Veritas InfoScale™ Operations Manager 7.4 Installation and Configuration Guide
- Section I. Installing and configuring Veritas InfoScale Operations Manager
- Planning your Veritas InfoScale Operations Manager installation
- Downloading Veritas InfoScale Operations Manager 7.4
- Typical Veritas InfoScale Operations Manager deployment configuration
- System requirements
- Installing, upgrading, and uninstalling Veritas InfoScale Operations Manager
- About installing Management Server
- Two-factor Authentication for Veritas InfoScale Operations Manager
- About installing managed host
- About upgrading Management Server
- About backing up and restoring Veritas InfoScale Operations Manager data
- About upgrading managed hosts to Veritas InfoScale Operations Manager 7.4
- Configuring Veritas InfoScale Operations Manager in a high availability and disaster recovery environment
- Configuring the high availability feature in Veritas InfoScale Operations Manager
- Configuring a new Veritas InfoScale Operations Manager installation in high availability environment
- Configuring an existing Veritas InfoScale Operations Manager installation in high availability environment
- Configuring a new Veritas InfoScale Operations Manager installation in high availability environment
- Configuring Management Server in one-to-one DR environment
- Configuring Veritas InfoScale Operations Manager in high availability and disaster recovery environment
- About upgrading the high availability configurations
- About upgrading the high availability and disaster recovery configurations
- Configuring the high availability feature in Veritas InfoScale Operations Manager
- Installing and uninstalling Veritas InfoScale Operations Manager add-ons
- Uploading a Veritas InfoScale Operations Manager add-on to the repository
- Installing a Veritas InfoScale Operations Manager add-on
- Uninstalling a Veritas InfoScale Operations Manager add-on
- Removing a Veritas InfoScale Operations Manager add-on from the repository
- Canceling deployment request for a Veritas InfoScale Operations Manager add-on
- Installing a Veritas InfoScale Operations Manager add-on on a specific managed host
- Uninstalling a Veritas InfoScale Operations Manager add-on from a specific managed host
- Planning your Veritas InfoScale Operations Manager installation
- Section II. Setting up the Management Server environment
- Basic Veritas InfoScale Operations Manager tasks
- Adding and managing hosts
- Overview of host discovery
- Overview of agentless discovery
- About installing OpenSSH on a UNIX host
- Adding the managed hosts to Management Server using an agent configuration
- Adding the managed hosts to Management Server using an agentless configuration
- Adding Agentless hosts to the Management Server using Profile in Veritas InfoScale Operations Manager7.4
- Editing the agentless host configuration
- Setting up user access
- Adding Lightweight Directory Access Protocol or Active Directory-based authentication on Management Server
- Setting up fault monitoring
- Creating rules in the Management Server perspective
- Editing rules in the Management Server perspective
- Deleting rules in the Management Server perspective
- Enabling rules in the Management Server perspective
- Disabling rules in the Management Server perspective
- Suppressing faults in the Management Server perspective
- Suppressing a fault definition in the Management Server perspective
- Setting up virtualization environment discovery
- Setting up near real-time discovery of VMware events
- Requirements for discovering the Solaris zones
- Adding a virtualization server
- Editing a virtualization discovery configuration
- Refreshing a virtualization discovery configuration
- Deploying hot fixes, packages, and patches
- Installing a Veritas InfoScale Operations Manager hot fix, package, or patch
- Configuring Management Server settings
- Configuring SNMP trap settings for alert notifications
- Setting up extended attributes
- Downloading price tier information from SORT
- Managing SFHA updates
- Viewing information on the Management Server environment
- Appendix A. Troubleshooting
- Management Server (MS)
- Managed host (MH)
- Management Server (MS)
Importing third-party signed SSL certificate for Veritas InfoScale Operations Manager web server
You can import a third-party signed SSL certificate on UNIX console server as well as Windows console server.
To import a third-party signed SSL certificate on UNIX console server
- Create a backup of the
keystore
file located at:cd /opt/VRTSsfmcs/webgui/tomcat/cert/.keystore
Example: Create a backup of the keystore file as .keystore_original in the temp folder
cp .keystore /opt/VRTSsfmcs/webgui/tomcat/temp/.keystore_orginal
Note:
Make sure to backup the keystore file. This backup file is used to get the VIOM CMS functional with the old keystore in case of any issues.
