Communication Server 2100 Defense Switched Network
Anti-Virus Scanner Installation and Upgrade
NN42200-301 .
Document status: Standard Document version: 01.02 Document date: 31 July 2008 Copyright © 2008, Nortel Networks All Rights Reserved. Printed in the United States of America. NORTEL NETWORKS CONFIDENTIAL: The information contained in this document is the property of Nortel Networks. Except as specifically authorized in writing by Nortel Networks, the holder of this document shall keep the information contained herein confidential and shall protect same in whole or in part from disclosure and dissemination to third parties and use same for evaluation, operation, and maintenance purposes only. Changes or modifications to the Meridian SL-100 without the express consent of Nortel Networks may void its warranty and void the user’s authority to operate the equipment. Information is subject to change without notice. Nortel Networks reserves the right to make changes in design or components as progress in engineering and manufacturing may warrant. *Nortel Networks, the Nortel Networks logo, the Globemark, Unified Networks, DMS, MAP, Meridian, MSL, Nortel, Northern Telecom, NT, SL-100, and SuperNode are trademarks of Nortel Networks.
ATTENTION This document contains information which is specific to the Defense Switched Networks (DSN) software load. Features that appear in this document may not be compatible with Multi-Level Precedence and Pre-emption (MLPP).
ATTENTION This document contains technical data subject to the export licensing requirements of the U.S. Department of State. For external use only by U.S./Canadian Government and U.S./Canadian Telephone Operating Companies.
3
Contents New in this release Features 5 Other changes
5
5
Introduction Purpose 7 CS 2100 virus scanner overall strategy
7 7
Installing the anti-virus scanner
9
Acquiring the anti-virus scanner package 9 Prerequisites 9 Procedure steps 9 Copying the anti-virus scanner package 9 Procedure steps 10 Installing the anti-virus scanner package 10 Procedure steps 10 Downloading virus definition files 11 Procedure steps 11 Executing anti-virus scanner software 14 Procedure steps 14 Removing the anti-virus scanner software 15 Procedure steps 16
Frequently Asked Questions
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
17
4 Contents
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
5
New in this release The following sections detail what’s new in Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade (NN42200-301) for release 9.1 (SE09.1): •
"Features" (page 5)
•
"Other changes" (page 5)
Features There are no feature changes that affect this document for this release. This is the first release of this document.
Other changes There are no other changes that affect this document for this release..
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
6 New in this release
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
7
Introduction Purpose Unix and Windows STIG require Communication Server 2100 (CS 2100) SE09.1 Federal system components to have a DoD approved anti-virus program installed and run routinely to protect systems from virus infection. The McAfee anti-virus command-line scanner v5.10 (scan engine v5.1.00) is chosen by Nortel for this purpose. This document describes the Unix/Linux installation and upgrade procedures of the McAfee anti-virus command-line scanner for the CS 2100 SE09.1 Federal system.
CS 2100 virus scanner overall strategy The following is Nortel’s general strategy for the virus scanner. •
The customer’s IS department is responsible for scanner installation and to ensure virus definition files are up to date. Nortel is providing these virus scanner installation/update instructions to the customer as a general guideline. Nortel resumes no responsibility of supporting virus scanner related problems or maintaining the up-to-date virus definition files for the customer. Customers should contact virus scanner program vendor (McAfee) directly for any scanner related questions or problems.
•
Nortel recommends customers to install the virus scanner to the following CS 2100 SE09.1 Federal system components to mitigate the JITC test findings. The following system components which are the only ones that have new files generated/created are the only ones that need a virus scanner installed for protection: — CMT/IEMS (Solaris) — CBM (Solaris) — MG9K-EM (Solaris) — STORM (Solaris)
•
Nortel suggests NOT to install and run the scanner directly on the SAM21 Call Agent, Shelf Controller, CICM, or CICM-EM due to the potential system performance and stability impact. Nortel recommends running the scanner on STORM on behalf of Call Agent and Shelf
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
8 Introduction
Controller since STORM serves as the central point for patches and software distribution to these components.
