the Solaris 10 operating system

Unharden the Solaris operating system to upgrade to a new version of Nortel
Multiservice Data Manager to ensure that you are using the most current
version of the hardening script that is included with the latest version of MDM.
Procedure steps
Step Action
1 Log in as root.
3 Run the OS unhardening script.
# /opt/MagellanNMS/bin/Solaris_OsUnHarden
A dialog listing of OS hardening activities done previously on the workstation
opens.
4 From the list of OS hardening activities, select the hardening activity or
activities to reverse.
The unhardening scripts are executed. Pressing Ctrl-C or entering TERM
will end the unhardening activity
5 Select yes when the script prompts you to reboot the workstation.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 87 -
Hardening the Solaris 10 operating system

OS hardening after the installation or configuration of the operating system,
improves resistance to commercial operating system attacks. The OS
hardening scripts are installed on the target workstation.
During the OS hardening process, some system files, such as /lib/svc/method/

net-svc, are replaced by more secure copies delivered with Multiservice
Switch. There are two limitation associated with this process.
When these file are modified after the system is hardened, the
corresponding audit script fails because the system file is different than the
security copy delivered with Multiservice Switch. For example, if SUN
patch 119593-01, that provides a fix for the file /lib/svc/method/net-svc, is
installed after the target system is hardened by Multiservice Switch OS
Hardening scripts, the audit script indicates a failure when hardening
multi-cast and DHCP support.
Some system files are overwritten by Multiservice Switch during OS
hardening. As a result, some patch functions related to these files might
also be disabled when the system is hardened by Multiservice Switch.
Attention: If you are running software other than Multiservice Data Manager
on the workstation, hardening activities may affect their operation.
Prerequisites
If you are upgrading Nortel Multiservice Data Manager on a Solaris
operating system that was hardened prior to release 16.1, you must
perform the following tasks:
unharden the operating system using the existing Multiservice Data
Manager release and the scripts provided
upgrade Multiservice Data Manager to the new release. See Nortel
Multiservice Data Manager Upgrades and Patches (NN10470-123) for
information on upgrading MDM software.
You are running Solaris10 system.
The Solaris Security Toolkit v4.2 or higher is installed.
The scripts indicated by -d and invoked by driver scripts are valid.
Procedure steps
Step Action
1 Log in as root from the local console.


Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 88 -
3 If you had saved custom SST scripts, restore the saved scripts to /opt/
MagellanNMS/cfg/osh/jass.
Attention: Ensure that you have created your custom scripts using Creating
customized OS hardening scripts (page 89).
4 Choose either step step 4 or step 5.

5 To use the default OS hardening script, nortel-mdm-secure.driver, enter the
following command:
# /opt/MagellanNMS/bin/Solaris_OsHarden
6 To use a custom OS hardening script enter the following command:
# /opt/MagellandNMS/bin/Solaris_OsHarden -d
<driver_name>
The hardening scripts are executed. Pressing Ctrl-C or entering TERM will
end the hardening activity
7 At the Are you sure that you want to continue? (yes/no) prompt, enter yes.
8 When the driver installation is complete, you are prompted to reboot. Enter
yes.
9 When you run the Solaris hardening script, unused services are disabled
and the files in /var/adm/emerlog and /var/adm/loginlog increase in size.
Clean up unneeded files and check the partitions that contain these files.
--End--
Variable Definition
driver_name the name of the custom script

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 89 -
Creating customized OS hardening scripts

Customize OS hardening to control which services are disabled when you run
the OS hardening script. To change the behavior of the OS hardening script,
you must move the configuration files that control the script and alter their
contents.
Prerequisites
Solaris 10 must be installed.
SST v4.2 must be installed.
Procedure steps
Step Action
1 Copy the configuration files that you want to modify from:

/opt/MagellanNMS/lib/cfg/osh/jass/
to
/opt/MagellanNMS/cfg/osh/jass
or its subdirectories to the corresponding directory located in:
/opt/MagellanNMS/cfg/osh/jass/
2 Rename and modify the copied files to customize the behavior of the OS
hardening script to suit your specific needs.
Attention: The OS Hardening files located in /opt/MagellanNMS/lib/cfg/osh/jass

should not be modified directly. If modification is required, copy the file /opt/
MagellanNMS/lib/cfg/osh/jass to the corresponding directory in /opt/MagellanNMS/
cfg/osh/jass.
For example, if you want to modify the file: /opt/MagellanNMS/lib/cfg/osh/jass/files/
etc/ftpd/banner.msg you need to first copy the banner.msg file from /opt/
MagellanNMS/lib/cfg/osh/jass/Files/etc/ftpd/ to /opt/MagellanNMS/lib/cfg/osh/jass/
Files/etc/ftpd/ and modify the file in this directory.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 90 -
Example
1 Copy the following driver scripts from /opt/MagellanNMS/lib/cfg/
osh/jass/Drivers to /opt/MagellanNMS/cfg/osh/jass/Drivers.
2 Change the names of the following files:
from nortel-mdm-secure.driver to my-secure.driver
from nortel-mdm-config.driver to my-config.driver
from nortel-mdm-hardening.driver to my-hardening.driver
from copy_list to copy_list
3 Change the script names in my-secure.driver from nortel-mdm-* to my-*.
4 Edit the file my-hardening.driver, and comment out the following line
disable-apache2.fin.
5 Edit /opt/MagellanNMS/cfg/osh/jass/copy_list.
6 Change the script names in copy_list from nortel-mdm-* to my-*.
7 Save the change files.
8 Launch OS Hardening script:
/opt/MagellanNMS/bin/Solaris_OsHarden -d my-
secure.driver
Default hardening scripts and files
Files Description
/opt/MagellanNMS/lib/cfg/osh/jass/ The source and destination for files copy.
copy_list
Before hardening/auditing/unhardening the system, the OS
Hardening scripts copy the necessary scripts or files for MDM
directory to the SST directory using copy_list. After the process
is finished, the copied files are not be removed.
If the target file has existed already, the harden/unharden/audit
scripts compare the source file with the target one. If the two files
are identical, the scripts continue to the next file. If they are not
the same, the script renames the target file in current directory by
adding a suffix to the filename then copies the source file.
/opt/MagellanNMS/lib/cfg/osh/jass/ A wrapper for calling the configuration and hardening drivers
Drivers/mdm_solaris10.driver
/opt/MagellanNMS/lib/cfg/osh/jass/ The default configuration driver. The purpose of this script is to
Drivers/ perform basic system configuration.
mdm_solaris10_config.driver
(1 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 91 -
Default hardening scripts and files (continued)
Files Description
/opt/MagellanNMS/lib/cfg/osh/jass/ The default hardening driver. The purpose of this script is to
Drivers/ implement the Solaris Operating System hardening
mdm_solaris10_hardening.driver
/opt/MagellanNMS/lib/cfg/osh/ This file is to be used to override or specify user variables that
jass/Drivers/user.init will be used by the scripts in SST. It is one of the driver scripts.
(2 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 92 -
Auditing the OS hardening status of the Solaris 10 operating system

Use this procedure to verify the results of Solaris 10 OS hardening.
Prerequisites
The Audit driver scripts must be the same as those being used for OS
hardening.
SST v4.2 must be installed.
Procedure steps
Step Action

3 Choose either step 4 or step 5.
4 To use the default audit script, enter the following command:
# /opt/MagellanNMS/bin/Solaris_OsHardenStatus
Attention: Ensure that you have created your custom scripts using Creating
customized OS hardening scripts (page 89)before using this option.
5 To use a custom audit script enter the following command:

# /opt/MagellandNMS/bin/Solaris_OsHarden -dStatus
<driver_name>
The audit scripts are executed. Pressing Ctrl-C or entering TERM will end
the audit activity.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 93 -
Installing SST v4.2.0

Use this procedure to install SST v4.2.0.
Prerequisites
SST is not already installed.
Procedure steps
Step Action

3 Insert the MDM CD 5.
/opt/MagellanNMS/installsst
5 Respond to installation prompts as required.
SST v4.2.s installed in the default directory: /opt/SUNWjass.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 94 -
Unhardening the Solaris 9 operating systems

Unharden the Solaris operating system to upgrade to a new version of Nortel
Multiservice Data Manager to ensure that you are using the most current
version of the hardening script that is included with the latest version of MDM.
Procedure steps
Step Action
1 Log in as root.
2 Boot to single user mode.
init s
3 Enter the root password to regain access to the workstation.
4 Run the OS hardening script.
# /opt/MagellanNMS/bin/Solaris_OsUnHarden
The OS Security UnHardening Menu opens.
5 Begin the OS unhardening procedure. Select menu option 1:
1) Default UnHardening Configuration
The unhardening scripts are executed. Any attempt to interrupt the
execution of the unhardening scripts is ignored until the unhardening is
complete.
6 Select yes when the script asks you if you want to disable the Base Security
Module (BSM).
7 Select yes when the script asks you want to restore your previous BSM
configuration files.
8 Select yes when the script asks you if you wish to reboot the workstation.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 95 -
Hardening the Solaris 9 operating systems

OS hardening, during the installation and configuration of the operating
system, improves the resistance of commercial operating systems to attacks.
If you upgrade Nortel Multiservice Data Manager on a Solaris operating

system that was hardened prior to release 16.1, you must perform the
following tasks:
unharden the operating system using the existing Multiservice Data
Manager release and the scripts provided
upgrade Multiservice Data Manager to the new release
harden the Solaris operating system using operating system hardening
and the scripts provided
Prerequisites
The operating system hardening procedures are for Solaris 9 operating
systems only.
If you are running software other than Multiservice Data Manager on the
workstation, these activities could affect them.
The OS hardening scripts are installed on the target workstation.
When you run the Solaris hardening script, unused services are disabled
and the files /var/adm/emerlog and /var/adm/loginlog will increase in size.
You will need to clean up and check the partitions that contain these files
routinely.
Procedure steps
Step Action

2 Boot to single user mode.
init s
3 Enter the root password to regain access to the workstation.
4 Run the OS hardening script.
# /opt/MagellanNMS/bin/Solaris_OsHarden
5 Begin the OS hardening procedure. Select menu option 1:
1) Default Hardening Configuration
The hardening scripts are executed. Any attempt to interrupt the execution
of the hardening scripts is ignored until the hardening is complete.
6 Select yes when the script asks you if you want to enable the Base Security
Module (BSM).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 96 -
7 Select yes when the script asks you if you want to update existing BSM
configuration files with the ones that are delivered with Multiservice Data
Manager software.
8 Select yes when the script asks you if you want to reboot the workstation.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 97 -
Customizing OS hardening for Solaris 9

Customize OS hardening to control which services are disabled when you run
the OS hardening script. To change the behavior of the OS hardening script,
you must move the configuration files that control the script and alter their
contents.
Procedure steps
Step Action
1 Copy the configuration files that you want to modify from

/opt/MagellanNMS/lib/cfg/osh to /opt/MagellanNMS/cfg/osh.
2 Modify the configuration files to customize the behavior of the OS hardening
script to suit your specific needs.
When you run the scripts, they will search the directory
/opt/MagellanNMS/cfg/osh for customized configuration files and use those
instead of the ones in the default directory.
--End--
Procedure job aid

OS hardening scripts configuration files
File Description
account_removal_list Lists well known accounts that will be removed by the OS hardening
scripts.
cron_disable_list Lists users that are restricted from using cron.
ftp_disable_list Lists users that are restricted from using ftp.
inetd_disable_list Lists services or ports that will be disabled by the inet daemon.
kernel_modification_list Describes two kernel modifications that can be made to /etc/systems.
netrc_lock_list Lists accounts whose .netrc file will be touched and locked in each
respective home directory
nfs_disable_list Lists the tokens that can be used to disable parts of the Solaris NFS.
rauth_disable_list Lists the tokens that disable r-services and locks the /etc/hosts.equiv file.
service_removal_list Lists the run control files that will be removed from /etc/rc2.d and rc3.d.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 98 -
Replacement configuration files for OS configuration files
File Description
new_audit_class, Replaces audit_class, audit_event, audit_control, and audit_user in /etc/
new_audit_event, security to control BSM logging.
new_audit_control,
new_audit_user
new_default_ftpd Replaces /etc/default/ftpd and installs a new ftp banner.
new_default_telnetd Replaces /etc/default/telnetd and installs a new telnet banner.
new_issue Replaces /etc/issue and installs an identification to be printed as a log in
prompt.
new_inetinit Replaces /etc/default/inetinit and improves the TCP initial sequence number
generation.
new_inetsvc Replaces /etc/rc2.d/S72inetsvc and /etc/init.d/inetsvc and disables the NIS,
DHCP and multicast network services.
new_kbd Replaces /etc/default/kbd and disable keyboard or serial device abort
sequences (e.g., Stop A).
new_login Replaces /etc/default/login and restricts the remote login of the root user.
new_nddconfig Installs /etc/rc2.d/S70nddconfig and /etc/init.d/nddconfig and makes changes
to the default system and network drivers.
new_nscd.conf Replaces /etc/nscd.conf and changes the Name Service Cache daemon to
hold only the host information. Password, group and RBAC are not cached.
new_passwd Replaces /etc/default/passwd and increases password strength.
new_syslog.conf Replaces /etc/syslog.conf and increases the logging done by the syslog
daemon.
Viewing the status of the Solaris operating system

View the status of the operating system before you run the OS hardening
script to determine whether it is in a hardened or unhardened state.
Procedure steps
Step Action
1 Log in as root.
2 Run the OS show status script.
# /opt/MagellanNMS/bin/Solaris_OsHardenStatus
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 99 -
Generating secure passwords for MDM servers

Generate secure passwords for Nortel Multiservice Data Manager servers to
use encrypted passwords with servers and ensure increased security.
Procedure steps
Step Action
1 Log in as root.
3 From the System menu, click Security->Password Encryption.
The Password Encryption Tool opens.
4 Type a password in the Enter Password text field.
5 Type the same password again in the Confirm Password text field.
6 Type a name for the file in which you want the encrypted password to be
stored.
The new file, containing the encrypted password, is stored in the directory /
opt/MagellanNMS/cfg/private.
For example:
/opt/MagellanNMS/cfg.private/FMDR_GROUP1.passwd
7 Click Save.
8 Click Close.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 100 -
Setting encrypted passwords on MDMservers

Set encrypted passwords on Nortel Multiservice Data Manager servers to
increase security by preventing access by unauthorized users. You can set an
encrypted password for accessing the edit mode in the FMDR, DMDR, PMSP,
and Edit (edserver) servers.
Procedure steps
Step Action
1 Log in as root.
3 From the System menu, click Administration->Server Administration.
The Server Administration tool opens.
4 From the Security menu, click Authorize ...
The SVM Enter Authorization Password dialog box opens.
5 Enter the edit password.
6 From the Server name list area, right-click on the name of the server for
which you want to set secure password.
The server name is highlighted and the Server Functions pop-up menu
opens.
7 From the Server Functions pop-up menu, click Edit.
The Server Administration edit server dialog box opens.
8 In the Startup command text field, replace the current password text with
the full path name of the file that contains the secure password.
If we used the example password file from the previous procedure, the new
command line would look as follows:
/opt/MagellanNMS/bin/fmdr -g GROUP1 -u mdmfault -p /opt/
MagellanNMS/cfg/private/FMDR_GROUP1.passwd -l AL
9 Click Save and Restart to save your changes.
10 Click Cancel to return to the Server Administration tool main window.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 101 -
Changing encrypted passwords for MDM servers

Change encrypted passwords for Nortel Multiservice Data Manager servers
when you need to replace a password that has changed.
Prerequisites
If you change a password that is used to access a Nortel Multiservice
Switch node, the existing secure password file is no longer valid.
Procedure steps
Step Action
1 Log in as root.
3 From the System menu, click Security->Password Encryption.
The Password Encryption Tool opens.
4 Type a new password in the Enter Password text field.
5 Type the same password again in the Confirm Password text field.
6 Type the name of the file that contained the old secure password.
7 Click Save.
8 At the prompt, enter the old secure password.
9 Click Close.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 102 -
Disabling SNMP agents

Disable all native SNMP agents to increase security against attacks when
performing an installation.
Procedure steps
Step Action
1 Log in as root.
2 Change to directory /etc/rc2.d.
3 Locate the file that starts with the letter S and contains the series of letters
dmi.
4 Change the name of the file by adding .No to the beginning of the name.
For example, a file named S77dmi would become .NoS77dmi.
5 Locate the file that starts with the letter S and contains the series of letters
snmpdx.
6 Change the name of the file by adding .No to the beginning of the name.
For example, a file named S78snmpdx would become .NoS78snmpdx.
7 Change to directory /etc/rc3.d.
8 Repeat step 3 and step 4.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Network time synchronization
Synchronize the network time on Nortel Multiservice Data Manager
workstations and network elements to ensure that time clocks on workstations
and network elements show a consistent time of day and that accounting
records, statistics, alarms, and logs bear a consistent timestamp.
For most situations, you can find information about synchronizing network
time for Multiservice Data Manager workstations by consulting the man page
for xntpd (man xntpd).
Navigation
Determining the XNTP version (page 104)
Synchronizing the time between Multiservice Switch and the workstation
(page 105)
Setting up the primary time server to provide the time to DPN (page 108)
Setting up the backup and secondary backup time servers to provide the
time to DPN (page 110)
Defining a DPN OA as a time source on all time servers (page 112)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 104 -
Determining the XNTP version

Determine the version of XNTP that is running on your workstation.
Procedure steps
Step Action
1 Type the command:

/usr/sbin/xntpdc
2 Type at the prompt:
xntpdc> version
The version of XNTP is displayed, for example:
xntpdc 3-5.93e Mon Sep 20 15:47:24 PDT 1999 (1)
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 105 -
Synchronizing the time between Multiservice Switch and the

workstation
Synchronize the time between a Nortel Multiservice Data Manager
workstation and Nortel Multiservice Switches.
The Solaris XNTP daemon and the Multiservice Switch XNTP client are used
for time synchronization. The Solaris XNTP daemon is the Solaris-provided
software on the workstation.
Procedure steps
Step Action
1 Stop the time synchronization on Multiservice Switch and a workstation. On

the node, lock all the provisioned time server components for each
provisioned server.
lock Time Server/<n>
2 Ensure that the synchronization status changes to unsynchronized.
d Time syncStatus
3 Determine whether the Solaris XNTP daemon is running on MDM.
ps -ef | grep xntp
Attention: Do not keep the time server out of service for too long to avoid impacting
the network, especially if there is no redundant time server configured in the
network. The length of time the server should not be out of service varies because
it depends on the time drift of the clocks. The average time drift depends on the
hardware involved.
4 If the process is still running, terminate the workstation XNTP daemon.

/etc/rc2.d/S74xntpd stop
5 Ensure that the process has been killed
ps -ef | grep xtnp
6 Line up the time on the node with the time on the workstation. To display the
time, from UNIX, type:
date -u
7 On the node, make sure that the time offset is set to 0. Configure the node
time so that it is set to UTC, and as close as possible to the workstation UTC
time (less than 1000 seconds of UTC).
set time offset 0
set time moduleTime <yyyy-mm-dd hh:mm:ss>

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 106 -
Attention: Root permission is required to change the workstation time. Use the
date -u command.
Attention: If more workstations are used as a time source to the node, they must
all be synchronized to a common time server.
8 Restart the workstation XNTP daemon.

/etc/rc2.d/S74xntpd start
9 Using the NTPQ tool, ensure that the workstations are in sync with their time
source before doing anything with the nodes.
/usr/sbin/ntpq
10 At the prompt, type:
ntpq> rv
The following output is displayed:
status=0644 leap_none, sync_ntp, 4 events, event_peer/
strat_chg
system="SunOS", leap=00, stratum=4, rootdelay=105.96,
rootdispersion=33.10, peer=16908, refid=timeserver,
reftime=c592599d.52ab0000 Fri, Jan 14 2005 9:45:49.322,
poll=6,
clock=c59259d1.a628c000 Fri, Jan 14 2005 9:46:41.649,
phase=3.213,
freq=1640.81, error=0.56
To determine whether the server is synchronized, refer to the stratum value
in the 2nd line of the output displayed above. A stratum value less than 16
indicates that the server is synchronized to the time server.
11 On the node, restart synchronization by unlocking the time server
components.
unlock Time Server/<n>
12 Monitor the progress by checking the syncStatus attribute.
d Time syncStatus
Attention: Provision all workstations used as synchronization sources for a node

as time servers on the node.
13 After the node has reached synchronization, that is

syncStatus=synchronized, configure the time offset on the node.
set Time offset <offset value>

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 107 -
Attention: Nortel recommends that your networks be operated with the time offset
of 0 (on UTC). If you use local time by setting the offset attribute to a non-zero value,
then the offsets on all the nodes in the network must be the same. Failure to do so
may result in difficulties when correlating time between multiple nodes.
--End--
Variable Value
n The instance of the server component.
offset value The value for the offset according to your time zone.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 108 -
Setting up the primary time server to provide the time to DPN

Set up the Multiservice Data Manager workstation configured as the primary
time server in your network so that it provides the time to the Top OA of the
Network Control System for the DPN switches.
Prerequisites
Setting up the primary time server workstations requires you to set up a
cron job on the workstations to run the syncDPNtime program. For
information, see the section on cron jobs in Configuring automatic DBNL
disabling (page 361).
Procedure steps
Step Action
1 Log on as root user on the MDM workstation you chose as the primary time
server for your network.
crontab -e
A crontab file is opened using a UNIX editor (default vi).
3 Add a line in the following format to run the syncDPNtime program:
<run_time> /opt/MagellanNMS/bin/syncDPNtime \
<destination> <userid> <passwd> <gmt_offset>
4 Exit the file and save it by pressing Esc, then typing:
:wq!
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 109 -
Variable Value
destination The destination mnemonic of the OA configured as the DPN clock
master, which is the DPN OA local MDI ID. The destination mnemonic
is often referred to as DEST MNEM.
gmt_offset The time difference in minutes between Greenwich Mean Time (GMT)
and the time on the MDM workstation. Specify the offset as though
you are travelling around the globe in an easterly direction starting at
Greenwich. For example:
A workstation is located in Ottawa, Canada. As you travel in an
easterly direction, starting at Greenwich, the time difference between
Greenwich and Ottawa is 19 hours. The offset for the workstation is,
therefore, (19 x 60) = 1140.
A workstation is located in Auckland, New Zealand. As you travel in
an easterly direction, starting at Greenwich, the time difference
between Greenwich and Auckland is 8 hours. The offset for the
workstation is, therefore, (8 x 60) = 480.
passwd A valid password for the user ID.
run_time The time at which the program is to be run, in the form:
<minute> <hour> <day_of_month> <month> <day_of_week>
Entering an asterisk (*) for any of these values means that the
program will be run for all possible values.
user_id A valid user identifier with the correct system privilege (nams, network
service, etc.).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 110 -
Setting up the backup and secondary backup time servers to provide

the time to DPN
Set up the Multiservice Data Manager workstations configured as the backup
and secondary backup time servers in your network so that they provide the
time to the Top OA of the Network Control System for the DPN switches.
Prerequisites
Setting up the backup and secondary backup time server workstations
requires you to set up a cron job on both workstations to run the
syncDPNtime.backup program. For information, see the section on cron
jobs in Configuring automatic DBNL disabling (page 361).
Procedure steps
Step Action
1 Log on as root user on the MDM workstation you chose as the backup time
crontab -e
3 Add a line in the following format to run the syncDPNtime.backup program:
<run_time> /opt/MagellanNMS/bin/syncDPNtime.backup \
<destination> <userid> <passwd> <gmt_offset> \
<IP_primary> <IP_backup> ...
:wq!
5 Repeat this procedure on the workstation you chose as the secondary
backup time server.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 111 -
Variable Value
therefore, (19 x 60) = 1140.
A workstation is located in Auckland, New Zealand. As you travel in
an easterly direction, starting at Greenwich, the time difference
between Greenwich and Auckland is 8 hours. The offset for the
workstation is, therefore, (8 x 60) = 480.
IP_backup ... The IP addresses of the backup MDM time servers (there can be
more than one).
IP_primary The IP address of the primary MDM time server.
service, etc.).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 112 -
Defining a DPN OA as a time source on all time servers

Set up the primary, backup, and secondary backup time server Multiservice
Data Manager workstations to synchronize their time with a DPN OA.
Prerequisites
Setting up a time server workstation to synchronize its time with a DPN OA
requires you to set up a cron job to run the syncToDPNtime program. For
information, see the section on cron jobs in Configuring automatic DBNL
disabling (page 361).
Procedure steps
Step Action
1 Log on as root user on the MDM workstation you chose as the primary time
crontab -e
3 Add a line in the following format to run the syncToDPNtime program:
<run_time> /opt/MagellanNMS/bin/syncToDPNtime \
<destination> <userid> <passwd> <gmt_offset>
:wq!
5 Repeat this procedure on the workstation you chose as the backup time
server.
6 Repeat this procedure on the workstation you chose as the secondary
backup time server.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 113 -
Variable Value
therefore, (19 x 60) = 1140.
A workstation is located in Auckland, New Zealand. As you travel in an
Greenwich and Auckland is 8 hours. The offset for the workstation is,
therefore, (8 x 60) = 480.
service, etc.).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Operator Client default port settings
modification
For Operator Client users, the User Administration server is configured with a
number of default port settings. If there is a conflict between some of these
port settings and your existing port settings, the System Administrator can
change the settings.
In addition, if you want to put Operator Client behind a firewall, you must fix a
number of dynamic port settings. For more information, refer to Operator
Client ports (page 135).
Prerequisites
Verify that you are using the correct procedure using the table Default port
settings procedures (page 114).
Default port settings procedures
Port Protocol Used by Procedure to configure port

25 TCP SMTP Changing the sendmail server default port (page 116)
389 TCP Java Sun Access Changing the DS server default non-encrypted port (page 118)
Manager
8443 TCP Apache Server Changing the Apache server default SSL port (page 117)
1812 UDP Radius Server Changing the RADIUS server default port (page 129)
8081 TCP Tomcat server Changing the Tomcat http client port (page 125)
8009 TCP Tomcat server Changing the Tomcat server default port (page 126)
8080 TCP Apache Web Changing the Apache web server default port (page 127)
Server
24313 TCP Java System Changing the DS admin default port (page 124)
Directory Server
(1 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 115 -
Operator Client default port settings modification
Default port settings procedures (continued)
Port Protocol Used by Procedure to configure port

58080 TCP Java Sun Access Changing the Java Sun Access Manager default port
Manager (page 131)
58888 TCP Java Sun Access Changing the Java Sun Access Manager admin default port
Manager admin (page 134)
(2 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 116 -
Changing the sendmail server default port

Change the sendmail server default port by changing the default port and then
configuring the client process.
Procedure steps
Step Action
1 Change the port number in the file /etc/services.

2 To stop the sendmail process, type:
/etc/init.d/sendmail stop
3 To start the sendmail process, type:
/etc/init.d/sendmail start
/opt/nortel/config/applications/security/core/auth
5 Access the file AMConfig.auth.java.properties and change the port number
in the line com.iplanet.am.smtpport=25.
/etc/opt/SUNWam/config
7 Access the file AMConfig.properties and change the port number in the line
com.iplanet.am.smtpport=25.
8 to restart the process, type:
/opt/nortel/3rd_party/security/current_s1is/swmgmt/bin/
pctrl_s1is.sh restart
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 117 -
Changing the Apache server default SSL port

Change the default SSL port for the Apache server.
Procedure steps
Step Action
1 Change the port number in the file.

/opt/nortel/3rd_party/apache/current_apache/conf/
ssl.conf
The port is defined by this line:
Listen <port_number>
2 Restart the Apache server.
apachectl -k stop
3 Start the client process by using the new port number in the URL. For
example:
https://<host_name>:<new_port>/UI
--End--
Variable Value
new_port The default SSL port number.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 118 -
Changing the DS server default non-encrypted port

Use this procedure to change the default non-encrypted port number.
To configure the server port in the DS console, perform step 1 through
step 21.
To change the port number in configuration files, perform step 22 through
step 25.
To configure the client process, perform step 26 through step 31.
To configure the client process in the DS console, perform step 32 through
step 37.
To change other client process references to the port, perform step 38
through step 46.
To restart the servers, perform step 53 through step 56.
Prerequisites
You must know the DS console user ID and password.
Procedure steps
Step Action
1 Start the DS admin server, type:

/opt/nortel/3rd_party/netscape/current_nds/swmgmt/bin/
pctrl_nds.sh start nsdm
2 Open the DS console, type:
/var/opt/SUNWdssvr/servers/startconsole
3 In the login screen, type the DS user ID cn=Directory Manager and the
password.
If this is the first login, type the administration URL
http://<host_name>:24313.
4 In the DS console window, click the host name folder icon.
5 Click the Server Group folder icon.
6 Click Directory Server oamplatform.
7 In the right frame, click Open.
8 Select the Configuration tab.
9 Select the root of the configuration tree: <hostname>:389
10 Select the Network tab.
11 In the Port field, type the new port number.
12 Click Save.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 119 -
13 Click Yes.
14 Click OK.
15 Select the Directory tab.
16 Click the NetscapeRoot folder icon.
17 Click the oamplatform folder icon.
18 Click Global Preferences.
19 In the right frame, double-click User Directory.
20 Change the port in the nsdirectoryurl, if it has not already been changed.
21 Click OK.
22 To change the port number in configuration files, type this command to
change directories:
cd /var/opt/SUNWdssvr/servers
23 Change the port number in these files:
shared/config/dbswitch.conf
shared/config/ldap.conf
userdb/dbswitch.conf
admin-serv/config/adm.conf
24 Stop the DS administration server, type:

pctrl_nds.sh stop nsdm
25 Restart the directory server, type:
pctrl_nds.sh restart
26 To configure the client process, create a file called /tmp/389.1.sh. and paste
this text into that file:
#!/bin/sh
newport=$1
LD_LIBRARY_PATH=/opt/SUNWam/6.3_2005Q1/SUNWam/ldaplib/
ldapsdk:/opt/SUNWcomm/lib/; export LD_LIBRARY_PATH
/opt/SUNWam/6.3_2005Q1/SUNWam/bin/ldapsearch -B \
-b"ou=1.0,ou=iPlanetAMAuthCertService,ou=services,
o=oamplatform" \
-D "cn=Directory Manager" -w directory -h `hostname` -p
$newport "(objectclass=*)"sunserviceschema > \
/etc/opt/SUNWam/config/xml/amAuthCert.xml.tmp
cat /etc/opt/SUNWam/config/xml/amAuthCert.xml.tmp | sed
-n '/<ServicesConfiguration>/,/\/
ServicesConfiguration>/p' \
| sed -e 's/sunservicesschema=//' > /etc/opt/SUNWam/
config/xml/amAuthCert.xml

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 120 -
-b
"ou=1.0,ou=iPlanetAMAuthLDAPService,ou=services,o=oampl
atform" \
$newport "(objectclass=*)"
sunserviceschema > /etc/opt/SUNWam/config/xml/
amAuthLDAP.xml.tmp
cat /etc/opt/SUNWam/config/xml/amAuthLDAP.xml.tmp | sed
-n '/<ServicesConfiguration>/,/
<\/ServicesConfiguration>/p' \
| sed -e 's/sunservicesschema=//' > /etc/opt/SUNWam/
config/xml/amAuthLDAP.xml
-b
"ou=1.0,ou=iPlanetAMAuthMembershipService,ou=services,o
=oamplatform" \
sunserviceschema > \
/etc/opt/SUNWam/config/xml/amAuthMembership.xml.tmp
cat /etc/opt/SUNWam/config/xml/amAuthMembership.xml.tmp
| sed -n '/
<ServicesConfiguration>/,/<\/ServicesConfiguration>/p'
\
| sed -e 's/sunserviceschema=//' > /etc/opt/SUNWam/
config/xml/amAuthMembership.xml
-b
"ou=1.0,ou=iPlanetAMPolicyConfigService,ou=services,o=o
amplatform" \
/etc/opt/SUNWam/config/xml/amAuthMembership.xml.tmp
| sed -n '/
\
config/xml/amAuthMembership.xml
-b
"ou=1.0,ou=iPlanetAMPolicyConfigService,ou=services,o=o
amplatform" \
/etc/opt/SUNWam/config/xml/amAuthPolicyConfig.xml.tmp
cat /etc/opt/SUNWam/config/xml/
amAuthPolicyConfig.xml.tmp | sed -n '/

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 121 -
\
config/xml/amAuthPolicyConfig.xml
27 Run the script, type:
/bin/sh /tmp/389.1.sh <port>
where
<port> is the new port number.
/opt/nortel/config/applications/security/core/auth/
AMConfig.auth.cpp.properties
AMConfig.auth.java.properties
/etc/opt/SUNWam/config/serverconfig.xml
/etc/opt/SUNWam/config/AMConfig.properties
/etc/opt/SUNWam/config/xml/amAuthCert.xml
/etc/opt/SUNWam/config/xml/amAuthLDAP.xml
/etc/opt/SUNWam/config/xml/amAuthMembership.xml
/etc/opt/SUNWam/config/xml/amPolicyConfig.xml
29 Create a file called /tmp/389.2.sh, and copy and paste this text into that file:
#!/bin/sh
passwd=$1
host=$2
newport=$3
ldapsdk:/opt/SUNWcomm/lib/; export LD_LIBRARY_PATH
( printf "dn: "; \
cat /etc/opt/SUNWam/config/xml/amAuthCert.xml.tmp | sed
-n 1p; \
echo "changetype: modify"; echo "replace:
sunserviceschema"; \
/var/opt/SUNWdssvr/servers/bin/slapd/server/ldif -b
sunserviceschema \
< /etc/opt/SUNWam/config/xml/amAuthCert.xml; ) | \
/opt/SUNWam/6.3_2005Q1/SUNWam/bin/ldapmodify \
-D "cn=Directory Manager" -w $passwd -h $host -p $newport
( printf "dn: "; \
cat /etc/opt/SUNWam/config/xml/amAuthLDAP.xml.tmp | sed
-n 1p; \
sunserviceschema \

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 122 -
< /etc/opt/SUNWam/config/xml/amAuthLDAP.xml; ) | \
( printf "dn: "; \
| sed -n 1p; \
sunserviceschema \
< /etc/opt/SUNWam/config/xml/amAuthMembership.xml; ) | \
( printf "dn: "; \
cat /etc/opt/SUNWam/config/xml/
amAuthPolicyConfig.xml.tmp | sed -n 1p; \
sunserviceschema \
< /etc/opt/SUNWam/config/xml/amPolicyConfig.xml; ) | \
30 Start the DS server, type:
/bin/sh/tmp/389.2.sh <directory_mng_pwd> <host> <port>
where
<directory_mng_pwd> is the password for the cn=Directory Manager
user in the DS database
<host> is the host name where the DS database is running
<port> is the new port number
32 To configure the client process in the DS console, enter this command to

open the DS console:
33 In the login screen, enter the user ID cn=Directory Manager and the
password.
34 In the DS console window, click the folder icon next to the host name.
36 Click Directory Server oamplatform.
37 In the right frame, click Open.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 123 -
38 Change other client process references to the port, select the Directory tab.
39 Click the <org> folder icon.
40 Click the services folder icon.
41 Click the iPlanetAMAuthLDAPService folder icon.
42 Click the 1.0 folder icon.
43 Click OrganizationConfig.
44 In the right frame, double-click default.
45 Change the port value in the sunkeyvalue field.
46 Click OK.
47 Click the iPlanetAMPolicyConfigService folder icon.
48 Click the 1.0 folder icon.
49 Click OrganizationConfig.
50 In the right frame, double-click default.
51 Change the port value in the sunkeyvalue field.
52 Click OK.
53 Restart the servers, exit the DS console.
54 To restart the directory server, type;
pctrl_nds.sh restart
55 Stop the DS administration server, type:
pctrl_nds.sh stop nsdm
56 Restart the AM web server, type:
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 124 -
Changing the DS admin default port

Use this procedure to change the default port number.
Procedure steps
Step Action
1 To configure the server port in the DS console, type this command to start
the DS admin server:
2 Open the DS console, type:
3 In the login screen, type the DS user ID cn=Directory Manager and the
password.
If this is the first login, type the administration URL
http://<host_name>:24313.
4 In the DS console window, click the host name folder icon.
6 Select Administration Server.
7 Click Open.
8 Select the Configuration tab.
9 In the Port field, change the port number.
10 Click Save.
11 Click OK.
12 Restart the Admin server, type:
pctrl_nds.sh restart nsdm
13 To configure the client process, type this command to open the DS console:
14 In the login screen, type the user ID and password.
15 Enter the new administration URL, http://<host_name>:<new_port>.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 125 -
Changing the Tomcat http client port

Change the http client port for the Tomcat server.
Procedure steps
Step Action
1 Change the port number in the file

/opt/nortel/3rd_party/apache/current_tomcat/conf/
server.xml
2 To stop the Tomcat server, type:
/opt/nortel/3rd_party/apache/current_tomcat/swmgmt/bin/
pctrl_tomcat.sh stop
3 To start the Tomcat server, type:
pctrl_tomcat.sh start
4 Start the Web browser by using the new port number in the URL, for
example http:// <hostname>:<new_port>/<page>.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 126 -
Changing the Tomcat server default port

The tomcat server default port is 8009. Use this procedure to change the
default port number.
Change the default port using step 1 through step 3.
Configure the client process using step 4 through step 6.
Procedure steps
Step Action
1 To change the default port on the Tomcat server, change the port number in
the file
/opt/nortel/3rd_party/apache/current_tomcat/conf/
server.xml
The port is defined by the following:
<Connector className=org.apache.coyote.tomcat4.CoyoteConnector
port=<port_number> minProcessors=5 maxProcessors=75
enableLookups=true redirectPort=8443 acceptCount=100
debug=0 connectionTimeout=20000 useURIValidationHack=false
disableUploadTimeout=true />
2 To stop the Tomcat server, type:
pctrl_tomcat.sh stop
3 To start the Tomcat server type:
pctrl_tomcat.sh start
4 To configure the client process, change the port number in the file
/opt/nortel/3rd_party/apache/current_apache/conf/workers.properties.
5 To stop the Apache server, type:
/opt/nortel/3rd_party/apache/current_apache/swmgmt/bin/
pctrl_apache.sh stop
6 To start the Apache server, type:
pctrl_apache.sh start
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 127 -
Changing the Apache web server default port

Use this procedure to change the default port number of Apache web server.
Attention: Changes made to this port are erased during Nortel Multiservice
Data Manager software upgrades. You must reset this port number after
each software upgrade.
Procedure steps
Step Action
1 Log in to the machine on which the Desktop component is installed.