- Create a 2048-bit keystore using the keytool utility.
/opt/VRTSsfmcs/webgui/jre/bin/keytool -genkey -alias tomcat -keyalg RSA -validity 3650 -keypass changeit -keystore /opt/VRTSsfmcs/webgui/tomcat/cert/.new_keystore -storepass changeit -dname "CN=<server-hostname>,OU=<organization>,O=<company>,L=<location>, S=<state>,C=<country>" -keysize 2048
Note:
You can set the keypass as per your preference.
- 3. Create the certificate signing request (CSR).
/opt/VRTSsfmcs/webgui/jre/bin/keytool -certreq -keyalg RSA -alias tomcat -file cert.csr -keystore /opt/VRTSsfmcs/webgui/tomcat/cert/.new_keystore
Enter the keystore password.
- Use the CSR generated in the previous step to get the certificates signed from the Certificate Authority (CA). The CA provides the following signed certificates:
Root certificates
Intermediate certificate
Server certificate
Note:
The certificates should be in Base64 encoded format X.509 (.PEM or .CER).
- Create a backup of the
/opt/VRTSsfmcs/webgui/tomcat/cert/.new_keystore
file and the*.CSR
file which is used to obtain the certificate.Example: Create a backup of .new_keystore file as .new1_keystore in the temp folder:
cp .new_keystore /opt/VRTSsfmcs/webgui/tomcat/temp/.new1_keystore
Example: Create a backup of the CSR file as CSR_original in the temp folder:
cp *.CSR /opt/VRTSsfmcs/webgui/tomcat/temp/*.CSR_original
Note:
Make sure to backup the new_keystore file and the CSR file. These files are used if there are issues while importing the certificates.
- The tomcat web server (VOM web server) is still running with the old certificates. Execute steps 8, 9 and 10 only when a response containing the certificate chain is obtained from the certificate issuing authority.
- Import the two Root CA certificates. This step is required only if there is a second Root CA certificate, otherwise skip this step.
/opt/VRTSsfmcs/webgui/jre/bin/keytool -import -alias root -keystore /opt/VRTSsfmcs/webgui/tomcat/cert/.new_keystore -trustcacerts -file "Root.CER
Enter the keystore password.
A different alias is required for the second RootCA.
Enter no when the following screen in displayed:
Certificate already exists in system-wide CA keystore under alias <gtecybertrustglobalca> Do you still want to add it to your own keystore? [no]:
- Import the Intermediate certificate.
/opt/VRTSsfmcs/webgui/jre/bin/keytool -import -trustcacerts -alias intermediate -keystore /opt/VRTSsfmcs/webgui/tomcat/cert/.new_keystore -file "CA.CER"
Enter the keystore password.
- Import the Server certificate.
/opt/VRTSsfmcs/webgui/jre/bin/keytool -import -alias tomcat -keystore /opt/VRTSsfmcs/webgui/tomcat/cert/.new_keystore -trustcacerts -file vomms.CER
Enter the keystore password.
- Stop the VIOM UI web server process using vomsc.
/opt/VRTSsfmcs/bin/vomsc --stop web
- Make sure that the backup for the keystore is preserved. Now replace the original keystore with the one which contains the newly obtained certificates from the certificate issuing authority.
cp/opt/VRTSsfmcs/webgui/tomcat/cert/.new_keystore /opt/VRTSsfmcs/webgui/tomcat/cert /.keystore
- Start the VIOM UI web server using vomsc.
/opt/VRTSsfmcs/bin/vomsc --start web
A similar message is displayed:
Veritas Operations Manager Services: Web Server...................................................................[RUNNING]
To import third-party signed SSL certificate on Windows console server
All the steps are same as for UNIX console server with the following changes:
- Replace the forward slash / with a backslash\
/opt/VRTSsfmcs = C:\Program Files\Veritas\VRTSsfmcs
- Add double quotes " " around the path for windows.
"C:\Program Files\Veritas\VRTSsfmcs\webgui\jre\bin\keytool" -genkey -alias tomcat -keyalg RSA -validity 3650 -keypass changeit -keystore "C:\Program Files\Veritas\VRTSsfmcs\webgui\tomcat\cert\.new_keystore" -storepass changeit -dname "CN=Users,DC=test,DC=local" -keysize 2048