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
9
Installing the anti-virus scanner This chapter describes how to install anti-virus scanner software on the CS 2100 to protect the system from virus infection.
Acquiring the anti-virus scanner package Download the anti-virus scanner package and burn it onto a CD-ROM.
Prerequisites •
Tested Hardware: Solaris 8 and Linux Red Hat 8
•
Tested Software Load: CS 2100 SN10
Procedure steps Step
Action
1
From a customers PC, download and save the platform-specific scanner package (for example, McAfee_AV_-_SunOS.tar [for Solaris] or McAfee_AV_-_Linux.tar [for Linux]) that is licensed by the customer.
2
After the scanner package is saved on the PC, burn it onto a CD-ROM. The package contains all the virus scanner application files, virus definition files and license file. —End—
Copying the anti-virus scanner package Copy the anti-virus scanner package onto the target system and untar it. For duplex (HA) systems, put the scanner package on the "Active Unit".
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
10 Installing the anti-virus scanner
Procedure steps Step
Action
1
Telnet to the active unit or access via a console port and login as root.
2
Insert the CD previously created into the CD-ROM drive and copy the scanner package to the /tmp directory. # /bin/cp -f /cdrom/cdrom0/ McAfee_AV_-_xxxx.tar /tmp/ where xxxx refers to the target platform, either SunOS or Linux.
3
Change directory to /tmp and list the tar file name (scanner package). # cd /tmp # ls *.tar
4
Untar the software pacakge. # tar xvf McAfee_AV_-_xxxx.tar —End—
Installing the anti-virus scanner package Install the anti-virus scanner package on the target system.
Procedure steps Step
Action
1
Change directory to /tmp. # cd /tmp
2
Nortel suggests installing the virus scanner into the default directory (/usr/local/uvscan) for every system but STORM. For STORM, the suggested directory to install the virus scanner is /storm/uvscan due to disk space concern. # ./install-uvscan
3
Answer the prompts during the install as follows: Which directory do you want to install into? [/usr/local/uvscan]
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
Downloading virus definition files
11
Press Enter to use the default (/usr/local/uvscan for most systems) or specify a different installation directory (for example, /storm/uvscan for STORM) /usr/local/uvscan doesn’t exist....Create it? [y]n y Uninstalling previous version ...
done.
Do you want to create the link(s) to uvscan in /usr/local/bin [y]/n y Do you want to create the link(s) to uvscan_secure in /usr/local/bin [y]/n y Do you want to create the link(s) to libsunfv.so.4 in /usr/local/lib [y]/n y Do you want to create the link(s) to uvscan.1 in /usr/local/man/man1 [y]/n y Installation complete. Do you want to perform a scan of all filesystems y/[n] n —End—
Downloading virus definition files Download the latest virus definition files.
Procedure steps Step
Action
1
Change directory to the virus scanner’s installation directory. # cd /usr/local/uvscan or # cd /storm/uvscan for STORM
2
Download the latest dat-xxxx.tar file (virus definition file) by entering the following URL in a web browser. ftp://ftp.nai.com/pub/antivirus/datfiles/4.x
3
Alternative: Use command line FTP with anonymous user login to download the file. For example: # ftp 216.143.70.11 Connected to 216.143.70.11.
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
12 Installing the anti-virus scanner
220 DALDLFTP28 Microsoft FTP Service (Version 5.0). Name (216.143.70.11:sysadmin): anonymous 331 Anonymous access allowed, send identity (e-mail name) as password. Password: 230-You are connected to ftp.nai.com.Your use is subject to the terms and conditions in Legal. TXT and Usage.TXT files 230 Anonymous user logged in. Remote system type is Windows_NT.
ftp> cd pub/antivirus/datfiles/4.x 250 CWD command successful.
