APG40 I&C Course Notes

APG40 I&C Course Notes.............................................................................................1

Chapter 1 – Hardware & Installation Procedures..........................................................2
Cable connection and verification..............................................................................2
Configuration.............................................................................................................3
Power Up APG40...................................................................................................3
Log-on....................................................................................................................3
Site Parameter Change...........................................................................................3
Test of APG40............................................................................................................9
APM Only Test.......................................................................................................9
APM and APIO Test.............................................................................................11
Chapter 2 – Security Administration............................................................................13
Standard Groups.......................................................................................................13
Application Groups..................................................................................................13
Creating a new User.................................................................................................15
PCAnywhere........................................................................................................15
CLI.......................................................................................................................15
Associating with a CP group................................................................................15
Master User Domain (MUD)...................................................................................16
Chapter 3 – APG40 Recovery Procedures...................................................................18
AP Restore................................................................................................................18
Single Node Restore.............................................................................................18
Single Node Restore from K:\ drive.....................................................................18
Restore from DAT Tapes......................................................................................18
Double Node Restore (Cluster Restore)...............................................................18
Disaster Recovery....................................................................................................19
Disaster Recovery 2 Nodes..................................................................................19
Disaster Recovery 1 Nodes..................................................................................20
Quorum Restore.......................................................................................................21
Procedure..............................................................................................................22
Printouts...............................................................................................................22
Data Disk Restore....................................................................................................23
Procedure..............................................................................................................23
Node Change (HW Restore)....................................................................................24
Procedure..............................................................................................................24
Chapter 4 – AP Configuration Options........................................................................25
Configure Multiple AP’s..........................................................................................25
Procedure..............................................................................................................26
Migrate from IOG to APG.......................................................................................27
Procedure..............................................................................................................27
Chapter 5 – APG40 Antivirus Configuration...............................................................30
Chapter 1 – Hardware & Installation Procedures
Objectives Slide

READ THROUGH SLIDE

• Describe the APG40 hardware & cable connections

• Describe and configure IPN for APG40
• Perform a Start Up and Test procedure on an APG40
• Configure the APG40 Site Parameters

Inter-node Connectivity Slide

GO THROUGH SLIDE

External Connectivity

GO THROUGH SLIDE

Start Up and Test of APG40

READ THROUGH SLIDE

• Cable connection and verification

• Configuration
• Test of APG40

Cable connection and verification

IPN Connection Slide

The IPN connects to the IPNX board in the RPHM A and B side.

CPT Connection with the CP Slide

There is a Y connection from Node B to Node A to the MAU, through a serial

connection. The CPT commands are the same as in IOG with PTCOI the initiating test
command.

Connection with External Alarm Slide

There are 64 external alarms in the APG. The external alarms are not redundant so
there are 32 defined on each node. 0 to 31 for Node A and 32 – 63 for Node B

Connection with ALD, Alarm Display Panel Slide

The alarm display board in the APG is very similar to that of the IOG. 1 to 31 can be
defined for local alarm displays and 32 to 127 can be defined for remote locations

Alarm Display switch settings Slide

The locally defined alarm displays are addressed using dipswitches on the alarm
board. These are configured using binary addresses.

APG40 C/2 cabling at Start Up Slide

GO THROUGH SLIDE (following numbering)

Note: The crossover cable between the Public LAN ports is very important for cluster
communication. This has to be done during the Startup and Test Procedure.

Configuration

Configuration Slide

READ THROUGH SLIDE

• Power Up APG40
• Log-on
• Site Parameter Change

Power Up APG40

During power up of the APG40 it is essential that both power cables are inserted
simultaneously to maintain the integrity of the cluster and subsequently the mirroring
of the data disks.

Log-on

When the nodes have powered up, log on using the administrator account. There
should be no password with the user name administrator. Note: this is not always the
case depending on the clone that was used on the APG, sometimes the password is set
to administrator1. Wait for 3 mins for all the resources to come online and then start
the cluster administrator.

Site Parameter Change

Spchange Slide

SPChange is the command used to change the site specific parameters on the APG.
The command is first run on the PDC with the BDC in a shutdown state. To run the
command on the BDC the PDC must be up and running. The command spchange
should only be run on a fully functional APG

• The node names of the domain controllers (PDC and BDC)

• The IP-addresses of the domain controllers (PDC and BDC)
• The default gateway for domain controllers (PDC and BDC)
• The domain name
• The cluster name
• The IP-address of the cluster
• The subnet mask

The PDC name must always end in an A

The BDC name must always end in a B

spchange -n [PDC Node Name] -ip [PDC IP-address] -s [Subnet mask] -g [Default
gateway] -d [Domain name] -cn [Cluster name] -cip [Cluster IP-address]

spchange -n [BDC Node Name] -ip [BDC IP-address] -s [Subnet mask] -g [Default
gateway] -d [Domain name]

Server Manager Slide

The Server Manager on Win NT is used to verify the parameters entered during
spchange are correct. If other computers appear on the list they can be removed.