/opt/nortel/3rd_party/apache/current_apache/conf/httpd.conf
3 To stop the Apache server, type:
pctrl_apache.sh stop
4 To start the Apache server, type:
pctrl_apache.sh start
If the Security Services component Then

is installed on the same server as the Desktop go to step 5.
is installed on a different server go to step 6.
5 Change the port number in the following files:

/opt/nortel/config/applications/desktop/jws/mft/resources/desktop/
DesktopGUI.jnlp
Go to step 7.
6 Change the port number in this file,
DesktopGUI.jnlp
7 Select the action:
If the WEB_FILE_MANAGER_LOCATION Then

is configured go to step 8.
is not configured go to step 9.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 128 -

/opt/nortel/config/applications/desktop/local/mft/resources/desktop
/DesktopGUI.config.
9 Select the action:
If the Security Services component Then

is installed on the same server as the Desktop go to step 10.
is installed on a different server go to step 11.
10 To restart the Access Manager, type:

11 Start the client process by using the new port number in the URL, for
example, http://<hostname>:<new_port>/UI.
12 Restart any C++ application that may have cached the Access Manager
client properties.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 129 -
Changing the RADIUS server default port

Change the default port for the RADIUS server.
No client software references the 1812 port. Network elements doing

authentication through the RADIUS server may use that port.
Procedure steps
Step Action
1 Change the port number in the file:

/opt/nortel/config/applications/security/radius/radius.properties
2 Stop the RADIUS server, type
/opt/nortel/applications/security/current_radius/
swmgmt/bin/pctrl_radius.sh stop
3 Start the RADIUS server, type:
/opt/nortel/applications/security/current_radius/
swmgmt/bin/pctrl_radius.sh start
4 Configure the client process, change directories, type:
cd /opt/nortel/applications/security/current_pamradclt/
swmgmt/bin
5 Run the configuration script for the PAM RADIUS client, type:
./configure_pamradclt.sh -subcomponent all
6 When you are prompted to specify an action, type list.
7 Run the configuration script for the PAM RADIUS client, type:
./configure_pamradclt.sh -subcomponent all
8 When you are prompted to specify an action, type add.
9 At the prompt for the RADIUS server IP, type the IP address of the RADIUS
server.
10 At the prompt for the RADIUS server port, type the new port number.
11 At the prompt, type the RADIUS server shared secret.
12 At the prompt, type the RADIUS time out.
13 At the prompt for the application ID, type iems.
14 When you are prompted again for the RADIUS server IP, type end.
15 To verify the PAM RADIUS configuration file, first change directories, type:
cd /opt/nortel/applications/security/pamradclt_2.0.0/
config
16 Verify the PAM RADIUS file configuration, type:

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 130 -
cat pam_radius_auth.conf
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 131 -
Changing the Java Sun Access Manager default port

Use this procedure to change the default port number.
To change the default port, perform step 1 through step 7.
To configure the client process, perform step 8 through step 10.
Procedure steps
Step Action
1 Change the default port in these files:

AMConfig.auth.java.properties
/opt/nortel/config/applications/security/core/is.env
/opt/nortel/config/3rd_party/security/s1is/es6/config/https-oamplatform/
AMAgent.properties
/opt/nortel/config/3rd_party/security/s1is/es6/config/https-oamplatform/
response
/etc/opt/SUNWam/config/AMConfig.properties
/opt/SUNWwbsvr/6.3_2005Q1/https-oamplatform/config/server.xml
2 Create a file called /tmp/58080.1.sh, and copy and paste the following text
into that file:
#!/bin/sh
newport=$1
ldapsdk:/opt/
SUNWcomm/lib/; export LD_LIBRARY_PATH
-b "ou=1.0,ou=iPlanetAMPlatformService,ou=services,
o=oamplatform" \
/etc/opt/SUNWam/config/xml/amPlatform.xml.tmp
cat /etc/opt/SUNWam/config/xml/amPlatform.xml.tmp |
sed -n '/<ServicesConfiguration>/,/<\/
ServicesConfiguration>/p'\
config/xml/amPlatform.xml
-b
"ou=1.0,ou=iPlanetAMSAMLService,ou=services,o=oamplatfo
rm" \

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 132 -

/etc/opt/SUNWam/config/xml/amSAML.xml.tmp
cat /etc/opt/SUNWam/config/xml/amSAML.xml.tmp | sed '/
<ServicesConfiguration>/,/<\/
ServicesConfiguration>/p' \
config/xml/amSAML.xml
/bin/sh /tmp/58080.1.sh <port>
where
<port> is the DS directory server port number.
/etc/opt/SUNWam/config/xml/amSAML.xml
/etc/opt/SUNWam/config/xml/amPlatform.xml
5 Create a file called /tmp/58080.2.sh, and copy and paste the following text
into that file:
#!/bin/sh
passwd=$1
host=$2
newport=$3
ldapsdk:/opt/
SUNWcomm/lib/; export LD_LIBRARY_PATH
( printf "dn: "; \
cat /etc/opt/SUNWam/config/xml/amSAML.xml.tmp | sed -n
1p; \
sunserviceschema < /etc/opt/SUNWam/
config/xml/amSAML.xml; ) | \
( printf "dn: "; \
cat /etc/opt/SUNWam/config/xml/amPlatform.xml.tmp | sed
-n 1p; \
sunserviceschema \
< /etc/opt/SUNWam/config/xml/amPlatform.xml; ) | \

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 133 -
/bin/sh /tmp/58080.2.sh <directory_mng_pwd> <host>

<port>
where
<directory_mng_pwd> is the password for the cn=Directory Manager
user in the DS database
<host> is the name of the host running the DS database
<port> is the DS directory server port number
7 Restart the AM webserver, type:

/opt/nortel/3rd_party/security/current_slis/swmgmt/bin/
8 To configure the client process, first change the port number in this file:
/opt/nortel/config/applications/security/isclient/is_client.env.
If IS_AUTH_CONFIG_URL Then
is configured go to step 9.
is not configured go to step 10.

DesktopGUI.jnlp
/opt/nortel/config/applications/desktop/local/mft/resources/desktop/
DesktopGUI.config
10 Restart the Apache server, type:

pctrl_apache.sh restart
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 134 -
Changing the Java Sun Access Manager admin default port

Change the default port for the Java Sun Access Manager admin server.
Procedure steps
Step Action
1 Change the port number in the following file:

/opt/nortel/3rd_party/security/current_s1is/servers/
https-admserv/config/server.xml
2 Restart the Admin server.
/opt/nortel/3rd_party/security/current_s1is/servers/
https-admserv/restart
3 Start the Admin server, type:
/opt/nortel/3rd_party/security/current__nds/start_admin
4 Start the Java System DS console.
/opt/nortel/3rd_party/netscape/current_nds/startconsole
5 In the login window, use the URL http://<host_name>.<org>:<port>.
6 Exit the Java System DS console.
7 Stop the Admin server, type:
/opt/nortel/3rd_party/security/current__nds/stop_admin
--End--
Variable Value
org The top-level organization in the NDS database. For example
o=ca.nortel.com.
port The NDS directory server port number.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 135 -
Operator Client ports

You must allow the dynamic ports listed in Multiservice Data Manager server
ports (page 135) through the firewall in order for Operator Client to
communicate with Nortel Multiservice Data Manager workstations and the
User Administrator server.
Procedure steps
Step Action
1 If your system uses any of the services listed in Multiservice Data Manager
server ports (page 135), change the port numbers in the /opt/
MagellanNMS/cfg/private/IPCNameMap.cfg file. For information on how to
change these ports, refer to the procedure to configure named TCP/UDP
ports in the Nortel Multiservice Data Manager AdministrationServer
Management (NN10470-310).
2 If there is a conflict with your existing port settings, change the fixed ports.
For more information, refer to Services on fixed ports (page 136).
--End--
Procedure job aid

Multiservice Data Manager server ports
Server Name Service Protocol Description

Network Model NMAGENT TCP The network model agent used to supply state
information to fault applications.
RTAC Agent RTACAGENT TCP The service used to access the RTAC agent.
GMDR Agent GMDRAGENT TCP The service used to receive fault information for
fault applications.
Fault Dev Access CCAGENT TCP Services used by the fault tools. These services
Agent PSVAGENT TCP are created when /opt/MagellanNMS/bin/psvagent
NSVAGENT TCP is started by svmdmn.
Data Viewer Agent PMAGENT TCP The service used to access the dataviewer agent.
Nodal Provisioning CONFIGMAN TCP Provides configuration services for the nodal
Configuration Manager provisioning interface.
Attention: This port is fixed through a command
line.
Multinodal Name MNSDAGENT UDP Two types of servers that allow inter-process
Service Agent communication to be established.
Attention: These two ports are fixed as default.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 136 -
Services on fixed ports
Server Name Description

Apache Web Server Used to download the desktop jar files. Any change you make to this port
number is not maintained between Multiservice Data Manager software
upgrades. You must reset this port number after every upgrade.
Java System DS Used for password changes.
Java Sun Access Used for user authentication.
Manager
Tomcat server Used for the online help system.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Server process administration overview
Use the tasks listed in this section to configure, maintain, and manage the
server processes that support Nortel Multiservice Data Manager network
management functions.
Navigation
Starting servers, monitoring servers, and changing server default
parameters
The Server Administration tool is described in Nortel Multiservice Data
Manager AdministrationTools (NN10470-300). Using the
procedures available with this tool, you can start, stop, and monitor
Multiservice Data Manager servers. For information about the specific
parameters of individual server, or for information about error and exit
codes, see Nortel Multiservice Data Manager AdministrationServer
Management (NN10470-310). Conceptual information about
Multiservice Data Manager server is listed in Nortel Multiservice Data
Manager AdministrationServer Management (NN10470-310) and in
(NN10470-305).
MDM workstation threshold configuration (page 138)
Set thresholds at which workstation surveillance generates alarms
and set the time interval at which workstations poll managed
components.
Multi-nodal naming service configuration (page 141)
Set up a list of hosts that will appear in the Service Selection tool. The
Service Selection tool is described in Nortel Multiservice Data
Manager AdministrationTools (NN10470-300).
Log and alarm management (page 149)
Define how logs, alarms, and alarm clearing are managed.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
MDM workstation threshold
configuration
Customize the thresholds at which MDM workstation surveillance generates
alarms. You can also set the time interval at which the workstation polls its
managed components.
Procedure steps
Step Action
1 To change configuration parameters, run the /opt/MagellanNMS/bin/

sfm_config script to create the following file and edit the parameters in this
file using any text editor:
/opt/MagellanNMS/cfg/SFM.cfg
Prior to undertaking each poll, workstation surveillance reads the
configuration parameters from this file. Only future alarms are affected;
previous alarms are not affected.
2 Use the Server Administration tool to start the workstation surveillance
server. The executable name of the workstation surveillance server is
/opt/MagellanNMS/bin/sfm
Attention: For information on the logs generated by the Server Administration tool,
see Nortel Multiservice Data Manager AdministrationTools (NN10470-300). For
information on alarms generated by this tool, see Nortel Multiservice Data Manager
Alarms Reference (NN10470-501).
--End--
Procedure job aid

When editing the SFM.cfg file, take the following points into consideration:
you can edit and save this file while the script is running

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 139 -
MDM workstation threshold configuration
when defining numerical values, include only the number; do not add units
for any resource, the value for the minor alarm must be lower than the
value for the major alarm; the value for the major alarm must be lower than
the value for the critical alarm
always include at least one space between the parameter name and the
configurable value
For configurable parameters and the default values, see the table
Configurable workstation surveillance parameters (page 139).
Configurable workstation surveillance parameters
Configurable Default Description

parameter value
Interval 600 Interval defines the polling interval in seconds. The range is 10-
86400 seconds.
CPU_Sampling 300 CPU_Sampling defines the sampling duration used to determine
the CPU usage. The range is 10-86400 seconds.
CPU_Load_Minor 70 CPU_Load_Minor, CPU_Load_Major, and CPU_Load_Critical
define the threshold for minor, major, and critical CPU alarms in
CPU_Load_Major 80
terms of percentage of CPU resource used. The range is 1 to 100.
CPU_Load_Critical 90
FS_Minor 80 FS_Load_Minor, FS_Load_Major, and FS_Load_Critical define
the threshold for minor, major, and critical disk alarms in terms of
FS_Major 90
percentage of disk resource used. The range is 1 to 100.
FS_Critical 95
Mem_Minor 80 Mem_Load_Minor, Mem_Load_Major, and Mem_Load_Critical
define the threshold for minor, major, and critical memory alarms
Mem_Major 90
in terms of percentage of memory resource used. The range is 1 to
Mem_Critical 95 100.
Remote_Connection Remote_Connection defines the IP addresses/host names of peer
devices. Workstation surveillance periodically checks the
connectivity with the IP addresses/host names assigned to the
parameter. If you add a description for the managed IP addresses/
host names, it will appear in the alarm when the device is
unreachable. The description should be separated from the IP
address/hostname field by at least one space. This connection
supports multiple field input, letting you manage more than one
device. For example:
Remote_Connection 1.2.3.4 Passport 15K
Remote_Connection MDM2 MDM mate
(1 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 140 -
MDM workstation threshold configuration
Configurable workstation surveillance parameters (continued)
Configurable Default Description

parameter value
Local_Port_Connection Local_Port_Connection defines the IP addresses/host names of
the local port that you want to manage. SFM periodically checks
the connectivity with the IP addresses/host names assigned to the
parameter. If you add a description for the managed IP addresses/
host names, it will appear in the alarm when the device is
unreachable. The description should be separated from the IP
address/hostname field by at least one space. This connection
supports multiple field input, letting you manage more than one
device. For example:
Local_Port_Connection 4.3.2.1 hmeo port to lan
Local_Port_Connection mdmpriv qfe1 port to privatenet to
privatenet
Manage_FS Manage_FS defines which file systems that workstation
surveillance monitors. Separate multiple file system entries with at
least one space.
(2 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Multi-nodal naming service
configuration
If you plan to use the Service Selection tool and want to have a list of available
hosts to choose from, you must set up Multi-nodal Naming Service (MNS)
domains.
Prerequisites
You must be familiar with the material on level 2 MNS domains in the Nortel
Multiservice Data Manager AdministrationFundamentals (NN10470-305).
Navigation
Ensuring that the file /etc/hosts contains the host names of the
workstations in a domain (page 142)
Setting up a level 2 MNSD process (page 143)
Configuring a range of TCP/UDP ports (page 144)
Configuring named-service TCP/UDP ports (page 146)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 142 -
Multi-nodal naming service configuration
Ensuring that the file /etc/hosts contains the host names of the
workstations in a domain
Ensure that the file /etc/hosts on every workstation in a domain contains the
host names and IP addresses of all the other workstations in that domain.
Procedure steps
Step Action
1 Log on as root to any of the workstations in the domain.

2 Display the contents of file /etc/hosts.
more /etc/hosts
3 File /etc/hosts should contain the hostnames and IP addresses of every
workstation on the domain. If any are missing, do one of the following:
If the workstations in your network are using a Naming Information
Service (NIS), use Suns NIS Administration tool to ensure that file /etc/
hosts contains the hostnames and IP addresses of all workstations in
the level 2 MNSD domain.
If the workstations in your network are not using NIS, use an editor to
add the host names and IP addresses of all workstations in the domain
to file /etc/hosts.
4 Repeat the previous steps on every workstation in the level 2 MNSD

domain.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 143 -
Setting up a level 2 MNSD process

Set up a level 2 MNSD process on at least one of the workstations that are
part of the MNSD domain. For maximum redundancy, perform this procedure
on every Server Set workstation in a domain.
Prerequisites
The Server Administration tool is described in Nortel Multiservice Data
Manager AdministrationTools (NN10470-300). Read this section before
proceeding.
Procedure steps
Step Action
1 Log on as root at one of the workstations you have chosen to run the level
2 MNSD process.
2 Use the Nortel Multiservice Data Manager Server Administration tool to add
and start the level 2 MNSD process.
You can use a descriptive name for the level 2 MNSD process. This name
must be unique among the list of servers running on that workstation (for
example, Level 2 Name Server).
Specify the startup command for the level 2 MNSD process.
/opt/MagellanNMS/bin/mnsd -2 localhost <hostname1
hostname2 ...>
--End--
Variable Definition
<hostname1 hostname2 ...> The names of all the workstations in the level 2 MNSD
domain, other than local host (this workstation).
The default values for all other parameters for this server are
acceptable.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 144 -
Configuring a range of TCP/UDP ports

Configure a range of TCP/UDP port numbers that Nortel Multiservice Data
Manager processes are allowed to bind.
Prerequisites
See Nortel Multiservice Data Manager AdministrationServer
Management (NN10470-310) for a list of port number used by Multiservice
Data Manager servers.
UDP port number 5502 and 5503 are reserved for the MNSD daemon.
Always allow communication to and from these ports through the firewall
if Multiservice Data Manager processes on either side need to
communicate.
Attention: There is no guarantee that the port numbers and ranges

configured using these methods will only be allocated to the intended
Multiservice Data Manager processes (if a process at all). If a Multiservice
Data Manager process cannot allocate a corresponding name-assigned port
number (for example, if the port number is already in use), the process
terminates.
Attention: Port numbers configured by Operator Client agents cannot be

configured using these methods. If you do not use the default ports, specify
the ports on the agent command lines.
Procedure steps
Step Action
1 To activate port range configuration for both TCP and UDP ports, create the
file /opt/MagellanNMS/cfg/private/IPCPortRange.cfg. Any lines in this file
that start with a # sign (comments) or are empty are ignored. The file must
contain a line with the following format:
<port range lower limit> <port range upper limit>
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 145 -
Variable Value
port range lower limit The lower and upper range limits. These limits must be large enough
to allow all Multiservice Data Manager processes to allocate the ports
port range upper limit
they need. As a general rule, assume three ports per server and two
ports per client/utilities to be run at the same time on the workstation.
You can configure the firewall to allow communications with ports in
a specified range. This range must have values above 1024 as the 1
1024 port range is reserved for standard well-known IP services such
as FTP and Telnet (see man services for more information). For
example, the following contents for the port-mapping file restricts the
TCP/UDP service port numbers used by processes from 11200 to
11699 (500 ports):
# allowed TCP/UDP port range for MDM processes
11200 11700
You can then configure the firewall to allow communications to and

from this port range. Remember to allow communications with MNSD
at port numbers 5502 and 5503.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 146 -
Configuring named-service TCP/UDP ports

Configure the TCP/UDP port numbers that a specific Nortel Multiservice Data
Manager server should bind. This method provides direct control of TCP/UDP
ports numbers across firewalls where communications occur with only a
limited number of well-known Multiservice Data Manager services (for
example, GMDR for alarm access).
Prerequisites
Management (NN10470-310) for a list of port numbers used by
Multiservice Data Manager servers.
UDP port number 5502 and 5503 are reserved for the MNSD daemon.
Always allow communication to and from these ports through the firewall
if Multiservice Data Manager processes on either side need to
communicate.
Attention: There is no guarantee that the port numbers and ranges

configured using these methods will only be allocated to the intended
Multiservice Data Manager processes (if a process at all). If a Multiservice
Data Manager process cannot allocate a corresponding name-assigned port
number (for example, if the port number is already in use), the process
terminates.
Attention: Port numbers configured by Operator Client agents cannot be

configured using these methods. If you do not use the default ports, specify
the ports on the agent command lines.
Procedure steps
Step Action
1 To activate named-service configuration, create the file /opt/MagellanNMS/

cfg/private/IPCNameMap.cfg. Any lines in this file that start with a # sign
(comments) or are empty are ignored. The file must contain a line with the
following format:
<service name> <port number>
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 147 -
Variable Definition
<service name> The name of the service.
<port number> The number of the port.
Procedure job aid

As a guide, a prototype file, /opt/MagellanNMS/lib/IPCNameMap.cfg, lists the
supported Multiservice Data Manager service names in comments.
Attention: Since the IPCNameMap.cfg file is scanned every time a new

service is created, for efficiency reasons, do not copy the entire prototype file
to the /opt/MagellanNMS/cfg/private directory. Instead, create the file with
only those entries you want to map. Read and analyze the prototype file
carefully before you configure your own port mappings. This file outlines
server interdependencies that must be obeyed to allow Multiservice Data
Manager communications to be carried out properly through the firewall.
You can configure the firewall to allow communications with ports mapped in
the file. The specified port numbers must have values above 1024 as the
11024 port range is reserved for standard well-known IP services such as
FTP and Telnet (see man services for more information). For example, the
following contents for the name-mapping file restricts the TCP/UDP service
port numbers used by the GMDR server (Surveillance server, Alarm&Status
API) to the value 11201:
# Surveillance/Alarm&Status API service
GMDR 11201
You can then configure the firewall to allow communications to and from this
port. Remember to allow communications with MNSD at UDP port numbers
5502 and 5503.
Attention: Some Multiservice Data Manager services cannot be mapped to

a TCP/UDP port number by name. For example, the FDTR service names
are constructed at runtime and cannot be explicitly configured in advance in
a name-map file. Only the port-range mechanism applies to these services.
Consequently, some capabilities, such as Network Access, cannot be
supported through a firewall with the name-mapping mechanism alone (use
the port range mechanism as well). Refer to the prototype IPCNameMap.cfg
file for the list of supported services.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
MDM Toolset customization
Perform the tasks listed in this section to customize Nortel Multiservice Data
Manager Toolset. Default values for many administrative functions are
automatically established when Multiservice Data Manager software is
installed. Use the tasks listed here to adjust these settings and applications to
meet the specific needs of your network.
Prerequisites
Perform the tasks in this section after initial installation is complete. If you
are unfamiliar with the installation process, see Nortel Multiservice Data
Manager Installation and CommissioningSoftware (NN10470-100).
If you are unfamiliar with any of the concepts relating to the tasks listed
here, see Nortel Multiservice Data Manager Administration
Navigation
Menu customization (page 168)
MDM tool resource customization (page 179)
Fault tools configuration (page 183)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Log and alarm management
Set up and manage logs, alarms, and alarm clearing on the Nortel
Multiservice Data Manager workstation and from network elements.
Prerequisites
For local alarm clearing to work, the GMDR server must be configured and
running on the workstation. No additional configuration is required.
For the global alarm clearing tool to work on DPN, the NCSMGR and DMA
servers must be configured and running on the workstation.
For the global alarm clearing tool to work on Multiservice Switch (MSS),
the HGDS, FDTM, and DMA servers must be configured and running on
the workstation.
For the global alarm clearing tool to work on Multiservice Provider Edge
(MPE), the HGDS, NDTM, and DMA servers must be configured and
running on the workstation.
For information about troubleshooting alarms, see MDM workstation
troubleshooting (page 286).
Navigation
Setting up global alarm clearing for Multiservice Switch (page 150)
Setting up global alarm clearing for MPE (page 153)
Setting/Reloading alarm auto acknowledgement configuration through a
macro (page 156)
Reloading the alarm auto acknowledgement through the HUP signal
(page 158)
Setting up server alarm distribution through GMDR (page 160)
Setting up server alarm distribution through NCS and surveillance using
NCS status probing (page 162)
Cleaning up log files (page 164)
Cleaning up log files using mdmlogclean (page 165)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 150 -
Setting up global alarm clearing for Multiservice Switch

Set up global alarm clearing for Nortel Multiservice Switches. For Multiservice
Switch (MSS), there are two forms of global alarm clearing supported by
Nortel Multiservice Data Manager: one where the user must authenticate with
the node, and another where the authentication is performed by Multiservice
Data Manager. The second form of global alarm clearing is covered in this
task.
Prerequisites
Before setting up global alarm clearing, ensure that the Active Alarm List
feature is enabled on the nodes.
Procedure steps
Step Action
1 Using a UNIX editor, open file /opt/MagellanNMS/cfg/DmaClrPP.cfg for

editing.
2 Add one or more entries to the file in the following format:
:GroupName:UserID:Password::
The following is an example of a file entry. For this example, there should
also be a group entry named ALL in file /opt/MagellanNMS/cfg/HGDS.cfg.
:ALL:user:password::
As soon as a syntax error is found in the file, it is displayed in the
Multiservice Data Manager System Log Display and DMA exits.
Once the file is read by the DMA server, each password is removed and an
encrypted one is added in the fourth field. The above example would
become:
:ALL:user::72eilRnWj7{s{A6hgg7:
3 Start the Server Administration tool from the application main window by
selecting System -> Administration -> Server Administration.
Attention: Your user account must be set up run the NMSAdmin toolset at login to
be able to see the Server Administration tool in the menus.
4 Using the Server Administration tool, stop the DMA server, if it is running.
5 Log in as the Server Administrator tool administrator by selecting Enable
Editing from the Security menu.
6 Edit the server information to ensure that the server starts automatically
when the workstation reboots and that the startup command contains the -
f option.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 151 -
/opt/MagellanNMS/bin/dma -f
Optionally, you can add the command line option -t to configure the inactivity
timer.
7 Start the DMA server.
8 Start the GMDR Server Administration tool by from the application main
window by selecting System -> Administration ->GMDR Administration.
9 Log on to the GMDR Administration tool as the administrator by selecting
Log in as admin from the Security menu.
10 Click Add.
The Add Server dialog opens.
11 Enter the following information into fields in the Add Server dialog:
Server Name: DMASERVER
Host Name: localhost or the host name/IP address of the workstation on
which the DMA server is running
User Id and Password: not required
12 Click OK to add the server.

The server appears in the GMDR Servers area of the main window.
13 Open a connection to the DMA server by clicking on DMASERVER in the
GMDR Servers list then clicking Connect.
The server state changes to Connecting while GMDR attempts to connect

to the server. GMDR attempts to reconnect to a server once every 30
seconds until it is successful, or until the user halts connection attempts by
clicking Disconnect. The state changes to Connected once the connection
is established.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 152 -
Variable Value
GroupName The name of the group to which the node belongs. The group name
corresponds to the FGroup field definition of its included members, as
defined in file /opt/MagellanNMS/cfg/HGDS.cfg. The DMA server
connects to all groups indicated in this file to send global alarm
clearing request messages to the targeted node.
Maximum 12 characters.
Password A password that corresponds to the user ID.
UserId The group user ID. At a minimum, the user ID must have
systemAdministration impact and scope of device or higher and a
customer ID of 0.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 153 -
Setting up global alarm clearing for MPE

Set up global alarm clearing for Nortel Multiservice Provider Edge (MPE). For
MPE, the only form of global alarm clearing supported by Nortel Multiservice
Data Manager is where the authentication is performed by Multiservice Data
Manager.
Procedure steps
Step Action
1 Using a UNIX editor, open file /opt/MagellanNMS/cfg/DmaClrSRS.cfg for

editing.
2 Add one or more entries to the file in the following format:
:GroupName:UserID:Password::
or
:GroupName:UserID::EncryptedPassword:
or
:GroupName:UserID:Password file name::
also be a group entry named ALL in file /opt/MagellanNMS/cfg/HGDS.cfg.
:ALL:user:password::
As soon as a syntax error is found in the file, it is displayed in the
Multiservice Data Manager System Log Display and DMA exits.
Once the file is read by the DMA server, each password is removed and an
encrypted one is added in the fourth field. The above example would
become:
:ALL:user::72eilRnWj7{s{A6hgg7:
when the workstation reboots and that the startup command contains the
-s option, as follows:
/opt/MagellanNMS/bin/dma -s

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 154 -
Optionally, you can add the command line option -t to configure the inactivity
timer.
8 Start the GMDR Server Administration tool by from the application main
10 Click Add.
Host Name: localhost or the host name/IP address of the workstation on
which the DMA server is running


to the server. GMDR attempts to reconnect to a server once every thirty
seconds until it is successful, or until the user halts connection attempts by
clicking Disconnect. The state changes to Connected once the connection
is established.
--End--
Variable Value
EncryptedPassword A password that was encrypted by the MDM encryption utility. It is
used if the Password field is empty.
GroupName The name of the group to which the node belongs. The group name
corresponds to the SRSGroup field definition of its included
members, as defined in file /opt/MagellanNMS/cfg/HGDS.cfg. The
DMA server connects to all groups indicated in this file to send global
alarm clearing request messages to the targeted node.
(1 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 155 -
Variable Value
Password A password that corresponds to the user ID.
Minimum 8 characters.
Password file name A file name (includes the full path name) identifying a file containing
an encrypted password for this MPE group.
UserId The group user ID. At a minimum, the user ID must have clear
permissions.
(2 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 156 -
Setting/Reloading alarm auto acknowledgement configuration

through a macro
Set up MDM alarm auto acknowledgement using the loadautoacklist macro.
This macro sends the request to the GMDR server to reload the auto-ack
configuration file which contains a list of component names to set auto-ack
ON.
The GMDR server reloads the last used auto acknowledgement configuration
file. If you do not specify an auto acknowledgement configuration file, the
customized Auto-ack configuration file is located as /opt/MagellanNMS/cfg/
GMDRAutoAck.cfg for the server name "GMDR"; or /opt/MagellanNMS/cfg/
GMDRAutoAck_<name>.cfg for the server name "GMDR_<name>". You can
specify a different auto acknowledgement configuration file using the "-c"
command line option for the GMDR server, or using the "-f" command line
option for the loadautoacklist macro. The template for this file is in /opt/
MagellanNMS/lib/cfg/GMDRAutoAck.cfg.
Prerequisites
Ensure you have the correct permissions to edit the Auto-ack configuration
file and ensure you have GMDR Administrator privileges. This may require
super-user permissions.
Procedure steps
Step Action
1 Log on to the MDM workstation and locate the target GMDR server name.
2 Open the MDM Server Administration window from the top level MDM
toolset by selecting System -> Administration -> Server Administration
3 Check the MDM Server Administration GUI for the GMDR server name. For
example: GMDR.
4 Using a UNIX editor, open the file for editing. The customized Auto-ack
configuration file should be located here: /opt/MagellanNMS/cfg/
You can re-edit this file to contain a list of components to be set to auto-ack
ON. An example of the configuration file is:
EM PPNODE_1 LP 2 DS3 0
EM/PPNODE_2 LP/3 ENG AAL
EM/PPNODE_3 LP 3 ENG $ AAL $
5 Obtain the GMDR administrators password.

6 Invoke the MDM macro.
loadautoacklist [-h] [-p <password>] [-s <GMDR name>]
[-f <auto-ack cfg file>]

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 157 -
--End--
Variable Value
auto-ack cfg file The operator-provided Auto-ack configuration file name. If you do not
specify a new auto-ack configuration file, then the last loaded auto-ack
configuration file is reloaded.
GMDR name The GMDR server name. The default value is GMDR.
password The GMDR Admin password. The default value is empty.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 158 -
Reloading the alarm auto acknowledgement through the HUP signal

Reload the MDM alarm auto acknowledgement by sending a HUP signal to
the GMDR server process. This causes GMDR to reload criticality and the
Auto-ack configuration file. The GMDR server tries to turn ON the components
in the Auto-ack configuration file and turn OFF any other components.
The GMDR server reloads the last used auto acknowledgement configuration
file. If you did not specify an auto acknowledgement configuration file, the
customized Auto-ack configuration file is located as /opt/MagellanNMS/cfg/
GMDRAutoAck.cfg for the server name "GMDR"; or /opt/MagellanNMS/cfg/
GMDRAutoAck_<name>.cfg for the server name "GMDR_<name>". You can
specify a different auto acknowledgement configuration file using the "-c"
command line option for the GMDR server, or using the "-f" command line
option for the loadautoacklist macro. The template for this file is found in /opt/
MagellanNMS/lib/cfg/GMDRAutoAck.cfg.
Prerequisites
Ensure you have super-user root privileges.
Procedure steps
Step Action
1 Log on to the MDM workstation and locate the target GMDR server name.
2 Open the MDM Server Administration window from the top level MDM
toolset by selecting, System -> Administration -> Server Administration.
Check the MDM Server Administration GUI for the GMDR server name. For
example: GMDR_L.2
3 Using a UNIX editor, open the auto ack configuration file for editing. You can
re-edit this file to contain a list of components to be set to auto-ack ON. An
example of the configuration file is:
EM PPNODE_1 LP 2 DS3 0
EM/PPNODE_2 LP/3 ENG AAL
EM/PPNODE_3 LP 3 ENG $ AAL $
4 Get the target GMDR servers process ID:

ps -ef | grep -i GMDR
5 Locate the PID of the target GMDR server.
6 Send the HUP signal to GMDR server.
kill -HUP <GMDR_PID>
7 Check any log from the System Log. From the top-level MDM toolset,
System -> Administration -> System Log Display.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 159 -
--End--
Variable Value
GMDR_PID The UNIX process identifier of the target GMDR server process.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 160 -
Setting up server alarm distribution through GMDR

Set up server alarm distribution through an OAMC server to a GMDR server.
Prerequisites
If the OAMC server to which server alarms and status notifications are
being forwarded is located on another workstation, this Nortel Multiservice
Data Manager workstation and the workstation that is running the OAMC
server must both be located on the same LAN. When the OAMC server is
located on another workstation on the LAN, you must ensure that the
hostname and IP address of the workstation that runs the OAMC server is
defined in the file /etc/hosts on this workstation.
To have the server alarms and state change notifications propagated to
more workstations than just the one on which the GMDR server resides,
you must set up a hierarchy of GMDR servers once you have completed
this procedure.
Procedure steps
Step Action
1 Log on as root.
Attention: You must set up the root account to run the default Multiservice Data
Manager user environment.

more /etc/hosts
If the host name and IP address of the workstation that runs the OAMC
server do not appear, you must enter them into this file. There are two ways
to do this:
If your network uses a Naming Information Service (NIS), use Suns
Administration Tool Suite to define the hostname in NIS.
If your network does not use NIS, edit file /etc/hosts and insert the
required hostname and IP address.
3 Use the GMDR Administration tool to configure the GMDR server to access
the OAMC server (or servers) that you created to gather surveillance data.
For each OAMC server you need to provide:
Server Name the name of the OAMC server in the form OAMC
Host Name the host name or the IP address of the workstation on
which the OAMC server is running
User/CapabilityID and Password not required

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 161 -
4 Use the GMDR Administration tool to have the alarms propagated up a

hierarchy of GMDR servers. For a description of this tool, see Nortel
Multiservice Data Manager AdministrationTools (NN10470-300).
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 162 -
Setting up server alarm distribution through NCS and surveillance

using NCS status probing
Set up server alarm distribution through NCS and, optionally to set up NCS
probing of the workstations status.
Prerequisites
Before you start, ensure that the HGDS and NCS Communications
Manager (NCSMGR) servers are configured and running.
Procedure steps
Step Action
1 Using a UNIX editor, open file /opt/MagellanNMS/cfg/DmaOA.cfg for

editing.
2 Add a single statement to the file in the following format:
:DDD ... D:OO ...O:AAA ... A:CC:PPP:X:R:RPOA:
Example:
:CORENCSIF:CORENCS:3021015008:01:512:N:
3 Start the Server Administration tool by selecting System ->
Administration -> Server Administration.
4 Using the Server Administration tool, stop the DMA server if it is already
running.
5 Edit the server information so that the DMA server starts up automatically
with the following command whenever the workstation is rebooted.
/opt/MagellanNMS/bin/dma \
-d [<filename] \
[-p <probing interval>]
6 Restart the DMA server.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 163 -
Variable Value
A The DNA of the Control Device Manager. Maximum 16 characters.
Attention: This is not the same as the DNA of the MDI access DNA.
C The CUG index of the Control Device Manager. Maximum two digits.
D The Destination mnemonic. Maximum 12 characters
filename The name of a file that contains the parameters needed to establish a
connection to an OA. The connection is to be used for server alarm
distribution through NCS and workstation surveillance using NCS
status probing. If you specify the -d option without a file name, the
default file /opt/MagellanNMS/cfg/DmaOA.cfg is used.
O The mnemonic of the NCS OA containing the destinations Control
Device Manager. Maximum 12 characters. This mnemonic must
match the OA name entered in the Name field of an OA Member in
file /opt/MagellanNMS/cfg/HGDS.cfg.
P The packet size on the VC. (Use 128, 256, or 512). Maximum three
digits.
probing interval Specifies that status probing is to be performed for workstation
surveillance. The <probing interval> is the interval in minutes at which
NCS probes the workstation and it must be an integer with a minimum
value of 1. If you do not specify the <probing interval>, the default
NCS status probe interval of five minutes is used.
R Specifies whether the calls are to be routed over the X.75 facilities of
a Remote Private Operating Agency (RPOA). Can be Y or N.
If N, the RPOA is ignored.
RPOA A code that identifies the RPOA. Four (BCD) digits.
X Specifies whether the call is to be routed over X.75. Can be Y or N.
If N, then R and RPOA are ignored.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 164 -
Cleaning up log files

Server management data gradually accumulates in two files: /opt/
MagellanNMS/data/svm/SVM.errors and /opt/MagellanNMS/data/svm/
SVM.logs. If you have been experiencing numerous server problems, these
files can become very large. You can free up some disk space by deleting
these files or by trimming down their contents.
Procedure steps
Step Action
1 The following is an example of the commands you enter to trim these files
down to 20 records (lines) each on a workstation.
cd /opt/MagellanNMS/data/svm
mv SVM.errors errors
tail -20 errors > SVM.errors
chmod +w SVM.errors
mv SVM.logs logs
tail -20 logs > SVM.logs
chmod +w SVM.logs
rm errors logs
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 165 -
Cleaning up log files using mdmlogclean

A log clean-up process called mdmlogclean removes log files from a server
after a certain number of days. Run the mdmlogclean process as the root user
from the command line.
Procedure steps
Step Action
1 The mdmlogclean log file has the naming convention:

/opt/MagellanNMS/data/log/mdmlogclean/mdmlogclean.alog. The directory
in which the logs are located determines the retention time of certain logs.
The mdmlogclean process has the following command line arguments:
mdmlogclean
[-help]
[-v]
[-file <file name>]\
[-logFile [<log level set>]] \
The configuration file /opt/MagellanNMS/cfg/MDMClean.cfg separates the
records by a line feed. Consecutive non-empty lines constitute a single
record.
Directory: /opt/Magellan/data/log/oam
RetentionDays: 30
Directory: /opt/MagellanNMS/data/log/svmdmn
RetentionDays: 30
--End--
Variable Definition
-h Provides the usage information to the user.
-v Specifies the version number.
-file Specifies the configuration file that defines log directories from which
<mdmlogclean config> log files should be deleted after a given retention period. If an option
is not specified, the following files are searched in sequence as the
default:
1. /opt/MagellanNMS/cfg/MDMClean.cfg
2. /opt/MagellanNMS/lib/cfg/MDMClean.cfg
[-logFile <logLevels>] Optionally, writes logs of a given level to a log file. Levels are one or
more of the following, separated by commas: FATAL, ALERT, CRIT,
ERROR, WARN, INFO, NOTICE, DEBUG, TRACE.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 166 -
Retrieving an alarm helpset for a specific MPE release version

Use the mpegetmod script to retrieve an alarm helpset for an MPE release
version that was not delivered with the current Multiservice Data Manager
load. Run the script as the root user from the command line.
Procedure steps
Step Action
1 As a root user from the command line, type:

mpegetmod
The mpegetmod process has the following command line arguments:
[-v]
[-u <device> <userid> <password>]
[-a | -xa]
[-d | -da]
[-f | -fa]
The mpegetmod process retrieves the alarm helpfile from the MPE and
places it on the MDM workstation in directory: /opt/nortel/MDMDocs/ALM/
<MDM-release-name>/C/<MPE-release-version>.
Attention: If you do not specify the device, the model files are generated from /opt/
MagellanNMS/cfg/ANP/mpeComp/<version>/mpedml.co
--End--
Variable Definition
-a Retrieves the alarm help file in addition to the model file.
-d Deletes the configuration model files for the version.
-da Deletes the alarm files for the version.
-f Forces the retrieval of the model file.
-fa Forces the retrieval of the alarm file
-u Specifies the MPE device name/ip address, userId and password.
-v Specifies the version of MPE software being run.
-xa Retrieves only the alarm help file.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 167 -
Cleaning up alarm helpset files using mpegetmod

A helpset clean-up process called mpegetmod removes old, unneeded
helpset files from a server. Run the mpegetmod process from the command
line as the root user.
Procedure steps
Step Action
1 Log in as a root user.