ftp> dir 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. 08-07-05
09:40PM
74790 45524553.upd
08-08-05
09:40PM
192984 45534554.upd
08-09-05
09:40PM
192048 45544555.upd
08-10-05
09:40PM
166851 45554556.upd
08-11-05
09:40PM
175800 45564557.upd
08-14-05
09:40PM
192714 45574558.upd
08-15-05
09:40PM
189461 45584559.upd
08-16-05
09:40PM
36238 45594560.upd
08-16-05
09:40PM
188104 45604561.upd
08-17-05
09:40PM
195618 45614562.upd
08-18-05
09:40PM
221707 45624563.upd
08-21-05
09:40PM
145981 45634564.upd
08-22-05
09:40PM
198663 45644565.upd
08-23-05
09:40PM
194974 45654566.upd
08-24-05
09:40PM
206341 45664567.upd
03-04-07
10:10PM
250904 49754976.upd
03-05-07
10:10PM
183848 49764977.upd
03-05-07
10:10PM
62648 49774978.upd
03-06-07
10:10PM
193853 49784979.upd
03-07-07
10:10PM
281596 49794980.upd
03-08-07
10:10PM
76607 49804981.upd
03-11-07
10:10PM
163853 49814982.upd
03-12-07
10:10PM
233009 49824983.upd
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
Downloading virus definition files
03-13-07
10:10PM
165483 49834984.upd
03-14-07
10:10PM
177319 49844985.upd
03-15-07
10:10PM
137762 49854986.upd
03-18-07
10:10PM
156935 49864987.upd
03-19-07
10:10PM
156754 49874988.upd
03-20-07
10:10PM
309913 49884989.upd
03-21-07
10:10PM
126216 49894990.upd
05-13-07
10:10PM
147782 50295030.upd
07-19-07
10:10PM
182200 50785079.upd
08-27-07
10:10PM
275376 51065107.upd
09-03-07
10:10PM
166911 51115112.upd
09-04-07
10:20PM
126355 51125113.upd
09-05-07
10:20PM
201767 51135114.upd
09-06-07
10:20PM
187037 51145115.upd
09-09-07
10:20PM
127544 51155116.upd
09-10-07
10:20PM
179152 51165117.upd
09-11-07
10:20PM
144506 51175118.upd
09-12-07
10:20PM
214140 51185119.upd
09-13-07
10:20PM
185297 51195120.upd
09-16-07
10:20PM
198311 51205121.upd
09-17-07
10:20PM
180698 51215122.upd
09-18-07
10:20PM
204771 51225123.upd
09-19-07
10:20PM
183765 51235124.upd
09-20-07
10:20PM
206766 51245125.upd
09-24-07
09:46AM
194593 51255126.upd
09-20-07
10:20PM
15290880 dat-5125.tar
09-20-07
10:20PM
13404179 dat-5125.zip
09-24-07
09:46AM
15347712
13
dat-5126.tar -> latest virus definition file 09-24-07
09:48AM
13454783 dat-5126.zip
09-24-07
09:46AM
1340 delta.ini
04-05-01
02:10AM
30694 P2104123.z
05-15-01
03:04PM
65 Palm.Ini
07-19-04
02:01PM
45921 readme.txt
09-24-07
09:48AM
13733201 scm-5126.zip
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
14 Installing the anti-virus scanner
09-20-07
07:20PM
21643294 sdat5125.exe
09-24-07
09:36AM
21729696 sdat5126.exe
09-24-07
09:46AM
1286 update.ini 226
Transfer complete. 3167 bytes received in 0.045 seconds (68.09 Kbytes/s)
ftp> bin 200 Type set to I.
ftp> get dat-5126.tar 200 PORT command successful. 150 Opening BINARY mode data connection for dat-5125.tar(15290880 bytes). 226 Transfer complete. local: dat-5125.tar remote: dat-5125.tar 15290880 bytes received in 14 seconds (1080.08 Kbytes/s)
4
The latest dat-xxxx.tar file (where xxxx are number digits) contains the most recent virus definition files. Extract them using the following command. # tar xvf dat-xxxx.tar —End—
Executing anti-virus scanner software Execute the anti-virus scanner software on directories and files either manually or automatically.