Node A should be the primary and Node B the Backup. If both nodes appear as
backups then the command spchange may need to be run again as this suggests that
the Node Names were entered in lowercase during spchange

From this GUI it is possible to promote the BDC to PDC and also to synchronise the
domains.

Adding IIS and MTS to MMC Slide

The MMC is the Microsoft Management Console which provides an interface for
various Microsoft and 3rd party snap-ins. These application snap-ins provide the actual
functionality of the applications but the MMC is used to assist in the administration of
windows based systems.

For the APG 2 snap-ins that need to be added are the IIS (Internet Information
Server), used for setting up the default FTP site and administrating virtual directories.

The second snap-in is the MTS (Microsoft Transaction Server) is used to assist in
remote administration of the APG.

Changing Administrator account password Slide

It is advised that one of the first steps taken in the installation and configuration of an
APG40 is to rename the Administrator and Guest accounts and to then set a password
with a good degree of complexity.

The Guest account is not as important as the Administrator as the Guest account is
disabled by default.

The Administrator account user name and password need to be changed as the
Administrator account is a special type of account that cannot be locked out by
entering an incorrect password. This therefore has security implications

IPN

Before starting the test procedures the crossover cable needs to be removed from the
LAN port and the LAN connection inserted. The nodes then need to be rebooted and
when they come back up the cluster administrator needs to be checked to make sure
all resources have come back online

IPN Connections between CP and APG40 Slide

The AP is connected to the CP by means of an IPN Ethernet connection, through the

RPHM. In the RPHM there are 2 new boards to deal with the APG. The IPNX which
accepts the direct connections from the APG and the IPNA which convert from
TCP/IP to RPBus format, providing the CP with an Ethernet connection.

Command Example Slides

DPRBP: Data Processing System Functions, RP Bus Branch Index, Print

Print the RP Bus Branch Index and physical and logical addresses

<DPRBP;
RP BUS BRANCH INDEX
LRPBI PRPBI ADDRESS SUIT RESERVED BW ALLOCATED BWTIME SLOTS
0 0 RP-0&&-31 0 10647 13
1 1 RP-32&&-63 0 10647 13
2 2 RP-64&&-95 0 10647 13
3 3 RP-96&&-127 0 10647 13
4 31 RP-128&&-159 0 - -
. . . . . .
. . . . . .
30 30 RP-960&&-991 0 - -
31 4 IPN-0&-1 102400 103194 126

END

addrsuit Address suit

The address range of the RP or IPN equipment associated with the RP bus branch
allocbw Allocated bandwidth
RPH bus bandwidth currently allocated to the RP bus branch in Kilobits/second. A dash
indicates that the RP bus branch does not physically exist.
lrpbi Logical RP bus branch index
prpbi Physical RP bus branch index
resbw Reserved bandwidth
 Command ordered reserved RPH bus bandwidth for the RP bus branch in Kilobits/second.
tslots Time slots
Number of RPH bus time slots currently allocated to the RP bus branch. A dash indicates that
the RP bus branch does not physically exist

<DPRBC:LRPBI=31,PRPBI=XX;
Defines the link between the IPN on physical index XX to the logical index 31

<DPRBC:LRPBI=31,RESBWM=100;
Sets the reserve bandwidth in Mb/s for the link.

DHCP Manager in APG40 Slide

A DHCP (Dynamic Host Control Protocol) Server issues the IP addresses to the
IPNA. These are allocated using a unique identifier. The hex number for the ASCII
string eg. 49 50 4e 41 30 30 = IPNA00. This means that if the IPNA’s are replaced the
addressing remains the same for the new card. IPNA identities of an even number are
connected to CP-A and the odd ones are connected to CP-B.

Configuration of the DHCP server is done through the Local Console. Start,
Programs, Admin Tools, DHCP Manager. It must be configured on both nodes and the
requires a failover or manual start to configure the server on the passive node.

1. Creating a Scope
2. Defining a Reservation
3. Selecting a Boot File
4. Defining Host Name
5. Repeat for CP-B (odd) IPN’s

Creating a Scope Slide

The first step is to create the scope of the addresses. This defines the operating range
of IP addresses that will be used.

Double Click on Local Machine, Click Scope, Click Create

The values are input as shown in the slide.

Start Address – The start (lowest value address) in the range

End Address – The end (highest value address) in the range
Subnet Mask – The Class of the IP address
Lease Duration (Unlimited) – IP addresses are assigned for an unlimited duration.
This means that even if cables are unplugged the IP address will not be assigned to
another Ethernet device.
Name – the Name
Defining a Reservation Slide

The second step is to define a reservation. A reservation associates of an IP address

with the unique identifier.

Click Scope, Add Reservations

Selecting a Boot File Slide

Step 3 is to select a boot file from the AP that is used by the IPNA.