2 On the command line, type:
mpegetmod -da <version>
The helpset files specified are removed from the directory located at:
/opt/nortel/MDMDocs/ALM/<MDM-release-name>/C/<MPE-
release-version>
--End--
Variable Definition
version Specifies the version of the MPE alarm helpfile to remove.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Menu customization
Customize the toolsets and Start Tool menus so that you can launch Nortel
Multiservice Data Manager tools and utilities to suit your requirements.
Prerequisites
Before completing the procedures in this section, you must be familiar with the
material on menu customization in Nortel Multiservice Data Manager
AdministrationFundamentals (NN10470-305).
Navigation
Customizing the toolsets menus:
When you customize the toolsets menus, it is important to reassess your
changes when a new release of Nortel Multiservice Data Manager (MDM)
is installed because the new release may impact your changes. For
example, the new release may have new tools that you want to add to your
customized files. Also, some tools may not exist. See the MDM Release
Supplement that accompanies the software release for details of such
changes.
You can access your changes by using the diff or sdiff utilities that come
with Solaris. For more information, refer to the man pages for diff and sdiff.
See the following sections for toolsets customization procedures:
Adding a new toolset entry (page 170)
Changing an existing toolset entry or submenu (page 171)
Changing the toolsets primary menu (page 172)
Changing the default toolset definition file (page 173)
Customizing the Start Tool menus
This section describes the procedures you follow when you want to
customize Start Tool menus. When you customize Start Tool menus, it is
important to reassess your changes when a new release of Nortel
Multiservice Data Manager (MDM) is installed because the new release
may impact your changes. For example, the new release may have new

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 169 -
Menu customization
tools that you want to add to your customized files. Also, some tools may
no longer exist. See the MDM Release Supplement that accompanies the
software release for details of such changes.
You can access your changes by using the diff or sdiff utilities that come
with Solaris. For more information, refer to the man pages for diff and sdiff.
See the following sections for Start Tools customization procedures:
Adding a new entry to a Start Tool menu (page 175)
Changing an existing Start Tool menu (page 176)
Creating a customized icon bar definition file (page 177)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 170 -
Menu customization
Adding a new toolset entry

Add a new entry to the toolsets primary menu and the submenu that cascades
from the entry.
Prerequisites
See the section describing find menu definitions files for the main window
menus in Nortel Multiservice Data Manager Administration
Fundamentals (NN10470-305) for information on resolving the values of
the variables in the pathnames.
Procedure steps
Step Action
1 Create a new menu definition file and place it in one of the following
directories:
$HOME/MagellanNMS/toolsets/<area>
Use this directory for a new toolset submenu for a single user.
/opt/MagellanNMS/cfg/tsets/$LANG/toolsets/<area>
Use this directory for a new toolset submenu for the workstation.
Make sure that the name of the new menu definition file begins with a
number that places the entry where you want in the toolsets primary menu.
For example, if you want to add an entry between Configuration
-> DPN Devices (whose menu definition file is 20dpn_config.tools), the
name of your new menu definition file must begin with a number between 30
and 35.
2 Add the menu definition records using the syntax described in the file syntax
for menu customization in Nortel Multiservice Data Manager
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 171 -
Menu customization
Changing an existing toolset entry or submenu

Change an existing menu definition file in order to either change an entry on
the toolsets primary menu or the contents of a submenu.
Prerequisites
See the section discussing menu definition files for main window menus in
(NN10470-305) for information on resolving the values of the variables in
the pathnames.
Procedure steps
Step Action
1 Copy the menu definition file that you need to change to one of the following
directories:
$HOME/MagellanNMS/toolsets/<area>
Use this directory for a change that affects a single user.
/opt/MagellanNMS/cfg/tsets/$LANG/toolsets/<area>
Use this directory for a change that affects all users of the workstation.
2 Edit the menu definition records using the syntax described in the file syntax
for menu customization section in Nortel Multiservice Data Manager
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 172 -
Menu customization
Changing the toolsets primary menu

Change the toolsets primary menu by using a toolset definition file other than
the default /opt/MagellanNMS/lib/tsets/C/Full.tsets. The toolset definition file
lists the area subdirectories and these subdirectories contain the menu
definition files that make up the entries on the toolsets primary menu.
Prerequisites
See the section describing menu definitions for the main window menus in
(NN10470-305) for information on resolving the values of the variables in
the pathnames.
Procedure steps
Step Action
1 Copy an existing toolset definition file or create a new file in one of the
following directories:
$HOME/MagellanNMS/toolsets
Use this directory for a change that affects a single user.
/opt/MagellanNMS/cfg/tsets/$LANG
for menu customization section of Nortel Multiservice Data Manager
AdministrationFundamentals (NN10470-305). If you are not longer using
Full.tsets, make sure you adjust the value of the tMMenuAppName entry to
match the name of the new file.
3 If you are no longer using Full.tsets, change the value of the environment
variable NMSTSETS to the name of the new toolset definition file. See
Changing the default toolset definition file (page 173).
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 173 -
Menu customization
Changing the default toolset definition file

Specify the toolset that appears when you log in to an account that is set up
to run the default MDM user environment.
The value of environment variable NMSTSETS determines the toolset that

appears when you log in to Nortel Multiservice Data Manager (MDM). The
value of this variable is specified in set-up file .cshrc for UNIX user accounts
that run C-shell and in set-up file .profile for accounts that run Bourne or Korn
shell. By default, these set-up files provide you with access to the toolset
included in the toolset definition file /opt/MagellanNMS/lib/tsets/C/Full.tsets.
See the description of toolset definition files in Nortel Multiservice Data
Manager AdministrationFundamentals (NN10470-305) for an explanation
of this file and the other toolset definition files that come with the MDM
software.
Procedure steps
Step Action
1 Log in to the UNIX account that is set up with the default MDM environment.
2 Using a UNIX editor such as vi, open one of the following files for editing:
.cshrc for UNIX accounts that run C-Shell
.profile for accounts that run Bourne or Korn shell
3 Change the value for the NMSTSETS variable to the name of the toolset that
is to appear when the user logs in. See Procedure job aid (page 173).
5 Log out and log back in again. When logging in be sure to choose the
language C, ja, or zh from the Options menu button on the login panel.
The application main window opens.
6 Move to the main window.
7 Using the menu mouse button, pull down each of the primary menus and
submenus, and verify that the correct set of tools is displayed.
--End--
Procedure job aid

You can set the value of the NMSTSETS variable in the .cshrc or .profile
set-up files so that it specifies any of the toolsets provided with the MDM
software, or a toolset that you create yourself. You can write the specification
in the following forms:
For accounts that run Bourne or Korn shell:

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 174 -
Menu customization
NMSTSETS=<tset name>
export NMSTSETS
Examples:
NMSTSETS=Admin.tsets
export NMSTSETS
NMSTSETS=<absolute pathname>
export NMSTSETS
Example: Admin.tsets for the Japanese language,

NMSTSETS =/opt/MagellanNMS/lib/tsets/ja/Admin.tsets
export NMSTSETS
For accounts that run C-shell:
setenv NMSTSETS <tset name>
For example: NMSTSETS Admin.tsets
setenv NMSTSETS <absolute pathname>
Example: Admin.tsets for the Chinese language,

setenv NMSTSETS /opt/MagellanNMS/lib/tsets/zh/Admin.tsets

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 175 -
Menu customization
Adding a new entry to a Start Tool menu

Add a new entry or entries to a Start Tool menu.
Procedure steps
Step Action
1 Create a new menu definition file and place it in one of the following
directories:
$HOME/MagellanNMS/tools/<application area>
Use this directory for a new Start Tool entry for a single user.
/opt/MagellanNMS/cfg/tsets/$LANG/tools/<application area>
Use this directory for a new Start Tool entry for the workstation.
Make sure that the name of the new menu definition file begins with a
number that places the entry where you want in the Start Tool menu
2 Add the menu definition records using the syntax described in the file syntax
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 176 -
Menu customization
Changing an existing Start Tool menu

Change an existing entry or entries on a Start Tool menu.
Procedure steps
Step Action
1 Copy the menu definition file that you need to change to one of the following
directories:
$HOME/MagellanNMS/tools/<application area>
Use this directory for change that affects a single user.
/opt/MagellanNMS/cfg/tsets/$LANG/tools/<application area>
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 177 -
Menu customization
Creating a customized icon bar definition file

Customize the icon bar to suit your specific requirements.
Procedure steps
Step Action
1 If you are customizing a push-button in an icon bar definition file and you
need a new bitmap image for the push-button, go to step 2. If you are not
doing this, skip to step 5.
2 Create your own bitmap image or choose a bitmap image in file /opt/
MagellanNMS/lib/nvs/icons and modify it with a bitmap editor, such as
bitmap. The bitmap image must be in X11 bitmap format.
3 Save the customized bitmap image.
If your change is for a single user, save the image in $HOME, the users
home directory.
If the change is for all Nortel Multiservice Data Manager (MDM) users, save
the image in /opt/MagellanNMS/cfg/nvs/icons.
4 Change file permissions to allow read access by the group and others, and
read-write by the owner.
chmod 644 <new file>
5 Choose a file as the starting point for your new customized file. For a list of
file names see icon bar definitions files in Nortel Multiservice Data Manager
6 Copy the file into one of the following directories:
the MDM users home directory, if you are only going to make the new
file available to one user:
cp <file> /<users home directory path>/

/MagellanNMS/<new file>
/opt/MagellanNMS/cfg/tsets/<language>, if you are going to make the
new file available to all users of the workstation:
cp <file> /opt/MagellanNMS/cfg/tsets/<language>/<new file>

7 Access the directory that contains the newly copied file:
cd /<users home directory path>/MagellanNMS
cd /opt/MagellanNMS/cfg/tsets/<language>
8 Change file permissions to allow read access by the group and others, and
read-write by the owner.
chmod 644 <new file>
9 Using a UNIX editor, modify the contents of the new icon bar definition file
to suit your needs.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 178 -
Menu customization
If you are customizing an icon bar definition file to add a new icon to a push-
button in the Network Viewer, be sure to specify the new bitmap image file
in the appropriate labelPixmap record.
11 Have users of the tool exit from the tool then restart it to obtain access to the
new customization.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
MDM tool resource customization
Customize X-window resources and Nortel Multiservice Data Manager
(MDM) resources to change the appearance of some of the MDM tools.
Prerequisites
In addition to the procedures listed in this section, you should refer to Nortel
Multiservice Data Manager AdministrationFundamentals (NN10470-305)
for additional example procedures for customizing MDM tool resources.
Navigation
Distributing operators to different MDM servers (page 180)
Setting the color map from the Options menu (page 181)
Selecting the color map with the useMDMColormap resource (page 182)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 180 -
Distributing operators to different MDM servers

System-level Service Selection settings are called from the system-level User
Preferences, resulting in system-level SS settings being shared by all
operators connected to the same Admin host. This prevents the administrator
using the Service Selection tool from distributing all operators on one Admin
host to different MDM servers. This procedure applies to users of the Operator
Client tool.
Prerequisites
For information about the Service Selection tool, see Nortel Multiservice Data
Manager AdministrationTools (NN10470-300).
Procedure steps
Step Action
1 On the Admin host, launch the Service Selection, System Level for Operator
Client tool.
2 Set the system-level service selection for all operators.
3 To distribute an operator to different MDM hosts that are set by step 2, copy
the file:
/opt/nortel/data/applications/desktop/jws/mft/prefs/
system/com/nortel/mdm/serviceselection/data/prefs.xml
to
/opt/nortel/data/applications/desktop/jws/mft/prefs/
users/<operator's IS user name>/com/nortel/mdm/
serviceselection/data/prefs.xml.
4 Edit the new file with the new MDM hosts. Make sure the file is readable by
"other".
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 181 -
Setting the color map from the Options menu

Select a common color map used by all applications, or private color maps for
each Nortel Multiservice Data Manager (MDM) tool from the Options menu in
the MDM main window. The selection you make is remembered for your next
MDM session.
When Nortel Multiservice Data Manager (MDM) is running with other

applications that use colors, for example Netscape, there is a risk of running
out of color cells in the systems color map. MDM tools are designed to reduce
this risk by reusing the same color cells. Nevertheless, the more applications
you run, the more likely you are to run out of color cells.
When you run out of color cells, some colors may be rendered as different
colors. This is not a problem, unless the color has a specific meaning; for
example, if the color red indicates an alarm, but is rendered as grey because
of a color cell shortage. When this occurs, private color maps must be used to
obtain accurate color rendition and meaning.
With private color maps, an application has its own private color map which
becomes active whenever you move the cursor into one of the applications
windows (changes the focus). Colors are rendered correctly with this method.
When moving the cursor from a window for one application into a window for
another application, the colors outside the new applications window flash to a
different set of colors.
Procedure steps
Step Action
1 Start an MDM session.

2 From the Options menu in the main application window, select Fonts.
3 If a check mark appears beside Applications use private colormaps, each
tool uses its own private color map.
If no check mark appears, all tools use a color map that is common to all
applications, including MDM.
4 If the setting is not as you desire it, choose Applications use private
colormaps with the right mouse button to toggle the check mark on or off.
The selection is complete, and is remembered the next time you start a
session.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 182 -
Selecting the color map with the useMDMColormap resource

Set the useMDMColormap resource to allow a Nortel Multiservice Data
Manager (MDM) tool to use its own private color map. Selecting the color map
using the useMDMColormap resource overrides any selection that is made
from the Options menu of the MDM main window.
When Nortel Multiservice Data Manager (MDM) is running with other

applications that use colors, for example NetScape, there is a risk of running
out of color cells in the systems color map. MDM tools are designed to reduce
this risk by re-using the same color cells. Nevertheless, the more applications
you run, the more likely you are to run out of color cells.
When you run out of color cells, some colors may be rendered as different
colors. This is not a problem, unless the color has a specific meaning; for
example, if the color red indicates an alarm, but is rendered as grey because
of a color cell shortage. When this occurs, private color maps must be used to
obtain accurate color rendition and meaning.
With private color maps, an application has its own private color map which
becomes active whenever you move the cursor into one of the applications
windows (changes the focus). Colors are rendered correctly with this method.
When moving the cursor from a window for one application into a window for
another application, the colors outside the new applications window flash to a
different set of colors.
Procedure steps
Step Action
1 To set a tool to use its own private color map, for a single user, add a line
similar to the following to the user accounts .Xdefaults file:
Msm*useNMSColormap: True
For an example of how to do this, see the example of setting resources for
a single user in the .Xdefaults file in Nortel Multiservice Data Manager
To set up the color map in the command line used to launch a tool, use the
-xrm start up command option to specify the color map resource, similar to
the following example:
/opt/MagellanNMS/bin/nd -xrm nd*useNMSColormap: True
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Fault tools configuration
Customize the fault tools available with Nortel Multiservice Data Manager.
Navigation
Network Viewer display customization (page 183)
Alarm Display Start Tool submenu customization (page 193)
Resource customization (page 195)
Toolset Alarm Acknowledgment Dialog customization (page 195)
Resources for customizing the Auto Acknowledgement On and Off
Dialogs (page 197)
Toolset Troubled Components pop-up menu customization (page 198)
Toolset Network Status Bar resource customization (page 198)
Toolset Component Information Viewer display customization (page 200)
Network Viewer display customization

You can perform the following types of customization on Network Viewer:
select the background pixmap image
select the default view
select the color and display options
modify the Start Tool menus and icon bars
Background pixmap image selection

Network Viewer uses XPM3 format pixmaps for the background. This is a
widely supported format. Various public- and commercial-domain tools allow
you to create in, or convert other images to, this format. The Solaris Common
Desktop Environment (CDE) software provides a pixmap editor that you can

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 184 -
use for modifying pixmaps. This editor is located in the file

/usr/dt/bin/dticon. For instructions on how to use this pixmap editor, see the
Help menu in the tool itself.
Attention: The dticon editor is limited to relatively small pixmaps (256x256).

To edit larger pixmaps, use a commercial tool or, if preferred, a public domain
tool (such as xpaint, which is available from the MIT ftp site ftp.x.org).
The pixmap files used by Network Viewer are stored in the directory
/opt/MagellanNMS/lib/nds/pixmaps.
You can use the pixmaps stored in this directory as a starting point, and edit
them with a pixmap editor; or you can import your own pixmaps. Store any
pixmaps that you edit or create in the directory
/opt/MagellanNMS/cfg/nds/pixmaps. After your custom pixmaps are stored
there, they are available to the Network Organization Populator through the
Set organization map dialog. For more information, see Nortel Multiservice
Data Manager AdministrationNetwork Model (NN10470-015).
Additional geographical area pixmaps are available on the Nortel Multiservice

Data Manager CD ROM, in the directory /cdrom/cdrom0/NVMaps. Use the
installmap tool on the CD ROM to install these pixmaps.
Node icon pixmap image changes

Network Viewer uses XPM3 pixmaps to define the appearance of node icons.
The pixmaps for all Network Viewer node icons can be found in the directory
/opt/MagellanNMS/lib/nds/pixmaps.
To change these pixmaps, use any available tool (commercial or otherwise)

capable of editing XPM format images. The Icon Editor that comes with CDE
is ideal for these pixmaps. When editing node icon pixmaps, keep the
following points in mind:
Define the bulk of the image using the symbolic colors Background,
TopShadow, BottomShadow, and Select. The symbolic color Background
is replaced by the appropriate color for the nodes current state.
TopShadow and BottomShadow are dynamically calculated based on the
current Background color. The Select color is defined as a Network Viewer
(ND) resource. Set any area of the image that should never be filled with
any color to the symbolic color Transparent.
Use TopShadow and BottomShadow symbolic colors to give your icon a
3D effect.
Use Static Colors and Static Grays only to add details and accents to the
image. Use them sparingly to prevent confusion with state colors.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 185 -
Keep the node pixmaps small to conserve screen real estate (20X20 is a
good average size).
If you create new node pixmaps (as opposed to editing existing
filenames), be sure to update the ND resource file appropriately.
Default view selection

You can set a default view that is restored automatically whenever Network
Viewer is started. To do so, create the new default view in the standard
directory (/opt/MagellanNMS/data/nvs/views) and name it DEFAULT_VIEW.
Alternatively, you can set the defaultViewName resource for Network Viewer
to the full path name of the view description file to use as default. For more
details, see the section on customizing the toolsets and start tools menus in
Nortel Multiservice Data Manager Administration (NN10470-303).
Start Tool menu and icon bar modification

You can customize the Start Tool menus and icon bars. For details on the
available Network Viewer Start Tool menus, see Start Tool menu and icon bar
modification (page 185).
For details on customizing the Start Tool menus and icon bars, see the section
on customizing the toolsets and start tools menu in Nortel Multiservice Data
Manager Administration (NN10470-303).
When you modify the Start Tools menu file, use one of the following
substitution variables on the command line:
$COMP: the selected component ID in API format (for example,
EM TORONTO LP 1 PO 1)
$COMP2: the second selected component ID in API format
$DCOMP: the selected component ID in display format (for example, EM/
TORONTO LP/1 PO/1)
$DCOMP2: the second selected component ID in display format
$NMHOST: the current host from the Server Selection tool
$DNAME: the module name only from the selected component ID in
display format
$DNAME2: the module name only from the second selected component
ID in display format
$SNAMES: the module names only from the selected component IDs in
API format
$SDNAMES: the module names only from the selected component IDs in
display format

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 186 -
Network Viewer resource customization

Network Viewer uses resources to describe certain functional and
appearance aspects. You can customize some of these aspects, but changing
others affect the functionality of Network Viewer.
Risk of altering the functionality of Network Viewer

Do not modify resources that are not listed in the following table.
Changing unlisted resources may negatively affect Network Viewers
appearance and functionality.
Network Viewer resource files are /opt/MagellanNMS/lib/app-defaults/C/ND

and /opt/MagellanNMS/lib/app-defaults/C/NDIcons.
The table Resources that you can customize in Network Viewer (page 186)
lists resources that you can customize.
The application classname of the Network Viewer applications is actually ND.
Resources that you can customize in Network Viewer
Resource Description Legal values

ND*stateINVALID These resources specify the state-to- Any X windows color name
ND*stateUNKNOWN color mapping used to indicate the specification, for example,
ND*stateINSV current state of components in ND. gray98.
ND*stateINSV See /usr/lib/X11/rgb.txt for a
ND*stateISTB_1 list of X11 color names.
ND*stateISTB_2
ND*stateISTB_3
ND*stateISTB_4
ND*stateISTB_5
ND*stateOOS_1
ND*stateOOS_2
ND*stateOOS_3
ND*stateOOS_4
ND*stateOOS_5
ND*stateMTCE
ND*stateHIER_MTCE
ND*stateACKED
ND*stateModuleUNKNOWN
ND*differentModuleUnknownCol If differentModuleUnknownColor is True or False
or true, then the unknown color for the
node at the module level is different
from the default unknown color.
(1 of 8)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 187 -
Resources that you can customize in Network Viewer (continued)

ND*nmsNodeStates*nvmColors These resources specify the colors
ND*nmsNodeStates*xpmBgCol that represent the various node
or<n> states. <n> ranges from zero to
(numColors -1). Each unique color
needs to be defined in this list only
once (even if the same color is used
for more than one state).
ND*nmsNodeStates*nvmImage These resources specify all the
s unique XPM3 pixmaps that represent
ND*nmsNodeStates*xpm the various node types. <n> ranges
Image<n> from zero to (numImages -1). Each
unique pixmap needs to be defined in
this list only once (even if the same
pixmap is used for more than one
node type).
ND*nmsLinkStates*nvmLinkCol These resources specify the colors
ors that represent the various link states.
ND*nmsLinkStates*linkColor<n> <n> ranges from zero to
(numLinkColors -1). Each unique
color needs to be defined in this list
only once (even if the same color is
used for more than one state).
ND*nmsLinkStates*nvmLinkStyl These resources specify all the
es unique line styles that represent link
ND*nmsLinkStates*LinkStyleNa types. <n> ranges from zero to
me<n> (numLinkStyles -1). Each style needs
ND*nmsLinkStates*LinkStyleWi to be defined only once.
dth<n> LinkStyleName is arbitrary.
ND*nmsLinkStates*LinkStyleSty LinkStyleWidth can be any whole
le<n> number. LinkStyleStyle must be zero
ND*nmsLinkStates*LinkStyleDa for solid lines, and one or two for
shOffset<n> dashed lines. See X Window System
ND*nmsLinkStates*LinkStyleDa graphics context documentation for
shes<n> explanations of LinkStyleDashOffset
and LinkStyleDashes.
(2 of 8)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 188 -

ND*numNodeTypes These resources specify the mapping
ND*nodeTypeName<n> of node types to node images defined
ND*nodeTypeImageIndex<n> by the
ND*nmsNodeStates*xpmImage
resources. <n> ranges from zero to
(numNodeTypes -1). The
nodeTypeName must match the node
type string defined by the network
model. The nodeTypeImageIndex
specifies (by index) which image to
use for this node type.
ND*numStateNames These resources specify the mapping
ND*stateName<n> of node state names to the colors
ND*stateColorIndex<n> defined by the
ND*nmsNodeStates*xpmBgColor
(numStateNames -1). The stateName
strings must match the state names
defined by the network model. The
stateColorIndex values specify (by
index) which color to use for this node
state.
ND*numLinkTypes These resources specify the mapping
ND*linkTypeName<n> of link types to link styles defined by
ND*linkTypeStyleIndex<n> the ND*nmsLinkStates*linkStyle
(numLinkTypes -1). The
linkTypeName must match the link
type string defined by the network
model. The linkTypeStyleIndex
specifies (by index) which line style to
use for this link type.
ND*numLinkStateName These resources specify the mapping
ND*linkStateName<n> of link state names to the colors
ND*linkStateColorIndex<n> defined by the
ND*nmsLinkStates*linkColor
(numLinkStateNames - 1). The
linkStateName strings must match the
state names defined by the network
model. The linkStateColorIndex
values specify (by index) which color
to use for this link state.
(3 of 8)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 189 -

ND*nmsLinkStates*linkSelectCo This resource specifies the color of
lor the lines that bound a selected link to
show that it is selected.
ND*nmsLinkStates*linkSelectWi This resource specifies the width (in
dth pixels) of the selection lines on either
side of a selected link.
ND*nmsLinkStates*solidSelectio This boolean resource specifies
nLines whether or not the selection lines
follow the style pattern of the link, or if
they are always drawn as solid lines.
ND*nmsNodeStates*selectColor This resource specifies the color of
the halo that surrounds selected
nodes.
ND*labelOffset This integer resource specifies the
distance (in pixels) from the bottom of
a node icon to the top of its label.
ND*labelFontList This resource specifies the X Window
System font to be used for node
labels.
ND*restrictClusterToSite This resource indicates if Network False
Viewer needs to consider only
connected nodes in the same parent
Organizational Node when Cluster
Connected Nodes is invoked on a
node. This setting is now controlled by
the Preferences Dialog.
ND*clusterModuleSpacing These resources indicate the distance If the target node is a
ND*clusterOrgNodeSpacing left between nodes when the Cluster module, the value is 80.
Child Nodes or Cluster Connected If the target node is an
Nodes commands are applied. Organizational Node, the
For Cluster Connected Nodes, these value is 250.
values are implicitly majored by an
increment based on the number of
connected nodes. This setting is now
controlled by the Preferences Dialog.
ND*drawAreaBackgroundColor This resource specifies the color of Any X windows color name
the background when no map is or numerical specification
assigned (for example, the
background when the organization
roots are being displayed)
(4 of 8)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 190 -

ND*worldMinX These resources specify the X or Y coordinates in pixels
ND*worldMinY dimension of the network when no
ND*worldMaxX map is assigned. Any node lying
ND*worldMaxY outside this area is forced within to
ensure that it is visible. This setting is
now controlled by the Preferences
Dialog.
ND*rubberbandColor This resource specifies the color of Any X windows color name
the selection rectangle and the rubber or numerical specification
band when positioning links. If you
modify the background colors, you
may also need to change these colors
to get a better contrast.
ND*linkSelectionSensitivity These resources specify the number
of pixels to either side of a links drawn
line. If the mouse is clicked inside this
margin, the link is selected. When set
to zero, links can only be selected
when the mouse is directly over the
line (which can be tricky when trying to
select a diagonal line).
ND*displacementInertia These resources pacify the number of
pixels a node or bendpoint needs to
be displaced before Network Viewer
considers the object as moved. This
helps to prevent accidental moves
when selecting nodes.
ND*bendpointDimension This resource specifies the width and
height of the bendpoint handles in
pixels.
ND*labelForeground These resources specify the color of Any X windows color name
ND*labelBackground the node and link labels. If you or numerical specification
changed the background color, you
may also need to change these colors
to get a better contrast.
(5 of 8)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 191 -

ND*autoManageOrgs If autoManageOrgs is True (default), True or False
ND*organizationName Network Viewer automatically tries to Organization name
open an organization when it starts
(no default view is specified). If
organizationName is specified
(commented out by default), it can
hold the name of the organization that
it is opening. If not specified, Network
Viewer opens the DEFAULT ALL view
if it is the only one or it opens the non
DEFAULT one if only two
organizations exist.
ND*defaultViewName If it is specified (commented out by A view description file full
default), this resource indicates the path name
full path name of the view description
file to restore automatically when
Network Viewer starts.
ND.geometry This resource specifies the default Standard X windows
size of the Network Viewer window in geometry specification
terms of X geometry.
ND*mainWindow.width These resources specify the default Width and height in pixels
ND*mainWindow.height size of the Network Viewer window in
terms of width and height (defaults to
750x649)
ND*showAllLabels If True, Network Viewer displays all True or False
node labels by default. Default is
False. This setting is now controlled
by the Preferences Dialog.
ND*reverseShelf If True, displays DPN 100 shelf 0 at True or False
the bottom of the display. If False,
displays DPN 100 shelf 0 at the top of
the display.
ND*confirmExit If True (default), Network Viewer True or False
prompts with a confirmation dialog
when Exit is selected. If False,
Network Viewer directly exits.
(6 of 8)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 192 -

*fontList If a fontList resource is added to Available font name
Network Viewers resource file, or
your.Xdefaults file (NV.*fontList) and
the default font is set to Default in
MSMs font menu, the specified font is
used by Network Viewer (usually not
specified).
*multiClickTime This resource specifies the maximum Time in milliseconds
time (in milliseconds) between two
consecutive mouse clicks to
recognize a double click.
ND*orgDblClickAction These resources control what See the description in
ND*orgShiftDblClickAction happens when you double-click on a resource file Network
ND*orgMetaDblClickAction node, a link, or a subcomponent in Viewer.
. Network Viewer while the Shift key is
. pressed, the Control key is pressed,
. the Meta key is pressed, or no key is
pressed.
ND*showIconBar If True, the command icon bar is True or False
displayed in the main Network Viewer
window. If False, the command icon
bar is not displayed. This setting is
now controlled by the Preferences
Dialog.
ND*allowViewPositions This resource indicates whether True or False
Network Viewer displays the toggle
button in the Save and Restore view
dialogs, allowing you to save/restore
the modified node/bendpoint positions
to/from the view.
ND*preferViewPositions This resource indicates whether view True or False
positions are preferred. This results in
the default value of the toggle button
in the Save and Restore view dialogs.
It also determines if positions should
be restored when the default view is
restored at startup and when a view is
opened through the icon bar.
ND*gridOn This resource indicates if the False
Positioning Grid is enabled by default.
This setting is now controlled by the
Preferences Dialog.
(7 of 8)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 193 -

ND*gridWidth This resource indicates the width of 80
the Positioning Grid cells. This setting
is now controlled by the Preferences
Dialog.
ND*gridHeight This resource indicates the height of 50
the Positioning Grid cells. This setting
is now controlled by the Preferences
Dialog.
(8 of 8)
Color and display attribute customization

Your Nortel Multiservice Data Manager system administrator can customize
the following display attributes for you. See the section on customizing the
toolsets and start tools menus in Nortel Multiservice Data Manager
Administration (NN10470-303).
color
state color mappings for nodes and links
background color when no maps are used
rubber band and label colors
double-clicking actions
initial size of Network Viewer display window
view space dimensions (when no background maps are used)
initial organization or named view
initial component label display state
double-click speed
backbone definition and custom override definition for component filtering
Alarm Display Start Tool submenu customization

You can customize the contents of the Start Tool menu in the active and log
mode. For procedures on customizing the Start Tool menu, see Menu
customization (page 168).
When you modify the Start Tool menu file, use one of the following substitution
variables in the command line:
$COMP: the components internal representation
$DCOMP: the components display name

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 194 -
$SEVERITY: the Common severity, which can be UNKNOWN, CRITICAL,

MAJOR, MINOR, WARNING, or CLEARED
$DPNSEV: the DPN severity, which can be DEGRADE, OVERLOAD,
MINOR, MAJOR, WILDCARD, CRITICAL, or OTHER
$EVENT: CLEAR, SET, or MSG
$DPNMNEM: the Network Control System (NCS) condition mnemonic,
which can be TRAPDATA, ACTIVATE, INVALID, MISSING, DUPLICAT,
MEMORY, CONJEST, FAILED, REFUSED, TIME_OUT, CRITICAL, OOS,
THRESHLD, ENABLED, DISABLED, PROBE, CALL_BLK, or DISCARD
$DPNACTION: the NCS action value, which can be ncsServiceData,
ncsHardwareFault, ncsSoftwareFault, ncsSecurityViolation,
ncsProtocolViolation, ncsDebugInfo, ncsNetwork, ncsEngineering,
ncsUnclassified, or ncsOperations. This value is an empty string for
alarms originating on Nortel Multiservice Switches.
$FCODE: the alarm fault code. The fault code is an 8-digit code used to
specify the alarm. The first 4 digits are used to identify the source of the
alarm, and the last 4 digits are used to identify the alarm.
$DATE: the date information in the format year:month:day
$TIME: the time information in the format hour:min:sec
$DTYPE: the DPN device type. This value is an empty string for alarms
originting on Multiservice Switches.
$FORMAT: the present format of an alarm, which can be TERSE,
NORMAL, or FULL
$RAWSTATE: the Raw state, which can be insv, oos, trb, unk, nex, or nea.
This value is an empty string for alarms originating on DPN nodes.
$TYPE: the alarm type, which can be communications, qualityOfService,
processing, equipment, environment, security, operator, debug, or
unknown. This value gives a general explanation of the cause of the alarm.
$CMT: the operator comment data text
$OPER: the operator data text
Example:
If you want to invoke the tool called Customer Tool Kit Script with the
component ID and the fault code contained in the alarm, add the following two
lines to the /opt/MagellanNMS/IADAlarm.menu file. The
CustomerToolKitScript script is called with this information when you use the
Start Tool submenu and select Customer Tool Kit Script:
labelString: Customer Tool Kit

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 195 -
tMCommandLine: CustomerToolKitScript COMP:$COMP DCOMP:

FAULTCODE:$FCODE
Resource customization
You can customize the resources to control the colors of the alarm format by
severity. You can also customize the resources to control whether the problem
states are shown in the related components list, and to control whether the
bell rings upon error.
The table Resources for color control of common alarm formats by Alarm
Display (page 195) lists the resources you use to control the colors associated
with the common alarm format severity displayed by the Alarm Display
components.
Resources for color control of common alarm formats by Alarm Display
Resource Description Legal value

*BackgroundColorUnknown Specifies the background and Any legal X windows color or
*ForegroundColorUnknown foreground color-to-severity specification. See Nortel
*BackgroundColorCritical mappings for the common alarm Multiservice Data Manager
*ForegroundColorCritical formats. Administration (NN10470-303).
*BackgorundColorMajor
*ForegroundColorMajor
*ForegroundColorMinor
*BackgroundColorMinor
*BackgroundColorWarning
*ForegroundColorWarning
*BackgroundColorCleared
*ForegroundColorCleared
*BackgroundColorDefault
*ForegroundColorDefault
IAD*cdbSupportAlias Enables support for Customer True to enable alias support,
Database component name False (default) to prevent alias
aliasing. support
Toolset Alarm Acknowledgment Dialog customization

The dialogs used for acknowledgment/unacknowledgement of alarms use
resources to control their functional and visual aspects. You can customize
some of these resources.
The table Resources for customizing the Acknowledge/Unacknowledge

Alarms Dialog (page 196) lists the alarm acknowledgment resources that you
can customize. These resources apply to both the Acknowledge Alarm(s)
Dialog and the Unacknowledge Alarm(s) Dialog.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 196 -
Resources for customizing the Acknowledge/Unacknowledge Alarms Dialog
Resource Description Legal Value

*AckAlarmDlog*userId If True, the User field in the dialog used for True or False
FieldField.editable acknowledging or unacknowledging alarms, can
be modified. The default is False.
*AckAlarmDlog* The maximum length of Reason text that can be Any legal Motif
commentData.max specified when acknowledging or value associated
Length unacknowledging alarms. The default length is with the
256. MaxLength
resource.
Resource Files
The following files contain resources for the Acknowledge and
Unacknowledge Alarm(s) Dialogs:
/opt/MagellanNMS/lib/app-defaults/C/CIV contains resources for the
dialog when invoked from selected alarms in the Component Information
Viewer.
/opt/MagellanNMS/lib/app-defaults/C/IAD contains resources for the
dialog when invoked from selected alarms in Alarm Display.
/opt/MagellanNMS/lib/app-defaults/C/ACKALARM contains resources for
the dialog when invoked from selected components in Network Viewer,
Component Status Display, Component Information Viewer, and Network
Status Bar.
You can make resource changes to the Alarm Acknowledgment Dialogs that
affect a particular application or all applications that provide Alarm
Acknowledgment. For example, you can change the following resource:
IAD*AckAlarmDlog*UserIdFieldField.editable: True
This enables the user field to be editable when acknowledging or
unacknowledging alarms from the Alarm Display. If you omit the IAD prefix, all
applications are affected.
For more information on setting and overriding resources, see the section on
customizing resources used by Nortel Multiservice Data Manager tools in
Toolset Auto Acknowledgment Dialog in Toolset customization

The dialogs used for auto acknowledgment of alarms (Auto-Ack On Dialog
and Auto-Ack Off Dialog) use resources to control their functional and visual
aspects. You can customize some of these resources.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 197 -
The tableResources for customizing the Auto Acknowledgement On and Off

Dialogs (page 197) lists the Auto Acknowledgment resources that you can
customize. These resources apply to both the Auto-Ack On Dialog and Auto-
Ack Off Dialog.
Resources for customizing the Auto Acknowledgement On and Off Dialogs
Resource Description Default value Legal value

AUTOACK*AutoAckDlog The description part at the top of Auto-Ack ON action is Any text, but not
*autoAckMainLabel the Auto-Ack ON dialog window. applied to a specified recommended
component and all its unless necessary.
sub-components.
AUTOACK*AutoAckDlog The description part at the top of Auto-Ack OFF action Any text, but not
*unAutoAckMainLabel the Auto-Ack OFF dialog is applied to a recommended
window. specified component, unless necessary.
all its sub-
components, and its
parent components.
AUTOACK*AutoAckDlog The width of the userid text field. 40 Any integer
*userIdFieldField.column between 20 and 60
s is recommended.
AUTOACK*AutoAckDlog The width of the editable 40 Any integer

*compFieldField.column component name text field. between 20 and 60
s is recommended.
AUTOACK*AutoAckDlog The title of the auto-ack ON Auto-Ack On Dialog Any text, but not
*autoAckDialogTitle dialog window. recommended
unless necessary.
AUTOACK*AutoAckDlog The title of the auto-ack OFF Auto-Ack Off Dialog Any text, but not
*unAutoAckDialogTitle dialog window. recommended
unless necessary.
AUTOACK*AutoAckDlog The text on the button to turn on Auto-Ack On Any text, but not
*autoAckAlarmsButtonLa Auto-ack. recommend unless
bel necessary.
AUTOACK*AutoAckDlog The text on the button to turn off Auto-Ack Off Any text, but not
*unAutoAckAlarms- Auto-ack. recommend unless
ButtonLabel necessary.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 198 -
Resource Files
The following files contain resources for the Auto-Ack On Dialog and Auto-Ack
Off Dialog:
/opt/MagellanNMS/lib/app-defaults/C/CIV contains resources for the
dialogs when invoked from selected alarms in the Component Information
Viewer.
/opt/MagellanNMS/lib/app-defaults/C/IAD contains resources for the
dialogs when invoked from selected alarms in Alarm Display.
/opt/MagellanNMS/lib/app-defaults/C/AutoAck contains resources for the
dialogs when invoked from selected components in Network Viewer,
Component Status Display, Component Information Viewer, and Network
Status Bar.
You can make resource changes to the Alarm Acknowledgment Dialogs that
affect a particular application or all applications that provide Auto
Acknowledgment. For example, you can change the following resource:
IAD*AutoAckDlog*UserIdFieldField.editable: True
This enables the user field to be editable when enabling or disabling auto
acknowledgement from the Alarm Display. If you omit the IAD prefix, all
applications are affected.
For more information on setting and overriding resources, see the section on
customizing resources used by Nortel Multiservice Data Manager tools in
Toolset Troubled Components pop-up menu customization

For procedures on customizing the pop-up menu in the Troubled Components
window, see the section on customizing the Toolset and Start Tools menus in
When you modify the menu, use one of the following substitution variables in
the command line:
$COMP: The internal component name of the target
$DCOMP: The display component name of the target
Toolset Network Status Bar resource customization

The Network Status Bar uses resources to describe certain functional and
appearance aspects. Some of these aspects can be customized. Others must
not be tampered with without affecting the functionality of the Network Status
Bar.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 199 -
For details about customizing resources, see the section on customizing

resources used by Nortel Multiservice Data Manager tools in Nortel
Multiservice Data Manager Administration (NN10470-303). The original
resource file for Network Status Bar is /opt/MagellanNMS/lib/defaults/C/
StatsBar.
The table Resources in Network Status Bar that you may customize
(page 199) lists Network Status Bar resources that you may customize.
Resources in Network Status Bar that you may customize

Attention: Risk of altering the functionality of the NSB
Do not modify resources that are not listed in this table. Changing unlisted resources may negatively
affect the appearance and functionality of Network Status Bar
compOOSThresh Indicator thresholds Integer (def: 0)
dbnlCountThresh
critAlmThresh
majorAlmThresh
minorAlmThresh
warnAlarmThresh
refreshPeriod Main window refresh interval Integer (def: 60s)
errorColor Major indicators background color Color
warningColor Minor indicators background color Color
plainColor Non-threshold background color Color
ackedColor Acked indicators background color Color

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 200 -
Toolset Component Information Viewer display customization

You can customize the following items in the Component Information Viewer:
Alarm list (page 200)
Related components list menu (page 201)
Information for field pop-up menu (page 201)
Component Information Viewer Diagnostic Command menu (page 202)
Other resources (page 202)
Alarm list
For procedures on customizing the Start Tool menu for the Alarm List, see the
section on customizing the toolsets and Start Tools menus in Nortel
Multiservice Data Manager Administration (NN10470-303).
When you modify the Start Tool menu file, use one of the following substitution
variables in the command line:
$SEVERITY: the Common format severity of the alarm, which can be
UNKNOWN, CRITICAL, MAJOR, MINOR, WARNING, or CLEARED
$DPNSEV: the DPN format severity of the alarm which can be
ncsUnknown, ncsDEGRADE, ncsOVERLOAD, ncsMINOR, ncsMAJOR,
or ncsWILDCARD
$EVENT: the type of the alarm which can be CLEAR, SET, or MESSAGE
$DPNMNEM: the DPN alarm mnemonic, which can be TRAPDATA,
ACTIVATE, INVALID, MISSING, DUPLICAT, MEMORY, CONJEST,
FAILED, REFUSED, TIME_OUT, CRITICAL, OOS, THRESHLD,
ENABLED, DISABLED, PROBE, CALL_BLK, or DISCARD. This variable
has a value for DPN alarms only.
$DPNACTION: the Network Control System (NCS) action value, which
can be ncsServiceData, ncsHardware, ncsSoftware, ncsSecurity,
ncsProtocol, ncsDebug, ncsNetwork, ncsEngineering, ncsOperations,
ncsUnclassified, or ncs Wildcard. This substitution value is for DPN
alarms only.
$FCODE: the alarm fault code. This eight-digit fault code is used to specify
the alarm. The first four digits are used to identify the source of the alarm,
and the last four digits are used to identify the alarm.
$DATE: the date of the alarm in the format:YY-MM-DD
$TIME: the time of the alarm in the format:HH:MM:SS
$COMP: the internal component name of the target
$DCOMP: the display component name of the target