ATTENTION It is suggested to have at least 1GB disk space allocated to /tmp to accommodate virus report writing. Run the virus scanner manually the first time to assess the disk space needed on /tmp before automating this process as a cron job. Using a directory other than /tmp that has more than 1GB of disk space is another alternative.
Procedure steps Step
Action
1
Run the following commands to manually execute the anti-virus scanner.
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
Removing the anti-virus scanner software
15
# cd /usr/local/uvscan # ./uvscan -rv -summary directory1 directory2 file1 file2 >> /tmp/virusreport 2>&1 The above command scans directory1, directory2, file1 and file2 recursively in verbose mode (-rv), and outputs any error messages and the scanner summary (-summary) report to /tmp/virusreport 2
To automate the anti-virus scanner software, setup a cron job to execute at a particular time. # crontab –e The above command brings up the system default text editor [for example, vi] for root to add a cron job.
3
The following example shows how to schedule the scanner to run at 3:00 AM every Sunday to scan /storm then write its output, error messages, and the summary report to /tmp/virusreport. Running this at off-peak hours is highly recommended. 00 3 * * 0 /usr/local/uvscan/uvscan -rv -summary /storm >> /tmp/virusreport 2>&1
4
After adding the entry in the crontab file using the editor, save it and verify it using the following command. # crontab -l The newly added scanner entry should be listed in the output. —End—
ATTENTION If this is a duplex (HA) system, follow the instructions in Nortel Installation Method (IM) 24-0108 "IEMS CMT MG9KEM commissioning", Procedure 37 for HA Cluster Replication. For more information, see "HA Cluster Replication (Cloning)" (page 19).
Removing the anti-virus scanner software Remove the anti-virus scanner software by performing the following uninstall procedure.
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
16 Installing the anti-virus scanner
Procedure steps Step
Action
1
Indicate active or inactive to uninstall scanner for an N240 HA system. Then run the uninstall command. # cd /usr/local/uvscan # ./uninstall-uvscan and answer with "y"
2
After the scanner is uninstalled, perform steps for cloning the N240 HA system. For more information, see "HA Cluster Replication (Cloning)" (page 19). —End—
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
17
Frequently Asked Questions Question: How do I understand the different command-line options of the scanner? uvscan –h gives a list of all the available command-line options. Question: I have problems getting the scanner to install. Try to download the scanner program again fresh and install it with all the DEFAULT options. Check if a symbolic link is created afterwards in: /usr/local/bin/uvscan -> /usr/local/uvscan/uvscan. If no error during the installation and the symbolic link is created, then installation is successful. Question: How often should I update the virus definition file and how? DoD requires the virus definitions to be no older than 14 days. Which means virus definitions should be updated at least every 2 weeks. Follow the procedure, "Downloading virus definition files" (page 11)to get the most up-to-date virus definitions. McAfee releases a .tar file that contains most recent virus definition files on a daily basis. Question: Am I able to get a verbose output? Yes, via the -v or -verbose command line option. The verbose output gives all the filenames and their paths scanner scans. Question: Can I create a list of directories/files to scan and pipe that info into the scanner? No, there is no way to create a file with directories and filenames to scan and pipe it to the scanner. Currently, only files or directories can be specified at the command line. Also, the directory scan, scans all subdirectories and files recursively (with the –r option), but it does NOT follow symbolic links. Question: Why did I get errors during the scan?
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
18 Frequently Asked Questions
Scanner does not scan certain files. For example, unix/linux block, character or FIFO special file are exempted from being scanned. An error message is reported in verbose mode for those files. This is okay. If the virus definition files are too old, an error message saying the program is xxx days/months old is displayed which is a reminder to update the virus definition file. Question: How do I read the generated summary report? If a virus-infected file is found, it is quarantined and removed from the scanner. The summary report also reports the name and number of files infected. For example: Summary report on /storm/* File(s) Total files: Clean:
............
26107
..................
26104
Not scanned:
............
Possibly Infected: Non-critical Error(s):
......