Click Scope Address, Click on IPN 0 IP address, Properties, Option, from Unused
Options Select 067 Bootfile Name, Click Add, Value Type = boot.ipn0

boot.ipn0 is the for the file located in c:\tfpboot

Defining Host Name Slide

Step 4 is to define the hostname. The Host Name is specified as the IP address of the
Node

Click Scope Address, DHCP Options, Scope, from Unused Options select 066 Boot
Serve Host Name, Click Add, Value = 192.168.169.1
Repeat for CP-B (odd) IPN’s Slide

Repeat the steps above for the BDC. To do this a failover or manual startup of the
service will need to take place

IPN and APG40 IP addresses

GO THROUGH SLIDE

Test of APG40

There are 2 types of startup tests

1. APM Only
2. APM and APIO

APM Only Test

There are only 2 commands to be issues in this test scenario

dsdls –a Directory Service Listing:Displays applications registered as servers in

a CP or AP.
(-a List your own node, that is the node that you currently are logged on
to, and the CP nodes)

dsdls -a
Node Domain Application Conn-type Pid IP Address Port
cp0 JTP CLOCKSYNC OCP 0 0 85
cp0sb JTP ALCOSB OCP 0 0 86
apla MTAP CHS TCP/IP 292 127.0.0.1 1177
TCP/IP 127.0.0.1 1178
OCP 192.168.169.1 1179
OCP 192.168.170.1 1180

Application name The name of the server application.

Conn-type The type of connection to be used when communicating with the server application.
Domain Domain The domain which the application belongs to.
IP address The IP address which the application is listening on.
APG40: A value equal to 0 in the printout indicates that the application is running in
a CP. Other values indicate that the application is running in an AP.
Node name The name of the node where the application is running.
Port IP port on which the server application is listening.
Pid Process identity of the application. A value equal to 0 in the printout indicates that
the application is running in a CP. Other values indicate that the application is
running in an AP.

mml apamp; AP Maintenance, AP Maintenance Data, Print: This command prints

the LANs to the directory service function and all adjunct processors in
the AP maintenance table. It verifies that CP-AP communication is
enabled

C:\> mml
<APAMP;
AP MAINTENANCE DATA

DIRECTORY ADDRESS DATA

AP NODE LAN IP PORT STATUSCATEGORY
1 A 1 192.168.169.1 14000 ACTIVE
1 A 2 192.168.170.1 14000 PASSIVE
1 B 2 192.168.170.2 14000 PASSIVE
1 B 1 192.168.169.2 14000 ACTIVE

AP MAINTENANCE TABLE
AP IO ACTIVENODE LOCALIP1 LOCALIP2
1 YES A 192.168.169.128 192.168.170.128
END
<

activenode Adjunct Processor status. (only valid for APG40)

A Node A is active (Node B is passive)
B Node B is active (Node A is passive)
UNDEF Node status not known.
AP Adjunct Processor (AP) identity.
Category Error category.
STOCSYST Internal system fault.
NETWORK Network fault
USERFAULT User fault detected or generated by the directory service function
ADDRFAULT Address/port not correctly specified
IO IO Adjunct Processor status.
YES AP is an IO-AP.
NO AP is not an IO-AP.
IP Internet Protocol (IP) address for the AP. This is a 32-bit address written in dotted-
decimal notation, one for each byte of the address.
LAN Local Area Network (LAN) identity.
1 LAN 1.
2 LAN 2.
localip1 Local IP address for the first device. This is a 32-bit address written in
dotted-decimal notation, one for each byte of the address.
localip2 Local IP address for the second device. This is a 32-bit address written in dotted-
decimal notation, one for each byte of the address.
Node Node within the cluster (only valid for APG40).
A Node A.
B Node B.
Port Port number for the AP directory service function.
Status Status of the LAN (address signalling).
ACTIVE LAN handles address signalling between CP and AP.
PASSIVE LAN is not used for address signalling between CP and AP.
FAULTY The LAN is faulty.

APM and APIO Test

The first step is to do the tests described above in the APM Only test, using the
commands
dsdls –a
mml apamp;

In addition to these tests there are a couple more that need to be performed.

Test of MSC (Man Machine Comms Subsystem)

cpdtest -c IO Device in CP, Test: Used to test and list the attributes of the AP-CP
comms
(-c This option specifies that the attributes of all connected CP-AP channels
are to be listed)

cpdtest -c
CHAN STATE CPSIDE NETWORK HANDLE KEY
5 Connected EX Lan 1 25 29

iomsp IO Subsystem Functions, MML Service Data, Print: The command

prints the route definitions and current session data of the Man-
Machine Language (MML) service. The command is used to determine
whether the MML service is active or not.

iocdp IO Subsystem Functions, Configuration Data, Print: This command

lists all applications and application specific data inserted in the
configuration data table.

Test of FMS (File Management Subsystem)

cpfls –ls CP File System, List. This command is used to print the names and
attributes of one or all of the files in the CP file system. It is also used
to print the physical path to a specific file.
(-ls print a long list with subfiles)

Test of MAS (Maintenance Subsystem)

ptcoi PROCESSOR TEST, CONNECTION, INITIATE: This command

orders a connection of CPT to the MAU and to the CP side that has the
Standby state (CP-SB). The other CPT commands will become
available. Recorded state changes in the CP will generate result
printouts on the command receiving I/O-device.

ptwsp PROCESSOR TEST CP, WORKING STATE, PRINT: The command

orders a printout of CP working state information.

con The CP side CPT is connected to.