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 201 -
$DTYPE: the DPN device type. This variable has a value for DPN alarms
only
$FORMAT: the present format of an alarm, which can be TERSE,
NORMAL, or FULL
$TYPE: the alarm type, which can be communications, qualityOfService,
processing, equipment, environment, security, operator, debug, or
unknown. This value gives a general explanation of the cause of the alarm.
$RAWSTATE: the corresponding components raw state
$CMT: the operator comment data text
$OPER: the operator data text
Related components list menu

For procedures on customizing the Start Tool menu for the Related
Components List, see the section on customizing the toolsets and Start Tools
menus in Nortel Multiservice Data Manager Administration (NN10470-303).
When you modify the file, you one of the following substitution variables on the
command line:
Information for field pop-up menu

You can customize the pop-up menu that opens when you right-click on the
triangle at the right of the Information for field. This pop-up menu contains the
Get Context command and a list of up to 10 of the last targeted components.
If you frequently use the same components, you can customize the list so that
it contains these frequently used component names or name patterns. To
customize the list, create one of the following files:
To customize the list for a single user ($HOME), create the file
$HOME//MagellanNMS/CIVInfoTargets.cfg.
To customize the list for all users of the workstation, create the file
/opt/MagellanNMS/cfg/CIVInfoTargets.cfg.
For second-party integrators customizing the list for all users of the
workstation, create the file
/opt/MagellanNMS/ext/lib/cfg/CIVInfoTargets.cfg
Component Information Viewer searches for custom files in the order they are
listed in the preceding bulleted list. The first file found is used to populate the
list.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 202 -
The file format is as follows:

# comments are blank lines, or lines that
# start with #, !, or *
labelString: <label to appear in the menu>
value: <component name or patterns to be used
as a target upon selection>
Component Information Viewer Diagnostic Command menu
For details about customizing the Diagnostic Command menu, see the section
on diagnostic menu management in Nortel Multiservice Data Manager
Other resources
You can customize the resources to control
the colors associated with propagated states, problem states, and severity
if the problem states are shown in the related components list
if a bell rings upon error
The table Resources for color control of propagated states (page 203) lists the
resources you use to control the colors associated with the propagated states
displayed by Component Information Viewer components. This table also lists
the resources you use to control the state color at the module level. If the value
of this resource is true, then the unknown state color at the module level is
different from the default unknown color.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 203 -
Resources for color control of propagated states

*stateINVALID Specifies the state-to- color mapping Any legal X windows color or
*stateUNKNOWN used to indicate the current state of the specification. See Nortel
*stateINSV components in the Related Components Multiservice Data Manager
*stateISTB_1 List. (These are the same resources used Administration (NN10470-303).
*stateISTB_2 for the NV.)
*stateISTB_3 .
*stateISTB_4
*stateISTB_5
*stateOOS_1
*stateOOS_2
*stateOOS_3
*stateOOS_4
*stateOOS_5
*stateMTCE
*stateHIER_MTCE
*stateACKED
moduleStateUNKNOW
N
The table Resources for color control of common alarms (page 203) lists the
resources you use to control the colors associated with the common alarm
format severity displayed by the Component Information Viewer components.
Resources for color control of common alarms

*BackgroundColorUnknown Specifies the background and Any legal X windows color or
*ForegroundColorUnknown foreground color-to- severity specification. See Nortel
*BackgroundColorCritical mappings for the common alarm Multiservice Data Manager
*ForegroundColorCritical formats. Administration (NN10470-303).
*BackgorundColorMajor
*ForegroundColorMajor
*ForegroundColorMinor
*BackgroundColorMinor
*BackgroundColorWarning
*ForegroundColorWarning
*BackgroundColorCleared
*ForegroundColorCleared
*BackgroundColorDefault
*ForegroundColorDefault
The table Resources to control the ringErrorBell (page 204) lists the
resources you use to control the ringErrorBell.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 204 -
Resources to control the ringErrorBell

CIV*ringErrorBell If True, the Component Information Viewer rings True or False
the bell when it cannot find data for a target. If
False, the Component Information Viewer does
not ring the bell. The default is True.
The table Resources for customizing the Acknowledgement/

unacknowledgement Alarms dialog (page 204) lists the resources you use to
customize the Acknowledge Alarms dialog and the Unacknowledge Alarms
dialog.
Resources for customizing the Acknowledgement/unacknowledgement Alarms dialog

*AckAlarmDlog*userIdField If True, the User field in the dialog used for True or False
Field.editable acknowledging or unacknowledging alarms, can
be modified. The default is False.
*AckAlarmDlog*commentD The maximum length of Reason text that can be Any legal Motif value
ata.maxLength specified when acknowledging or associated with the
unacknowledging alarms. The default length is MaxLength resource.
256.
CIV*differentModuleUnkno If differentModuleUnknownColor is true, then the True or False
wnColor unknown color for the node at the module level is
different from the default unknown.
Resources for Customer Database component ID alias

CIV*cdbSupportAlias Enables support for Customer Database True to enable alias support,
component name aliasing. False (default) to prevent alias
support
Component Status Display customization

The Component Status Display lets you customize the following items:
the Component List Start Tool menu
other resources including
colors associated with propagated states and problem states
if the problem states are shown in the Components Panel

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 205 -
if a bell rings upon error
Components List Start Tool menu customization

For procedures on customizing the Start Tool menu for the Components Panel
List, see the section on customizing the toolsets and Start Tools menus in
To customize the Components Panel List Start Tool menu, copy the file /opt/
MagellanNMS/lib/tsets/$LANG/tools/surv/ and save it in either $HOME/
MagellanN MS/tools/ for a single user customization or /opt/MagellanNMS/
cfg/tsets/$LANG/tools/ for all users of a workstation
When you modify the file, use one of the following substitution variables in the
command line:
Other resource customization

The table Resources for color control of propagated states by Component
Status Display (page 205) lists the resources you use to control the colors
associated with propagated states displayed by Component Status Display.
Resources for color control of propagated states by Component Status Display

*stateOOS_1 Specifies the state-to- color mapping Any legal X windows color or
*stateOOS_2 used to indicate the current state of specification. See Nortel
*stateOOS_3 the components in the Components Multiservice Data Manager
*stateOOS_4 Panel (These are the same resources Administration (NN10470-303).
*stateOOS_5 used for the NV.)
*stateISTB_1
*stateISTB_2
*stateISTB_3
*stateISTB_4
*stateISTB_5
*stateACKED
*stateMTCE
*stateHIER_MTCE
*stateINVS
*stateUNKNOWN
*stateINVALID
moduleStateUNKNOWN

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 206 -
Resources for customizing the Acknowledgement/unacknowledgement Alarms Dialog

*AckAlarmDlog*userIdFieldFiel If True, the User field in the dialog True or False
d.editable used for acknowledging or
unacknowledging alarms, can be
modified. The default is False.
*AckAlarmDlog*commentData. The maximum length of Reason text Any legal Motif value
maxLength that can be specified when associated with the
acknowledging or unacknowledging MaxLength resource.
alarms. The default length is 256.
CIV*differentModuleUnknown If differentModuleUnknownColor is True or False
Color true, then the unknown color for the
node at the module level is different
from the default unknown.
The table Resources for color control of problem states by Component Status
Display (page 206) lists the resources you use to control the colors associated
with the problem states displayed by Component Status Display components.
Resources for color control of problem states by Component Status Display
Resource Description Legal value

*stateNameOOS_1 Specifies the state-to-name Any legal character string. Caution
*stateNameOOS_2 mappings used to indicate the must be exercised when modifying
*stateNameOOS_3 current state of the components in state names to ensure that the new
*stateNameOOS_4 the Components Panel. (These are name correctly and clearly identifies
*stateNameOOS_5 the same resources used for the the state; otherwise, problem states
*stateNameISTB_1 NV.) could be shown for components
*stateNameISTB_2 which are in service and conversely.
*stateNameISTB_3
*stateNameISTB_4
*stateNameISTB_5
*stateNameACKED
*stateNameMTCE
*stateNameHIER_MTCE
*stateNameINVS
*stateNameUNKNOWN
*stateNameINVALID

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Network element grouping
Group network elements to allow common management of functions such as
network access, surveillance, and provisioning.
Prerequisites
Before performing the procedures in this section, you must be familiar with
the material in Nortel Multiservice Data Manager Administration
Navigation
Configuring servers for Multiservice Switch network access, surveillance
access, and provisioning access (page 209)
Defining Nortel Multiservice Switch groups and network elements using
the Host Groups Administration tool as described in Nortel Multiservice
Data Manager AdministrationTools (NN10470-300) or by using the
following scripts: Defining Multiservice Switch 7400/15000/20000 hosts
and groups with the passport.frconfig script in no-prompt mode
(page 213), Defining Multiservice Switch 7400/15000/20000 hosts and
groups with the passport.frconfig script in prompt mode (page 218), or
Defining hosts and groups with the passport.atmconfig script (page 222)
Deleting a Multiservice Switch network element (page 230)
Configuring servers for network access, surveillance access, and
provisioning access to MPE nodes (page 234)
Defining Multiservice Provider Edge groups and network elements using
the Host Groups Administration tool as described in Nortel Multiservice
Data Manager AdministrationTools (NN10470-300); or by using one of
the following procedures: Configuring MPE 9500 hosts and groups with
the mpe.config script in no-prompt mode (page 237) or Configuring MPE
9500 hosts and groups with the mpe.config script in prompt mode
(page 241)
Deleting an MPE node (page 245)
Configuring the SNMP proxy agent (SPA) (page 249)
Reloading the SPA configuration files (page 251)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 208 -
Redefining the selected log levels for SPA (page 252)

Generating statistical log messages for SPA (page 253)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 209 -
Configuring servers for Multiservice Switch network access,

surveillance access, and provisioning access
Configure Nortel Multiservice Data Manager servers to support Nortel
Multiservice Switch common or group management of network access,
surveillance access, and provisioning access.
Prerequisites
You must be able to log on as root. The root account must be set up to run
Nortel Multiservice Data Manager software as described in UNIX account
configuration for MDM (page 23).
Procedure steps
Step Action
1 Plan your groups, user IDs and passwords. See the description of Nortel
Multiservice Switch groups in Nortel Multiservice Data Manager
2 Assign the user IDs and passwords on the network elements. Refer to the
chapter on security in Nortel Multiservice Data Manager Security
Fundamentals (NN10470-605) for instructions.
3 Install the latest Nortel Multiservice Switch-Multiservice Data Manager
Service Data Description (SDD) files as described in Nortel Multiservice
4 Use one of the following procedures to define the groups in the Host Group
Directory file (/opt/MagellanNMS/cfg/HGDS.cfg):
Network elements to be Connection from Multiservice Procedure

managed Data Manager workstation to
network elements
DPN and Multiservice Switch IP over switched virtual circuit Defining hosts and groups in Nortel
on an X.25 connection to DPN Multiservice Data Manager
that acts as a gateway to AdministrationTools
Multiservice Switch network (NN10470-300)
elements in the network.
Multiservice Switch only IP over Frame Relay Defining hosts and groups with the
passport.frconfig script in Nortel
Multiservice Data Manager
AdministrationTools
(NN10470-300)
(1 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 210 -
Network elements to be Connection from Multiservice Procedure

managed Data Manager workstation to
network elements
Multiservice Switch only IP over ATM Defining hosts and groups with the
passport .atmconfig script in Nortel
Multiservice Data Manager
AdministrationTools
(NN10470-300)
Multiservice Switch only IP over Ethernet Defining the groups and hosts in
configured as an ILS or as Nortel Multiservice Data Manager
VRIP AdministrationTools
(NN10470-300)
(2 of 2)
5 Using the Server Administration tool, create an HGDS server that starts
automatically when the workstation reboots, then start the server.
The basic startup command is as follows. For all possible parameters that
can be used with the startup command, see Nortel Multiservice Data
/opt/MagellanNMS/bin/hgds
6 Use the Server Administration tool to create an FDTM server that starts
automatically when the workstation reboots, then start the server. For the
instructions to do this, see Nortel Multiservice Data Manager
The basic startup command follows. For all possible parameters that can be
used in the startup command, see Nortel Multiservice Data Manager
AdministrationServer Management (NN10470-310).
/opt/MagellanNMS/bin/fdtm
7 If you need to perform circuit monitoring, add the necessary entries to the
configuration file /opt/MagellanNMS/cfg/FMDR_pollingSurveillance.cfg. For
more information on configuring circuit monitoring and file
FMDR_pollingSurveillance.cfg, see Nortel Multiservice Data Manager
8 Create and start the FMDR servers required for the groups are you
establishing. You do not need to create an individual FMDR server for each
group. When creating these servers, ensure that you set them to start
automatically when the workstation reboots.
Attention: You do not need to create an FMDR for groups created for command
access or provisioning access.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 211 -
Attention: Do not define groups for surveillance that contain more than 60 network
elements. Doing so may cause difficulty in connecting to all of the network elements
in the group to obtain surveillance information. You can create larger groups for other
purposes such as network access.
For each FMDR server, you must include the following parameters in its
startup command:
-g <group name> -u <userid> -p <password> -l AL
9 Use the Server Administration tool to create a GMDR server that starts
automatically whenever the workstation reboots, then start the server. For
can be used in the startup command, see Nortel Multiservice Data Manager
/opt/MagellanNMS/bin/gmdr
the servers that you created to gather surveillance data.
For each FMDR server you must provide: Server Name (FMDR), Host
Name (FMDR), and User/CapabilityID and Password (FMDR).
For a subordinate GMDR server you must provide: Server Name

(subordinate GMDR) and Host Name (Subordinated GMDR)
For each OAMC server you must provide Server Name (OAMC) and
Host Name (OAMC):
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 212 -
Variable Value
group name The name of the surveillance group the FMDR server monitors.
password The user ID and password for the common account that the FMDR
server uses to obtain surveillance information from the network
userid
elements in the surveillance group.
The password can also be the full path name of the file that contains
the encrypted password. Password files are stored in the directory:/
opt/MagellanNMS/cfg/private. See "Generating secure
passwords for Multiservice Data Manager Servers" in Nortel
Multiservice Data Manager SecurityFundamentals (NN10470-605).
Procedure job aid

Parameter Description
Host Name (FMDR) The host name or IP address of the workstation on which the FMDR
server is running.
Host Name (GMDR) The host name or the IP address of the workstation on which the
GMDR server is running.
Host Name (OAMC) The host name or the IP address of the workstation on which the
OAMC server is running.
Server Name (FMDR) The name of the surveillance data (FMDR) server in the form
FMDR_<group_name>.
Server Name (GMDR) The name of the subordinate GMDR server in the form GMDR or
GMDR_<service name>.
Server Name (OAMC) The name of the OAMC server in the form OAMC or OAMC <service
name>.
User/CapabilityID and The user ID and password to be used for authentication on
Password (FMDR) connection.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 213 -
Defining Multiservice Switch 7400/15000/20000 hosts and groups

with the passport.frconfig script in no-prompt mode
Configure (in no-prompt mode) Nortel Multiservice Switch 7400/15000/20000
(Multiservice Switch 7400/15000/20000) hosts and groups in networks that
contain only switches and use an IP over Frame Relay link to connect the
Nortel Multiservice Data Manager (MDM) workstation to nodes in the network.
You can use the passport.frconfig script to

add a new switch to an existing group or to a new group
add an existing switch to an existing group or to a new group
add information about the IP address, port, and DLCI number used for the
Frame Relay connection to the switch
start the Frame Relay connection
You cannot use the passport.frconfig script to

delete a switch from an existing group
move a switch to another group
modify the IP address, port name, or DLCI, for a Frame Relay connection
The passport.frconfig script adds the group, host name, and IP address to the
/opt/MagellanNMS/cfg/HGDS.cfg file and the port and DLCI information to the
/etc/opt/SUNWconn/fr/fr.cf file.
In no-prompt mode, the passport.frconfig script lets you enter all of the
parameters on one line, but reminds you to run the passport.kick script only
after you have finished running the passport.frconfig script. It does not provide
you with the ability to start the passport.kick script.
Prerequisites
You must be logged in as root to run the passport.frconfig script.
The root account must be set up to run Nortel Multiservice Data Manager
(MDM) software as described in UNIX account configuration for MDM
(page 23).
Procedure steps
Step Action
1 Log on as root.
2 Run the passport.frconfig script in no-prompt mode.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 214 -
/opt/MagellanNMS/bin/passport.frconfig <group name>\

<host name> [<IP address> <port> <DLCI>]
The script displays responses indicating the group has been created and
reminds you to run the passport.kick script.
3 Repeat step 2 once for each switch that you are adding to a new group or to
an existing group.
4 Update the HGDS, FDTM, and FDTR servers with the new information by
running the passport.kick script.
/opt/MagellanNMS/bin/passport.kick
The script displays messages indicating that the servers are being updated
with the modified group information and information about the Frame Relay
connection operating parameters.
5 Start (or update) the Frame Relay connection.
/etc/init.d/fr.control update
6 Use the PING command to determine if the connection to the switch is up.
ping <passport IP address>
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 215 -
Variable Value
DLCI The data link connection identifier (DLCI) that identifies the Frame
Relay link and is provisioned in service data of the switch. Contact
your Multiservice Switch 7400/15000/20000 network Administrator
for the DLCI. Omit this parameter if you are adding an existing switch
to an existing group or to a new group.
group name The name of the group to which the switch belongs. The group names
consists of an uppercase string of from 1 to 12 characters.If the group
does not already exist, the script creates a new group for you.
The group name must be unique on the workstation. If the group
name consists of more than one word, join the words by underscore
characters; for example SURV_G1.
If you wish to gather alarms and surveillance information
automatically from your network, you should create at least one
special group called a surveillance group that is dedicated to
gathering surveillance information.
Examples:
name of a group used for provisioning and troubleshooting:
FMGROUP
name of a surveillance group: FG_1
Attention: Do not use the name of a module as the name of a
surveillance group. Doing so may cause confusion in identifying what
you are logged in to when using the Command Console.
host name The name of the switch. The host name is an uppercase character
string consisting of from 1 to 12 characters, as stored in the service
data of switch. Example: host1.
IP address The IP address of the switch. The IP address must be a valid address
consisting of four numbers from 1 to 3 digits, separated by periods.
Omit this parameter if you are adding an existing switch to an existing
group or to a new group. Example: 10.0.0.3
port The name of the port to which the Frame Relay link is connected. For
an HSI card this is one of ports hihp0, hihp1, hihp2, or hihp3. By
convention, the port labelled 1 on the workstation is hihp0, the port
labelled 2 is hihp1, and so on. Omit this parameter if you are adding
an existing switch to an existing group or to a new group.
Example of Defining Multiservice Switch 7400/15000/20000 hosts and

groups with the passport.frconfig script in no-prompt mode
The following example shows the use of the passport.frconfig script in no-
prompt mode to add a Nortel Multiservice Switch 7400/15000/20000
(Multiservice Switch 7400/15000/20000) switch called WEST3 to group

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 216 -
PPGRP and to start the Frame Relay connection. The IP address of the
workstation is 47.28.2.19, the Frame Relay link connects to port hihp0 on
the workstation, and the Frame Relay link has a DLCI of 16.
Step Action
1 Add the switch to the group.

/opt/MagellanNMS/bin/passport.frconfig PPGRP WEST3\
47.28.2.19 hihp0 16
Configuring Passport host West3 in group PPGRP with
IP Address 47.28.2.19 and DLCI 16 on port hihp0
The Host Group Server configuration file has been
modified, Please signal the related servers with the
passport.kick script or restart them from the Server
Administration tool.
The Frame Relay configuration file (/etc/opt/SUNWconn/
fr/fr.cf)
has been modified.
The Frame Relay connection will use the following
parameters:
Port: hihp0
IP Address: 47.28.2.19
DLCI: 16
Interface: fr0
If these parameters are not correct, please fix them in
the
Frame Relay configuration file.
All appropriate files have been modified.
2 Start the Frame Relay connection manually.
The connection information updates.
3 Update the HGDS, FDTM, and FMDR servers with the new information by
running the passport.kick script.
/opt/MagellanNMS/bin/passport.kick
with the modified group information and indicating that the frame relay
connection information is being updated.
4 Ensure that the connection is active.
ping 47.28.2.19
The following response indicates that the switch is reachable:

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 217 -
47.28.2.19 is alive
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 218 -
Defining Multiservice Switch 7400/15000/20000 hosts and groups

with the passport.frconfig script in prompt mode
Configure (in prompt mode) Nortel Multiservice Switch 7400/15000/20000
(Multiservice Switch 7400/15000/20000) hosts and groups in networks that
only contain switches and use an IP over Frame Relay link to connect the
Nortel Multiservice Data Manager (MDM) workstation to nodes in the network.
You can use the passport.frconfig script to

add a new switch to an existing group or to a new group
add an existing switch to an existing group or to a new group
add information about the IP address, port, and DLCI number used for the
Frame Relay connection to the switch
start the Frame Relay connection
You cannot use the passport.frconfig script to

modify the IP address, port name, or DLCI, for a Frame Relay connection
The passport.frconfig script adds the group, host name, and IP address to the
/opt/MagellanNMS/cfg/HGDS.cfg file and the port and DLCI information to the
/etc/opt/SUNWconn/fr/fr.cf file.
In prompt mode, the script prompts for the parameters that define a switch as
a member of a group, and for the parameters to define a Frame Relay
connection to the switch. It then prompts you for permission to run the
passport.kick script. The passport.kick script is used to update the HGDS,
FDTM, and FMDR servers with information about the new switch without the
need to restart the servers with the Server Administration tool.
Prerequisites
You must be logged in as root to run the passport.frconfig script.
(MDM) software as described in UNIX account configuration for MDM
(page 23).
Procedure steps
Step Action
1 Log on as root.
2 Run the passport.frconfig script in no-prompt mode.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 219 -
/opt/MagellanNMS/bin/passport.frconfig
The passport.frconfig script displays the following prompt:
Please specify a group name for the new host:
3 Enter the name of the group to which the switch belongs.
Please specify a name for the new host:
4 Enter the host name for the switch.
Please specify an IP address for the new host
(or just return for none):
5 Do one of the following:
If you are adding a new switch to a new group or to an existing group,
enter the IP address.
Please specify a Frame Relay port name for the new

host (e.g. hihp0)
Go to step 6.
If you are adding an existing switch to a new group or to an existing
group press the Return key to omit the IP address. The system
responds with:.
Please specify a Frame Relay port name for the new

host (e.g. hihp0):
Go to step 9.
6 Enter the name of the port to which the Frame Relay link is connected. For
an HSI card this is one of ports hihp0, hihp1, hihp2, or hihp3. By convention,
the port labelled 1 on the workstation is hihp0, the port labelled 2 is hihp1,
and so on
Please specify a Frame Relay DLCI number for the new
host:
7 Enter the data link connection identifier (DLCI) that identifies the Frame
Relay link and is provisioned in service data of the switch. Contact your
Multiservice Switch 7400/15000/20000 network Administrator for the DLCI.
The script displays a response indicating that the group has been created,
displays a reminder to update or restart the HGDS, FDTM, and FMDR
servers, then displays information about the port, the IP address, the DLCI,
and the interface name for the Frame Relay connection. It then displays the
following prompt:
Do you want to start the Frame Relay connection now (y/
n)?
8 Enter y to start the Frame Relay connection.
The script displays information indicating that the connection is started, then
displays the following prompt:

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 220 -
Do you want to run passport.kick and signal the

related MDM servers to reload the HGDS configuration
now (y/n)?
9 If you have finished adding all switches to the group, enter Y. If not, enter N.
If you enter Y, the script displays responses indicating that the HGDS,
FDTM, and FMDR servers are being updated, followed by the
responses:
Done
Go to step 10.
If you enter N, the script exits. Go back to step 2 to add the next to the
group.
10 Use the PING command to determine if the connection to the switch is up.
ping <passport IP address>
--End--
Example of Defining Multiservice Switch 7400/15000/20000 hosts and

groups with the passport.frconfig script in prompt mode
The following example shows the use of the passport.frconfig script in
prompt mode to add a Nortel Multiservice Switch 7400/15000/20000
(Multiservice Switch 7400/15000/20000) switch called WEST4 to group
PPGRP1 and to start the Frame Relay connection. The IP address of the
workstation is 47.28.2.19, the Frame Relay link connects to port hihp0 on
the workstation, and the Frame Relay link has a DLCI of 16.
Step Action
1 Run the passport.frconfig script in prompt mode.

/opt/MagellanNMS/bin/passport.frconfig
Please specify a group name for the new host: PPGRP1
Please specify a name for the new host: WEST4
Please specify an IP address for the new host:
(or just return for none): 47.28.2.19
Please specify a Frame Relay port name for the new host
(e.g. hihp0): hihp0
Please specify a Frame Relay DLCI number for the new
host: 16

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 221 -
Configuring Passport host WEST4 in group PPGRP1

with IP Address 47.28.2.19 and DLCI 16
on port hihp0
modified. Please signal the related servers with the
passport.kick script or restart them from the Server
The Frame Relay configuration file (/etc/opt/SUNWconn/
fr/fr.cf)
has been modified.
The Frame Relay connection will use the following
parameters:
Port: hihp0
IP Address: 47.28.2.19
DLCI: 16
Interface: fr0
the Frame Relay configuration file.
Do you want to start the Frame Relay connection now (y/
n):?
2 Enter Y to start the Frame Relay connection.
Running /etc/init.d/fr.control start...
Starting Frame Relay
Run /opt/SUNWconn/bin/frmon - 1hihp0
to monitor all of the current connections on this port.
Do you want to run passport.kick and signal the related
MDM servers to reload the HGDS configuration now (y/n)?:
3 Because no further switches are being added, enter Y.
The script displays responses indicating that the HGDS, FDTM, and FMDR
servers are being updated, followed by the responses:
Done
ping 47.28.2.19
The following response indicates that the switch is reachable:
47.28.2.19 is alive
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 222 -
Defining hosts and groups with the passport.atmconfig script

Use the examples in this section to learn how configure Nortel Multiservice
Switch 7400/15000/20000 (Multiservice Switch 7400/15000/20000) hosts
and groups and start the ATM connection in networks that
contain only Multiservice Switch 7400/15000/20000 switches
use IP running on an ATM link to connect the Nortel Multiservice Data
Manager (MDM) workstation to switches in the network. The ATM link
connects to a network interface card (NIC) installed in the MDM
workstation and to an ATM port on a gateway switch that provides access
to remote switches in the network.
You can use the passport.atmconfig script to

add a new gateway switch to an existing group or to a new group
add a remote switch to an existing group or to a new group
set up IP routing on the MDM workstation and start the ATM connection to
the network
You cannot use the passport.atmconfig script to

add the IP addresses and host names of the following items to the etc/
hosts file; you must add these by editing the /etc/hosts file before running
the script:
the MDM workstation
the ATM network interface card (NIC) installed in the MDM workstation
the switches to be managed with MDM
install or configure the ATM network interface card (NIC) driver software.
You must obtain the driver software from SunLink and use the
documentation supplied with the card to install the driver and configure it
before you run the passport.atmconfig script.
The passport.atmconfig script

adds the group, host name, and IP address of the switch to the /opt/
MagellanNMS/cfg/HGDS.cfg file
adds information about the ATM interface to files /etc/opt/SUNWconn.atm/
aarconfig
/etc/opt/SUNWconn.atm/atmconfig
creates or updates /etc/opt/SUNWconn.atm/atm.cf with ATM routing
information

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 223 -
The passport.atmconfg script provides a prompt mode. It does not provide a

no-prompt mode.
Prerequisites
You must be logged in as root to run the passport.atmconfig script.
The passport.atmconfig script requires the following information as inputs:

the identifier of the NIC interface card (usually ba0)
the common name (host name) you wish to assign to the ATM interface on
the NIC, for example PPNIC1
the name(s) of the group(s) that the gateway switch and remote switches
belong to, for example PPGRP1
the host names or the IP addresses of the gateway switch and remote
switches
the virtual channel identifier (VCI) of the permanent virtual circuit (PVC) to
the gateway switch
Procedure steps
Step Action
1 See the examples that follow this procedure for descriptions of the steps
used to run this script.
--End--
Examples
This section provides two examples of how to add a gateway and a remote
switch with the passport.atmconfig script.
Example 1 shows use of the passport.atmconfig script to

add a new gateway Nortel Multiservice Switch 7400/15000/20000
(Multiservice Switch 7400/15000/20000) switch with host name WEST1
and IP address 47.28.2.19 to a new group called PPGRP1
add a new remote switch with host name WEST2 and IP address
47.28.2.20 to the same group (PPGRP1)
set up and start an ATM connection to the gateway switch using a
permanent virtual circuit (VCI) on VCI 34 running on a network interface
card (NIC) called PPNIC1. The NIC has an IP address of 47.28.2.18 and
an ATM device interface identifier of ba0

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 224 -
Example 2 shows the use of the passport.atmconfig script to:

add a remote Nortel Multiservice Switch 7400/15000/20000 (Multiservice
Switch 7400/15000/20000) switch with host name WEST3 and IP address
47.28.2.22 to existing group PPGRP1
update the ATM connection to an existing gateway switch called WEST1
with new routing information for the remote switch, WEST3
Example 1: adding a gateway and a remote switch with the

passport.atmconfig script
At the beginning of this example, the /etc/hosts file contains only the IP
address and host name of the Nortel Multiservice Data Manager (MDM)
workstation. Also, the /opt/MagellanNMS/cfg/HGDS.cfg file contains only one
other group called PPGRPALL which has only one member called EAST1.
Step Action
1 The user logs in as root.

2 The user opens the /etc/hosts file with a UNIX editor and finds that it
contains only the IP address and host name of the MDM workstation.
47.28.2.17 localhost #the MDM workstation
3 The user adds the following records to the file, saves the file and closes the
file.
47.28.2.18 PPNIC1 #network interface ba0 to passports
47.28.2.19 WEST1 #gateway Passport in group PPGRP1
47.28.2.20 WEST2 #a remote Passport in group PPGRP1
4 The user starts the passport.atmconfig program.
/opt/MagellanNMS/bin/passport.atmconfig
5 The script produces the following sequence of prompts and messages. The
users responses to prompts appear in boldface type.
Do you wish to provision the ATM interface and the
gateway Passport? [n]: y
The ATM interfaces available on the workstation are: ba0
Please specify the ATM interface you wish to provision:
ba0
Please specify the host name of the ATM workstation
interface or hit return to be prompted for an IP address:
PPNIC1
The switches already defined in the /opt/MagellanNMS/
cfg/HGDS.cfg file are:
EAST1

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 225 -
Please specify a name for the gateway passport: WEST1

The gateway passport is not in a group. In order to do
surveillance or provisioning of this passport it must
belong to a group.
The Groups already defined in the /opt/MagellanNMS/cfg/
HGDS.cfg are:
PPGRPALL
Please specify the group name for gateway passport:
PPGRP1
Member WEST1 added to group PPGRP1 in the /opt/
MagellanNMS/cfg/HGDS.cfg file.
Please specify a permanent virtual circuit number for
connecting to the Passport: 34
Do you wish to add a remotely connected Passport switch?
[n]: y
The following gateway passports have been provisioned:
WEST1
Enter the gateway for which the new passport can be
reached: WEST1
cfg/HGDS.cfg file are:
EAST1
Please specify a name for the remotely connected
Passport: WEST2
The remote passport is not in a group. In order to do
surveillance or provisioning of this passport it must
belong to a group.
The groups already defined in /opt/MagellanNMS/cfg/
HGDS.cfg are:
PPGRPALL
Please specify the group name for passport: PPGRP1
Do you wish to add another remotely connected passport
switch? [n]: n
modified.
Please signal the related servers with the passport.kick
script or restart them with the SVM Administration Tool
Do you want to run passport.kick and restart the required
servers for your change to take effect? [n]:y

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 226 -
Signaled the Host Group Directory Service (HGDS.

Waiting a bit to let it load the configuration."
Signaled the Passport Communications Manager (FDTM)
Waiting a bit to let it and its subservers load the
configuration.
Signaled the running Passport Surveillance Server(s)
(FMDR)
Please consult the NMS Log Display and the Server Manager
Administration tool to ensure the servers health.
Done.
The ATM configuration file
(/etc/opt/SUNWconn/atm/atmconfig) will be modified.
The ATM connection will use the following parameters:
ba0 4.0 - - -
ba0 - PPNIC1 - -
ba0 SONET - - -
If these parameters are not correct, please fix it
in the ATM configuration file.
The ATM Address Resolution file
(/etc/opt/SUNWconn/atm/aarconfig) will be modified.
The ATM connection will use the following parameters:
ba0 - - - l
ba0 WEST1 - 34 t
ba0 - - - m
the ATM Address Resolution file.
Do you want to start the ATM connection now (y/n)? [n]: y
Running /etc/init.d/sunatm stop...
Running /etc/init.d/sunatm start...
Configuring ATM interfaces: ba0
Configuring ATM LAN Emulation interfaces:
Run /etc/opt/SUNWconn/atm/bin/atmstat <interface>
to monitor all the current connections on the interface.
The atm.cf configuration file
(/etc/opt/SUNWconn/atm/atm.cf) will be modified.
The current interface entries are:
The current routing entries are:
route add WEST2 WEST1
If these routes are not correct, please fix them in the
/etc/opt/SUNWconn/atm/atm.cf file.
Do you want to apply the ATM routing now? [n]:y

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 227 -
Running /etc/init.d/atm.control stop...

Deconfiguring ATM routing
ATM Interface is configured.
Running /etc/init.d/atm.control start...
Configuring ATM routing
Changing interface to be point to point
Adding the route into the routing table
add host WEST2: gateway WEST1
Run /usr/sbin/route -v get <remote passport>
to display the routing to this passport.
passport.atmconfig successful execution
--End--
Example 2: adding a gateway and a remote switch with the

passport.atmconfig script
At the beginning of this procedure a gateway switch WEST1 has already been
provisioned, it is a member of group PPGRP1, and the ATM connection to the
gateway is already running.
Step Action
1 The user logs in as root.