0 0 1
The above example tells that 26107 total files are scanned in /storm directory. 26104 out of them are clean files (no virus infected). Every file in /storm is scanned (Not scanned 0) and no viruses were found (Possibly Infected 0). The discrepancy of 3 (26107-26104) means some of the files were skipped from being scanned (for example, symbolic links, unix/linux special files) which explains that one Non-critical Error(s). Question: How do I upgrade the scanner program itself? Follow the new installation procedures described above to update the scanner. Back up all the scanner program files first before upgrading. Be sure NOT to remove any existing .dat files generated from the previous installation, but DO allow new installation to overwrite the old files. Question: Can I automate the virus definition file downloading and updating from McAfee’s server? Yes, there is an internal Nortel tool called svscan which can be customized for this purpose. However, it is the customer’s responsibility to write a tool for automating this process.
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
19
Appendix HA Cluster Replication (Cloning) This section only needs to be completed on a HA Cluster configuration for IEMS, CMT or MG9K EM. If only a simplex server configuration is installed, ignore these procedures.
ATTENTION Ensure no provisioning activities are in progress, or are scheduled to take place during this procedure. This includes Integrated EMS Security Administration actions that involve changes to security database, for example, adding or changing user account/group information.
Perform this procedure to complete the HA Cluster replication. A serial console is required to perform this section. Also, Tera Term Pro installed on a PC is required. Procedure 37 – HA Cluster Replication Step
Action
Observation
1
Telnet to Unit 0.
#
telnet Login as root using password root. 2
Ensure all applications are running: servquery -status all Note: Start any applications that are not running. Packet MSC Only: The exception is the IEMS-based server application CEM for Packet MSC. PMSC uses the CNM based CEM. The CEM, if listed, should not be running. If CEM is present and running, execute the servstop CEM command to stop it and deregister CEM. Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008
Copyright © 2008, Nortel Networks .
20 Appendix HA Cluster Replication (Cloning)
Procedure 37 – HA Cluster Replication Step
Action
Observation
servstop CEM /opt/servman/bin/se rvman deregister -g CEM 3
Switch to unit 1. If this is a new install of the server or the existing server was powered down to install IEMS on an existing CMT apply power to Unit 1 at the EBIP. Press the power button on the front on Unit 1. Note: Ensure that you apply power to the unit that is currently off. Do not power down the unit that is currently powered on.
4
Once connected and the system is powered on (if currently off) use Tera Term Pro to access the Unit 1 server. •
Launch the emulation software and connect to the server.
•
Press [Enter].
•
Press the [Shift] key in combination with the [~] key.
•
Press the [Ctrl] key in combination with the [B] key.
(example response) - {0} ok 5
Display the MAC Address for Unit 1. banner
Sun Fire V240, No Keyboard Copyright 1998-2002 Sun Microsystems, Inc. All rights reserved. OpenBoot 4.8.0.build_04, 2048 MB memory installed, Serial #52964131. Ethernet address 0:3:ba:28:2b:23 , Host ID: 83282b23. {0} ok
6
Record the MAC address (Ethernet address): Note: You will need this MAC address later in the procedure.
7
Leaving the Tera Term window connected to Unit 1 open. Open a new telnet session to Unit 0. Login as nortel with password nortel. telnet
8
Connected to unit 0, switch to the root user. su root
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
Appendix
HA Cluster Replication (Cloning)
Procedure 37 – HA Cluster Replication Step
Action
Observation
9
Connected to unit 0, start the cloning process.
Please enter the ethernet address for the other unit:
startb 10
Connected to unit 0, enter the MAC address of Unit 1. Verify the MAC Address is correct before hitting enter. For Example: 0:3:ba:28:2b:23
SSH public private key pair present d99: Soft Partition is setup waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready waiting for /dev/fssnap/0 to be ready exporting / to unit1-priv0 exporting /var to unit1-priv0 exporting /opt to unit1-priv0 exporting /opt/nortel to unit1-priv0 Enter the command "boot net image" at the "ok" prompt of unit1-priv0
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
21
22 Appendix HA Cluster Replication (Cloning)
Procedure 37 – HA Cluster Replication Step
Action
Observation Waiting for network response from unit1-priv0...