A CP side A.
B CP side B.
CP-A Processor side A.
CP-B Processor side B.
EX Executive.
FM The CP side is fault marked.
PHC:ACT PHC function active.
PHC:PAS PHC function passive.
PHC:UNDEF Not possible to read the state of the PHC function.
SBHA Standby, halted.
SBSE Standby, separated.
SBUP Standby, during updating.
SBWO Standby, working.
MAU FAULT MARKED The MAU is faultmarked.
NONE No data to be printed. Appears instead of CP state information, if the status not
could be updated.

ptcoe PROCESSOR TEST, CONNECTION, END: The command

disconnects CPT

Test of CPS (CP Subsystem)

sybfp SYSTEM FUNCTIONS, BACKUP FILES PRINT: Lists all the reload
files in the CPF

bupprint Backup Parameters, Print: The command initiates a printout of

parameters that are used for backup generation handling and command
log handling and are effective in connection with reload.
Chapter 2 – Security Administration
Objectives Slide

• User Management in APG40

• The different user groups and their authorities in APG40
• APG40 Domain handling
• Master User Domain (MUD)

User Management Slide

The APG40 allows access to both the APG, CP and various commands through the
use of defined users.

A different user can be setup for each operator accessing the APG40, and an
individual password can be assigned to these users.

The users are made members of local groups which provide different functionality
and access to commands and resources in the APG domain.

Standard Groups

APG40 Standard Groups Slide

There are a number of different groups in the APG. If no applications are installed on
the APG then the standard groups defined are as follows

• Administrators
• Account Operators
• FTPUSRG
• EVENTVIEWERG
• SECUREADMG
• ACSUSRG
• ACSADMG
• Domain Users

.See book on Page 37 for a description

Application Groups

APG40 APIO Groups Slide

If the APIO application is installed then the following localgroups will be defined

• CPUSRG
• CPADMG
 • APLOCG
• CPSUSRG
• CPSADMG
• FMSUSRG
• FMSADMG
• MASUSRG
• MASADMG
• MCSUSRG
• MCSADMG
• Other groups

The Other Groups mentioned here is for groups relating to other applications that are
installed. For example if STS was installed then there would be an STSUSRG and
STSADMG

.See book on Page 39 for a description

APG40 Pre-defined Users Slide

Built in to every APG is a set of predefined users that cannot be removed

• Administrator
The administrator account is a special type of account as it cannot be locked out. For
this reason it is recommended that both the name of the administrator account and the
password be changed to something complex.

• Guest
The guest account is built in and therefore not possible to remove. It is disabled by
default but even so it should also be renamed and a complex password issued for it

• Service Accounts
There are 2 service accounts on the APG. These accounts have automatically
generated names which consist of a random array of numbers and characters in upper
and lower case. The password is also automatically generated.
One is responsible for each node and is required to automatically start selected
services on the APG, for example the cluster service, ACS_FCH_Server, LBB
services.

• IUSR_<Machine Name>
This account is used by the MS IIS for anonymous FTP logons. The APG does not
allow anonymous logons but this feature is used between the AP and CP

• IWAM_<Machine Name>
This account is used by the MS IIS for process isolation. However this feature is not
used on the APG and therefore this account should be disabled.

Command Example Slides

SKIP
Creating a new User

Creating a new local user on the APG can be done either through the PCAnywhere
GUI or by using the CLI.

PCAnywhere
Start, Programs, Admin Tools, User Manager for Domains, User Add

This will create a new user but to be able to do anything on the APG (even log on) the
user must be part of some local groups

Click on Groups, then Add the user to the necessary groups

CLI

To add a new user use the command

 Net user
 Net user <username> /add

To add a new user to a localgroup use the command

 Net localgroup
 Net localgroup <localgroup> <User Name> /add

Associating with a CP group

There are 16 AP groups and 16 CP groups. These groups can be associated together so
that a user will only need 1 username and password to be able to log into both.

The association can also define the permissions that a user has and whether the
permissions in the AP and the same as those in the CP

Define association between CP administrator group in AP and CP

<IOUAL:USER=CPADM, USERGR=0, PSW=password;
<IOUAI:USER=CPADM;
<IOUGC:USERGR=0, CATI=0&&255;
cuadef -u CPADM -g CPADMG -c “CP Administrator”

Define association between CP user group in AP and CP

<IOUAL:USER=CPUSER, USERGR=1, PSW=password;
<IOUAI:USER=CPUSER;
<IOUGC:USERGR=1, CATI=0, CATR=1&&255;
cuadef -u CPUSER -g CPUSRG -c “CP Print only”

List the associated groups and users

 cuals
POS AP GROUP CP USER COMMENT
1 CPADMG CPADM CP Administrator
2 CPUSRG CPUSER CP Print only

Firstly define a CP user

<IOUAL:USER=<cpUserName>, USERGR=0, PSW=password;
Initiate the new user
<IOUAI:USER=<cpUserName>;
Define the permissions for the user
<IOUGC:USERGR=0, CATI=0&&255;

List the AP – CP associations

cuals

Associate the AP Group to the CP User

cuadef -u <cpUserName> -g <Local group> -c “<comment>”

Check the association

cuals

Master User Domain (MUD)

A master user domain is used to administrate user and their associated groups across
multiple APG’s

A MUD can be any computer running Win NT 4 server as there are no additional
software requirements

User defined in a MUD will have access across all APG’s in the domain.