2 The user opens the /etc/hosts file with a UNIX editor and finds that the file
contains the IP addresses and host names of the Nortel Multiservice Data
Manager (MDM) workstation, the NIC card, and the gateway switch WEST1,
but does not contain the IP address and host name of the remote switch.
3 The user adds the following record to the file, saves the file and closes the
file.
47.28.2.22 WEST3
4 The user starts the passport.atmconfig program.
/opt/MagellanNMS/bin/passport.atmconfig
5 The script produces the following sequence of prompts and messages. The
users responses to prompts appear in boldface type.
Do you wish to provision the atm interface and the
gateway Passport? [n] n

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 228 -
Do you wish to enter a remotely connected passport

switch? [n]: y
Enter the gateway for which the new passport can be
reached: WEST1
cfg/HGDS.cfg file are
EAST1
WEST1
WEST2
Please specify a name for the remotely connected
Passport: WEST3
The Groups already defined in the /opt/MagellanNMS/cfg/
HGDS.cf are:
PPGRPALL
PPGRP1
Please specify the group name for passport: PPGRP1
MagellanNMS/cfg/HGDS.cfg file
Do you wish to enter another remotely connected passport
switch: n
modified.
program
script or restart them with the SVM Administration Tool
Do you want to run passport.kick and restart the required
servers for your change to take effect? [n]:y
Signaled the Host Group Directory Service (HGDS.
Waiting a bit to let it load the configuration."
Signaled the Passport Communications Manager (FDTM)
Waiting a bit to let it and its subservers load the
configuration.
Signaled the running Passport Surveillance Server(s)
(FMDR)
Please consult the NMS Log Display and the Server Manager
Administration tool to ensure the servers health.
Done.
The atm.cf configuration file (/etc/opt/SUNWconn/atm/
atm.cf) will be modified.
The current interface entries are:
ifconfig ba0 PPNIC1 WESt1

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 229 -
The new routing entries are:

If these routes are not correct, please fix it in the /
etc/opt/SUNWconn/atm/atm.cf file.
Do you want to apply the ATM routing now (y/n)? [n]: y
Running /etc/init.d/atm.control.stop...
Changing interface to be point to point
Adding the route into the routing table
Run /usr/sbin/route -v get <remote passport>
to display the routing to this passport.
All appropriate files have been modified
passport.atmconfig successful execution
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 230 -
Deleting a Multiservice Switch network element

Remove a Nortel Multiservice Switch from Nortel Multiservice Data Manager.
Prerequisites
Ensure all references to MSS are removed from the GMDR configuration
files. For more information, see Nortel Multiservice Data Manager
Procedure steps
Step Action
1 Edit file /opt/MagellanNMS/cfg/HGDS.cfg and remove the entry that defines

the network element as a member of the group from which it is to be
removed.
2 If the network element is connected to the workstation by means of
a Frame Relay connection, edit the file /etc/opt/SUNWconn/fr/fr.cf and
remove information about the obsolete Frame Relay connection, then
update the Frame Relay connection information by entering:
an ATM connection, edit the file /etc/opt/SUNWconn/atm/atm.cf and
remove information about the obsolete ATM route, then update the ATM
connection information by entering:
route delete <remote Multiservice Switch name> <gateway

passport name>
3 Use the Server Administration tool to restart the following servers and allow
the workstation to use the updated host and group information:
the Host Group Directory Server (HGDS)
the Multiservice Switch Communications Manager (FDTM)
the Multiservice Switch Management Data Router (FMDR) servers for
any groups that have had network elements added to them or removed
from them.
4 From the MDM window, select System -> Administration -> GMDR
Administration.
5 From the Security menu, select Login as admin, enter your password and
click OK.
6 In the GMDR Subserver section, select the group name that network
elements were added to and click Show Components
The GMDR Components window opens.
7 In the Components section, select the component.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 231 -
The subcomponents appear in the Subcomponents for <component name>

area.
8 Select the subcomponent name in the Subcomponents for <component
name> area, click Delete, and then Close.
The network element is removed from the subcomponent list in GMDR
Admin.
9 From the File menu, Select Save, then Exit.
10 From the MDM window, select Fault -> Network Viewer.
11 From the Network Model Edit menu, select Enable Network Model
Editing.
12 Select the network element icon you wish to delete.
13 From the Network Model Edit menu, select Delete Selected Components
and delete the network element
14 From the Network Model Edit menu, select Leave Network Model Editing.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 232 -
Modifying a Multiservice Switch network element

Modify a Nortel Multiservice Switch to change a node name or IP address or
to delete an entry.
Prerequisites
Ensure all references to MSS are removed from the GMDR configuration
Procedure steps
Step Action
1 Edit the file /opt/MagellanNMS/cfg/HGDS.cfg and remove the entry that

defines the network element as a member of the group from which it is to be
removed.
2 If the network element is connected to the workstation by means of
a Frame Relay connection, edit the file /etc/opt/SUNWconn/fr/fr.cf and
remove information about the obsolete Frame Relay connection, then
update the Frame Relay connection information by entering:
an ATM connection, edit the file /etc/opt/SUNWconn/atm/atm.cf and
remove information about the obsolete ATM route, then update the ATM
connection information by entering:
route delete <remote Multiservice Switch name> <gateway

passport name>
the Multiservice Switch Communications Manager (FDTM)
the Multiservice Switch Management Data Router (FMDR) servers for
any groups that have had network elements added to them or removed
from them.
Administration.
click OK.
elements were added to and click Show Components

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 233 -

area.
Admin.
Editing.
12 Select the network element icon you wish to modify.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 234 -
Configuring servers for network access, surveillance access, and

provisioning access to MPE nodes
Configure Nortel Multiservice Data Manager servers to support Nortel
Multiservice Provider Edge common or group management of network
access, surveillance access, and provisioning access.
Prerequisites
You must be able to log on as root. The root account must be set up to run
as described in UNIX account configuration for MDM (page 23)
Procedure steps
Step Action
1 Plan your groups, user IDs and passwords. See the description of
Multiservice Provider Edge groups in Nortel Multiservice Data Manager
2 Assign the user IDs and passwords on the network elements. Refer to the
chapter on security in 241-5701-605 Passport 7400, 15000, 2000 User
Access Guide for instructions to assign user IDs and passwords on MPE
9500 network elements.
3 Using the Server Administration tool, create an HGDS server that starts
automatically when the workstation reboots, then start the server.
can be used with the startup command, see Nortel Multiservice Data
/opt/MagellanNMS/bin/hgds
4 Use the Server Administration tool to create an NDTM server that starts
automatically when the workstation reboots, then start the server. For the
The basic startup command follows. For all possible parameters that can be
used in the startup command, see Nortel Multiservice Data Manager
/opt/MagellanNMS/bin/ndtm
5 Create and start one NMDR server for each surveillance group. When
creating these servers, ensure that you set them to start automatically when
the workstation reboots.
Attention: Do not define groups for surveillance that contain more than 60 network
elements. Doing so may cause difficulty in connecting to all of the network elements
in the group to obtain surveillance information. You can create larger groups for other
purposes such as network access

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 235 -
For each NMDR server, include the following parameters in its startup
command:
-g <group name> -u <userid> -p <password>
6 Use the Host Group administration tool or run the mpe.config script to add
a new or existing node, or a new or existing group, to the Host Group
Directory file (/opt/MagellanNMS/cfg/HGDS.cfg). For a description of this
tool or the script, see Nortel Multiservice Data Manager Administration
Tools (NN10470-300).
7 Use the Server Administration tool to create a GMDR server that starts
automatically whenever the workstation reboots, then start the server. For
can be used in the startup command, see Nortel Multiservice Data Manager
/opt/MagellanNMS/bin/gmdr
the servers that you created to gather surveillance data.
For each NMDR server you must provide: Server Name (NMDR),
Host Name (NMDR), and User/CapabilityID and Password.
For a subordinate GMDR server you must provide: Server Name

(subordinate GMDR) and Host Name (Subordinate GMDR)
For each OAMC server you must provide Server Name (OAMC) and
Host Name (OAMC):
9 See instructions for configuring GMDR to access the surveillance servers in

Nortel Multiservice Data Manager AdministrationTools (NN10470-300) to
complete this task.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 236 -
Variable Value
group name The name of the surveillance group that the NMDR server monitors.
password The user ID and password for the common account that the NMDR
server uses to obtain surveillance information from the network
userid
elements in the surveillance group.
The password can also be the full path name of the file that contains
the encrypted password. Password files are stored in the directory:/
opt/MagellanNMS/cfg/private. See "Generating secure
passwords for Multiservice Data Manager Servers" in Nortel
Multiservice Data Manager SecurityFundamentals (NN10470-605).
Procedure job aid

Parameter Description
Host Name (NMDR) The host name or IP address of the workstation on which the NMDR
server is running.
Host Name (GMDR) The host name or the IP address of the workstation on which the
GMDR server is running.
Host Name (OAMC) The host name or the IP address of the workstation on which the
OAMC server is running.
Server Name (NMDR) The name of the surveillance data (NMDR) server in the form
NMDR_<group_name>.
Server Name (GMDR) The name of the subordinate GMDR server in the form GMDR or
GMDR_<service name>.
Server Name (OAMC) The name of the OAMC server in the form OAMC or OAMC <service
name>.
User/CapabilityID and The user ID and password to be used for authentication on
Password connection.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 237 -
Configuring MPE 9500 hosts and groups with the mpe.config script in
no-prompt mode
Use this procedure to add MPE 9500 switches to a new MPE 9500 group or
to an existing MPE 9500 group using the mpe.config script in no-prompt
mode.
In no-prompt mode, the mpe.config script lets you enter all of the parameters
on one line, but only reminds you to run the hdgs.kick script after you have
finished running the mpe.config script. It does not provide you with the ability
to start the hgds.kick script.
You can use the mpe.config script to
add a new MPE 9500 switch to an existing MPE 9500 group or to a
new MPE 9500 group
add an existing MPE 9500 switch to an existing MPE 9500 group or to
a new MPE 9500 group
You cannot use the mpe.config script to
delete a MPE 9500 switch from an existing group
move a MPE 9500 switch to another group
The mpe.config script adds the group, host name, and IP address to the /opt/
Prerequisites
Root access and administrator privileges.
software as described in UNIX account configuration for MDM (page 23).
Read and understand the reasons for Nortel Multiservice Provider Edge
9500 groups and guidelines for setting them up in Nortel Multiservice Data
Manager AdministrationFundamentals (NN10470-305)
Read and understand the description of groups for Nortel Multiservice
Provider Edge 9500 for network access in Nortel Multiservice Data
Procedure steps
Step Action
1 Log on as root.
2 Run the mpe.config script in no-prompt mode:
/opt/MagellanNMS/bin/mpe.config <group name>\ <host
name> [<IP address>]

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 238 -
The script displays responses indicating the group has been created and
reminds you to run the hgds.kick script.
3 Repeat step 2 once for each MPE 9500 switch that you are adding to a new
group or to an existing group.
4 Restart to change the signal sent to fmdr, ndtm, or both from a SIGHUP to
a SIGTERM.
/opt/magellanNMS/bin/hgds.kick -restart <fmdr/ndtm/all>
Attention: These signals cause the two servers, and indirectly the fmdr and nmdr,
to shutdown gracefully so they may be restarted by the server administration
daemon. These options are used to force changes, such as the removal or renaming
of a switch from a group.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 239 -
Variable Value
group name The name of the MPE 9500 group to which the MPE 9500 switch
belongs, consisting of an uppercase string of from 1 to 12 characters.
If the group does not already exist, the script creates a new group for
you.
The group name must be unique on the workstation. If the group
name consists of more than one word, join the words by underscore
host name The name of the MPE 9500 switch. The host name is an uppercase
character string consisting of from 1 to 40 characters, as stored in the
service data of MPE 9500 switch.
IP address The IP address of the MPE 9500 switch. The IP address must be a
valid MPE 9500 address consisting of four numbers from 1 to 3 digits,
separated by periods. Omit this parameter if you are adding an
existing MPE 9500 switch to an existing group or to a new group.
Example of Configuring MPE 9500 hosts and groups with the mpe.config
script in no-prompt mode
The following example shows the use of the mpe.config script in no-
prompt mode to add a MPE 9500 switch called WEST3 to MPE 9500
group MPEGRP. The IP address of the workstation is 47.28.2.19.
Step Action
1 Add the MPE 9500 switch to the group.

/opt/MagellanNMS/bin/mpe.config MPEGRP WEST3\
47.28.2.19
Configuring MPE 9500 host West3 in group MPEGRP with
IP Address 47.28.2.19
modified, Please signal the related servers with the
hdgs.kick script or restart them from the Server

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 240 -
2 Update the HGDS, NDTM, and NMDR servers with the new information by
running the hdgs.kick script.
/opt/MagellanNMS/bin/hdgs.kick
with the modified group information and indicating that the frame relay
connection information is being updated.
ping 47.28.2.19
The following response indicates that the MPE 9500 is reachable:
47.28.2.19 is alive
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 241 -
Configuring MPE 9500 hosts and groups with the mpe.config script in
prompt mode
Use this procedure and the accompanying example to add a MPE 9500 switch
to a new MPE 9500 group or to an existing MPE 9500 group using the
mpe.config script in prompt mode.
In prompt mode, the script prompts for the parameters that define a MPE 9500
switch as a member of a MPE 9500 group, and for permission to run the
hdgs.kick script. The hdgs.kick script is used to update the HGDS, NDTM, and
NMDR servers with information about the new switch without the need to
restart the servers with the Server Administration tool.
You can use the mpe.config script to
add a new MPE 9500 switch to an existing MPE 9500 group or to a
new MPE 9500 group
add an existing MPE 9500 switch to an existing MPE 9500 group or to
a new MPE 9500 group
You cannot use the mpe.config script to
delete a MPE 9500 switch from an existing group
move a MPE 9500 switch to another group
The mpe.config script adds the group, host name, and IP address to the /opt/
Prerequisites
Root access and administrator privileges.
software as described in UNIX account configuration for MDM (page 23).
Read and understand the reasons for Nortel Multiservice Provider Edge
9500 groups and guidelines for setting them up in Nortel Multiservice Data
Read and understand the description of groups for Nortel Multiservice
Provider Edge 9500 for network access in Nortel Multiservice Data
Procedure steps
Step Action
1 Log on as root.
2 Run the mpe.config script in prompt mode.
/opt/MagellanNMS/bin/mpe.config

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 242 -
Please specify a group name for the new host: MPEGRP1

3 Enter the group name.
<group name>
Please specify a name for the new host:
4 Enter the host name for MPE switch.
<host name>
Please specify an IP address for the new host (or just
return for none):
5 Select one:
If you are adding.... Action

a new switch to a new group or to an Enter the IP address.
existing group
<IP address>
an existing MPE 9500 to a new group Press the carriage return key to omit
or to an existing group the IP address.
Do you want to run hgds.kick and signal the related MDM

servers to reload the HGDS configuration now (y/n)?
6 Enter Y for yes or N for no. Use the table as a guide.
If you are adding.... Action

more MPE 9500 switches must be Enter N and return to step 2.
added to the group
all MPE 9500 switches have been Enter Y
added to the group
When you select Y the script displays messages indicating that the servers
are being updated with the modified group information and information,
followed by the following message:
Done
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 243 -
Variable Value
group name The group name is the name of the MPE 9500 group to which the
MPE 9500 switch belongs consisting of an uppercase string of from 1
to 12 characters.If the group does not already exist, the script creates
a new group.
The group name must be unique on the workstation. If the group name
consists of more than one word, join the words by underscore
Attention: Do not use the name of a MPE 9500 module as the name
of a surveillance group. Doing so may cause confusion in identifying
what you are logged in.
host name The host name is an uppercase character string consisting of from 1
to 40 characters, as stored in the service data of MPE switch.
IP address If you enter the IP address for MPE switch. The IP address must be a
valid MPE 9500 address consisting of four numbers from 1 to 3 digits,
separated by periods.
Example of Configuring MPE 9500 hosts and groups with the mpe.config
script in prompt mode
The following example shows the use of the mpe.config script in prompt
mode to add a MPE 9500 switch called WEST4 to MPE 9500 group
MPEGRP1. The IP address of the workstation is 47.28.2.19.
Step Action
1 Run the mpe.config script in prompt mode.

/opt/MagellanNMS/bin/mpe.config
Please specify a group name for the new host: MPEGRP1
Please specify a name for the new host: WEST4
Please specify an IP address for the new host:
(or just return for none): 47.28.2.19
Configuring MPE 9500 host WEST4 in group MPEGRP1
with IP Address 47.28.2.19

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 244 -

modified. Please signal the related servers with the
hdgs.kick script or restart them from the Server
Do you want to run hgds.kick and signal the related MDM
servers to reload the HGDS configuration now (y/n)?
2 Because no further MPE 9500s are being added, enter Y.
The script displays responses indicating that the HGDS, NDTM, and NMDR
servers are being updated, followed by the responses:
Done
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 245 -
Deleting an MPE node

Remove a Nortel Multiservice Provider Edge node from Nortel Multiservice
Data Manager.
Prerequisites
Remove all references to MPE from the GMDR configuration files. For
more information, see Nortel Multiservice Data Manager Administration
Server Management (NN10470-310).
Procedure steps
Step Action

removed.
the Multiservice Provider Edge Communications Manager (NDTM)
the Multiservice Provider Edge Management Data Router (NMDR)
servers for any groups that have had network elements added to them
or removed from them.
Administration.
click OK.
elements were removed from and click Show Components
area.
Admin.
Editing.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 246 -

--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 247 -
Modifying an MPE node

Modify a Nortel Multiservice Provider Edge node to change a node name or
IP address or to delete an entry.
Prerequisites
Ensure all references to MPE are removed from the GMDR configuration
Procedure steps
Step Action

removed.
the Multiservice Provider Edge Communications Manager (NDTM)
the Multiservice Provider Edge Management Data Router (NMDR)
servers for any groups that have had network elements added to them
or removed from them.
Administration.
click OK.
elements were removed from and click Show Components
area.
Admin.
Editing.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 248 -

--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 249 -
Configuring the SNMP proxy agent (SPA)

Configure the SNMP proxy agent to enable a foreign SNMP management
system to access MPE 9500 devices.
Prerequisites
Read and understand SNMP Proxy Agent (SPA) fundamentals in Nortel
(NN10470-305)
Read and understand SNMP Proxy Agent (SPA) for Multiservice Provider
Edge nodes in Nortel Multiservice Data Manager AdministrationServer
Decide which UDP port this SPA instance will use to receive requests from
the SNMP management system. The default port is UDP port 361.
If this SPA instance must use the UDP port 161 to receive SNMP requests
from SNMP managers, you must stop any process currently bound to this
port before SVM starts SPA. On an MDM workstation, this port is normally
used by the workstation SNMP manager. To stop this process:
As SuperUser, execute /etc/init.d/startsnmp stop from an XTERM
window; this will stop the workstation SNMP agent
As SuperUser, rename the file /etc/rc2.d/S898snmp to /etc/rc2.d/
_S898snmp to prevent the workstation SNMP agent from being
restarted when the workstation is rebooted.
As a consequence of using the workstation SNMP agent port for SPA,

the workstation will no longer reply to SNMP management processes
monitoring workstations in the network. The requests sent by these
processes are received by SPA which then discards them because it
is not able to match them with a managed MPE device. However,
these discarded requests are counted in SPA discarded request
statistics
On each MPE device, create an SNMP trap-group to send SNMPv1 traps

and specify the IP address of the SPA workstation as a target address. For
details, see NN10700-018 Nortel Multiservice Provider Edge 9500
Software Administration.
Ensure that the MDM SNMP Trap Server is configured and running. For
details see Nortel Multiservice Data Manager AdministrationServer
Procedure steps
Step Action

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 250 -
1 Copy the file /opt/MagellanNMS/lib/cfg/spa.cfg to /opt/MagellanNMS/cfg/

spa_<port number>.cfg to create the runtime options configuration file.
2 If required, change the new file permissions to allow the operator to modify
it and the SPA to read it.
3 Modify any parameter in the new file as needed. The file already contains
comments explaining the function of each parameter and its possible
values. For details on the parameters in the runtime options configuration
file, see Nortel Multiservice Data Manager AdministrationServer
4 Copy the file /opt/MagellanNMS/lib/cfg/spa.mgr to /opt/MagellanNMS/cfg/
spa_<port number>.mgr to create the SNMP managers configuration file.
5 If required, change the new file permissions to allow the operator to modify
it and the SPA to read it.
6 In the new file below the line containing SNMP v1, insert a new line for
each SNMP manager requiring SNMPv1 traps. The format of those lines is:
Manager: <manager IP address> [<manager UDP port number>
7 In the new file below the line containing SNMP v2c, insert a new line of the
same format for each SNMP manager requiring SNMPv2c traps.
8 Start the SNMP proxy agent instance using the MDM Server Administration
Tool (SVMADM). For more details on the SNMP Proxy Agent, see Nortel
Multiservice Data Manager AdministrationServer Management
(NN10470-310). The command line entered in the SVMADM tool is:
/opt/MagellanNMS/bin/spa [-p <port number>] [-m <max
requests>
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 251 -
Reloading the SPA configuration files

Reload the configuration files. You can dynamically add or delete SNMP
managers or modify some runtime parameters such as the list of HGDS
groups. By sending a HUP signal, SPA reloads its configuration files without
being stopped.
Procedure steps
Step Action
1 Determine the SPA instance process id.

/opt/MagellanNMS/bin/ipcmon -p | grep spa_<port number>
The process_id is the first number on the output line.
2 Type the following command to reload the configuration files:
kill -HUP <process_id>
A HUP signal is sent to this SPA instance which will reload its configuration
files.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 252 -
Redefining the selected log levels for SPA

Redefine the selected log levels. You can trigger SPA to toggle between
issuing the logs from all possible levels to its server log file and coming back
to the list of levels selected by its runtime parameters configuration file by
sending it a USR1 signal:
Procedure steps
Step Action

2 Redefine the log levels.
kill -USR1 <process_id>
If the list of log levels currently used is the list selected in the configuration
file, all possible log levels are selected. If all possible log levels are currently
selected, SPA returns to the log levels list selected by the configuration file.
Attention: If you need to select a different list of log levels than the two selections
available through the USR1 signal, you can modify the list as required in the
configuration file and the HUP signal used to reload this file.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 253 -
Generating statistical log messages for SPA

Generate a statistical log message in the log file.
Normally SPA creates statistical log messages at regular intervals. This

statistical information is created as an INFO message in the log file. The
interval is specified in the Runtime options configuration file. For more
information, see Nortel Multiservice Data Manager AdministrationServer
Management (NN10470-310). You can also trigger a statistical log entry by
sending a USR2 signal to the SPA process.
Procedure steps
Step Action

2 Generate a statistical log message.
kill -USR2 <process_id>
SPA will terminate the current statistical interval, compute the required
statistical values, zero the statistical counters, and restart a new statistical
interval.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Network backup and restore setup
Set up the backup and restore applications to suit your network requirements.
Prerequisites to network backup and restore setup
Attention: If the Provider server is not running on the same machine as the
Controller server, or if you want to use more than one Provider server to
share the load, you must modify the remote mapping file. For more
information, see Modifying the remote mapping (controller.cfg) file
(page 283).
For information about the backup and restore procedures and ongoing
management of settings, see Nortel Multiservice Data Manager Network
Backup and Restore (NN10470-807).
Navigation
Use the Server Administration tool for the following setup procedures for
MSS and MPE backup and restore:
Adding a backup group (page 256)
Configuring the backup group (page 257)
Changing server startup options for backup and restore (page 260)
Enabling the Data Synchronization server (page 263)
Verifying the Default backup group configuration (page 265)
Use the Service Data Backup/Restore tool for the following setup
procedures for MSS and MPE backup and restore:
Changing the location of the Data Synchronization server (page 266)
Setting the Default User Authentication (page 267)
Setting the Software Distribution Site for network element recovery
(page 268)
Setup procedures for Passport/SNMP backup and restore:
Changing default information for Passport/SNMP backup (page 269)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 255 -
Changing default information for Passport/SNMP restore (page 270)

Changing backup options for a Passport 4400/4460 (page 271)
Changing restore options for an Passport 4400/4460 (page 272)
Configuring connectivity between Passport 4400/4460 and a provider
(page 273)
Modifying the device information file for Passport 4400/4460
(page 274)
Modifying the interface mapping file for Passport 4400/4460
(page 277)
Specifying the device information file for Passport 4400/4460
(page 279)
Additional setup procedure for MSS, MPE and Passport/SNMP backup
and restore tools:
Modifying the remote mapping (controller.cfg) file (page 283)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 256 -
Adding a backup group

A Current Configuration backup on demand or on alarm requires a backup
group of network elements defined for the Backup Server (Backup
Controller).Use the default backup group or add a new backup group.
Applies to:
Multiservice Switch
Passport 6400
Prerequisites
You must be logged in as the root user.
Attention: Backup groups are required only for the Current Configuration
Backup function, not for the regular backup function.
Verify the default backup group configuration to determine if it meets your

requirements. See Verifying the Default backup group configuration
(page 265).
Procedure steps
Step Action
1 From the Server Administration window, in the Server list, select the
Backup Controller.
2 Right-click to select Configuration and then Launch Backup Server.
The Configuration Editor Backup Server dialog box opens.
3 In the left pane, select the BackupServer element.
4 Right-click and select Add Element.
The Add Element dialog box opens.
5 Verify that Group option is selected and click OK.
An new element called New Group is added to the left pane.
6 Select the New Group element.
7 In the Name field of the right pane, enter the name for the backup group
8 To accept the new group element with the same subelements as the Default
group, select Save from the File menu of the menu bar. Otherwise continue
to Configuring the backup group (page 257).
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 257 -
Configuring the backup group

Use the Service Administration tool Configuration Editor to configure the
backup group sub-elements. You can also configure the sub-elements for
specific network elements in the backup group.
Applies to:
Multiservice Switch
Passport 6400
Prerequisites
You must be logged in as the root user.
Attention: Backup groups are required only for the Current Configuration
Backup function; they are not required for the regular backup function.
Procedure steps
Step Action
1 From the Server Administration window, in the Server list, select the
Backup Controller.
2 Right-click to select Configuration and then Launch Backup Server.
The Configuration Editor Backup Server dialog box opens.
3 In the left pane, expand the BackupServer element.
4 Select the backup group or expand the backup group and select the network
element that you want to modify.
5 Right-click to select Add Element.
6 In the Add Element dialog box, select either of the Authentication,
BackupOptions, or DBSynchOptions subelements.
Attention: The DBSynchOptions subelement is applicable only to Multiservice

Switch network elements.
7 Click OK.
8 To add another subelement, repeat step 4 to step 6. Otherwise, continue to
configure the subelements:
If the subelement is Authentication, go to step 9.
If the subelement is BackupOptions, go to step 11.
If the subelement is DBSynchOptions, go to step 13.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 258 -
9 Expand the backup group and select Authentication.

10 Either enter the appropriate username and password OR set usePassword
File to True and enter the location of the password file in the
passwordFileName field.
To configure BackupOptions, go to step 11. To configure DBSynchOptions,
go to step 13. If you have completed configuring the subelements, go to
step 16.
11 Expand the backup group and select BackupOptions.
12 If you want backups to be performed on alarm, verify that onAlarm is set to
True. Otherwise change the value to False.
To configure DBSynchOptions, go to step 13. If you have completed
configuring the subelements, go to step 16.
13 Expand the backup group and Select DBSyncOptions.
14 If you want the Backup server to send a notification to the Data Sync server
to update the Administration Database when a Current Configuration
backup occurs, verify that enabled is set to True. Otherwise, change the
value to False.
15 Enter the name of the DBSyncController in the server field.
Attention: If you leave the server field blank, the default value is localhost. If the
name in the server field does not match the name specified in the /opt/
MagellanNMS/cfg/DataSync.cfg of the responsible DBSync controller, the Data
Sync servers will not synchronize that backup group or network element.
16 Select Save from the File menu.
--End--
Procedure job aid

The following tables describe the parameters for the subelements under the
Backup Server.
Backup Server sub-element parameters
Subelement Parameter Description Default

Authentication username Username to access device. blank
password Password to access device. blank
(1 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 259 -
Backup Server sub-element parameters (continued)
Subelement Parameter Description Default

usePasswordFile Indicates if a password file is to false
be used for access to the
account. Set to true if you want
a password file to be used.
passwordFile Specifies the path to the file blank
that contains an encrypted
password.
Use only if usePasswordFile is
set to true.
BackupOptions onAlarm Indicates if the network true
elements in the group are to be
backed up when the sever
receives a configuration event
from a network element.
DBSyncOptions enabled Specifies that a true
dbsynchcontroller is notified
when the network element is
backed up. This enables
synchronization with the
Administration Database.
Set to false if you do not want to
enable database
synchronization on back up.
Attention: If there is more than one backup server, you must specify the above BackupServer
parameters for each of them.
(2 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 260 -
Changing server startup options for backup and restore

Change a servers default options to suit your network requirements for
backup and restore.
Applies to:
Multiservice Switch
Multiservice Provider Edge
Passport 6400
Prerequisites
If you are changing the startup command for a server that is already
running, you must stop the server before you make changes. Any changes
you make to the startup command will take effect only when the server is
restarted. See Nortel Multiservice Data Manager Administration
Database (NN10470-400) for information about starting the backup
server.
Attention: When you are changing the startup command for the backup
Controller, both the Controller and the Provider servers must be stopped.
After you have added the options, the backup Provider must be restarted
before the backup Controller.
Attention: The -notification and -nbofbck options are valid only for the
Backup Controller (nsctlbck).
Procedure steps
Step Action
1 From the Multiservice Data Manager main menu, select System,

Administration, Server Administration.
The Server Administration window opens.
2 From the Security menu, select the Authorize command.
3 In the SVM Enter Authorization Password dialog box, type a valid
password and click OK.
4 From the Edit menu, select Edit -> New server.
The SVM New Server Selection displays.
5 Expand the Configuration Server category to find the server in the list.
6 Select the server and click Select Server.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 261 -
The SVM Edit Server opens with the startup command displayed.
7 Edit the Startup command to add the option(s):
/opt/MagellanNMS/bin/<server_name> [-<option> <option
value>]
8 Optionally, disable the Automatic startup at reboot time option.
9 Click OK.
A confirmation dialog displays.
10 Click Yes to confirm.
11 Click Cancel to close the SVM Edit Server window
12 Restart the server as required.
--End--
Variable Value
-c /opt/MagellanNMS/cfg/ The option to use a filename for the controller configuration file
<filename.cfg> other than the default name of Controller.cfg. You must show
the full path to the file.
-d The option to set debugging on. The default is off.
-DB_Synch_port <port> The option to use a specified port for communication with
DBSyncController. The default is 5050.
Attention: Use this option only if you are implementing
Multiservice Data Manager with the Administration Database.
-h The option to display command line usage.
-nbofbck <#> The option to change the maximum number of simultaneous
backups. This option is valid only for the Backup Controller
(nsctlbck) and can only be used with the -notification option.
Attention: Do not increase the maximum number of
simultaneous backups unless you have the required
engineering information to support this change. A large
number of simultaneous backups can result in congestion
problems for the Backup Controller.
-notification This option enables current configuration backups. This option
is valid only for the Backup Controller (nsctlbck).
(1 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 262 -
Variable Value
-p <port_no> The option to specify the port to use.
Attention: If you use this option with the Backup Controller or
the Restore Controller, you will override the dynamic port
selection process.
server_name The command line value that represents the server:
Backup Controller = nsctlbck
Restore Controller = nsctlrst
MSS Backup Provider = pbckpp
MSS Restore Provider = prstpp
MPE Backup Provider = pbcksrs
MPE Restore Provider = prstsrs
(2 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 263 -
Enabling the Data Synchronization server

Basic backup and current configuration backup require the Data
Synchronization server even if the Administration database is not being used.
Use this procedure if you have not enabled the Data Synchronization server
for the Administration database.
Attention: If the Data Synchronization server is not on the local host, you
must specify the location of the server. See Changing the location of the Data
Synchronization server (page 266).
Applies to:
Multiservice Switch
Passport 6400
Attention: Multiservice Provider Edge network elements do not notify the

Data Synchronization controller when a backup is done.
Procedure steps
Step Action

4 In the list of servers, select Data Sync Server.
5 Right-click to select Configuration -> Launch Server Configuration.
The Configuration Editor appears.
6 In the left pane, expand the Embedded Servers selection.
7 Select the DBSyncController selection.
8 Edit the fields, in the right pane, as follows:
Enter a unique name into the name field. A typical naming strategy is to
use the name of the Multiservice Data Manager workstation on which
the process resides.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 264 -
Set the enabled field to true to enable the Data Synchronization server.
Do not change the value in the class field.
Optionally, use the arguments field to set the these options:
-help (to display command usage information),
-cfg <configFile> (to specify the configuration file to be used) and
-log <logFile> (to enable logging to be written to a specified file).
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 265 -
Verifying the Default backup group configuration

The default group configuration can be used for any backup group that you
add. Verify that the values in the default group subelements are acceptable for
your system.
Applies to:
Multiservice Switch
Passport 6400
Procedure steps
Step Action

2 In the Server Administration window, select the Backup Controller.
3 Right-click to select Configuration and Launch Backup Server.
The Configuration Editor backup server opens.
4 Expand the Default group element.
5 Select each subelement and verify that the parameters in the right pane are
appropriate for your system.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 266 -
Changing the location of the Data Synchronization server

Change the location of the Data Synchronization server if the server is not on
the local host.
Attention: Multiservice Provider Edge network elements do not notify the

Data Synchronization server when a backup is done.
Applies to:
Multiservice Switch
Passport 6400
Procedure steps
Step Action
1 From the Backup and Restore window menu bar, select Options, then
select Edit Server Configuration.
The Server Configuration dialog box opens. The default value for the
Backup Server Host Name is localhost.
2 Change the value of localhost to the location of the Data Synchronization
server. For example:
wcars123
3 Click OK.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 267 -
Setting the Default User Authentication

Set the default user ID and password, which is used for all network element
access unless overridden by a specific user ID and password for the network
element.
Applies to:
Multiservice Switch
Passport 6400
Procedure steps
Step Action
1 From the Backup and Restore window menu bar, select Options, Set
Default Authentication.
2 Enter the user ID and password in the appropriate fields.
3 Click OK.
The new user ID and password are used on the next network element
access.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 268 -
Setting the Software Distribution Site for network element recovery

Set the software distribution site to be used in network element recovery.
Applies to:
Multiservice Switch
Procedure steps
Step Action
1 From the Backup and Restore window menu bar, select Options, Set
Software Distribution Site.
The Software Distribution Site dialog box opens.
2 In the appropriate fields, enter the IP host name, user ID and password of
the Software Distribution Site.
3 Click OK.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 269 -
Changing default information for Passport/SNMP backup

Change the default information for any network element type listed in the main
window.
Procedure steps
Step Action
1 In the Passport/SNMP Devices Backup window, double-click on the entry

that you need to change in the Default Backup Information area.
The Change Default Information dialog opens.
2 Make the required changes.
3 Click OK to save your changes and close the dialog.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 270 -
Changing default information for Passport/SNMP restore

Change the default information for any network element type listed in the main
window.
Procedure steps
Step Action
1 From the Passport/SNMP Backup/Restore window, in the Default Restore

Information area, double-click on the entry that you need to change.
The Change Default Information dialog opens.
2 Make the required changes.
3 Click OK to save your changes and close the dialog.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 271 -
Changing backup options for a Passport 4400/4460

Before you perform an Passport/SNMP backup, you can change the default
values of the Controller, Controller port, and target directory.
Procedure steps
Step Action
1 From the Passport/SNMP Backup/Restore window menu bar, select

Options, Change Backup Options.
The Change Backup Options dialog opens.
2 Modify the Backup controller host, Backup controller port, or Target
directory.
3 Click OK to close the dialog.
4 From the Options menu, select Save Options to save your changes for
future sessions. This command also saves the current network element
information file and any changes you make in the Change Restore Options
dialog.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 272 -
Changing restore options for an Passport 4400/4460

Before you perform an Passport/SNMP restore, you can change the default
values of the Controller, Controller port, and source directory.
Procedure steps
Step Action

Options, Change Restore Options.
The Change Restore Options dialog opens.
2 Modify the Restore controller host, Restore controller port, or Source
directory.
3 Click OK to close the dialog.
4 From the Options menu, select Save Options to save your changes for
future sessions. This command also saves the current network element
information file and any changes you make in the Change Backup Options
dialog.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 273 -
Configuring connectivity between Passport 4400/4460 and a provider

Configure the communication between a Passport 4400/4460 network
element and a Provider if the Passport 4400/4460 contains a default
configuration. A default configuration means no configuration has been
entered.
Procedure steps
Step Action
1 Establish a communication with the Passport 4400/4460 through the serial

console port. The default line parameters are 9600N81, which means:
baud rate: 9600
parity: none
bits: 8
stop bit: 1
If successful, you are prompted for a login when you press the Return key.
2 Type cli at the login prompt. For the password, press the Return key.
3 Define the Ethernet interface IP address of the Passport 4400/4460 by
entering the following CLI (command line interface) command:
add ip address entry 3 x.x.x.x y.y.y.y z.z.z.z
4 Save the configuration with the CLI command:
save config update
5 Reset the Passport 4400/4460 with the new configuration using the CLI
command:
reset system current reset
--End--
Variable Value
x.x.x.x The IP address of the Passport 4400/4460.
y.y.y.y The network netmask.
z.z.z.z The broadcast address.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 274 -
Modifying the device information file for Passport 4400/4460

Passport/SNMP Service Data Backup/Restore uses the device information
file (device.cfg) to display the network elements that you can back up and
restore.You need to include an entry for every network element that Passport/
SNMP backup and restore can access on the host machine.You do not need
to include all network elements in a single file; you can create as many device
information files as you want and select one from the main window before
performing a backup or restore.
The device information file enables you to group network elements. This
option enables you to back up or restore all network elements within a
particular group.
If you have Passport/SNMP Service Data Backup and Restore software on

multiple hosts, you should duplicate the entries in the device information files.
However, you can divide the entries into device information files on different
hosts so that each host backs up and restores only those network elements
managed by that host.
Procedure steps
Step Action
1 Edit the device information file options:

device: type = <devtype> name = <devname>
addr = <IPaddress>[:<port>] [userid = <id>]
[passwd = <password>]
group: name = <groupname>
member: name = <devname>
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 275 -
Variable Value
device Indicates information about a particular network element.
devtype The name of the network element type (PP4400, or PP4460).
devname The name of the network element.
IPaddress The IP address of the network element and has the format n.n.n.n.
port The port number of the network element.
id The user ID for a network element and the READ community string for
a Passport 4400/4460.
password user password for a network element and the WRITE community
string for a Passport 4400/4460
group indicates information about a group of network elements
groupname name of the group to which the network element belongs
member indicates information about a member of the group. You need to place
all members of a group directly after the group line
Attention: You must include devtype, devname, IP address, id, and password on the same line.
Procedure job aid

The following is an example of a device information file.
device: type = PASSPORT name = NODER05 addr = 82.152.6.19

device: type = PASSPORT name = NODER06 addr = 82.152.6.32
device: type = PASSPORT name = NODERF addr = 82.232.33.74
device: type = PP4400 name = PP4400_20 addr = 35.195.4.173

device: type = PP4400 name = PP4400_EMU addr = 82.195.1.45
device: type = PP4460 name = PP4460_64 addr = 35.195.4.173

device: type = PP4460 name = PP4460_CAL addr = 82.195.1.45
group: name = group01

member: name = NODER05
member: name = NODER06
member: name = NODERF
# You can put a network element in more than one group.

member: name = NODERF
member: name = PP4400_20
member: name = PP4400_EMU

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 276 -

member: name = PP4460_64
member: name = PP4460_CAL
device: type = PP4400 name = TEST addr = 15.190.6.58

device: type = PASSPORT name = NODE_TOR addr = 18.232.1.32

member: name = TEST
member: name = NODE_TOR

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 277 -
Modifying the interface mapping file for Passport 4400/4460

The provider initiates file transfers between Passport 4400/4460 network
elements and the provider. The IP address of the provider is delivered to the
network element. The provider instructs the network element to start the file
transfer process. The network element establishes the TFTP connection and
the files are transferred.
If the providers host machine has only one network interface (one IP
address), that IP address is used for the TFTP connection between the
network element and the provider.
The provider host machine can have multiple network interfaces. For example,
the system can have one interface to the LAN and other interfaces to the WAN
where the network elements reside. In this configuration the network elements
cannot see the IP address of the interface to the LAN. In this situation you
need to configure the provider to use the correct interface address for the
TFTP connection. You do this by creating an interface mapping file.
The network element providers can use the interface mapping file to
determine the IP address used as the TFTP server address. The network
element connects to the TFTP server address for TFTP file transfers. Each
line in the interface mapping file defines the mapping of the host address and
the network element address or addresses. The host address is the TFTP
server address.
Procedure steps
Step Action
1 Edit the ifmap.cfg file options:

<interface IP address> <network element IP address(es)>
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 278 -
Variable Value
interface IP address The IP address of the interface to be used and has the format n.n.n.n.
network element IP The IP addresses of the network elements and has the format n.n.n.n.
address(es) You can match a group of network elements by using the wildcard
character (*).
Procedure job aid

The following example shows an interface mapping file for a host machine that
has 3 network interfaces: one connects to the LAN and the other two are
connected to separate Passport 4400/4600 network element networks.
# Interface mapping file

# The last entry is the interface address to the LAN,
# which needs to map to any network element address.
# This last entry can be omitted.
131.147.0.1 131.147.*
131.148.0.1 131.148.*
32.123.1.1 *

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 279 -
Specifying the device information file for Passport 4400/4460

Specify the device information file if there are no network elements or network
element groups displayed in the Devices area of the Passport/SNMP Backup/
Restore window. Use a device information file that has entries for the network
elements you are going to access.
Prerequisites
For information about naming the network element information file, see
Modifying the device information file for Passport 4400/4460 (page 274).
Procedure steps
Step Action
1 From the Passport/SNMP Backup/Restore window menu bar, select File,

Open.
The Open File dialog opens.
2 Select a device information file by entering a path and file name in the File
name: data entry box. You can also select a device information file using the
Look in: pull-down menu and clicking on the file in the display panel.
3 Click Open to load the selected device information file and close the dialog.
Options, Save Options to save the current device information file as the
default for future sessions. This menu item also saves any changes you
make in the Change Backup Options and Change Restore Options
dialogs.
You can now select the network element or group for backup or restore.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 280 -
Changing the Passport/SNMP backup and restore Provider ports

Start the servers and to specify the ports to use for the controller servers, or
to add other options.
Prerequisites
If you are adding options to a server that is already running, you must stop
the server before you add the option.
Attention: If the provider is not running on the same machine as the

Controller, or if you want to use more than one provider to share the load, the
remote mapping file must modified. For more information, see Modifying the
remote mapping (controller.cfg) file (page 283)
Procedure steps
Step Action

4 From the Edit menu, select Edit -> New server.
The SVM New Server Selection displays.
5 Expand the Configuration Server category to find the server in the list.
6 Select the server and click Select Server.
The SVM Edit Server opens with the startup command displayed.
7 Edit the Startup command to specify the required controller port numbers,
as follows:
To specify the backup controller port:
/opt/MagellanNMS/bin/nsctlbck [-p 5000]
To specify the restore controller port:
/opt/MagellanNMS/bin/nsctlrst [-p 5001]
8 Edit the Startup command to specify the backup and restore provider server
ports:
/opt/MagellanNMS/bin/<provider_server_name> [-p
<provider_server_port_no]
9 Optionally, edit the Startup command to add other option(s):

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 281 -
/opt/MagellanNMS/bin/<server name> [-<option> <option

value>]
See Variable definitions (page 281) for possible options and their values.
10 Optionally, disable the Automatic startup at reboot time option.
11 Click OK.
A confirmation dialog appears.
12 Click Yes to confirm.
13 Click Cancel to close the SVM Edit Server window
14 Right-click on the server name in the server list.
15 From the pop-up menu, select Start.
The server starts.
--End--
Option/Variable Values/Definitions
-c /opt/MagellanNMS/cfg/ The option to specify a filename for the controller config file if you are using
<filename.cfg> a filename other than Controller.cfg. You must show the full path to the file.
-d The option to set debugging on. The default is off.
-h The option to display command line usage.
-m Use this option to specify the interface mapping file.This optional file is
<interface_mapping_file> required when your system has multiple network interfaces. The default
interface mapping file is /opt/MagellanNMS/cfg/ifmap.cfg.
If the file ifmap.cfg exists in directory /opt/MagellanNMS/cfg and is
populated with valid mapping information, it is not necessary to specify the
-m option. This file is used by default.
For information about when to use this option, see Modifying the interface
mapping file for Passport 4400/4460 (page 277).
(1 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 282 -
Option/Variable Values/Definitions
-p Use this option to specify the port to use for the Backup and Restore
<provider_server_port_n Provider servers. The default values are as follows:
o>
Passport 4400 Backup Provider = 5030
Passport 4400 Restore Provider = 5031
Passport 4460 Backup Provider = 5040
Passport 4460 Restore Provider = 5041
<provider_server_name> The value that represents the provider server name:
Passport 4400 Backup Provider = pbckpp4400
Passport 4400 Restore Provider = prstpp4400
Passport 4460 Backup Provider = pbckpp4460
Passport 4460 Restore Provider = prstpp4460
(2 of 2)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 283 -
Modifying the remote mapping (controller.cfg) file

Modify the controller.cfg file if one or both of the following conditions exist:
the provider is not running on the same workstation as the controller
more than one provider is used to share the load
The controller uses the remote mapping file (controller.cfg) to determine the
provider to which a network element is connected. For backup and restore, the
default is one provider running on the same workstation as the controller. If
this is not the case, you must add an entry in the service mapping block for
each network element that you want accessed by a specific provider.
If you do not create an entry, the backup/restore tools assume the network
element is connected to the local provider. The backup/restore tools support
only one remote mapping file.
Applies to:
Multiservice Switch
Passport 6400
Passport 4400 and 4600
Procedure steps
Step Action
1 Modify the service mapping block.

