5 - Imanager U2000 V100R002 Security and Data Management ISSUE1.01

Download as pdf or txt
Download as pdf or txt
You are on page 1of 43

iManager U2000

Security and Data


Management

www.huawei.com

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved.


Objectives
 Upon completion of this course, you will be able to:
 Explain the concept of security management.

 Complete the operation of U2000 security management.

 Explain the concept of data management.

 Complete the operation of U2000 data management.

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page1
Contents
1. U2000 Security Management

2. U2000 Database Management

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page2
Contents
1. U2000 Security Management
1.1 Introduction

1.2 OS and database users management

1.3 Log management

1.4 Network security management

1.5 NMS user security management

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page3
Introduction
 Security management is a crucial function to prevent
unauthorized logins and ensure network data security.

OS Security
Policy
Log
Management Database
Policy Security Policy
Security
Management
Strategy
Network
Security U2000 User
Isolation Policy Security Policy
NE Security
Policy

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page4
OS&Database Managment - User
User Name Description

root (Solaris) default system administrator of the OS

sybase (Solaris) database operation user of the OS


Operation
System nmsuser (Solaris) NM user of the OS

Administrator
default system administrator of the OS
(Windows)

sa default database system administrator


Database
NMSuser U2000 login user

admin default user

OSS login user through CORBA


U2000 corba
interface

Copyright © 2010 Huawei Other usersCo., Ltd. All rights reserved.


Technologies created by the admin user
Page5
Log Management
 To ensure the NMS user security, set as follows:

U2000 Operation Logs

U2000 Security Logs

U2000 System Logs

NE Syslog

Log Dump

Log Forwarding

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page6
Querying Logs

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page7
Collecting Statistics on Logs

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page8
Dump Logs

Scheduled Dump

Manual Dump

Overflow Dump

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page9
Network Security Management
 To ensure the network security, set as follows:

Set the network firewall

Enable the SSL protocol


between the server and client

Set the client-side access control (ACL)

Set the NE access control

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page10
Network Security Management (Cont.)
 Enable the SSL protocol between the server and client
Serve
r:

Clien
t:

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page11
The Client-side Access Control
 System ACL of U2000

1.Navigation
3 2.Click ”Add”
3.Enter IP information
4.Click ”OK”
2
4

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page12
The Client-side Access Control
(Cont.)
 Set the client-side access control

2
3
1

1.Select user
2.ACL settings
3.Select “use the specified ACLs”
4.Click ”Set ACL”

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page13
The Client-side Access Control
(Cont.)
 Set the client-side access control

5.Click “Add”
6.Enter IP information 6
7.Click ”OK”

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page14
The Client-side Access Control
(Cont.)
 Set the client-side access control

8.Select IP address or segment


9.Click ”Apply”

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page15
NMS User Security Management
 To ensure the NMS user security, set as follows:

ACL

password management

Client Access Control

objects management

Role-Based and Domain-Based


Management

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page16
Password Management
 NMS user password policy

Setting password security policies

Setting account policy

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page17
Password Management (Cont.)
 The password for the network management system
maintenance suite should be modified periodically.

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page18
Client Access Control
 Managing the Remote Maintenance User

Enable this function

Setting the operation right

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page19
Client Access Control (Cont.)
 Managing the Remote Maintenance User

Select NE

Result output

Enter the command

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page20
Object Management- Creating NM
User

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page21
Adding User to a User Group

1.Select user
2.Click “Add”
3.Select specific user groups
4.Click ”OK”

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page22
Creating U2000 User Group
 You can allocate the users that share the same authorities to
the user group. So you can manage users in a uniform manner.

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page23
Role-Based & Domain-Based
Management
 The role-based and domain-based management is based on the
allocation of the operation sets and object sets.
 The role-based management function (operation sets) :it enables
you to divide the U2000 rights to different function domains ;
 The domain-based management function (object sets) :it enables
you to construct different network domains in unit of NE.

 You can easily control the user rights by entitling the rights of
any function domain and network domain portfolio to a U2000
user.

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page24
Creating an Operation Set
 The U2000 administrator can define some operation sets
and allocate them to the U2000 users in a better way.

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page25
Creating an Object Set
 The U2000 administrator can define some NE sets and
allocate them to the U2000 users in a better way.

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page26
Role-Based Management
 Role-Based and Domain-Based Management

5
3

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page27
Domain-Based Management
 Role-Based and Domain-Based Management

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page28
Contents
1. U2000 Security Management

2. U2000 Database Management

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page29
NM data management
 Database backup
 By U2000 client and database management tool (immediate backup )
 By U2000 client (scheduled backup)

 Database restore
 By NMS maintenance suite tool

 Database initialize
 By NMS maintenance suite tool

 Scripts export/import
 By U2000 client

 Logs dump: overflow dump, immediate dump, scheduled dump


 By U2000 client

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page30
NM data management (Cont.)
 Database introduction
 The types of database used by U2000
 Sybase Database(Solaris OS)
 Oracle Database (Linux OS)
 MS SQL Server Database(Windows OS)
 Processes of the database
 For Solaris server: there are two database processes. One is
master database, named DBSVR, and the other is backup
database, named DBSVR_back.
 For Linux Server: there are at least five processes:
ora_pmon_U2KDB, ora_dbw0_U2KDB, ora_lgwr_U2KDB,
ora_ckpt_U2KDB, ora_smon_U2KDB.
 For PC: there is one database process for SQL Server, that is
DBSVR.
Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page31
NM data management (Cont.)
 Backup & Restore, Dump
 Backup & Restore
 Function: To copy the data of U2000 to prevent the damage of
the original data.
 Backup data: the user-defined data at the U2000 side, network
layer trail data, NE-side configuration data, alarm data and
performance data.
 Dump
 Function: To store log information in databases as operating
system files in text format, to clear database space
 Dumped objects: alarm events, abnormal events, operation logs
and different types of performance events

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page32
NM data management (Cont.)
 Backup database:
 Method1: Immediate backup from the U2000 client

Backup directory

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page33
NM data management (Cont.)
 Backup database:
 Method 2: Periodically backup from the U2000 client

 Click New, select the task type to DB  Select the database backup
Backup, and enter the task name, then parameters. Then click Next.
click Next.
Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page34
NM data management (Cont.)
 Backup or restore the database
 Method 3: By U2000 network management system maintenance
suite

 The login dialog box.

 MSUITE

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page35
NM data management (Cont.)
 Backup the database
 Method 3: By U2000 network management system tool

 Select Data Backup – Binary  Select Back up the data to the local
server.
Mode(Recommended). Then click Next.
 Set the backup path on the local server.
Then click Next.
Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page36
NM data management (Cont.)
 Initialize the database

click Next to initialize the


database.

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page37
NM data management (Cont.)
 Script Files (export)

3
4
2

1.Select “export”
2.Create folder
3.Select file type
4.Select NE
5.Click “Apply”

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page38
NM data management (Cont.)
 Script Files (import)

3 2

1.Select “import”
2.Select folder 4
3.Select file type
4.Select file list
5.Click “Apply”

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page39
NM data management (Cont.)
 Data dump

Scheduled Dump

Manual Dump

Overflow Dump

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page40
Question
 How to realize the role-based and domain-based management
for U2000?

 How to backup the U2000 database?

 How many types are there to dump the log data?

Copyright © 2010 Huawei Technologies Co., Ltd. All rights reserved. Page41
Thank you
www.huawei.com

You might also like