User accounts can therefore be centrally managed

For redundancy some local access on the APG should be available.

There are therefore 2 domains, the AP Domain and the MUD Domain. To be able to
communicate between them a trust Relationship needs to be setup

Adding a Trusting Domain Slide

Start, Programs, Admin Tools, User Manager for Domains, Policies, Trust
Relationship
A trust relationship is setup between the APG and the MUD. It is enough that the APG
trusts the MUD but it is not necessary for the MUD to trust the APG

On MUD
Add the APG as a trusting domain, give it a name and password

On APG
Add the APG as a trusted domain, give it a name and enter the password from above

MUD vs APG40 User definitions Slide

On the MUD

Once the trust relationship is set, Global groups are now added. Since the MUD is
trusted by the APG, Local Groups on the APG can be associated with the Global
Groups on the MUD

The Global and Local groups are mapped in a 1-1 relationship, it is possible to map 1-
Many but this only complicates things.

A global group is setup on the MUD and from there Local Groups are created of the
same name as the groups on the APG. Once done the mapping can be started

Users are then defined in the MUD and added to the different Local Groups on the
MUD
Chapter 3 – APG40 Recovery Procedures

AP Restore

There are a number of different choices when performing a burrestore. Note that the
command burrestore on its own swaps the drive letters so that the D becomes C and
the C becomes D. The system auto-boots in C so the restore is performed

 Single Node Restore

 Single Node Restore
 Single Node Restore
 Double Node Restore
 Disaster Recovery
 Quorum Restore
 Data Disk Restore
 Node Change

Single Node Restore

burrestore

Single Node Restore from K:\ drive

1: Log into Passive Node.
2: Copy backup from K:\ drive on Active node to D:\ Drive on Passive Node
burbackup –imgsrc \\<active-node>\images\node<A/B>\<filename>.zip -dest D:\
3: Restore the System from the D: drive to the C: drive
burrestore

Restore from DAT Tapes

1: Delete the contents of D: first. From D:\
del D:\. /F/S/Q
rmdir ./S/Q
2: Use GUI to restore the backup from the DAT to D:\
3: Restore the System from the D: drive to the C: drive
burrestore

Note: /F – Force deleting of read-only files.

/S – Delete specified files from all subdirectories.
/Q – Quiet mode, do not ask if ok to delete on global wildcard

Double Node Restore (Cluster Restore)

1: Log into Passive Node
2: Swap C:\ and D:\ without rebooting
burrestore -stay
3: Stop supervision from the PRC so that failover can’t occur
net stop clussvc
4: Shutdown
prcboot –s
5: Log into Active Node
6: Perform restore and wait till all resources are online before proceeding
burrestore
7: Reboot the Passive Node
FCC_Reset other
8: Restart the cluster server
net start clussvc
9: Synchronize both nodes
net accounts /sync

Disaster Recovery

Follow the OPI : AP System Disaster Recovery – Used when 1 or both nodes can’t
boot from the hard disk.

The OPI must be followed and the following is only a brief description of the steps.

Disaster Recovery 2 Nodes

Enable Flash Disk.

 On the PDC
 Flash disk enabled from the BIOS (newer systems) or by a dipswitch (older
systems)
 AP is rebooted so now boots from Flash Disk
 Flash Disk is now C:\ and the C: has become D:
 Steps Repeated for PDC
 Enter Norton ghosting program
 C:\>Ghost
 Ghost the drive from disaster,gho image

Prepare the LCT

 Change the IP Address of the LCT to 192.168.200.2 and subnet mask to
255.255.255.0
 Share folder that contains backups
 Connect Crossover cable (Heartbeat cable will do if no others available) from
the Ethernet connection of the LCT to the Public Port of the APG (Slot C9)

Network Connection and Transfer of Files

 Edit lmhosts, protocol.ini, system.ini where necessary
 Map a drive letter to the shared area on the LCT
o Net use x: \\<LCTCompName>\<ShareName>
 Copy files across to the D: drive
o Copy x:\<BackupName>.zip d:\
 Copy pkunzip to d:\ drive
 o Copy c:\tools\pkunzip.exe d:\
 Unzip the backup
o Pkunzip –e –d –o <BackupName>.zip