The format of a service mapping block in the remote mapping file is
service=<service_type>
dev_type=<devtype>
[dev_name=<devname> | dev_addr=<IPaddress>]
host=<provider_host>[<:provider_port>]
...
If you do not use devname or IPaddress, the Provider identified in
provider_host handles the service for all network elements of the specified
dev_type.
You can include comments in the remote mapping file by inserting an
octothorpe (#) at the beginning of the line. You can also include blank lines.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 284 -
Variable Value
service_type backup or restore
devtype The name of the network element type (MPE, PASSPORT, PP4400,
or PP4460).
devname The name of the network element. You can match a group of network
elements by using the wildcard character (*).
IPaddress The IP address of the network element and has the format n.n.n.n. You
can match a group of network elements by using the wildcard
character (*).
provider_host:provider_port The provider location; provider_host is the host name or IP address of
the Provider and provider_port is the port number registered to the
Provider. The port number for MSS network elements (not Passport
4400/4460) is dynamic by default. The default values for provider_port
are
dynamic Passport Backup Provider
dynamic Passport Restore Provider
dynamic MPE Backup Provider
dynamic MPE Restore Provider
5030 Passport 4400 Backup Provider
5031 Passport 4400 Restore Provider
5040 Passport 4460 Backup Provider
5041 Passport 4460 Restore Provider
Attention: You must include devtype, devname/IPaddress, and host on the same line.
Procedure job aid

The following example shows a remote mapping file with 2 service blocks.
Each network element in the service blocks is connected to a different remote
host.
# Remote mapping file
service=backup
dev_type=PASSPORT dev_addr=42.208.*.111 host=23.257.32.12
dev_type=PP4400 dev_name=PP4400_20 host=bcarse80
dev_type=PP4460 dev_name=PP4460_64 host=winnipeg
service=restore

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 285 -
dev_type=PASSPORT dev_addr=42.208.*.111 host=59.620.6.24

dev_type=PP4400 dev_name=PP4400_20 host=bcarse80
dev_type=PP4460 dev_name=PP4460_64 host=winnipeg

Administration
NN10470-303 01.03 Standard
16.2 May 2007
MDM workstation troubleshooting
Troubleshoot problems with alarms and alarm clearing.
Navigation
Troubleshooting global alarm clearing on DPN (page 287)
Troubleshooting global alarm clearing on Multiservice Switch (page 291)
Troubleshooting global alarm clearing on Multiservice Provider Edge
(page 295)
Troubleshooting a global alarm clearing problem (Global Clear tool)
(page 299)
Troubleshooting server alarm distribution through NCS and workstation
surveillance using NCS status probing (page 300)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 287 -
Troubleshooting global alarm clearing on DPN

If global alarm clearing does not work after configuration, the most likely
causes are configuration errors on the Nortel Multiservice Data Manager
workstation or in NCS.
In Multiservice Data Manager, the most likely causes are

The DMA server is stopped or was not started using the -c option.
The GMDR server was not configured with the GMDR Administration tool
to set up the DMA server as one of its subservers. The server name used
for the configuration must be DMASERVER and the server must be in the
Connected state.
The OA destination mnemonic entered in file
/opt/MagellanNMS/cfg/DmaClrOA.cfg does not have a matching OA
Member defined in file opt/MagellanNMS/cfg/HGDS.cfg.
The DNA of the MDI assigned to the OA Member in
MagellanNMS/cfg/HGDS.cfg does not match the DNA entered in NCS.
In the NCS the most likely cause is

The NCS capability ID associated with the password used to log into the
top level OA in the managed region has insufficient capability, level, or
impact. The minimum capability, level and impact should be
Nams Network Service

OA/Device None
Application/Line None
Switching Network None

Device None
Line None
Use the following procedure to troubleshoot global alarm clearing. The

following procedure starts by looking at the workstation, then at NCS.
Prerequisites
Your user account must be set up run the NMSAdmin toolset at login to be
able to see the Server Administration tool in the menus.
Procedure steps
Step Action
selecting System -> Administration -> Server Administration

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 288 -
2 Look for the DMA server in the servers list and double-click on it to view the
server information.
The server should be Running, should be set to start at reboot, and the
startup command should include the -c option.
If the server information is correct and the server is running, go to step 10.
If the server information is correct but the server is not running, select the
server, then go to step 5.
If the server is not defined or the server information is incorrect, go to step 6.
3 Using the Server Administration tool, stop the DMA server, if it is already
running.
See accessing view mode in Nortel Multiservice Data Manager
4 Log in to the Server Administration tool as the administrator by selecting
Enable Editing from the Security menu.
See editing a server in Nortel Multiservice Data Manager Administration
Tools (NN10470-300).
when the workstation reboots and the startup command contains the -c
option, as follows:
/opt/MagellanNMS/bin/dma -c [<filename>]
7 Start the GMDR Server Administration tool by selecting
System -> Administration ->GMDR Administration.
8 The DMA server should appear in the server list, be named DMASERVER,
and have a status of Connected.
If the DMA server appears, is named DMASERVER and is connected, go to
step 17.
If the DMA server appears, is named DMASERVER, but is not connected,
go to step 16.
If the DMA server does not appear, or is not named DMASERVER go to
step 12.
9 Log in to the GMDR Administrator tool by selecting Log in as admin from the
Security menu.
10 Click Add.
Host Name: localhost or the IP address of the workstation on which the
GMDR server is running

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 289 -

13 Click on DMASERVER in the servers list.
14 Click Connect.
15 In a UNIX access window, open file /opt/MagellanNMS/cfg/DmaClrOA.cfg
and write down the OA Destination mnemonic, the NCS capability ID, and
the password. You will need this information later.
Example:
OA destination mnemonic = CORENCSIF
NCS Capability ID = CORENCS
Password = axylt
16 In a UNIX access window, open file /opt/MagellanNMS/cfg/HGDS.cfg and
look for an OA Member that matches the OA Destination mnemonic in file /
opt/MagellanNMS/cfg/DmaClrOA.cfg.
Example: OA Member CORENCSIF
17 If there is no corresponding OA Member in file
/opt/MagellanNMS/cfg/HGDS.cfg, define the top level OA in the managed
region as a member of an OA group, then restart the HGDS server.
18 Start the Command Console from the application main window by selecting
System -> Utilities -> Command Console.
The Connection Manager Dialog opens.
19 Select Connection Management from the Security menu.
The Command Console Connection Management dialog opens.
20 Enter the OA Destination mnemonic, the NCS Capability ID, and the
password from file /opt/MagellanNMS/cfg/DmaClrOA.cfg into the
Destination, User Id, and Password fields.
21 Click Connect.
The information you entered is authenticated.
When authentication is successful, the message Connected to <OA
Destination mnemonic> is displayed.
Example:
Connected to CORENCS
22 If authentication is successful the NCS Capability. level, and impact may be
insufficient for global alarm clearing. Go to step 26.
If authentication is not successful, one or more of the following may be the
cause of the problem:

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 290 -
The DNA assigned in file /opt/MagellanNMS/cfg/HGDS.cfg may be invalid.

Obtain the DNA from your DPN Network Administrator or use a
maintenance terminal connected to the node to obtain the DNA.
The NCS capability ID and password assigned in file
/opt/MagellanNMS/cfg/DmaClrOa.cfg may be invalid. Obtain the correct
NCS Capability ID and password from your DPN Administrator.
The X.25 connection may be down. Use Solaris Management Console tool
and documentation to trace and debug the X.25 connection.
23 Click Close.
The Command Console Connection Management Dialog closes.
24 The NCS capability, impact, and level for the NCS user ID and password are
displayed in the Command Console main window. They should be as
follows:
NAMSNetworkService
OA/DeviceNone
Application/LineNone
SwitchingNetworkNone
DeviceNone
LineNone
If they are not as shown. have your DPN Administrator change them or use
a maintenance terminal connected to the node to change them.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 291 -
Troubleshooting global alarm clearing on Multiservice Switch

Isolate the reason that Global Clear alarm does not work.
If global alarm clearing does not work after configuring it, the most likely
workstation or in the DmaClrPP.cfg file.
In Multiservice Data Manager, the most likely causes are as follows:

The DMA server is stopped or was not started using the -f option.
Connected state.
The group entered in file /opt/MagellanNMS/cfg/DmaClrPP.cfg does not
have a matching group entry defined in HGDS (file opt/MagellanNMS/cfg/
HGDS.cfg).
The targeted node is not part of any of the groups specified in opt/
MagellanNMS/cfg/DmaClrPP.cfg file.
The group user ID associated with the password used to log in to the
targeted nodes has insufficient impact or scope, or the wrong password,
or customer ID. The customer ID must be zero and the minimum scope
and impact should be device and systemAdministration, respectively.
Refer to the Nortel Multiservice Data Manager AdministrationServer

Management (NN10470-310) for the error messages.
Procedure steps
Step Action
1 Start the Server Administration tool from the application window by selecting
2 Look for the Host Group Directory Services (HGDS) server in the servers
list and double click on it to view the server information.
The server should be Running and should be set to start at reboot.
3 Look for the Passport Comms Mgr server (FDTM) in the servers list and
double click on it to view the server information.
4 Look for the GMDR server in the servers list and double-click on it to view
the server information.
The server should be Running, and should be set to start at reboot.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 292 -
server information.
startup command should include the -f option.
Attention: Steps 1-5 and 18-27 need to be completed on the workstation where the
network access layer resides (FDTM and HGDS). The other steps need to be
completed where the implicated servers reside (possibly on a remote workstation.)
If the server information is correct and the server is running, go to

step 10.
If the server information is correct but the server is not running, select
the server, then go to step 9.
If the server is not defined or the server information is incorrect, go to
step 6.
running.
when the workstation reboots and the startup command contains the -f
option, as follows:
/opt/MagellanNMS/bin/dma -f
Attention: You can add the command line option -t to configure the inactivity timer.

System -> Administration -> GMDR Administration.
If the DMA server appears, is named DMASERVER and is connected,
go to step 17.
If the DMA server appears, is named DMASERVER, but is not
connected, go to step 16.
step 12.
12 Log in to the GMDR Administrator tool by selecting Log in as admin from

the Security menu.
13 Click Add.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 293 -

Host Name: local host or the IP address of the workstation on which the
DMA server is running

16 Click on DMASERVER in the servers list. and click Connect.
17 In a UNIX access window, open file /opt/MagellanNMS/cfg/DmaClrPP.cfg
and write down the group name and the associated user ID. You will need
this information later.
Example:
:<Passport Group Name>:<User ID>::<encrypted password>:
18 Using the Host Group Administration tool (or in a UNIX access window,
open file /opt/MagellanNMS/cfg/HGDS.cfg) look for an FGroup entry that
matches the group name. (In UNIX, examine the file /opt/MagellanNMS/cfg/
DmaClrPP.cfg).
Example: FGroup: ALL
19 You can use an existing FGroup entry (in file /opt/MagellanNMS/cfg/
HGDS.cfg if you are not using the Host Group Administration tool) or define
the group entry with its associated members, then restart the HGDS server.
22 Enter the group name and the user ID from file
/opt/MagellanNMS/cfg/DmaClrPP.cfg into the Destination and User Id fields,
and enter the associated password in the Password field.
23 Click Connect.
The information you entered is authenticated.
When authentication is successful, the message Connected to <Passport
group name> is displayed.
Example:
Connected to ALL
24 If authentication is successful the customer ID, scope, and impact may be
insufficient for global alarm clearing. Go to step 26.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 294 -

The user ID and password assigned in file /opt/MagellanNMS/cfg/
DmaClrPP.cfg may be invalid. Obtain the correct user ID and password
from your Multiservice Switch 7400/15000/20000 Administrator.
The connection to this part of the network may be down.
25 Using the command line in Command console, type

<Passport_Name> me.
Ensure that the user ID you are using has a customer ID of 0, and has the
scope of network or device, and the systemAdministration privilege.
26 Click Close.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 295 -
Troubleshooting global alarm clearing on Multiservice Provider Edge

Isolate the reason that Global Clear alarm does not work.
If global alarm clearing does not work after configuring it, the most likely
workstation or in the DmaClrSRS.cfg file.
In Multiservice Data Manager, the most likely causes are as follows:

The DMA server is stopped or was not started with the -s option.
Connected state.
The group entered in file /opt/MagellanNMS/cfg/DmaClrSRS.cfg does not
have a matching MPE group entry defined in HGDS (file opt/
MagellanNMS/cfg/HGDS.cfg).
The targeted MPE node is not part of any of the groups specified in opt/
MagellanNMS/cfg/DmaClrSRS.cfg file.
The group user ID associated with the password used to log in to the
targeted nodes has insufficient permissions, or the wrong password, or
customer ID. The user ID must have clear permissions.
Refer to the Nortel Multiservice Data Manager AdministrationServer

Management (NN10470-310) for the error messages.
Procedure steps
Step Action
1 Start the Server Administration tool from the application window by selecting
2 Look for the Host Group Directory Services (HGDS) server in the servers
list and double click on it to view the server information.
3 Look for the MPE Comms Mgr server (NDTM) in the servers list and double
click on it to view the server information.
4 Look for the GMDR server in the servers list and double-click on it to view
The server should be Running, and should be set to start at reboot.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 296 -
server information.
startup command should include the -s option.
Attention: Steps 1-5 and 18-27 need to be completed on the workstation where the
network access layer resides (NDTM and HGDS). The other steps need to be
completed where the implicated servers reside (possibly on a remote workstation.)

step 10.
If the server information is correct but the server is not running, select
the server, then go to step 9.
step 6.
running.
when the workstation reboots and the startup command contains the -s
option, as follows:
/opt/MagellanNMS/bin/dma -s
Attention: You can add the command line option -t to configure the inactivity timer.

System -> Administration -> GMDR Administration.
If the DMA server appears, is named DMASERVER and is connected,
go to step 17.
If the DMA server appears, is named DMASERVER, but is not
connected, go to step 16.
step 12.
12 Log in to the GMDR Administrator tool by selecting Log in as admin from

the Security menu.
13 Click Add.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 297 -

Host Name: local host or the IP address of the workstation on which the
DMA server is running

16 Click on DMASERVER in the servers list. and click Connect.
17 In a UNIX access window, open file /opt/MagellanNMS/cfg/DmaClrSRS.cfg
and write down the group name and the associated user ID. You will need
this information later.
Example:
:<MPE Group Name>:<User ID>::<encrypted password>:
18 Using the Host Group Administration tool (or in a UNIX access window,
open file /opt/MagellanNMS/cfg/HGDS.cfg) look for an SRSGroup entry that
matches the group name. (In UNIX, examine the file /opt/MagellanNMS/cfg/
DmaClrSRS.cfg).
Example: SRSGroup: ALL
19 You can use an existing SRSGroup entry (in file /opt/MagellanNMS/cfg/
HGDS.cfg if you are not using the Host Group Administration tool) or define
the group entry with its associated members, then restart the HGDS server.
The Command Console Connection Managementdialog opens.
22 Enter the group name and the user ID from file
/opt/MagellanNMS/cfg/DmaClrSRS.cfg into the Destination and User Id
fields, and enter the associated password in the Password field.
23 Click Connect.
The information you entered is authenticated. When authentication is
successful, the message Connected to <MPE group name> is displayed.
Example:
Connected to ALL
24 If authentication is successful, the customer ID and permissions may be
insufficient for global alarm clearing.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 298 -

The user ID and password assigned in file /opt/MagellanNMS/cfg/
DmaClrSRS.cfg may be invalid. Obtain the correct user ID and
password from your Nortel Multiservice Provider Edge Administrator.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 299 -
Troubleshooting a global alarm clearing problem (Global Clear tool)

Isolate the reason that the Global Clear tool does not work.
Procedure steps
Step Action
The Connection Manager dialog opens.
3 Enter the group name, the user ID, and the password.
4 Click Connect.
successful, the message Connected to <Passport group name> is
displayed.
Example:
Connected to ALL
The user ID and password are invalid for that group.
5 Once authenticated, use the command line in Command console and type
<Passport_Name> me.
Ensure that the user ID you are using has a customer ID of 0, and has the
scope of network or device, and the systemAdministration privilege.
7 Select the connected group and click on Disconnect.
8 Reselect the group and enter new values in the User Id and Password fields.
9 Click Connect.
10 Click Close.
The Command Console Connection Management dialog closes.
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 300 -
Troubleshooting server alarm distribution through NCS and

workstation surveillance using NCS status probing
If server alarm distribution (with or without NCS status probing) does not work
once you have configured it, the most likely causes are configuration errors on
the Nortel Multiservice Data Manager workstation, as follows:
the DMA server is stopped or was not started with the -d option
if workstation surveillance using NCS status probing is desired, the DMA
server was not started with the -p option
the NCS OA mnemonic (O) field in file /opt/MagellanNMS/cfg/DmaOA.cfg
contains an OA name that does not appear in the Name field of an OA
Member defined in file /opt/MagellanNMS/cfg/HGDS.cfg
the configuration parameters are incorrect in file /opt/MagellanNMS/cfg/
DmaOA.cfg
Troubleshoot the server alarm distribution through NCS and workstation

surveillance using NCS status probing.
Prerequisites
Before beginning this procedure you will need an NCS Capability ID (logon
ID) and password that allows you to log into the OA through which
workstation server alarms are to be distributed.
Procedure steps
Step Action

server information.
The server must be Running, must be set to start at reboot, and the startup
command must include the -d option. If workstation surveillance through
NCS status probing is desired, the startup command must also include the
-p option.
step 7.
If the server information is correct but the server is not running, click on
the DMA server in the server list, and select Start from the pop-up
menu. Then go to step 7.
step 3.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 301 -
running.
when the workstation reboots and that the startup command contains the -
d option.
If you need to have workstation surveillance through NCS status probing,
ensure that the startup command also contains the -p option. The command
syntax is as follows:
/opt/MagellanNMS/bin/dma -d [<filename>] \
[-p [<probing interval>]]
7 Using a UNIX editor, open file /opt/MagellanNMS/cfg/DmaOA.cfg and write
down the mnemonic of the NCS OA (OA name), and the DNA of the Device
Control Manager. You will need this information later.
Example:
Mnemonic of the destination OA (OA name) = CORENCS
DNA of the Device Control Manager = 2862015009
8 Using the Host Group Administration tool, look for an OA Member whose
Name field matches the mnemonic of the destination OA. If you are using a
UNIX editor, open file /opt/MagellanNMS/cfg/HGDS.cfg and look for an OA
Member whose Name field matches the mnemonic of the destination OA
from file /opt/MagellanNMS/cfg/DmaOA.cfg (CORENCS in the example).
If there isnt one, use the Host Group Administration tool to define an OA
Member that corresponds to the OA and restart the HGDS server using the
Server Administration tool. If you are using a UNIX editor, define an OA
Member in file /opt/MagellanNMS/cfg/HGDS that corresponds to the OA in
file /opt/MagellanNMS/cfg/DmaOA.cfg, then restart the HGDS server using
the Server Administration tool.
9 Start the Command Console by selecting System -> Utilities -> Command
Console.
11 In the dialog, enter the destination user ID, and password needed to log into
the OA through which server alarms are to be distributed.
12 Click Connect.
successful, the message Connected to <OA Destination mnemonic> is
displayed.
Example:

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 302 -
13 Click Close.
14 Enter the following command in the Command Console:
OA l
Information similar to the following is displayed:
OK TABLE SIZE = 150 UNDEFINED = 144
PE 1 HOST R70 TYPE = OA
NAME TYPE AP NUMBER / ROUTE
IWSIFC COORDINATOR 0
CONTROL DEVICE MGR 1 DEFAULT ROUTE
IWSIF MDI 2
15 Write down the host name, the PE number, the name of the Control Device
Manager, and the AP/Route number of the Device Manager (R70, PE1,
CONTROL, and 1 in the example).
16 Enter the following command to display the DNA of the Control Device
Manager
<host> NCS <PE_number> <Device Manager Number> Q DNA
Example:
R70 NCS 14 1 Q DNA
A response containing the DNA of the Device Control Manager appears on
the screen.
17 The DNA of the Device Control Manager should match the DNA field in file
/opt/MagellanNMS/cfg/DmaOA.cfg (2862015009 in the example).
If the DNAs do not match, modify the entry in file /opt/MagellanNMS/cfg/
DmaOA.cfg then restart the DMA server using the Server Administration
tool.
--End--
Variable Value
host The name of the module on which the OA is running (for example,
R70).
PE_number The number of the PE on which the OA is running (1).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Security service backup and restore
utility
The security service backup and restore utility enables you to backup and
restore security service configuration and data information.
You can use it as a command line utility to schedule backups of the security
service using the UNIX crontab facility.
For more information about using this utility to perform security service backup
and restores, see
(page 70)
Command syntax
The security service backup and restore utility has the following syntax:
swmgmt/bin/brr_security.sh
[-h][-backup <tar-file>|-restore [certs] <tar-file>|
-recover]
[-r] <directory>
[-log <log file>]

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 304 -
Security service backup and restore utility
Options Definition
-h Provides the syntax of the command.
-backup Backs up all security configuration settings, data, and logs into the
specified tar file. The file name does not require a .tar extension and
can include an absolute path.
Security Services functions are not interrupted by the backup
operation.
-restore Restores all security configuration settings, data, and logs from the
specified tar file. The file name does not require a .tar extension and
can include an absolute path.
Certificates are backed up with the backup image. Use -restore
certs to restore only the certificates from a backup file.
-recover Attempts to recover the security service (server or client) from a
corrupted situation or from an host name change.
-r Optional
Use with the -restore option to specify that a response file named
isclient.isclient.rsp must be used if found.
If no directory is specified, the script looks for the file in the directory
/opt/nortel/applications/security/current_isclient/swmgmt/resources/.
The response file is needed with client restore only. Look at your
specific product restore instructions for details.
-log Redirects the logs to the specified log file. By default the log is stored
in /opt/nortel/logs/applications/management/swmgmt/brr.log.
Example
To back up the security service including all user, role, policy, IS configuration,
NDS configuration, security settings information/configurations that are stored
in LDAP and on the file system, enter the following command:
swmgmt/bin/brr_security.sh -backup <tar_file_name>

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 305 -
Security service backup and restore utility
Exit codes
The exit codes produced by the security service backup and restore utility are:
Exit code Description

0 Normal exit
not 0 Errors were found

Administration
NN10470-303 01.03 Standard
16.2 May 2007
MDM files backup and restore utility
The Nortel Multiservice Data Manager (MDM) files backup and restore utility
enable you to backup and restore all of the critical Nortel Multiservice Data
Manager (MDM) software configuration and data files.
For more information about how to use this utility to backup and restore MDM
files, see:
MDM backup utility

files, see Backing up MDM (page 76).
Command syntax
The MDM files backup utility has the following syntax:
/opt/MagellanNMS/bin/backup_mdm_files
-mdm [-file <tar_file>]
-desktop [-file <tar_file>]
-user_admin [-file <tar file>]
[-log <log_filename>]
[-h]

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 307 -
Options Definition
-mdm [-file <tar_file>] Back up all of the Multiservice Data Manager configuration and data files
to the specified tar file <tar_file>. If you do not specify the -file <tar_file>,
the default file name is used. The default is
/opt/nortel/data/mdm/mdm_backup_<date_time_suffix>, where the
<date_time_suffix> is in this time format YYYYMMDDhhmmss. For
example:
/opt/nortel/data/mdm/mdm_backup_20061023165922.tar.
All the backup files are compressed during the backup. After the back up
is complete, a .Z suffix is added to the file name. For example, if you
specify this file name,
/opt/nortel/data/mdm/my_mdm_backup.tar,
the output file is named
/opt/nortel/data/mdm/my_mdm_backup.tar.Z.
-desktop [-file <tar_file>] Back up all of the desktop configuration and data files to the specified tar
file <tar_file>. If you do not specify the -file <tar_file>, the default file
name is used. The default is
/opt/nortel/data/desktop/desktop_backup_<date_time_suffix>,
where the <date_time_suffix> is in this time format,
YYYYMMDDhhmmss. For example:
/opt/nortel/data/desktop/desktop_backup_20061023165922.tar.
is complete, a .Z is added to the file name. For example, if you specify
this file name,
/opt/nortel/data/desktop/my_desktop_backup.tar
/opt/nortel/data/desktop/my_desktop_backup.tar.Z.
-user_admin [-file <tar_file>] Back up all of the security configuration and data files to the specified tar
file <tar_file>.If you do not specify the -file <tar_file>, the default file
name is used. The default is
/opt/nortel/data/user_admin/user_admin_backup_<date_time_suffix>,
where the <date_time_suffix> is in this time format,
YYYYMMDDhhmmss. For example,
/opt/nortel/data/user_admin/user_admin_backup_20061023165922.tar.
is complete, a .Z is added to the file name. For example, if you specify
this file name,
/opt/nortel/data/user_admin/my_user_admin_backup.tar
/opt/nortel/data/user_admin/my_user_admin_backup.tar.Z.
[-log <log_filename>] Use this option to redirect the logs to the specified log file. If you do not
specify the -log <log_filename>, the log file is not created.
[-h] Displays the command line usage.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 308 -
Requirements
You must specify at least one of these parameters in the commnd. Otherwise
the backup_mdm_files.script exits with an error (exitcode > 0).
-mdm
-desktop
-user_admin
[-h]
Stop MDM before your run this script to back up files. See Stopping MDM
(page 59).
Example
To back up all the MDM, desktop, and security files and record the logs to this
location, /opt/mdm_backup_20061023.log, type this command:
/opt/MagellanNMS/bin/backup_mdm_files -mdm -file
/opt/nortel/data/mdm/my_mdm_backup.tar -desktop
-user_admin -log /opt/mdm_backup_20061023.log
The MDM files are backed up to the compressed file /opt/nortel/data/mdm/
my_mdm_backup.tar.Z. The desktop and security files are backed up with the
default tar name.
Exit codes
The exit codes produced by the backup utility are:

0 Normal exit
MDM restore utility

files, see Restoring MDM (page 78).
Command syntax
The Multiservice Data Manager restore utility has the following syntax
/opt/MagellanNMS/bin/restore_mdm_files
-mdm [-file <tar_file>}
-desktop [-file <tar_file>]
[-log <log_filename>]
-user_admin [-file <tar file>]
[-h]

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 309 -
Options Definition
-mdm [-file <tar_file>] Restore the MDM configuration and data files from the specified tar file
<tar_file>. For example:
/opt/nortel/data/mdm/mdm_backup_20061023165922.tar.
Or, if the file is compressed:
/opt/nortel/data/mdm/mdm_backup_20061023165922.tar.Z
If -file <tar_file> is not specified, the last MDM backup file is used.
-desktop [-file <tar_file>] Restore the desktop configuration and data files from the specified tar
file <tar_file>. For example:
/opt/nortel/data/desktop/desktop_backup_20061023165922.tar.
Or, it the file is compressed:
/opt/nortel/data/desktop/desktop_backup_20061023165922.tar.Z
If -file <tar_file> is not specified, the last desktop backup file is used.
-user_admin [-file <tar_file>] Restore the security configuration and data files from the specified tar file
<tar_file>. For example,
/opt/nortel/data/user_admin/user_admin_backup_20061023165922.tar.
Or if the tar file is compressed:
/opt/nortel/data/user_admin/
user_admin_backup_20061023165922.tar.Z
If -file <tar_file> is not specified, the last security backup file is used.
[-log <log_filename>] Use this option to redirect the logs to the specified log file. If you do not
specify the -log <log_filename>, the log file is not created.
[-h] Displays the command line usage.
Requirements
You must specify at least one of these parameters in the commnd. Otherwise
the restore_mdm_files.script exits with an error (exitcode > 0).
-mdm
-desktop
-user_admin
[-h]
Stop MDM before your run this script to restore files. See Stopping MDM
(page 59).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 310 -
Restoring security services

Because -user_admin can perform only partial restoration of MDM security
services and configuration files, Nortel recommends that you see one the
following procedures to complete the process, according to one of these
scenarios:
Restoring security services on an Operator Client
After the restore_mdm_files command is complete, go to Restoring
security services on an Operator Client (page 65). Start at step 6 and
complete the entire procedure.
Restoring security services on a standalone security server
security services on a standalone security server (page 68). Start at step
4 and complete the entire procedure.
security services on a replicated pair of security servers (page 70). Start
at step 5 and complete the entire procedure.
Example
To restore all the MDM, desktop, and security files from back up files but
without creating log records, type this command:
/opt/MagellanNMS/bin/restore_mdm_files
-mdm -file /opt/nortel/data/mdm/my_mdm_backup.tar.Z
-desktop -file /opt/nortel/data/desktop/
uncompressed_desktop_backup.tar -user_admin
The MDM files are restored from the compressed tar file
/opt/nortel/data/mdm/my_mdm_backup.tar.Z.
The desktop files are restored from the uncompressed tar file
/opt/nortel/data/desktop/uncompressed_desktop_backup.tar.
The security files are restored from the last security backup file (created by
/opt/MagellanNMS/bin/backup_mdm_files or /opt/MagellanNMS/bin/
backup_mft_files.sh).
Exit codes
The exit codes produced by the restore utility are:

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 311 -

0 Normal exit

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Exportautoacklist utility
The exportautoacklist utility enables you to export a list of Auto-acked
components.
For examples on using this utility, see

Example: Exporting the Auto-ack node list from the GMDR_L3 server
(page 312)
Example: Exporting the Auto-ack node list from the GMDR server
(page 313)
Examples: Exporting the Auto-acked node list and reconfiguring another
GMDR (page 313)
Command syntax
The default output is standard output, but you can redirect the output to a file
using the following command:
/opt/MagellanNMS/bin/exportautoacklist [<GMDR
hostname>] [<GMDR name>]
Options Definition
<GMDR hostname> is optional, but must be the first option when present. Its default
value is localhost. It can be any MDM workstation hostname where
a GMDR server is running.
<GMDR name> is optional, but must be the second option when present. Its default
value is GMDR. It is the full name of a GMDR server.
Example: Exporting the Auto-ack node list from the GMDR_L3 server
To export the Auto-acked node list from the GMDR_L3 server on the
wcary123 remote host, and save the output to the /tmp/aanode.list file, enter
the following command:
/opt/MagellanNMS/bin/exportautoacklist wcary123 GMDR_L3
> /temp/aanode.list

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 313 -
Example: Exporting the Auto-ack node list from the GMDR server
To export the Auto-ack node list from the GMDR server on the localhost into
standard output, enter the following command:
/opt/MagellanNMS/bin/exportautoacklist
Examples: Exporting the Auto-acked node list and reconfiguring

another GMDR
These script-based examples enable you to export the auto-acked node list
from a GMDR server, and use this list as the configuration file of another
GMDR server (possibly running on another MDM workstation).
Prior to starting, you need to collect the following information:

source GMDR server name, from which to retrieve the Auto-acked node
list
source MDM workstation hostname, where the source GMDR server is
running
destination GMDR server name, which will be re-configured
destination MDM workstation hostname, where the destination GMDR is
running
GMDR administrator password for the destination GMDR
The corresponding data is assumed and is as follows:

GMDR_src
srchost
GMDR_des
deshost
adminips
You need to logon to the destination MDM workstation named deshost in both
of the following examples:
Example with more control

To export the node into a temporary file, enter the following command:
/opt/MagellanNMS/bin/exportautoacklist srchost GMDR_src
> /tmp/aanodelist.tmp
An example of the /tmp/aanodelist.tmp output file, is similar to the following
output file:
EM ATLANTA SHELF $ CARD 3
EM ATLANTA SHELF $ CARD 5

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 314 -
EM SYDNEY SHELF $ CARD 1

EM TOKYO ATMIF 11
Attention: Some empty lines are acceptable and can be ignored properly
by the GMDR server.
The administrator can now make any changes by editing this file.
Then, copy over the temporary Auto-acked node list file as the Auto-ack
configuration file. In this example, the destination GMDR is GMDR_des, and
its Auto-ack configuration file is as follows:
/opt/MagellanNMS/cfg/GMDRAutoAck_des.cfg
To back up the existing configuration file and copy over the new file, enter the
following command:
cd /opt/MagellanNMS/cfg
/bin/mv GMDRAutoAck_des.cfg GMDRAutoAck_des.cfg.bak
/bin/cp /tmp/aanodelist.tmp GMDRAutoAck_des.cfg
To reload the auto-ack configuration file, run the following script:
/opt/MagellanNMS/bin/loadautoacklist adminips GMDR_des
Example with more automation
To perform an example with more automation, enter the following commands
on MDM workstation deshost:
/bin/mv /opt/MagellanNMS/cfg/GMDRAutoAck_des.cfg /opt/
MagellanNMS/cfg/GMDRAutoAck_des.cfg.bak
/opt/MagellanNMS/bin/exportautoacklist srchost GMDR_src

> opt/MagellanNMS/cfg/GMDRAutoAck_des.cfg
/opt/MagellanNMS/bin/loadautoacklist adminips GMDR_des

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Customization tasks for DPN network
elements
Use the tasks listed below to customize DPN network elements.
Navigation
Configuring servers for DPN (page 316)
Configuring DPN alarm clearing (page 342)
Configuring server alarm distribution and workstation status probing for
DPN network elements (page 349)
Configuring the Disruptive Command Safeguard (page 357)
Configuring automatic DBNL disabling (page 361)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Configuring servers for DPN
This section describes how to configure Nortel Multiservice Data Manager
servers on a workstation to support the following basic functions in networks
that contain DPN network elements:
network access: lets users log on to Operations Agents (OAs) in the
Network Control System (NCS) to perform operations such as
provisioning or troubleshooting
surveillance access: lets Multiservice Data Manager gather alarm-based
surveillance information automatically from NCS
provisioning access: lets users upload and download Master Control Files
(MCFs) from network elements
Although it is possible to configure servers to support one or two of these

functions, all three are required in most installations. For information about
servers, see the Roadmap to Multiservice Data Manager servers in Nortel
Multiservice Data Manager AdministrationFundamentals (NN10470-305).
Navigation
Servers required to support network access, surveillance access, and
provisioning access (page 317)
Planning OA groups (page 317)
Grouping OAs for network access (page 318)
Guidelines for grouping OAs for surveillance access (page 321)
Adding DMDR server redundancy for surveillance access (page 324)
Distributing servers among workstations on a LAN (page 326)
Task list for configuring servers (page 326)
Configuring the NCS hierarchy for surveillance (page 327)
Configuring the NCS hierarchy for surveillance (page 327)
Configuring and starting the servers (page 335)
Setting up special processing of alarms (page 338)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 317 -
Preloading CNMIDs to filter status records (page 339)

Setting up CNMIDs for VPNs (page 340)
Servers required to support network access, surveillance access,

and provisioning access
The figure Interdependencies of servers in networks containing DPN
(page 318) shows the Nortel Multiservice Data Manager servers that need to
be configured to support the basic functions of DPN network, surveillance,
and provisioning access, and it illustrates the dependencies between the
servers.
The servers that need to be configured to support these functions are as

follows:
NCS Communications Manager (NCSMGR)
Host Group Directory Server (HGDS)
DPN Management Data Router (DMDR)
General Management Data Router (GMDR)
Data Manager Agent (DMA)
Provisioning File Access Server (PFAS)
Provisioning File Access Server (PFAS) for software download
For detailed descriptions of these servers, see Nortel Multiservice Data

Planning OA groups
This section explains the reasons for setting up (OA) groups and provides
guidelines to plan OA groups.
Access is required to OAs in the network for

network access: to let an operator or an administrator log on to an OA from
the Command Console and perform operations, such as provisioning or
troubleshooting
surveillance access: to let the DPN Management Data Router (DMDR)
server log on to OAs to obtain alarms and status records (alarm-based
surveillance information) from the DPN nodes in the network
An OA group is a set of OAs that are defined as a group in Nortel Multiservice

Data Manager configuration files. The following sections describe how to
arrange OAs into groups for network and surveillance access.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 318 -
Interdependencies of servers in networks containing DPN
GMDR IMDR
DMDR DMA
HGDS
NSCMGR PFAS
CCIF
DPN network
OA
Data
Control
Servers that you must configure manually
Servers that are configured automatically
network access servers
surveillance access servers
provisioning access servers
Grouping OAs for network access

The concept of an Operations Agents (OA) group containing OAs that have a
common NCS capability ID and password only applies to OAs used for
surveillance access. A user at the Command Console may view a list of
individual OAs to log into using separate NCS Capability IDs and passwords.
A list of OA groups that a user can log into is not displayed on Command
Console.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 319 -
To be managed by Nortel Multiservice Data Manager, all OAs must belong to

an OA group. You must define at least one OA group for network access and
this OA group must contain at least one OA as its member.
There is no advantage in creating more than one group of OAs for network
access because the Command Console only displays the names of individual
OAs you can log in to. Define only one OA group for network access, called
for example ALLOAS, that has all OAs in the network as its members.
Grouping OAs for surveillance access

Grouping OAs for surveillance access requires an understanding of how
surveillance information is obtained from the network. This section outlines
how the network obtains surveillance information from the OAs in the network,
and contains guidelines for grouping OAs.
How surveillance information is obtained from the network

The figure How the filtering of surveillance information is set up (page 321)
shows the sequence followed to obtain alarms and status records information
from the OAs in a surveillance group.
1 The DMDR server logs in to all of the OAs in a surveillance group with a
common NCS capability ID and password that it obtains from arguments
in its startup command.
2 The NCS on each OA authenticates the user id and password, and returns
a customer network identifier (CNMID).
To perform its filtering function, a DMDR server needs to obtain alarms
and status records from all devices monitored by all OAs in the
surveillance group. For a DMDR server to receive them, the common NCS
capability ID and password must be defined on all OAs for it to be able to
obtain the required surveillance information and cause all OAs to return a
CNMID of 0.
When you are logged in, the DMDR server receives alarms and status
records automatically from all of the OAs in the surveillance group.
3 To obtain surveillance information from a DMDR server, a client
application, such as the GMDR server, registers with the DMDR server.
This registration request also includes an NCS capability ID and password
which can set up using the GMDR Administration tool.
4 The DMDR server passes the NCS capability ID and password contained
in the registration request to one of the OAs in the surveillance group for
authentication.
5 The NCS authenticates the NCS capability ID and password, and returns
a customer network identifier (CNMID) to the DMDR server. The DMDR
server stores the CNMID for filtering purposes.
The set up is now complete.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 320 -
The OA then forwards surveillance information to the workstation. The DMDR

server filters the surveillance information for the client application (GMDR)
according to client applications CNMID.
For a client application to receive surveillance information from devices

monitored by the OAs in the surveillance group, the NCS capability ID and
password provided by the client application must cause the OA to return a
CNMID of 0. For virtual private networks (VPN) where a customer only
receives information about the devices in the VPN, the NCS capability ID and
password must cause the OA to return a CNMID other than 0, and one that is
unique to the VPN.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 321 -
How the filtering of surveillance information is set up
Client application
(GMDR server) DMDR server OA
Setup begins
DMDR server
is started 1
NCS Capability ID
and password from
DMDR servers Authentication
startup command
2
GMDR server CNMID of 0
is started
GMDR admin
tool is used to
associate
DMDR server 3
with GMDR 4
server Registration
request NCS Capability ID
(NCS Capability ID, and password
password) Authentication
5
CNMID of 0 for
all devices or
other CNMID
for a VPN
Setup is complete and surveillance begins
Alarm or status
record is
generated
Filter according Alarm or status

to CNMID record
Filtered alarm
or status record
Guidelines for grouping OAs for surveillance access