11
At Unit 1 start the imaging process. boot net - image Note: There must be a space between "-" and "image"
12
Watch the console of unit 1 for the progress on the data replication. The imaging of unit 1 may take 45-60 minutes depending on data and which applications are installed. At the end unit 1 will reboot and become the "Stby" unit automatically. Note: Cluster Data Synchronization happens automatically.
13
After ~ 45 minutes you can check the status in the window to see if the replication is complete - you may have to press the enter key to get the login prompt on both units. *****console login: Note: We now have a dual N240 HA Cluster system ready with all applications mirrored and duplicated with one as Active and the other as Standby.
14
Login to unit 1 as root and check the status Group State --------------of Unit 1. ClusterIndicatorSTBY ubmstat HostName-unit1:/> Note: Unit 1 - the password will be root root (It will default back to root).
15
Login to unit 0 as root and check the status Group State --------------of Unit 0. ClusterIndicatorACT ubmstat HostName-unit0:/>
16
Test the HA Cluster by performing the following command on unit 0: shutdown -i 6 -y Note: During a failover, the HA Cluster takes approximately 5 minutes to failover and bring the standby unit to active state.
17
Login to unit 0 as root and check the status Group State --------------of Unit 0. ClusterIndicatorSTBY ubmstat HostName-unit0:/>
18
Login to unit 1 as root and check the status Group State --------------of Unit 1. ClusterIndicatorACT ubmstat bimmer-unit1:/>
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
Appendix
HA Cluster Replication (Cloning)
Procedure 37 – HA Cluster Replication Step
Action
19
Verify all applications are running on unit 1.
Observation
servquery -status all Packet MSC Only: The exception is the IEMS-based server application CEM for Packet MSC. PMSC uses the CNM based CEM. The CEM, if listed, should not be running. If CEM is present and running, execute the servstop CEM command to stop it and deregister CEM. servstop CEM /opt/servman/bin/se rvman deregister -g CEM 20
Repeat the IEMS Application Verification procedure to ensure you can access the IEMS GUI.
21
Exit all windows.
22
End of Procedure.
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
23
24 Appendix HA Cluster Replication (Cloning)
Communication Server 2100 Defense Switched Network Anti-Virus Scanner Installation and Upgrade NN42200-301 01.02 Standard SE09.1 31 July 2008 Copyright © 2008, Nortel Networks .
Communication Server 2100 Defense Switched Network
Anti-Virus Scanner Installation and Upgrade Copyright © 2008, Nortel Networks All Rights Reserved. Publication: NN42200-301 Document status: Standard Document version: 01.02 Document date: 31 July 2008 To provide feedback or report a problem in this document, go to www.nortel.com/documentfeedback Printed in the United States of America. NORTEL NETWORKS CONFIDENTIAL: The information contained in this document is the property of Nortel Networks. Except as specifically authorized in writing by Nortel Networks, the holder of this document shall keep the information contained herein confidential and shall protect same in whole or in part from disclosure and dissemination to third parties and use same for evaluation, operation, and maintenance purposes only. Changes or modifications to the Meridian SL-100 without the express consent of Nortel Networks may void its warranty and void the user’s authority to operate the equipment. Information is subject to change without notice. Nortel Networks reserves the right to make changes in design or components as progress in engineering and manufacturing may warrant. This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules, and the radio interference regulations of the Canadian Department of Communications. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at the user’s own expense. Allowing this equipment to be operated in such a manner as to not provide for proper answer supervision is a violation of Part 68 of the FCC Rules, Docket No. 89-114, 55FR46066. *Nortel Networks, the Nortel Networks logo, the Globemark, Unified Networks, DMS, MAP, Meridian, MSL, Nortel, Northern Telecom, NT, SL-100, and SuperNode are trademarks of Nortel Networks.