Disable Flashdisk
 On the PDC
 Flash disk disabled from the BIOS (newer systems) or by a dipswitch (older
systems)
 AP is rebooted so now boots from Hard Disk
 D:\ is now C:\
 Steps Repeated for PDC

Convert Partition
 Convert c:/fs:ntfs

Reinstall Burserver
 Stop Cluster Server
 cd “Program Files”\AP\ACS\bin
 burserver.exe –service
 copy c:\”program files”\pkzip\pkzip25.exe

Recreate F:\ Drive

 Use Administrator GUI to recreate the F: drive
 Convert F: drive to NTFS through GUI
 Label Drive ntdump
 Enter the command prompt and create directories ACS and ACS\logs
 Set file permissions for the F: drive

Backup to the D: drive

 Backup from the zip on c:\ to the d: drive
 burbackup –imgsrc c:\<BackupName>.zip –dest d:\
 This is a backup with the correct permissions

BDC
 Convert file system
 Reinstall burserver
 Recreate F:\ partition
 Backup of the D: drive

Restart to the backup on D:\

 burrestore

Disaster Recovery 1 Nodes

 Put node in safe state to remove cable

o fcc_save_to_remove other
 Remove cables in correct order (SCSI removal order)
  Enable Flashdisk (as before)
 Prepare LCT (as before)
 Network Connection and transfer of files (as before)
 Disable Flash Disk (as before)

 Zap Data Disks by pressing CTRL-A at the blue “Adaptec I2O” symbol and
follow OPI

 Convert File System (as before)

 Reinstall burserver
 Backup to the D:\ drive
 Restart to the backup on D:\

Node Reconnection
 Set ACS_FCH_Server to manual startup in services
 Shutdown node and reconnect all cables in the correct order
 Set Cluster Server to automatic startup in services
 Synchronise the PDC and BDC
 Net accounts /sync
 Intergrate mirrored Data Disks
 fcc_integrate other
 Set ACS_FCH_Server to automatic startup in services

Quorum Restore

In every cluster a single resource is designated as the Quorum Resource

It has 2 important functions

 Maintains a constantly updated version of the Cluster Database. When a node

joins a cluster it compares its local database to that of the Quorum and updates
if necessary

 Enforces Cluster Unity preventing split brain syndrome. Should nodes not be
able to communicate then only nodes that can communicate with the Quorum
resource can form a Cluster.

Follow the OPI : AP System Quorum Log, Recreate

This OPI will only help if

 The Cluster Server is unable to start
AND
 Event 1019 or 1069 appear in the event log
 o Event 1019 – The Quorum Log for the cluster was found to be corrupt
o Event 1069 – Resource “Disk J:K:” failed

Procedure

1. Connect to the PDC

2. Stop the Cluster Server (and ACS_FCH_Server if prompted)
3. Connect to the BDC
4. Stop the Cluster Server (and ACS_FCH_Server if prompted)
5. Enter the parameter –noquorumlogging in the Startup Parameter Field
6. Restart the Cluster Server
7. If the Cluster Server does not start then the OPI will not fix the problem
contact next level of support
8. Determine where the problem is:
chkdsk J:
9. Check printout for next step

Printouts
 The printout has no sign of any disk corruption or inconsistencies
 The printout suggested disk corruption or inconsistencies
 The printout was either
o “The system cannot find the drive specified”
OR
o “Cannot open volume for direct access”

1: The printout has no sign of any disk corruption or inconsistencies

 Rename the quorum log
 ren j:\mscs\Quorlog.log Quolog.old
 Delete the temporary files
 del j:\mscs\*.tmp
 Stop the Cluster Service
 Remove the parameter –noquorumlogging
 Start the Cluster
 If successful start the Cluster Server on the PDC

2: The printout suggested disk corruption or inconsistencies

 Connect to the BDC
 Set the Cluster Disk Device startup to Manual
 Set the Cluster Server startup to Manual
 Set the ACS_FCH_Server startup to Manual
 Reboot the BDC
 Repeat steps above on the PDC
 Wait for the PDC to come back up

 Connect to the BDC

 Run chkdsk j: /F to fix errors
  Set the Cluster Disk Device startup to Automatic
 Set the Cluster Server startup to Automatic
 Set the ACS_FCH_Server startup to Automatic
 Reboot the BDC
 Repeat steps on the PDC

 Wait for PDC to come back up

 Verify state of both nodes is either Active or Passive

3: The printout was either “The system cannot find the drive specified” OR
“Cannot open volume for direct access”
 This OPI cannot fix the problem

Data Disk Restore

Follow OPI : AP System Data Disk Restore

Leads to the complete loss of all data on the data disks

Procedure

 Reboot BDC
 Enter Raid Bios by pressing CTRL-A at the blue Adaptec Symbol
 The BDC will be left in the state for most of the procedure

 Reboot the PDC

 Enter Raid Bios by pressing CTRL-A at the blue Adaptec Symbol
 Zap the Raid Drives
 Rebuild the Raid Drives but don’t wait for it to finish
 Set the Cluster Disk startup to Manual
 Set the Cluster Server startup to Manual
 Set the ACS_FCH_Server startup to Manual