The guidelines for the number of groups are as follows:
You must define at least one surveillance group.
You can define more than one surveillance group.
Dividing OAs into several surveillance groups allows you to split up
surveillance gathering into regions. This maintains the performance of
surveillance gathering activities in large networks that contain many OAs.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 322 -
To manage surveillance on a regional basis, you could define surveillance

groups that gathers alarms and surveillance information in the east
network and the west network. This setup provides redundancy for
surveillance gathering activities, if a DMDR server fails. A method for
providing redundancy is described in Adding DMDR server redundancy
for surveillance access (page 324).
The guidelines for NCS capability IDs and passwords are as follows:
At least one common NCS capability ID and password must be defined on
all OAs in a surveillance group. This common NCS capability ID and
password must authenticate in the same way on all OAs. On all OAs it
must be defined with the same scope and impact, and return the same
CNMID.
For security reasons, the minimum impact let the DMDR server obtain
alarms and status records is passive.
For the DMDR server to receive alarms and status records from all
components monitored by the OAs in its surveillance group, the CNMID
returned in response to the common NCS capability ID and password in a
DMDR servers startup command must be CNMID 0.
For a client application to receive alarms and status records from all
components monitored by the OAs in a surveillance group, the CNMID
returned in response to the client applications NCS capability ID and
password must also be CNMID 0.
For a client application which monitors components in a virtual private
network to only obtains alarms and status records from the components
that belong to the customers VPN, the CNMID returned in response to the
client applications NCS capability ID must be a CNMID other than 0. The
CNMID must also be unique to the customers VPN.
When the DMDR server and the client application (GMDR) need to
receive the information from the components monitored by all OAs in a
surveillance group, you can use the same NCS capability ID and password
for the DMDR servers startup command and for the surveillance access
by the client application (GMDR). The CNMID returned by the NCS
capability ID and password must be CNMID 0.
When the client application obtains surveillance information for a VPN,
and only needs to receive this information from the components in that
VPN, the NCS capability ID and password provided by the client
application cannot be the same as the NCS capability ID and password in
the DMDR servers startup command. The NCS capability ID and
password provided by the client application must be different, and must
authenticate in the same way on all OAs on which it is defined The CMNID
it returns must also be a CNMID other than 0.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 323 -
The guidelines for DMDR servers are as follows:

There must be one DMDR server for each surveillance group.
The names of surveillance groups must be unique on a workstation. For
example, you cannot have two groups called EAST on the same
workstation. You can, however, duplicate the names of surveillance
groups on different workstations.
The guidelines for OA hierarchy are as follows;

To ensure that a DMDR server continues to receive surveillance
information when a device or OA nodes to a backup OA, the group of OAs
being accessed by the DMDR server must be closed under backup. When
any device or OA being monitored through the DMDR server nodes to its
backup OA, the server must still be able to obtain alarms and status
records through the backup OA. For examples of OA groups, see the
figure Simple examples of OA groups that are closed and open under
backup (page 324)
To keep the transfer of duplicate status records to a minimum, an OA and
its backup OA should be at the same level in the OA hierarchy.
Ensure that OAs you choose to form a surveillance group actually provide
status records for all of the components to be surveilled. As status records
percolate up an OA hierarchy, some of them may be filtered out at various
OAs.
All OAs that provide surveillance information to a surveillance group must
be configured so that they have an Active Alarm List (AAL).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 324 -
Simple examples of OA groups that are closed and open under backup
OA group closed under backup OA group open under backup

When any device changes to its When OA7 changes to its backup
backup OA, or any OA changes to OA (OAf) the DMDR server no longer
its backup OA, the DMDR still receives receives surveillance information for
surveillance information for all devices devices 1 and 2
monitored by the group.
DMDR DMDR
closed OA group open OA group
OAa OAb OAc OAd OAe OAf
OA1 OA2 OA3 OA4 OA5 OA6 OA7 OA8
1 2
main path
path under backup
device
Adding DMDR server redundancy for surveillance access

If you have two or more Nortel Multiservice Data Manager workstations
connected through a LAN, you can add redundancy for surveillance gathering
by discarding duplicate surveillance information that the GMDR server
receives from DMDR servers.
To achieve redundancy, you can create duplicate surveillance groups on each

workstation, and run a separate DMDR server on each workstation, as shown
in the figure DMDR server redundancy (page 325). Then, using the GMDR
Administration tool, you can set up the GMDR server on each workstation to
gather surveillance information from the DMDR servers on both workstations.
See the description of the GMDR Administration tool in Nortel Multiservice
Data Manager AdministrationTools (NN10470-300) for more information.
The GMDR server receives alarms from the DMDR servers on both
workstations, and displays the alarms once. The GMDR server discards
duplicate alarm notifications. If one of the DMDR servers fail, the GMDR

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 325 -
server continues to receive surveillance data from its redundant DMDR

server, without producing an impact on the fault tools that rely on this
information.
Example: Adding DMDR server redundancy

The figure DMDR server redundancy (page 325) shows a network containing
three OAs that are monitored by two standalone Nortel Multiservice Data
Manager workstations connected through a LAN. Identical groups called G1
are defined on both workstations. Separate DMDR servers are on each
started workstation to retrieve surveillance data from the groups. The startup
command for each DMDR server includes the server name DMDR-G1.
Using the GMDR Administration tool, each GMDR server is configured to

receive surveillance data from the DMDR server on its own workstation and
from the DMDR server on the redundant workstation through the LAN
connection.
The GMDR server on workstation A discards duplicate data from the DMDR
servers. If server DMDR_G1 fail on workstation A, the GMDR server on
workstation A still gets the same surveillance data from the redundant DMDR
server through its LAN connection to workstation B. Similar but opposite
redundancy applies to the GMDR server on workstation B.
DMDR server redundancy
LAN
Workstation A Workstation B
GMDR GMDR
DMDR_G1 DMDR_G1
OA group G1 Duplicate
OA OA OA OA group G1

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 326 -
Distributing servers among workstations on a LAN

For small networks, all of the servers that support DPN network access,
surveillance access, and provisioning access can run on the same
workstation.
For medium and large networks, servers can be deployed among

workstations connected by the same Ethernet LAN or by a WAN IP
connection. This is can be done to
distribute the workload over workstations to improve performance
permit effective use of older, less powerful workstations with new more
powerful workstations
add redundancy and resiliency for fault management
The following guidelines apply to deploying the servers for DPN network
access, surveillance, and provisioning access over multiple workstations:
The following servers must run on a workstation that provides network
access (a workstation that has an X25 link to the network): HGDS,
NCSMGR, and PFAS.
The DMDR server must run on the workstation that provides network
access by default. You can run it on another workstation, provided that you
specify the hostname of the workstation that runs the network access
server, as part of the DMDR servers startup command. However doing so
is not recommended because of the increase in network traffic (X.25 and
IP) traffic that is entailed by this arrangement.
The GMDR server can run on any workstation on the LAN, provided the
workstation can handle traffic to the server. To ensure that the GMDR
server receives surveillance information, you must use the GMDR
Administration tool to specify the DMDR server (or servers) from which the
GMDR server is to obtain the surveillance information.
The DMA server can perform server surveillance, workstation
surveillance, or global alarm clearing. For information on the DMA server,
see Nortel Multiservice Data Manager AdministrationServer
If the DMA server performs workstation surveillance or global alarm
clearing, it must reside on a workstation that provides network access.
Task list for configuring servers

Use the following procedure to locate the tasks needed to configure servers
to support DPN network access, surveillance, and provisioning access. For
initial installations, you can use this procedure, or you can use Nortel
Multiservice Data Manager Software Configuration tool, as described in
Nortel Multiservice Data Manager Installation and CommissioningSoftware
(NN10470-100).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 327 -
Before you begin this procedure, you must have installed and configured
SunLink X.25 software on the workstation.
1 Plan the OA groups for DPN network access and DPN surveillance. See
Planning OA groups (page 317).
2 Configure the NCS hierarchy to support DPN surveillance. See
Configuring the NCS hierarchy for surveillance (page 327).
3 Create the OA groups. See Defining the OA groups and OA members
(page 328).
4 Configure and start the NCSMGR, HGDS, DMDR, GMDR, DMA, and
PFAS servers. See Configuring and starting the servers (page 335).
Configuring the NCS hierarchy for surveillance
1 Read Grouping OAs for surveillance access (page 319).

2 Choose the level in the OA level in the hierarchy at which the DMDR server
is going to connect. Assume that all the OAs at the level you selected are
going to form one surveillance group.
3 Ensure that each OA and its backup OA are at the same level in the NCS
hierarchy. Redefine the structure of the hierarchy if necessary.
4 Ensure that an Active Alarm List (AAL) is configured on each OA in the
surveillance group.
5 Ensure that at least one common NCS capability ID and password is
assigned on all OAs in the group, and that all OAs authenticate it in the
same way.
6 Verify that the OAs at the level you selected to form the surveillance group
are closed under backup by looking at each device and OA and pretend
that it is using its backup OA. The DMDR server should still get alarms and
status records from the device or OA. If not, add or remove OAs from the
group until this criteria is met. See the figure, Simple examples of OA
groups that are closed and open under backup (page 324).
7 If a network is large and it contains many OAs, you can split surveillance
gathering between DMDR servers on different workstations to preserve
surveillance gathering performance. You must verify that all the OAs are
closed under backup.
You are now ready to create OA groups. See Defining the OA groups and OA
members (page 328).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 328 -
Defining the OA groups and OA members

This section describes how to define the DPN-100 network configuration on a
Nortel Multiservice Data Manager host using the Host Group Administration
tool.
The following topics are discussed in this section
Launching the Host Group Administration tool

Launch the Host Group Administration tool using one of these methods.
Attention: The Host Group Administration tool does not allow simultaneous
administration sessions.
Access from MDM window
1 From the MDM main window, select System -> Administration -> Host
Group Administration.
The Host Group Administration window opens.
If the file /opt/MagellanNMS/cfg/HGDS.cfg exists, the contents are
displayed.
Access from the command line

Steps
1 From a UNIX xterm, type
/opt/MagellanNMS/bin/hgadmin &
The Host Group Administration window opens.
If the file /opt/MagellanNMS/cfg/HGDS.cfg exists, the contents are
displayed.
Figure Host Group Administration window (page 329) shows an example of

this window.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 329 -
Host Group Administration window
Loading and merging a remote HGDS file

Steps
1 Select the DPN tab.
2 Select File -> Load and Merge Remote Host Group File.
The Load and Merge Remote Host Group File dialog opens.
3 Type the name of the remote Multiservice Data Manager host in the data
entry box Remote Workstation.
4 Type a userID to access the remote MDM host in the data entry box User
ID.
5 Type a password for the User ID in the data entry box Password.
6 Click OK.
The Load and Merge Remote Host Group File dialog closes.
The remote HGDS file information is displayed.
If a local HGDS file is currently displayed, the Host Group Administration
tool merges the HGDS information from the remote host with the HGDS
information on the local host. Merge conflicts are identified. You are
provided the option of accepting the new information or retaining the
current window contents.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 330 -
Clearing the window data

Steps
2 Select File -> Clear All Data.
The Clear All Data dialog opens.
3 Click OK.
The Clear All Data dialog closes.
All of the Host Group Administration window panels are cleared of data.
Adding a DPN OA
Steps
2 Click Add below the panel DPN OA Table
(or select Options -> DPN OA Table Options -> Add DPN OA).
The Add New DPN OA dialog opens.
3 Type the OA member name in the data entry box OAMember.
4 Type the Workstation Management Data Interface (WS_MDI) in the data
entry box NAME.
5 Type the Data Network Address (DNA) used to access the WS_MDI in the
data entry box DNA.
6 Type the Closed User Group (CUG) to which the WS-MDI belongs in the
data entry box CUG.
7 Type the default size of data packets transmitted between the Multiservice
Data Manager host and the WS-MDI.in the data entry box PktSz.
The packet size is one of: 128, 256, or 512. The default is 256.
8 X.75 links are used to interconnect two packet network, either public or
private.
If the connection between the host and the OA passes through an X.75
link type Y in the data entry box X75.
If the connection between the host and the OA does not pass through an
X.75 link type N in the data entry box X75.
9 Type the Recognized Private Operating Agency (RPOA) that owns the
X.75 link to the WS-MDI in the data entry box RPOA.
This data entry box can only be updated if an X75 link was specified in
step 8.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 331 -
10 Click OK.
The Add New DPN OA dialog closes.
The new DPN OA is added to the DPN OA Table.
Changing a DPN OA definition

Steps
2 Select the DPN OA in the DPN OA Table.
3 Click Edit below the panel DPN OA Table
(or select Options -> DPN OA Table Options -> Edit OA).
The Edit DPN OA dialog opens.
4 Type the OA member name in the data entry box OAMember.
5 Type the Workstation Management Data Interface (WS_MDI) in the data
entry box NAME.
6 Type the Data Network Address (DNA) used to access the WS_MDI in the
data entry box DNA.
7 Type the Closed User Group (CUG) to which the WS-MDI belongs in the
data entry box CUG.
8 Type the default size of data packets transmitted between the host and the
WS-MDI.in the data entry box PktSz.
The packet size is one of: 128, 256, or 512. The default is 256.
9 X.75 links are used to interconnect two packet network, either public or
private.
If the connection between the host and the OA passes through an X.75
link type Y in the data entry box X75.
If the connection between the host and the OA does not pass through an
X.75 link type N in the data entry box X75.
10 Type the Recognized Private Operating Agency (RPOA) that owns the
X.75 link to the WS-MDI in the data entry box RPOA.
This data entry box can only be updated if an X75 link was specified in
step 8.
11 Click OK.
The Edit DPN OA dialog closes.
The updated DPN OA information is replaced in the DPN OA Table and in
all of the DPN OA groups of which it is a member.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 332 -
Removing a DPN OA
Steps
3 Click Delete below the panel DPN OA Table
(or select Options -> DPN OA Table Options -> Delete DPN OA).
The Delete DPN OA dialog opens.
4 Click OK.
The Delete DPN OA dialog closes.
Attention: The DPN OA is removed from the DPN OA Table and from all of
the DPN OA groups of which it is a member.
Displaying DPN OA attributes

Steps
The following DPN OA attributes are displayed in the DPN OA Attributes
panel:
OA member name
Workstation Management Data Interface (WS_MDI)
Data Network Address (DNA)
Closed User Group (CUG)
the default size of data packets
the X75 setting
the Recognized Private Operating Agency (RPOA)
DPN OA groups that include this DPN OA as a member
Adding a DPN OA group

Steps
2 Click Add below the panel DPN OA Groups panel
(or select Options -> DPN OA Group Options -> Add DPN OA group).
The Add New DPN OA Group dialog opens.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 333 -
3 Type the DPN OA group name in the data entry box DPN OA Group
Name.
4 Click OK.
The Add New DPN OA Group dialog closes.
The new DPN OA group is added to the DPN OA Groups panel.
Adding a DPN OA to a DPN OA group

Steps
3 Select the DPN OA group in the DPN OA Groups panel.
The button Add DPN OA <DPN OA> to group <group_name> below the
DPN OA Attributes panel is activated.
4 Click Add DPN OA <DPN OA> to group <group_name>
(or select Options -> DPN OA Table Options -> Add DPN OA to Group).
The DPN OA is added to the group and is displayed in the DPN OA Group
Members panel.
There is no restrictions on the number of DPN OAs in a group.
Removing a DPN OA from a DPN OA group

Steps
The DPN OAs that belong to the selected group are displayed in the DPN
OA Group Members panel.
3 Select the DPN OA in the DPN OA Group Members panel.
The button Remove DPN OA <DPN OA> from group <group_name>
below the DPN OA Group Members panel is activated.
4 Click Remove DPN OA <DPN OA> from group <group_name>
(or select Options -> DPN OA Group Options -> Remove DPN OA from
Group).
The Remove DPN OA from group dialog opens.
5 Click OK.
The Remove DPN OA from group dialog closes.
The DPN OA is removed from the group and is no longer displayed in the
DPN OA Group Members panel.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 334 -
Attention: Removing a DPN OA from a group does not remove the DPN OA
from other groups and does not remove the DPN OA from the DPN OA Table.
Removing a DPN OA group

Steps
The DPN OAs that belong to the selected group are displayed in the DPN
OA Group Members panel.
3 Click Delete below the panel DPN OA Groups panel
(or select Options -> DPN OA Group Options -> Delete Group).
The Delete DPN OA Group dialog opens.
4 Click OK.
The Delete DPN OA Group dialog closes.
The DPN OA group is no longer displayed in the DPN OA Groups panel.
Attention: Removing a group does not remove the group members from
other groups and does not remove the group members from the DPN OA
Table.
Saving the HGDS file

Steps
2 Select File -> Save.
The Save Host Group File dialog opens.
3 If there is a DPN entry that does not belong to a group, you are prompted
whether you wish to keep this DPN.
4 Click Keep or if there is more than one DPN that you wish to keep, click
Keep All.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 335 -
5 Click OK.
The Save Host Group File dialog closes.
The current version of the file /opt/MagellanNMS/cfg/HGDS.cfg is saved
with a time-stamped suffix.
The contents of the Host Group Administration window are written to the
file /opt/MagellanNMS/cfg/HGDS.cfg on the local Multiservice Data
Manager host and the file is saved.
The HGDS.cfg data is loaded with the HGDS the next time the HGDS is
started.
Attention: The Host Group Administration tool will not allow the file
HGDS.cfg to be updated if mandatory data is missing or is incorrect.
6 If the HGDS is currently running, the Reload HGDS Configuration dialog

opens with the prompt
Do you want to signal the related MDM servers to reload
the HGDS configuration now?
Click Yes to restart the servers.
Click No to restart the servers at another time using the
MDM Server Administration (SVMADM) tool.
Closing the Host Group Administration tool
Steps
2 Select File -> Exit.
If no updates have been made to the Host Group Administration window
contents, the Host Group Administration window closes.
If updates have been made to the Host Group Administration window
contents, the Save Host Group File dialog opens (see Saving the HGDS
file (page 334)).
Configuring and starting the servers

Use the following procedure to configure and start the servers required to
support DPN network access, surveillance, and provisioning access.
For initial installations, use this procedure, or you can use Nortel Multiservice
Data Manager Software Configuration tool, as described in Nortel
Multiservice Data Manager Installation and CommissioningSoftware
(NN10470-100).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 336 -
Steps
1 If you have several workstations running Multiservice Data Manager that
are connected to the same LAN, read the following sections before you
begin:Adding DMDR server redundancy for surveillance access
(page 324) and Distributing servers among workstations on a LAN
(page 326).
2 Log in as root.
Attention: The root account must be set up to run as described in UNIX

account configuration for MDM (page 23).
3 Using the Server Administration tool, set up the NCSMGR, HGDS,

GMDR, IMDR, DMA and PFAS servers to start up automatically when the
workstation is rebooted. See adding a new server in Nortel Multiservice
Data Manager AdministrationTools (NN10470-300).
Management (NN10470-310) for the server startup commands:
NCSMGR, HGDS, GMDR, IMDR, and DMA.
If you are going to be performing software downloading, start a second
instance of the PFAS server using the -n swdld option in the PFAS servers
startup command.
4 Using the Server Administration tool, create one DMDR server for each
OA group for network access and one DMDR server for each surveillance
group. Ensure that you set them to start automatically when the
workstation is rebooted.
For each DMDR server, include the following parameters in its startup
command:
-g <OA group name> -c <NCS Capability ID> -p <password>
where:
<OA group name>
is the name of the surveillance group that the DMDR server monitors
<NCS Capability ID> and <password>
are the NCS capability ID and password for the common account that the
DMDR server uses to obtain surveillance information from the OAs in the
surveillance group
For a full set of the parameters that can be used in the startup command
for the DMDR server, see Nortel Multiservice Data Manager

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 337 -
5 Using the GMDR Administration tool, configure GMDR to access the

servers you created to obtain surveillance information.
For each DMDR server, you must provide:
Server Name the name of the surveillance data (DMDR) server in the
form DMDR_<group_name>
Host Name the host name or the IP address of the workstation on which
the DMDR server is running
User/CapabilityID and Password the NCS capability ID and
password to be used by the GMDR server for authentication upon
connection to the OAs in the surveillance group
For a subordinate GMDR server you must provide:
Server Name the name of the subordinate GMDR server in the form
GMDR or GMDR_<service name>
the GMDR server is running
For each IMDR server you must provide
Server Name the name of the IMDR server in the form IMDR or
IMDR_<service name>
the IMDR server is running
For a DMA server that is providing global alarm clearing for DPN, you must
provide:
Server Name DMASERVER
Host Name localhost or the IP address of the workstation on which the
See the description of the GMDR tool in Nortel Multiservice Data Manager
AdministrationTools (NN10470-300) for the instructions to complete this
task.
Configuring the servers to support DPN network access, surveillance, and

provisioning access is complete. For a list of the servers that can be
configured to support other functions, see the Roadmad to Multiservice Data
Manager servers in Nortel Multiservice Data Manager Administration

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 338 -
Setting up special processing of alarms

Use the procedure in this section to set up a DMDR server to perform special
processing treatments on alarms received from the NCS.
Some alarms require special processing for reasons, such as

the DPN associates a special meaning to the fault code. For example, for
Dial Backup Network Link (DBNL) deactivation alarms.
customer management practices require that an alarm be assigned a
different severity than the one set by the network element
The DMDR server provides a method to use the information stored in an alarm
exceptions file to perform special processing on incoming alarms. By default,
the DMDR server uses the information stored in alarm exceptions file
/opt/MagellanNMS/cfg/DMDRAlarmExcep.cfg. For the DMDR server to use
an alarm exceptions file other than the default, start the DMDR server with the
argument -e <exceptions file name>, where <exceptions file name> is the
absolute path name for the alarm exceptions file.
For information about the structure of the entries in the alarm exceptions file,
see the section on configuring the file /opt/MagellanNMS/cfg/
DMDRAlarmExcep.cfg in Nortel Multiservice Data Manager Administration
Server Management (NN10470-310).
Steps
1 Log in as root.

2 Using a UNIX editor such as vi, edit the contents of the alarm exceptions
file so that it performs the special alarm treatment you require.To configure
the file /opt/MagellanNMS/cfg/DMDRAlarmExcep.cfg, see Nortel
(NN10470-310).
3 Using the Server Administration tool, stop the DMDR server.
To stop a server using the Server Administration tool, see access view
mode in Nortel Multiservice Data Manager Administration

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 339 -
4 To use an alarm exceptions file other than the default, edit the startup
command for the DMDR server with the Server Administration tool so that
the startup command includes the absolute path name of your alarm
exceptions file. To use the default alarm exceptions file
(/opt/MagellanNMS/cfg/AlarmExcepts.cfg), skip this step.
To edit a server with the Server Administration tool, see Editing a server in
Nortel Multiservice Data Manager AdministrationTools (NN10470-300).
5 Using the Server Administration tool, restart the DMDR server.
Preloading CNMIDs to filter status records

Use the procedure in this section to preload CNMIDs into a file to provide a
DMDR server with the means to begin filtering status records from
components that belong to a customers virtual private network (VPN) without
first having to receive alarms from those components.
To obtain surveillance information from a DMDR server, a client application

such as the GMDR server registers with the DMDR server. This registration
request includes an NCS capability ID and a password. These parameters are
passed on to an OA in the surveillance group for authentication. The NCS
authenticates the NCS capability ID and password, and returns a customer
network identifier (CNMID) to the client application.
For client applications that receive surveillance information from all

components monitored by the OAs in a surveillance group, the NCS capability
ID and password returns a CNMID of 0. For virtual private networks, in which
a customer only gets information about the components that belong to the
VPN, the NCS capability ID and password return a CNMID other than 0, and
that is unique to the customers VPN.
Once DMDR has the CNMID, it begins filtering surveillance information based
on that CNMID. There are two types of surveillance information: status
records and alarms. Alarms received from the OAs in the group include a
CNMID as part of the alarm message, but status records do not.
If an alarm arrives from a component before a status record arrives from that
same component, the DMDR server extracts the CNMID and the component
identifier from the alarm message and stores them. When a subsequent
status record arrives from the same component, the DMDR server uses the
component identifier contained in the status record to look up the
corresponding CNMID and uses that CNMID to filter the status record and
provide it to the correct client application.
If a status record arrives from a component before an alarm arrives from that
same component, the DMDR server cannot determine what CNMID to use for
filtering because the status record does not contain a CNMID. By default,
DMDR server assumes that the CNMID is 0 and passes the status record on

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 340 -
to client applications. For client applications that surveil all components in the
network (their NCS capability ID and password returns a CNMID of 0) this
produces a slight delay. However, for client applications whose CNMID is not
0, which is the case for components in a VPN, this presents a difficulty. In a
network that contains two or more VPNs all client applications receive the
status record, whether or not the component belongs to the VPN.
To overcome any delays and the possibility of a status record being distributed
to all client applications, in all VPNs, the DMDR server uses information
contained in a CNMID file. You can preload this file with information that maps
CNMIDs to their corresponding component identifiers.
By default, the CNMID file is /opt/MagellanNMS/cfg/DMDRCnmid.cfg. To get

a DMDR server to use a CNMID file other than the default, you must start the
DMDR server with the argument -C <CNMID file name>, where <CNMID file
name> is the absolute path name for the CNMID file.
For information about the structure of the entries in the CNMID file, see Nortel
(NN10470-310). Refer to the section to configure the file
/opt/MagellanNMS/cfg/DMDRCnmid.cfg.
Setting up CNMIDs for VPNs

Steps
1 Log in as root.

2 Using a UNIX editor such as vi, edit the contents of the CNMID file to allow
it to map components to CNMIDs.
For a description of the structure of the alarm exceptions file, and the fields
in the file, see Nortel Multiservice Data Manager AdministrationServer
Management (NN10470-310). Refer to the section to configure the file
/opt/MagellanNMS/cfg/DMDRCnmid.cfg.
3 Using the Server Administration tool, stop the DMDR server.
To stop a server using the Server Administration tool, see accessing view
mode in Nortel Multiservice Data Manager AdministrationTools
(NN10470-300).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 341 -
4 If you are not using the default CNMID file

(/opt/MagellanNMS/cfg/DMDRCnmid.cfg), use the Server Administration
tool to edit the startup command for the DMDR server.
To edit a server with the Server Administration tool, see editing a server in
Using the Server Administration tool, restart the DMDR server.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Configuring DPN alarm clearing
This section contains instructions for setting up alarm clearing to allow
operators to do the following:
clear DPN alarms locally on the workstation
clear DPN alarms globally throughout the DPN nodes in a network
For a first time installation you can use the information in this section to set up
alarm clearing, or you can use Nortel Multiservice Data Manager Software
Configuration tool, as described in Nortel Multiservice Data Manager
Installation and CommissioningSoftware (NN10470-100).
Navigation
About alarm clearing (page 342)
How a Multiservice Data Manager operator uses alarm clearing
(page 343)
Setting up local alarm clearing (page 344)
Setting up global alarm clearing for DPN (page 345)
About alarm clearing

This section describes the two types of alarm clearing and the way in which
alarms are collected from the DPN network.
Types of alarm clearing

There are two types of alarm clearing: local alarm clearing and global alarm
clearing.
Local alarm clearing lets an operator clear alarms locally from the GMDR
database on a Nortel Multiservice Data Manager workstation.
Global alarm clearing lets an operator clear SET alarms from the workstation
and from the active alarm lists (AALs) on all Operations Agents throughout
Network Control System (NCS) of the DPN network. The main reason for
removing SET alarms from the AALs is to clean up the lists so that only alarms
of interest to the network operator remain. This makes monitoring easier.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 343 -
Alarm clearing can be initiated in several ways:

from the Alarm Display
from the Component Information Viewer
by entering commands at a VT-100 terminal or in the UI of the Command
Console (CC)
For information about the Alarm Display and the Component Information
Viewer, see Nortel Multiservice Data Manager Fault ManagementTools
(NN10470-011):
For information about the Command Console, see Nortel Multiservice Data
Manager Routine MaintenanceUtilities (NN10470-804)
How alarms from DPN are collected and stored

In the DPN network, alarms from devices and applications in the network
control system (NCS) are routed up the OAs in the NCS hierarchy. SET
alarms are stored in the NCS Active Alarm List (AAL) of each Operations
Agent (OA) in the NCS. These alarms remain in the AAL until the
corresponding alarm has been cleared, or until the alarm is manually deleted.
In both cases the alarm is removed from the AAL.
Lists of active alarms are collected and maintained in the following places:
locally on the workstation in a database associated with the DPN
Management Data Router (DMDR) server and in the GMDR database
in the AALs stored in the Processing Elements (PEs) in the NCS
When the DMDR server connects to an OA in the NCS, it requests a dump of

the AAL and uses it to update the DMDR database with all the current SET
alarms which are not in the DMDR database. Once the connection between
the DMDR server and the OA is established, any SET alarms are
automatically copied to the DMDR and GMDR databases.
Alarms stored in the DMDR and GMDR databases can be cleared with local
alarm clearing [local to the workstation] or with global alarm clearing.
However, alarms stored in the AALs in the NCS can only be cleared by means
of global alarm clearing.
How a Multiservice Data Manager operator uses alarm clearing

An operator using Nortel Multiservice Data Manager can delete alarms from
the AAL with the Component Information Viewer (CIV) tool or the Alarm
Display (AD) tool by selecting a specific alarm with the mouse and selecting
local or global clearing from a popup menu.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 344 -
Both local and global alarm clearing call the manclr process and pass it the
component ID, fault code, the alarm ID, the local/global clear flag, and the
display name associated with alarm to clear.
Local alarm clearing

When an operator selects local clear with CIV or AD tool, the Data Manager
Agent (DMA) server sends a clear request to the DMDR and GMDR
databases. The alarm is then cleared from the DMDR and GMDR databases
on the workstation.
Global alarm clearing

When the operator selects global clear from the CIV or AD tool, the DMA
server sends a clear request to the DMDR and GMDR databases to clear the
alarm local on the workstation. The DMA server also logs on to the top level
OA in the region managed through this workstation using the information
contained in file /opt/MagellanNMS/cfg/DmaClrOA.cfg. It then takes the action
required to clear the alarms through the NCS. For details on how the DMA
server performs this function, see Nortel Multiservice Data Manager
Clearing alarms from a VT100 or from the Command Console

Network operators using VT100 access or the Command Console tool can
delete alarms using the NCS OA MANCLR command with appropriate
parameters
Clearing alarms using the Global Clear tool

The Global Clear tool lets an operator clear SET alarms from Nortel
Multiservice Data Manager servers and from the active alarm lists (AALs) on
the node. The Global Clear tool is initiated from the Alarm menu by selecting
Start Tool ->Fault ->Global Clear of Alarm.
Clearing alarms using Global Clear of Alarm from the Start Tool ->Fault menu
allows only one alarm to be cleared at a time. Using this method, the user
needs an up-front authentication with a node group before globally clearing an
alarm.
Setting up local alarm clearing

For local alarm clearing to work, the GMDR server must be configured and
running on the workstation. No additional configuration is required.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 345 -
Setting up global alarm clearing for DPN

Use the following procedure to set up global alarm clearing for DPN. Setting
up global alarm clearing involves the following main steps:
adding an entry to file opt/MagellanNMS/cfg/DmaClrOA.cfg that provides
Nortel Multiservice Data Manager software with the information required
to log in to the top level OA in the region managed through this workstation
The NCS Capability ID and password in the login information must have
access privileges that are sufficient to permit global alarm clearing.
using the Server Administration tool to start the DMA server with the -c
option
using the GMDR Administration tool to set up the GMDR server to access
the DMA server as one of is subservers
Before setting up global alarm clearing, first ensure that:

The OA definition section of the HGDS server configuration file
(HGDS.cfg) defines an OA Member for the top level OA in the region
managed through this workstation.
An NCS capability ID (log in ID) is set up on the top level OA in the
managed region with a capability, level, and impact of at least:
NAMS Network Service
OA/Device None
Device None
Line None
The Host Group Directory Server (HGDS) and the NCS Communications
Manager (NCSMGR) server are running on the workstation.
Setting up global alarm clearing

Steps
1 Using a UNIX editor, open file /opt/MagellanNMS/cfg/DmaClrOA.cfg for
editing.
:DDDDDDDDDDDD:IIIIIIIIIIII:PPPPPPPPPPPP:

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 346 -
where:
D
is the OA Destination mnemonic. The OA Destination mnemonic
corresponds to the OA Member field for the top level OA in the managed
region as defined in file /opt/MagellanNMS/cfg/HGDS.cfg. In file
HGDS.cfg, the OA Member field contains the name of the Management
Data Interface (MDI) on the OA. Nortel Multiservice Data Manager
workstation connects to this OA to send global alarm clearing request
messages to NCS. This mnemonic must match the OA Member for the top
level OA entered in file /opt/MagellanNMS/cfg/HGDS.cfg.
See the section on OA definitions in Nortel Multiservice Data Manager
I
is the NCS capability id (NCS login ID). The id must have the following
minimum capability, level, and impact:
NAMS Network Service
OA/Device None
Device None
Line None
P
is a password that has the NCS capability ID. Maximum 12 characters.
also be an OA Member called CORENCSIF in file /opt/MagellanNMS/cfg/
HGDS.cfg.
:CORENCSIF:CORENCS:axylt:
Attention: Your user account must be set up run the NMSAdmin toolset at
login to be able to see the Server Administration tool in the menus.
See the Server Administration tool in Nortel Multiservice Data Manager

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 347 -

See Nortel Multiservice Data Manager AdministrationTools
(NN10470-300).
-c option, as follows:
/opt/MagellanNMS/bin/dma -c [<filename>]
where:
-c [<filename>]
is the name of the file that contains the parameters to establish a virtual
circuit to the top level OA in the region managed through this workstation.
If you enter the -c option without a filename, the default file name of
/opt/MagellanNMS/cfg/DmaClrOA.cfg is used.
Tools (NN10470-300).
8 Start the GMDR Server Administration tool from the application main
See logging in as the administrator in Nortel Multiservice Data Manager
10 Click Add.
Host Name: localhost or the IP address of the workstation on which the

to the server. GMDR attempts to reconnect to a server once every thirty

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 348 -
seconds until it is successful, or until the user halts connection attempts

by clicking Disconnect. The state changes to Connected once the
connection is established.
You are now ready to initiate global alarm clearing requests from the
Component Information Viewer or the Alarm Display.
For information on troubleshooting global alarm clearing on DPN, see

Troubleshooting global alarm clearing on DPN (page 287).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Configuring server alarm distribution
and workstation status probing for DPN
network elements
This section contains instructions for setting up the workstation to do the
following:
provide workstation server alarms to the Network Control system (NCS)
that runs on the DPN nodes in your network
set up the NCS so that it probes the workstation to determine the
workstations status
For a first time installation, you can use the information in this section to set
up server alarm distribution and workstation status probing, or you can use the
Nortel Multiservice Data Manager Software Configuration tool, as described
in Nortel Multiservice Data Manager Installation and Commissioning
Software (NN10470-100).
Navigation
About server alarm distribution and workstation status probing (page 349)
Setting up server alarm distribution through NCS and workstation
Troubleshooting server alarm distribution through NCS and workstation
About server alarm distribution and workstation status probing

There are two ways in which you can configure a workstation to distribute
alarms and status changes from its Nortel Multiservice Data Manager servers
to other workstations in the network.
You can configure the workstation to distribute them to a GMDR server that
runs on the workstation, or that runs on another workstation. By setting up a
hierarchy of GMDR servers on the workstations in your network, it is possible
to forward the workstations alarms and status changes to some, or to all of
the Multiservice Data Manager workstations in your network. For a detailed

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 350 -
Configuring server alarm distribution and workstation status probing for DPN network elements
description of how server alarms and status changes are propagated through
GMDR, see Nortel Multiservice Data Manager AdministrationServer
Management (NN10470-310). Also, see the procedure Setting up server
alarm distribution through GMDR in Nortel Multiservice Data Manager
You can also configure the workstation to distribute server alarms and status
changes to the NCS that runs on the DPN nodes in your network by
forwarding them to an OA in the NCS over an X.25 link. The X.25 link connects
to a Control Device Manager on the OA. The NCS propagates these alarms
and status changes throughout the OAs on all DPN modules in the network.
Any workstation that is configured to obtain surveillance information from the
NCS receives these alarms and status changes and can display them. For a
detailed description of how server alarms and status changes are propagated
through NCS, see Nortel Multiservice Data Manager AdministrationServer
Management (NN10470-310). This method of alarm distribution only applies
to networks that contain DPN.
When setting up a connection to an OA to allow the workstation to have its

server alarms and status changes distributed throughout network, it is also
possible to specify a probing interval that is sent to the NCS in the data
packets used to set up the connection over the X.25 link. The NCS uses the
probing interval information to poll the workstation at regular intervals. After
every poll, the NCS waits for an acknowledgment. If the NCS does not receive
an acknowledgment, it creates a workstation alarm and propagates this alarm
throughout the OAs in the NCS. Any workstation that is configured to obtain
surveillance information from the NCS receives this alarm and can display it.
For a detailed description of how server alarms and status changes are
propagated using NCS, see Nortel Multiservice Data Manager
Setting up server alarm distribution through NCS and workstation

surveillance using NCS status probing
Use the following procedure to set up server alarm distribution through NCS
and, optionally to set up NCS probing of the workstations status.
Before you start, you must first ensure that

The HGDS and NCS Communications Manager (NCSMGR) servers are
configured and running.
Setting up server alarm distribution through NCS and workstation surveillance

using status probing involves the following main steps:
editing file /opt/MagellanNMS/cfg/DmaOA.cfg to add the information that
the DMA server needs to connect to the NCS

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 351 -
starting the DMA server with arguments in its startup command to perform
server alarm distribution and optionally, to have the NCS probe the
workstation
Setting up server alarm distribution through NCS and surveillance using

NCS status probing
Steps
1 Using a UNIX editor, open file /opt/MagellanNMS/cfg/DmaOA.cfg for
editing.
:DDD ... D:OO ...O:AAA ... A:CC:PPP:X:R:RPOA:
where:
D
is the Destination mnemonic. Maximum 12 characters
O
is the mnemonic of the NCS OA containing the destinations Control
Device Manager. Maximum 12 characters. This mnemonic must match the
OA name entered in the Name field of an OA Member in file /opt/
MagellanNMS/cfg/HGDS.cfg.
A
is the DNA of the Control Device Manager. Maximum 16 characters.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 352 -
Attention: This is not the same as the DNA of the MDI access DNA.
C
is the CUG index of the Control Device Manager. Maximum 2 digits.
P
is the packet size on the VC. (Use 128, 256, or 512). Maximum 3 digits.
X
specifies whether the call is to be routed over X.75. Can be Y or N.
If N, then R and RPOA are ignored.
R
specifies whether the calls are to be routed over the X.75 facilities of a
Remote Private Operating Agency (RPOA). Can be Y or N.
If N, the RPOA is ignored.
RPOA
is a code that identifies the RPOA. 4 (BCD) digits.
Example:
:CORENCSIF:CORENCS:3021015008:01:512:N:
4 Using the Server Administration tool, stop the DMA server if it is already
running.
(NN10470-300).
5 Edit the server information so that the DMA server starts up automatically
with the following command whenever the workstation is rebooted.
/opt/MagellanNMS/bin/dma \
-d [<filename] \

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 353 -
where:
-d [<filename]
is the name of a file that contains the parameters needed to establish a
connection to an OA. The connection is to be used for server alarm
distribution through NCS and workstation surveillance using NCS status
probing. If you specify the -d option without a file name, the default file /
opt/MagellanNMS/cfg/DmaOA.cfg is used.
specifies that status probing is to be performed for workstation
surveillance. The <probing interval> is the interval in minutes at which
NCS probes the workstation and it must be an integer with a minimum
value of 1. If you do not specify the <probing interval>, the default NCS
status probe interval of five minutes is used.
6 Restart the DMA server.
(NN10470-300).
Server alarm distribution through NCS with or without workstation NCS status
probing is now configured.
Troubleshooting server alarm distribution through NCS and

If server alarm distribution (with or without NCS status probing) does not work
once you have configured it, the most likely causes are configuration errors on
the Nortel Multiservice Data Manager workstation. These are as follows:
the DMA server is stopped or has not been started with the -d option
if workstation surveillance using NCS status probing is desired, the DMA
server has not been started with the -p option
the NCS OA mnemonic (O) field in file /opt/MagellanNMS/cfg/DmaOA.cfg
contains an OA name that does not appear the Name field of an OA
Member defined in file /opt/MagellanNMS/cfg/HGDS.cfg
the configuration parameters are incorrect in file /opt/MagellanNMS/cfg/
DmaOA.cfg
Use the following procedure to troubleshoot the server alarm distribution

through NCS and workstation surveillance using NCS status probing.
Before beginning this procedure you will need an NCS Capability ID (logon ID)
and password that allows you to log into the OA through which workstation
server alarms are to be distributed.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 354 -
Isolating a problem with server alarm distribution through NCS, and