 Reboot the PDC

 Format the drives with the info in the .ddi file
o burbackup –restoredatadiskinfo c:\bur\<filename>.ddi
 If successful then continue if not repeat
 Set the Cluster Disk startup to Automatic
 Set the Cluster Server startup to Automatic
 Set the ACS_FCH_Server startup to Automatic
 Set the timezone

 Reboot the PDC

 Reboot the BDC
  Synchronise the accounts
o net accounts /sync

Node Change (HW Restore)

Individual boards on the AP are not normally changed. An entire node is replaced

Node changes are carried out when the following conditions are applicable
The alarm AP Fault is present, or a work order is received
The node is faulty

The replacement must contain the correct LBB installation

A backup of the fault node must be on the working node

Procedure

 On the Faulty Node

 Stop the Cluster Server
o net stop clussvc
 On the Active node
 Check the status of the RAID format – must be set to optima
o C:\program files\dptmgr\> raidutil –L physical
 Check the firmware revision
o C:\program files\dptmgr\> raidutil –L version

 Put the faulty node is a safe state for replacement

o fcc_save_to_remove other
 Wait till the MIA light is lit (on the faulty node) before continuing
 Remove the cables in the correct order
 Reconnect, VGA, keyboard and then the power
 Remove Customer Information
 Enter into the RAID Bios by pressing CTRL-a at the blue Adaptec symbol
 Zap the disk drives
 Power down node
 Replace Node

 Check the consistency with the other node

o cd Program Files\Dptmgr
o raidutil –L physical
o raidutil –L version
 Check drive size is not smaller than other node, firmware version, CN-I

 Restore node from a backup

 Integrate Data Disks
o fcc_integrate other
 Check status of integration with the command
 o C:\Program Files\dptmgr\> raidutil –L logical

Chapter 4 – AP Configuration Options

Objectives Slide

• Configure Multiple AP’s

• Migrate from IOG to APG

Configure Multiple AP’s

Configure Multiple AP’s Slide

It is possible to configure multiple AP’s to connect to a CP either on the same IPN or

different IPN’s.

APG’s are all delivered with values setup for a single AP. To add a second AP there
values therefore have to be changed

Before looking at the procedure to set these values we will look at the different
configuration options.

Multiple AP’s on same network to CP Slide

CP-A CP-B

RPHM -A RPHM -B

LAN-0
LAN-1

Node A Node B Node A Node B

AP-1 AP-2

Here both APG’s share the same network, this is they use the same IPN bus to connect
to the CP.
Each RPHM will require ?? IPNX and 2 IPNA (the IPNA needs 1 for each LAN
connection)

Multiple AP’s with individual networks Slide

CP-A CP -B

RPHM-A RPHM-B

LAN -0
LAN -1
LAN -2
LAN -3

Node A Node B Node A Node B

AP -1 AP -2

Here both APG’s will have their own network, this is they will use different IPN buses
to connect to the CP.

Each RPHM will require ?? IPNX and 4 IPNA (the IPNA needs 1 for each LAN
connection)

Procedure

Procedure on AP 1
1: Edit the HOSTS file on Passive then Active Nodes
Used to ensure the correct Nodes names and IP Addresses
192.168.169.3 ap2a-l1 ap2a
192.168.170.3 ap2a-l2 ap2a
192.168.169.4 ap2b-l1 ap2b
192.168.170.4 ap2b-l2 ap2b

Procedure on AP 2
2: Change the APNodeNumber parameter using a Soft Function Change
Parameter File: c:\Program Files\AP\ACS\conf\CXC13791.par
Parameter: ACS_ALHEXECBIN_apNodeNumber: 2;

3: Disable DHCP
 Start, Settings, Control Panel, Services, Microsoft DHCP Server, Startup
Type, Disable

4: Edit the HOSTS file on Passive then Active Nodes

Used to ensure the correct Nodes names and IP Addresses
192.168.169.3 ap2a-l1 ap2a
192.168.170.3 ap2a-l2 ap2a
192.168.169.4 ap2b-l1 ap2b
192.168.170.4 ap2b-l2 ap2b

5: Delete DSD_nodeNames File

This file may cause problems as it contains AP1 references
del c:\acs\data\DSD\DSD_nodeNames

6: Change IP address of Network Cards towards the CP

Start, Settings, Control Panel, Network, Protocols, TCP/IP, Properties

Select from the Adapter Pull down menu, the first “Intel 21143 Based 10/100 mbps
Ethernet Controller”
The IP address should currently be set to 192.168.169.1 or 192.168.169.2.
If the IP address is 192.168.169.1 change it to 192.168.169.3. (Node A)
If the IP address is 192.168.169.2 change it to 192.168.169.4. (Node B)
Select from the Adapter Pull down menu, the second “Intel 21143 Based 10/100 mbps
Ethernet Controller”
The IP address should currently be set to 192.168.170.1 or 192.168.170.2.
If the IP address is 192.168.170.1 change it to 192.168.170.3. (Node A)
If the IP address is 192.168.170.2 change it to 192.168.170.4. (Node B)