Steps
2 Look for the DMA server in the servers list and double-click on it to view
The server must be Running, must be set to start at reboot, and the startup
command must include the -d option. If workstation surveillance through
NCS status probing is desired, the startup command must also include the
-p option.
If the server information is correct and the server is running, go to step 7.
If the server information is correct but the server is not running, click on the
DMA server in the server list, and select Start from the pop-up menu. Then
go to step 7.
step 3.
running.
See accessing view mode in Nortel Multiservice Data Manager
Tools (NN10470-300).
-d option.
If you need to have workstation surveillance through NCS status probing,
ensure that the startup command also contains the -p option. The
command syntax is as follows:
/opt/MagellanNMS/bin/dma -d [<filename>] \
[-p [<probing interval]]

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 355 -
7 Using a UNIX editor, open file /opt/MagellanNMS/cfg/DmaOA.cfg and

write down the mnemonic of the NCS OA (OA name), and the DNA of the
Device Control Manager. You will need this information later.
Example:
Mnemonic of the destination OA (OA name) = CORENCS
DNA of the Device Control Manager = 2862015009
8 Using a UNIX editor, open file /opt/MagellanNMS/cfg/HGDS.cfg and look
for an OA Member whose Name field matches the mnemonic of the
destination OA from file /opt/MagellanNMS/cfg/DmaOA.cfg (CORENCS in
the example).
If there isnt one, define an OA Member in file /opt/MagellanNMS/cfg/
HGDS that corresponds to the OA in file /opt/MagellanNMS/cfg/
DmaOA.cfg, then restart the HGDS server using the Server
9 Start the Command Console by selecting System -> Utilities -> Command
Console.
11 In the dialog, enter the destination user ID, and password needed to log
into the OA through which server alarms are to be distributed.
12 Click Connect.
successful, the message Connected to <OA Destination mnemonic> is
displayed.
Example:
13 Click Close.
14 Enter the following command in the Command Console:
OA l
Information similar to the following is displayed:
OK TABLE SIZE = 150 UNDEFINED = 144
PE 1 HOST R70 TYPE = OA
NAME TYPE AP NUMBER / ROUTE
IWSIFC COORDINATOR 0
CONTROL DEVICE MGR 1 DEFAULT ROUTE
IWSIF MDI 2

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 356 -
15 Write down the host name, the PE number, the name of the Control Device
Manager, and the AP/Route number of the Device Manager (R70, PE1,
CONTROL, and 1 in the example).
16 Enter the following command to display the DNA of the Control Device
Manager
<host> NCS <PE_number> <Device Manager Number> Q DNA
where:
host is the name of the module on which the OA is running (R70 in this
example).
PE_number is the number of the PE on which the OA is running (1)
Example:
R70 NCS 14 1 Q DNA
A response containing the DNA of the Device Control Manager appears
on the screen.
17 The DNA of the DNA of the Device Control Manager should match the
DNA field in file /opt/MagellanNMS/cfg/DmaOA.cfg (2862015009 in the
example).
If the DNAs do not match, modify the entry in file /opt/MagellanNMS/cfg/
DmaOA.cfg then restart the DMA server using the Server Administration
tool.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Configuring the Disruptive Command
Safeguard
This section provides the instructions required to set up the Disruptive
Command Safeguard feature. This feature only applies to DPN.
For initial installation, you can use the information in this section to configure
the Disruptive Command Safeguard, or you can use the Nortel Multiservice
Data Manager Software Configuration tool, as described in Nortel
Multiservice Data Manager Installation and CommissioningSoftware
(NN10470-100).
Navigation
About the Disruptive Command Safeguard feature (page 357)
The /opt/MagellanNMS/cfg/DCS.cfg configuration file (page 358)
Checking, enabling, and disabling the Disruptive Command Safeguard
(page 359)
About the Disruptive Command Safeguard feature

The Disruptive Command Safeguard is a command input management facility
that intercepts potentially disruptive DPN commands entered from a Nortel
Multiservice Data Manager workstation and presents a confirm or cancel
message to the operator. The commands intercepted by the Disruptive
Command Safeguard are defined in the /opt/MagellanNMS/cfg/DCS.cfg
configuration file. You can enable, disable, or query the status of the Disruptive
Command Safeguard from the application main window or from the UNIX
command line.
The Disruptive Command Safeguard can be called from application programs

such as the Multiservice Data Manager VT100 operator facility or the
Command Console. Systems built on top of the VT100 operator facility using
the RNCS primitives can take advantage of the disruptive command library in
the same manner that the VT100 operator facility does.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 358 -
Configuring the Disruptive Command Safeguard
Attention: The Disruptive Command Safeguard facility does not apply to

commands entered through local operator terminals connected directly to
the operator port of a packet module or an NM, or to the DPN-50 based NCS
VT100 operator terminal facility.
The /opt/MagellanNMS/cfg/DCS.cfg configuration file

The commands intercepted by the Disruptive Command Safeguard are
defined in the /opt/MagellanNMS/cfg/DCS.cfg configuration file. A default file
is supplied. See The default /opt/MagellanNMS/cfg/DCS.cfg file (page 359).
You need to have root privileges in order to edit the file.
File format
The opt/MagellanNMS/cfg/DCS/.cfg configuration file consists of a series of
lines, each having the following syntax:
<KEYWORD> <min_length> <NCS_CAPABILITY> [<MESSAGE>]
where:
<KEYWORD> is the command keyword for which you want to search
<min_length> is the minimum number of characters required to match the

keyword
<NCS_CAPABILITY> is the user capability expressed in the format TYPE

LEVEL IMPACT
[<MESSAGE>] is an optional message that is displayed with the confirm or

cancel message
Example
Assume the /opt/MagellanNMS/cfg/DCS.cfg file contains the following line:
FORMAT 6 SWITCHING DEVICE PRIVILEGED Disk formatting
will cause instability
and the Nortel Multiservice Data Manager operator issues the following
command:
R72 2 DISK 0 FORMAT 2 1 R70 2 SEC 512 DIR 1000
If the operator has capability SWITCHING DEVICE PRIVILEGED, the
Disruptive Command Safeguard facility instructs the NCS access tool to issue
the prompt Disk formatting will cause instability, followed by confirm or cancel
instructions.
If the operator does not have SWITCHING DEVICE PRIVILEGED capability,

no message is issued, since the command is rejected by the module anyway.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 359 -
The default /opt/MagellanNMS/cfg/DCS.cfg file

A default /opt/MagellanNMS/cfg/DCS.cfg file is included with Nortel
Multiservice Data Manager software. You can edit this file or use it as a
template to create your own file. The contents of the file are shown in the figure
The default /opt/MagellanNMS/cfg/DCS.cfg file (page 359).
The default /opt/MagellanNMS/cfg/DCS.cfg file
#
# Disruptive Command configuration file.
# Syntax:
# Command minimum-length NCS capability (TYPE LEVEL IMPACT) message
#
ACTIVATE 3 SWITCHING LINE CONFIGURATION
COMMIT 3 SWITCHING DEVICE CONFIGURATION
CONFIRM 4 SWITCHING DEVICE CONFIGURATION
DEREGISTER 3 NONE NONE NONE
DISABLE 7 SWITCHING DEVICE SERVICE
ERASE 5 SWITCHING DEVICE PRIVILEGED
FILTER 1 NAMS NETWORK CONFIGURATION
FORMAT 6 SWITCHING DEVICE PRIVILEGED
LOAD 4 SWITCHING DEVICE PRIVILEGED
REFUSE 6 SWITCHING LINE SERVICE
REGISTER 3 NONE NONE NONE
RELOAD 6 SWITCHING DEVICE PRIVILEGED
RESET 5 SWITCHING DEVICE CONFIGURATION
RESTART 7 SWITCHING DEVICE PRIVILEGED
STOP 4 SWITCHING LINE SERVICE
Checking, enabling, and disabling the Disruptive Command

Safeguard
Nortel Multiservice Data Manager provides a Disruptive Command Safeguard
menu. You can access the menu items from the MDM main window by
selecting System -> Security -> Disruptive Command Safeguard. This toolset
is not available when the session launches toolset User.tsets.
Multiservice Data Manager Disruptive Command Safeguard menu

The Disruptive Command Safeguard menu provides the following commands:
Check Status tells you if the Disruptive Command Safeguard is enabled or
disabled.
Enable Safeguard enables the Disruptive Command Safeguard.
Disable Safeguard disables the Disruptive Command Safeguard.
Attention: The Disruptive Command Safeguard is disabled when

Multiservice Data Manager is first installed.
See also Using the Disruptive Command Safeguard (page 360).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 360 -
Using the Disruptive Command Safeguard

Use the following procedures to check (query) enable, or disable the
Disruptive Command Safeguard from the Nortel Multiservice Data Manager
main window or from a UNIX command line.
Querying, enabling, or disabling the Disruptive Command

Safeguard from the menu
1 Log in as root.
2 From the application main window, select System -> Security -> Disruptive
Command Safeguard, and one of the following items from the cascading
menu:
Select Enable Safeguard to have Multiservice Data Manager intercept
disruptive commands as defined in the
/opt/MagellanNMS/cfg/DCS.cfg file.
Select Disable Safeguard so that Multiservice Data Manager does not
intercept disruptive commands as defined in the
/opt/MagellanNMS/cfg/DCS.cfg file.
Select Check Safeguard Status to check if the Disruptive Command
Safeguard is enabled or disabled.
Querying, enabling, or disabling the Disruptive Command Safeguard

from the UNIX command line
Steps
1 Log in as root.
2 Enter one of the following commands in a UNIX access window:
/opt/magellannms/bin/dcstool -e
To enable the Disruptive Command Safeguard so that Multiservice Data
Manager intercepts disruptive commands as defined in the
/opt/magellannms/cfg/dcs.cfg File.
/opt/MagellanNMS/bin/dcstool -d t
To disable Disruptive Command Safeguard so that MDM does not
intercept disruptive commands as defined in the /opt/MagellanNMS/cfg/
DCS.cfg file.
/opt/MagellanNMS/bin/dcstool -c
To return a value indicating whether the Disruptive Command Safeguard
is enabled or disabled.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Configuring automatic DBNL disabling
This section describes the automatic Dial Backup Network Link (DBNL)
disabling feature, and contains instructions for configuring the feature and
cleaning up any accumulated log files the feature produces.
Navigation
About the automatic DBNL disabling feature (page 361)
Setting up the automatic DBNL disabling feature (page 369)
Obtaining a list of the DBNLs that are currently being watched (page 370)
Cleaning up accumulated log files (page 371)
About the automatic DBNL disabling feature

The automatic Dial Backup Network Link (DBNL) disabling feature provides
an administrator with information about the activation and deactivation of
DBNLs for DPN-100 nodes in the network, and with the option of having
DBNLs disabled automatically when they are no longer needed.
A Dial Backup Network Link is a backup link that the Network Control System
(NCS) activates automatically to establish a direct connection from an Access
Module (AM) to a Resource Module (RM) when one of the following happens:
the primary network link goes down and isolates the AM (or a cluster of
AMs) from the RM
the primary network link runs out of bandwidth to handle current traffic
conditions

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 362 -
Dial Backup Network Link
RM RM
RM
AM
AM
AM
Primary network Dial Backup

link down or with Network Link
insufficient
capacity
The automatic DBNL disabling feature monitors alarms from the DPN nodes
in the network. When it detects the presence of a DBNL activation alarm or a
DBNL heartbeat alarm indicating that a DBNL has been activated, it sets up
a watch on the DBNL and monitors that status of the primary link. Depending
on the Operator Data information contained in the alarms, the automatic
DBNL disabling feature has the following capabilities:
For DBNL alarms containing operator data which indicates that a DBNL
has been activated due to isolation of an AM (or a cluster of AMs), the
feature can be used to deactivate the DBNL when the primary link returns
to service and remains stable for a specified period, an optionally, to watch
the DBNL only.
For DBNL alarms containing operator data which indicates that a DBNL
has been activated due to any other cause, the feature can be used to
watch the DBNL only.
Operation of the automatic DBNL disabling feature

The automatic DBNL disabling feature is implemented by means of the DBNL
auto-disabling daemon (DBNLWatch) and the set of utilities (dbnlfindam,
dbnlcheck, dbnldisable, dbnlenable, and dbnlapi) shown in the figure
Components of the automatic DBNL disabling feature (page 363).
The following sequence describes the operation automatic DBNL disabling

feature. Refer to the figure Components of the automatic DBNL disabling
feature (page 363) while reading this description.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 363 -
Components of the automatic DBNL disabling feature
dbnlapi
DBNLWatch
Auto-disabling Daemon
1
2
GMDR
3 4 5 6
dbnlfindam dbnlcheck dbnldisable dbnlenable
Committed
Network
Model
Session Servers
CMC/CMCfun
Network Access and Mediation Servers

(HGDS, NCSMGR, DMDR)
Network
Steps
1 When DBNLWatch is started, it does the following:
It connects to the GMDR server specified by the -host and -serv
parameters in its startup command to obtain alarms from the DPN
network.
It starts and maintains a connection to the OAs in the network specified by
parameters PrimaryOAAuth and BackupOAAuth in configuration file
/opt/MagellanNMS/cfg/DBNLWatch.cfg.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 364 -
2 When DBNLWatch receives a 10164021 alarm (DBNL activation alarm) or

a 10164022 (DBNL heartbeat alarm) containing Operator Data indicating
that a DBNL is activated as a result of AM link isolation (Operator Data 04
or 05), DBNLWatch uses parameter MonitorOnly in the configuration file
to determine what it should do:
If MonitorOnly just permits monitoring, DBNLWatch starts a passive watch
(no attempts are made at disabling the DBNL), and outputs all subsequent
alarm information to a log file.
If MonitorOnly permits monitoring and deactivation of the DBNL,
DBNLWatch starts an active watch on the DBNL, and performs the
following sequence of steps.
3 DBNLWatch calls utility dbnlfindam to determine which end of the DBNL
corresponds to the calling AM end. DBNLWatch calls dbnlfindam
repeatedly until this determination is made.
4 At intervals specified by configuration file parameter CheckTimer,
DBNLWatch calls dbnlcheck which probes the DPN module with NCS
commands to determine if the primary link is up. To formulate the
commands dbnlcheck makes use of information from the committed
Network Model to map DPN node names to nams_ids.
5 If the primary network link is still found to be up after it is checked the
number of times specified by parameter CheckTries, DBNLWatch calls
dbnldisable to disable the DBNL.
If the DBNL is successfully disabled, the process continues at step 6.
If the DBNL fails to disable, DBNLWatch calls dbnldisable at intervals
specified by configuration file parameter DisableTimer until either the
DBNL is successfully deactivated, or it has reached the number of
attempts specified by configuration file parameter EnableTries. Should the
DBNL fail to deactivate after the number of attempts specified by
EnableTries, the sequence starts back at step 4.
6 After the waiting period specified by parameter EnableWait, DBNLWatch
calls dbnlenable to re-enable the DBNL port and make the DBNL available
again.
If the port enables, DBNLWatch ends the active watch on the DBNL.
If the port fails to re-enable, DBNLWatch calls the dbnlenable utility at
intervals specified by configuration file parameter EnableTimer until either
the DBNL is successfully deactivated, or DBNLWatch has called the utility
the number of time specified by configuration file parameter EnableTries.
Should the DBNL fail to deactivate after the number of attempts specified
by EnableTries, the sequence starts back at step 4.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 365 -
7 DBNLWatch drops a watch on a DBNL automatically under the following

circumstances:
if the DBNL is watched for period exceeding the value specified by
MaxWatchTime without receiving a DBNL heartbeat alarm
if DBNLWatch receives a 10164020 alarm indicating that DBNL has been
deactivated.
Utility dbnlapi provides an API-like interface that can be used at any time
to obtain a list of the DBNLs that are currently being watched by
DBNLWatch. For the instructions to use this utility and a sample of its
output, see Obtaining a list of the DBNLs that are currently being watched
(page 370).
Types of DBNL activation handled by the automatic DBNL disabling

feature
The automatic DBNL disabling feature can be used to watch DBNLs on receipt
of 10164021 (DBNL activation) alarms or 10164022 (DBNL heartbeat)
alarms. These alarms include Operator Data codes. Although the feature can
be used to monitor and disable DBNLs for alarms containing some of these
codes, it can only be used for monitoring DBNLs for others. The operator data
codes and the ability to monitor and disable DBNLs or monitor DBNLs only are
shown in the following table.
Operator codes, their meanings, and the ability to monitor and disable
Monitor
Operator and Monitor
Data Code Description disable only
00 DBNL activated manually N Y
01 DBNL activated due to the loss of a Resource Module (RM) N Y
02 DBNL activated due to an increase in RM distance N Y
04 DBNL activated due to fault isolation of a cluster of Access Y Y
Modules (AMs)
05 DBNL activated due to fault isolation of a single AM Y Y
08 DBNL activated to provide bandwidth on demand N Y

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 366 -
Compatibility of DPN software with the automatic DBNL disabling feature

The DBNL feature is backwards compatible with networks containing DPN
nodes that are running software generics lower than G33, with the following
restrictions:
The capability that allows a customer to choose whether they can turn off
or turn on the automatic DBNL disabling feature is not supported in pre-
G33 networks.
DBNL heartbeat alarms are not generated in pre-G33 networks.
Therefore, should the workstation reboot, any DBNLs that are enabled
when the reboot occurs cannot be disabled with the feature. The enabled
DBNLs must be disabled manually.
Log files produced by the automatic DBNL disabling feature

DBNLWatch writes log information into a set of cycling log files at each of the
steps in the sequence described in Operation of the automatic DBNL disabling
feature (page 362). This set of cycling log files consists of one log file for each
day of the week, named as follows:
/opt/MagellanNMS/data/DBNLWatchLog.<n>
where:
<n> is a number between 0 and 6 that indicates the day of the week at which
the log file was created. 0 is Sunday and 6 is the Saturday immediately after it.
At the beginning of each new day, the log file for the same day of the previous
week is overwritten with information about DBNLs that are currently being
watched, starting at the top of the file.
Should DBNLWatch be restarted, log information is appended to the current

days file; the log file is overwritten only when DBNLWatch detects a change
of day. This ensures that the current days log information is still available if
DBNLWatch is restarted.
Nevertheless, the log files can grow and consume excessive amounts of disk
space, especially if the connection to the main and backup OAs is unstable.
Such files can be deleted manually by entering commands to remove the files,
or automatically by setting up a cron job to run these commands on a
scheduled basis. For the procedures to clear log files manually or with a cron
job, see Cleaning up accumulated log files (page 371).
The following paragraphs contain samples of the log information produced by

DBNLWatch during its various phases of operation.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 367 -
DBNLWatch is started, connects to the GDMR server, and establishes

connections to the main and backup OAs specified in the configuration file:
DBNLWatch: started Mon Jun 3 22:14:44 1996
Mon Jun 3 22:14:44 1996
Connected to server GMDR on workstation local host
CC_status 1041 The following NCS destination has been
established:
CORENCS
CAPABILITY MATRIX CURRENT
NAMS NETWORK PRIVILEGED
OA/DEVICE PRIVILEGED
APP/LINE PRIVILEGED
SWITCHING NETWORK PRIVILEGED
DEVICE PRIVILEGED
LINE PRIVILEGED
DBNLWatch detects the arrival of a DBNL activation alarm or a DBNL
heartbeat alarm, and sets up a watch on the DBNL, for monitoring purposes
only. When the following log is produced, parameter MonitorOnly is set to Y in
the configuration file, or the DBNL is activated due to a cause other than AM
or AM cluster isolation.
Wed Jul 3 20:54:12 1996
Starting Monitoring Only Watch for:
Link: DBNL:PM AC2256 PE 1 PI 1 PO 3:PM R32 PE 7 PI 7 PO 3:
Time: 1996 07 03 20 54 12
SEQ: 1489 NTP: 10164022 OP: 2001
Watch phase: DBNL being monitored only.
DBNL has been activated due to RM loss (no auto-
disabling)
DBNLWatch detects a DBNL activation alarm or a DBNL heartbeat alarm, and
sets up a watch on the DBNL for monitoring and DBNL deactivation purposes.
When this log is produced, parameter MonitorOnly is set to N in the
configuration file and the DBNL is activated due to AM or AM cluster isolation.
Wed Jul 3 21:43:20 1996
Starting Watch for:
Link: DBNL:PM A6002 PE 13 PI 13 PO 6:PM R60 PE 6 PI 6
PO 6:
Time: 1996 07 03 21 47 05
SEQ: 14770 NTP: 10164021 OP: FF04
Watch phase: Initializing Watch.
activated due to isolation.
DBNLWatch runs dbnlfindam to determine the AM end of the DBNL:
Wed Jul 3 21:43:20 1996
Identifying the AM side (0) for:
Link:DBNL:PM A6002 PE 13 PI 13 PO 6:PM R60 PE 6 PI 6 PO
6:

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 368 -
Time: 1996 07 03 21 47 05
SEQ: 14770 NTP: 10164021 OP: FF04
Watch phase: Identifying AM side.
DBNLWatch runs dbnlcheck to verify whether the primary link is up:
Wed Jul 3 21:43:26 1996
Checking connectivity (0/0) for:
PO 6:
Time: 1996 07 03 21 47 05
SEQ: 14770 NTP: 10164021 OP: FF04
Watch phase: Waiting for main link to come back.
After running dbnlcheck the number of times specified by CheckTries in the
configuration file, and determining that the primary link is still up, DBNLWatch
produces a log similar to the following:
Wed Jul 3 21:47:08 1996
Disabling:
PO 6:
Time: 1996 07 03 21 47 05
SEQ: 14770 NTP: 10164021 OP: FF04
as the main link has been up for at least 150 seconds.
DBNLWatch runs dbnldisable to attempt to disable the DBNL:
Wed Jul 3 21:47:08 1996
Trying (0) to disable:
Link: DBNL:PM A6002 PE 13 PI 13 PO 6:PM R60 PE 6 PI 6 PO
6:
Time: 1996 07 03 21 47 05
SEQ: 14770 NTP: 10164021 OP: FF04
Watch phase: Trying to disable the DBNL.
DBNLWatch runs dbnlenable to re-enable the DBNL port:
Wed Jul 3 21:47:17 1996
Trying (0) to enable:
PO 6:
Time: 1996 07 03 21 47 05
SEQ: 14770 NTP: 10164021 OP: FF04
Watch phase: Trying to re-enable the DBNL port.
DBNLWatch successfully re-enables the DBNL port and drops the watch:
Wed Jul 3 21:47:20 1996
Watch for:
PO 6:
Time: 1996 07 03 21 47 05
SEQ: 14770 NTP: 10164021 OP: FF04

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 369 -
Watch phase: Trying to re-enable the DBNL port.

removed after 4 minutes. Port re-enabled.
Setting up the automatic DBNL disabling feature

Use the following procedure to set up the automatic DBNL disabling feature.
Before setting up the automatic DBNL disabling feature ensure that:

The attribute auto disabling allowed is set to yes for the dialup link. This
attribute can be found under the component
PM/<mnemonic> PE/<n> PI/<m> PO<z> UTP UTP_Dial_Up

On DPN, this attribute can be found by issuing the command
PI <m> PO <z> Q DIAL
Access privileges associated with the OA name, NCS capability_id, and
password are sufficient to allow the feature to disable DBNLs. For most
cases the scope and impact required are as follows:
SWITCHING DEVICE SERVICE
The network access servers (HGDS and NCSMGR) have been configured
and are running.
The servers needed to gather surveillance information (DMDR and
GMDR) are configured and running.
A properly configured and committed Network Model exists that contains
information about the nodes in the network.
The Network Model must be saved in ASCII (portable) format and
committed (saved as the startup model). It must also contain accurate
information on the nodes in the network and their NAM_ID attribute.
You have read Operation of the automatic DBNL disabling feature
(page 362) and understand how DBNLWatch uses the service parameters
in file /opt/MagellanNMS/cfg/DBNLWatch.cfg.
Configuring automatic DBNL disabling and starting DBNLWatch

Steps
1 Log on to Nortel Multiservice Data Manager as root.
2 Using a UNIX editor such as vi, or the built-in file editor provided with CDE,
open file /opt/MagellanNMS/cfg/DBNLWatch.cfg.
3 Modify the parameters in the file to suit your requirements.
For explanations of the parameters to be modified, look at the comments
in the file itself. For more detailed explanations to manage the DBNL auto-
disabling daemon, see Nortel Multiservice Data Manager

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 370 -
4 Save the file and exit from it.

5 Ensure that permissions for the configured file are read and write for the
root user only.
chmod 600 /opt/MagellanNMS/cfg/DBNLWatch.cfg
6 Using the Server Administration tool, start DBNLWatch with the following
startup command and ensure that DBNLWatch restarts automatically
when the workstation is rebooted.
/opt/MagellanNMS/bin/dbnlwatch [-v] [-n] \
[-host <GMDR host name>] [-serv <GMDR service name>] \
[-log <log file prefix>] \
[-cfg <configuration file name>]
For explanations of the parameters in the DBNL startup command, see
Nortel Multiservice Data Manager AdministrationServer Management
(NN10470-310).
For the instructions to use the Server Administration tool to start
DBNLWatch and to ensure that it restarts on automatically on reboot, see
Obtaining a list of the DBNLs that are currently being watched

The automatic DBNL disabling feature is equipped with a dbnlapi utility that
provides an API-like interface which can be used to obtain information about
the DBNLs currently being watched, at any time. To run the utility, enter the
following command:
/opt/MagellanNMS/bin/dbnlapi -l
A sample of the output from this utility is as follows:
DBNL:PM AC2256 PE 1 PI 1 PO 3:PM R32 PE 7 PI 7 PO 3:
Time: 1996 07 03 20 54 12
SEQ: 1489 NTP: 10164022 OP: 2001
Watch phase: DBNL being monitored only.
Up: 0 Attempts: 0 Managed for(s): 52
DBNL:PM A6002 PE 13 PI 13 PO 6:PM R60 PE 6 PI 6 PO 6:
Time: 1996 07 03 21 47 05
SEQ: 14770 NTP: 10164021 OP: FF04
Watch phase: Trying to disable the DBNL.
DBNL:PM A6002 PE 13 PI 13 PO 4:PM R60 PE 6 PI 6 PO 4:
Time: 1996 07 03 21 47 05
SEQ: 14773 NTP: 10164021 OP: FF04

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 371 -
Cleaning up accumulated log files

Removing accumulated log files should not normally be necessary because
there is one log file for each day of the week, and information can only
accumulate in a log file for a one week period, then the file is automatically
overwritten. Nevertheless, should it become necessary, there are two ways to
clean up current log files: manually by entering a command, or automatically
by running the command as a cron job.
Cleaning up log files manually

Steps
1 Log in as root.
2 Enter the following command to remove a log file:
/bin/cp /dev/null
where:
<n> is a number from 0 to 6 that represents the day of the week on which
the log file is generated. 0 is Sunday and 6 is the Saturday immediately
after it.
Cleaning up log files with a cron job

Steps
1 Log in as root.
crontab -e
A crontab file is opened using a UNIX editor:
3 Add the following cleanup command to the crontab file. We broke up the
command into two lines to fit here, but in the file you must enter it all on
one line.
<run_time> /bin/cp /dev/null
where:
<run_time>
defines the time at which the command is to run. The time takes the form:
<minute> <hour> <day_of_month> <month> <day of week>
Attention: Entering an asterisk for one of these subparameters means that

the cron job will run for all possible values of the subparameter.
<n>

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 372 -
is a number from 0 to 6 which represents the day of the week on which the
log file is generated. 0 is Sunday and 6 is the following Saturday.
4 Exit from the file and save it.
Example
The following command runs every Friday at midnight to clean up a file
created back on Tuesday of the same week:
01 00 * * 5 /bin/cp /dev/null
/opt/MagellanNMS/data/DBNLWatchLog.2

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Time-of-day updates for seasonal time
changes
Seasonal time changes, such as the change from Standard Time to Daylight
Saving Time (DST) or back again, require that the time kept by the Nortel
Multiservice Switch be updated using the procedures documented here.
Typically in North America, seasonal time changes occur at approximately

2:00 AM on a Sunday in the spring and fall.
Prerequisites
Nortel Multiservice Switch needs to use a supported version of the
Network Time Protocol (NTP) to synchronize the network time of day.
MDM workstations need to be configured with a valid time zone that has
an enabled seasonal time changeover capability. Such a configuration
ensures that the workstation's local time will handle the time change
automatically, using the standard Solaris-based mechanism.
All MDM servers and Multiservice Switch nodes within a region need to
belong to the same time zone.
During the execution of the script, no configuration or operational tasks
can run on the Multiservice Switch nodes or MDM workstations. For
example, there should not be a software migration nor disk cleanup
running while the script is executing.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 374 -
Time-of-day updates for seasonal time changes
This task flow shows the sequence of seasonal time change tasks to perform
to update the time-of-day on Nortel Multiservice Switch nodes.
Updating the Multiservice Switch time offset task flow
Updating the
Multiservice Switch
time offset process
Determine the
seasonal time
change dates
Verify that the

Run the crontab crontab was
updated
Set the Alarm

Display tool to
Log mode
Set the filters to

display the
relevant alarms
Monitor the alarms

displayed while
the script runs
Try to change the

time offset of the
Do you need to Multiservice
change the time Switch node using
Yes
offest on any the MDM
switches? Command
Console, and run
the script again
No
End
MDM_5100_009_AA.INS

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 375 -
Navigation
Updating the Multiservice Switch time offset task flow (page 374)
Configuring the servers (page 376)
Implementing the time change (page 379)
Monitoring the script (page 381)

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 376 -
Configuring the servers

Follow this procedure to configure Nortel Multiservice Data Manager servers
to perform annual time changes on Nortel Multiservice Switch nodes.
Perform step 2 annually. Nortel recommends that you program the time
change on January 1st each year, for both the spring and fall time change.
Nortel recommends that a System Administrator (log in with root ID) perform
this procedure.
Prerequisites
Perform these steps prior to running the script to ensure there are no system
surveillance outages:
Start the nmstool application and configure it to administer the session
servers. If the system administrator is remotely accessing the system the
correct settings for the display variables must be met.
Enable Log mode in the Alarm Display tool and make the alarms for all
nodes in the region viewable by removing all filters.
Verify that the seasonal time change has occurred in the region in
question. Typically in North America, seasonal time changes occur at
approximately 2:00 AM on a Sunday in the spring and fall.
Have the following information available before executing the script:
The new offset value for the todchangeover attribute. For example,
-300 is Eastern Standard Time (5 hours earlier than UTC) and -240 is
Eastern Daylight saving time (4 hours earlier than UTC).
The name of the HGDS group you will specify in the procedure. This
information is not needed if you are using the default HDGS group
name.
A valid Multiservice Switch user ID and password with an impact-level
of at least service is needed for Nortel Multiservice Data Manager
group authentication.
Procedure steps
Step Action
1 Determine the dates of the seasonal time change.

For example, in autumn 2002, the seasonal time change occurred on
October 27th. Nortel recommended running the script at 2:01 AM. In the
spring of 2003, April 6th was the date of the seasonal time change and
Nortel recommended running the script at 3:01 AM. Add one minute to the
time you set for the script to run on each subsequent Multiservice Data
Manager server.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 377 -
2 Run the crontab editor (crontab -e) to edit the crontab entry under your
administration user ID:
<minute hour day month day_of_the_week>
/opt/MagellanNMS/bin/todchangeover <new offset value>
-auth <MSS group> <MSS userid> <MSS password>
You must specify the entire executable path to the todchangeover script, for
example, /opt/MagellanNMS/bin/todchangeover. For an example of the
command used in this step complete with sample values that reset the time
offset for the spring and fall seasonal change, see Example procedure:
Editing the cron entry to change the time offset on a node (page 377).
3 Verify that the crontab updated by listing the contents of the cron file, type:
crontab -l
4 Log off from the Multiservice Data Manager server.
5 Repeat steps 1 through 4 on the redundant Multiservice Data Manager
server. Configuring both servers provides redundancy in case the primary
server is not available during the time changeover period specified in the
command in step 2.
Configuration is complete after you perform this procedure on the second
server.
--End--
Example procedure: Editing the cron entry to change the time offset on a
node
The following is an example of how to change the Nortel Multiservice Data
Manager server cron to change the time offset on a node.
These steps are only an example. The values you use in your configuration
might differ from the values shown here. Consult your network engineer to
ensure the values you are using are accurate for your configuration.
Steps
1 Set the values for making the time-of-day change occurring at 2:01 AM on
October 27th for the Eastern time zone, type:
1 2 27 10 * /opt/MagellanNMS/bin/todchangeover -300
-auth ACCESS fred samsam
2 Set the values for making the time-of-day change occurring at 3:01 AM on
April 6th for the Eastern time zone, type:
1 3 6 4 * /opt/MagellanNMS/bin/todchangeover -240 -auth
ACCESS fred samsam
The time specified for running the script should be one minute later for
each additional Multiservice Data Manager server.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 378 -
Procedure job aid

Variable Value
<minute hour day month The exact time, down to the minute, when you want time offset
day_of_the_week> occur. You do not have to specify more digits than necessary
for each of these values. For example, represent April with 4
and October with 10.
<new offset value> The new time offset value to apply to Multiservice Switch
nodes. This value is the time, in minutes, to offset the node from
UTC.
Valid range is -720 to 720.
There is no default value.
<Passport group> The name of the HGDS group to use to communicate with the
nodes.
<Passport password for groupname> The node password for the user ID specified in the command.
<Passport userid for groupname> The node user ID for the group specified in the command.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 379 -
Implementing the time change

Perform this procedure twice annually, once at each time change.
New records are appended to the temporary file (/tmp/tod_output) every time the
script or executable is run. Records are overwritten following a server reboot. To save
the records prior to a reboot, store the records in a non-temporary file.
Procedure steps
Step Action
1 Log on to a MDM server just prior to the seasonal time change.

2 Select Log mode from the nmstool set menu to set the GUI of the Alarm
Display tool. Use this GUI to monitor the execution of the script.
For information about enabling Log mode, see Nortel Multiservice Data
Manager Fault ManagementTools (NN10470-011).
3 Use the Alarm Display tool to set the filters to display messages for the
70150001 and 301007* series of alarms. You can follow the progress of the
todchangeover script by viewing the node time change alarms (70150001)
and todchangeover script alarms (301007* series).
Pay particular attention to the 70150001 alarm. This alarm indicates that the
time offset on the node changed by more than 100 seconds. You should
expect one of these alarms for each node in the group that you specified on
the script command line, see step 2 of Configuring the servers (page 376).
You will not see this alarm when you run the script on the second MDM
server if the script was successful in changing the node time offset on the
first server. The 301007* alarm indicates that an error occurred when you
ran the script, and intervention by an operator is required to complete the
time offset change.
4 Monitor the alarms produced by the script just prior to the seasonal time
change. For more information about monitoring the alarms generated by the
script, see Monitoring the script (page 381).
5 Review the content of the /tmp/tod_output file to verify that the script was
successful.
Performance Management Stream Processor (PMSP) data is lost during the
change-over period during which the server changes its time offset and the
node changes its time offset. (In the fall, 62 minutes from 1:59 DST to 2:01
EST and in the spring, 1 minute from 2:00 EST to 3:01 DST). PMSP data
will be accurate again at the next 5 or 30 minute interval after the time
change-over period ceases. (In the fall, the 5-minute data from 2:10 EST
and 30-minute data from 3:00 EST and in the spring, the 5-minute data from
3:10 DST and 30-minute data from 4:00 DST).

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 380 -
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 381 -
Monitoring the script

This procedure shows the events that occur when the script runs. The script
executes after the time you specified in step 2 of Configuring the servers
(page 376). Step references appear, in order, to separate the information
down into small units. The script runs automatically without input from the
system operator.
The script creates two types of output: one to a log file, /tmp/tod_output, and
the other to the Alarm Display tool. For important events occurring during the
execution of the script, both types of outputs are shown.
Prerequisites
Make sure that you meet the prerequisites to avoid a system surveillance
outage.
In addition to normal operations, open windows to display the alarms
generated by the script when it runs, prior to the 2:00 AM seasonal time
change.
Enable Log mode in the Alarm Display tool and set the filters for the 7015
0001 alarm and the 301007* series of alarms.
Procedure steps
Step Action
1 The script starts running.

Sample output

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 382 -
Sample Display Alarm tool output
2 The todchangeover script authenticates the nodes group. In the example

used here, the group is ACCESS (seen in the following sample as group
ACC) as specified in the command line in 2 of Configuring the servers
(page 376). If authentication is successful, you see these messages:
Sample log output
3 The todchangeover script displays the current time offset value for each
node in the group. If the script is successful, you will see the actual time
offset value for each node within the log. If the script is unable to display an
time offset value for a node, an alarm is sent to the alarm browser.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 383 -
Sample log output
4 The todchangeover script changes the time offset value on each node. If the
script is unable to set the new time offset value, an alarm is sent to the alarm
browser.
Sample log output
5 The todchangeover script displays the results of the setting of the new time
offset value. If the time offset value has been successfully changed, you will
see the actual offset value of the node within the log. If the script is unable
to display an offset time value, an alarm is sent to the alarm browser.

Administration
NN10470-303 01.03 Standard
16.2 May 2007
- 384 -
Sample log output
6 The script terminates. Review the /tmp/tod_output log file to ensure that the
time offset value was changed on all the nodes. When the process is
complete, this message appears in the log.
Sample log output
--End--

Administration
NN10470-303 01.03 Standard
16.2 May 2007
Administration
Copyright 2007 Nortel Networks. All Rights Reserved
Sourced in Canada and the United States of America.
Publication: NN10470-303
Document status: Standard
Document issue: 01.03
Document date: May 2007
Product release: 16.2
Job function: Administration and Security
Type: NTP
Language type: U.S. English
Nortel, the Nortel logo and the Globemark are trademarks of Nortel Networks.
To provide feedback or report a problem with this document, go to www.nortel.com/documentfeedback.

NN10470 303

Uploaded by

Copyright:

Available Formats

NN10470 303

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NN10470 303

Uploaded by

Copyright:

Available Formats

Nortel Multiservice Data Manager

Sourced in Canada and the United States of America.

Copyright 2007 Nortel Networks. All Rights Reserved

UNIX account configuration for MDM 23

Nortel Multiservice Data Manager

MDM software management 50

Operating system and server infrastructure security 84

Network time synchronization 103

Nortel Multiservice Data Manager

Operator Client default port settings modification 114

Server process administration overview 137

MDM Toolset customization 148

Menu customization 168

Nortel Multiservice Data Manager

Changing the default toolset definition file 173

MDM tool resource customization 179

Fault tools configuration 183

Network element grouping 207

Nortel Multiservice Data Manager

Network backup and restore setup 254

MDM workstation troubleshooting 286

Security service backup and restore utility 303

Nortel Multiservice Data Manager

MDM files backup and restore utility 306

Exportautoacklist utility 312

Customization tasks for DPN network elements 315

Nortel Multiservice Data Manager

Closing the Host Group Administration tool 335

Configuring DPN alarm clearing 342

Configuring server alarm distribution and workstation status

Configuring the Disruptive Command Safeguard 357

Configuring automatic DBNL disabling 361

Nortel Multiservice Data Manager

Time-of-day updates for seasonal time changes 373

Nortel Multiservice Data Manager

Nortel Multiservice Data Manager

Updated task flows

Nortel Multiservice Data Manager

Configuring the client process in the Java System DS console

Nortel Multiservice Data Manager

Nortel Multiservice Data Manager

Menu customization (page 168)

Nortel Multiservice Data Manager

Re-configure the shared memory segment in the kernel of the Solaris

Nortel Multiservice Data Manager

Nortel Multiservice Data Manager

Using the config_sys_script to configure shared memory

Nortel Multiservice Data Manager

Specifying the shared memory required by a network model

2 Using the following formula as a guide, calculate the shared memory

Nortel Multiservice Data Manager

Specifying the shared memory required by FDTM

Nortel Multiservice Data Manager

Specifying the shared memory required by PCMS

Number of models x model size

Currently, the model size of each of the Multiservice Switch releases

Nortel Multiservice Data Manager

Configuring the maximum heap size for MDM toolset

5 Save the changes.