7: Reboot (You should be prompted to do this)

8: Verify Changes
Phaprint ACS_ALHEXECCIN_apnodenumber
Type c:\winnt\system32\drivers\etc\hosts
Ipconfig /all

Procedure on CP
9: Define AP2 in CP
mml apami:AP=2,TYPE=0;
apamp;

Migrate from IOG to APG

IMPLEMENTATION INSTRUCTION FOR IOG20 TO APG40 MIGRATION ON

GSM R10 CN-G0
343/1521-APX 101 01/A13 Rev A

Implementation Instruction for IOG20 to APG40 Migration on GSM 900/1800 R9.1

CN-G0
346/1521-HSD 108 01/A3 Rev A
HEALTH CHECK FOR IOG20 TO APG40 MIGRATION ON GSM R10 CN-G0
344/1521-APX 101 01/A13 Rev C

Procedure

Obtain IOG Config info in case of fallback

Port Definitions
Routing
IO device data
MCS user directories
FMS Volume
File Data
Terminal and User Groups

APG40 User Data

From Startup and Test Procedure

CP Fault Free
ALLIP

Backup IOG
SUBUP

Connect IPN busses

Block and Undefine Link 0 in SPG

BLSLI:SPG=0,LINK=0;
EXSLE:SPG=0,LINK=0;

Take Recourse Offline

Use Cluster administrator to take Disk Group offline

Define IPN
OCINI:IPN=0;
OCIEI:IPN=0,EQM=OCITS-0;
OCINI:IPN=1;
OCIEI:IPN=1,EQM=OCITS-1;

Define CPF app

IOCDI:APPL=CPF,NUM=1;

Define MML Server app

IOCDI:APPL=MML01;

Define Physical & Logical Bus Branch Index

DPRBP;
DPRBC:LRPBI=31,PRPBI=XX;
DPRBC:LRPBI=31,RESBWM=100;
Bring Resource back online
Use Cluster administrator to take Disk Group offline

Define AP in CP
APAMI:AP=1,TYPE=0;
APAMP;

Deblock IPN
OCIBE:IPN=0;
OCIBE:IPN=1;

Basic steps in this procedure.

There are a number of other functions which include swapping functions from
the IOG to the APG using the configuration info taken at the start of the
procedure (also see CP_IPN_APG_Upgrade.doc)

Remove IOG IO devices defined

IOBLI:IO=XX
IOIOR:IO=XX

Remove TSAP, JTP aswell

EXTDE:TSAP=XX;
EXJAE:APPL=XX

Remove RP bus cables

Backup CP and AP
SYBUP
Burbackup
Chapter 5 – APG40 Antivirus Configuration
Objectives Slide

• Describe the eTrust InoculateIT AntiVirus software

• Configure the AntiVirus software
• Update the virus definitions

Anti virus software on the APG40 is provided by Computer Associates eTrust

InoculateIT Antivirus and is installed on both node prior to delivery by Ericsson.

The APG will be delivered virus free and if an initial backup is delivered with the
APG it is up to the operator to keep this backup free from viruses.

The virus chain Slides

GO THROUGH SLIDES

Security Steps and Measures Slide

Network Configuration
 Configure the network the th APG40 is connected to so that it is only
accessible to the O&M or Network Element traffic

Avoiding Virus on the APG40

 Clean Backups – Backup should only be made on an APG that is free from
virus
 Install only Ericsson Approved Software – Any 3rd party software installed is
the responcibility of the customer
 Scan files to be transferred to the APG – Ensure that before transferring files
to the APG that they are scanned for viruses
 Connect only clean machines to the APG – If a computer needs to be
connected to the APG through the local maintenance port, ensure that it has up
to date antivirus software running on it.

Anti Virus Configuration Slide

READ THROUGH SLIDE

Creating a scheduled scan job Slide

To Create a Scheduled Scan

Start, Programs, eTrust Anti Virus.

Click Scanner, Scheduled Scan Job, Select Create,
Tabs
General
Give it a Name
Scan
Safety Level = Secure, Reviewer Level can generate false alarms
Scanning Engine = InoculateIT
Advanced – Select Scan Alt Data Streams to scan these streams and
optionally choose Incremental Scan to ignore files that haven’t
changed
Infection Treatment = How to deal with an infected file
Selection
Regular Files = All extensions, to scan all files
Compressed Files = It is betters to have it scan compressed files and the files
inside a compressed file
Schedule
Set when you want a scan to be done
Directories
Which directories to include
Exclude Directories
Which directories to exclude

Virus Updates Slides

GO THROUGH SLIDES

Signature update options/incoming Slide

The following procedure shows to download the updates via the LAN using a simple
pass through proxy protocol.

Start, Programs, eTrust InoculateIT, eTrust InoculateIT

Click Scanner, Signature Update Options, Incoming

Add or Edit an existing entry which the configuration details

Click Download Now to test