3.1.1 Flow of SSO installation and setup tasks
This subsection describes the flow of SSO installation and setup tasks.
-
Install SSO.
You can perform product installation steps 1 to 3 in any order.
In a distributed configuration, install NNMi and each SSO program on different hosts. Note that every SSO program must be set up.
For how to install SSO, see 3.2.1 Installing.
-
Install NNMi.
For how to install NNMi, see the JP1/Network Node Manager i Setup Guide.
-
Install JP1/Base.
JP1/Base is required only when the user authentication function of JP1/Base is to be used. You can install JP1/Base at any point before step 6.
For details about how to install JP1/Base, see the JP1/Base User's Guide.
-
Set the information about connection to NNMi.
Execute the ssonnmsetup -add command.
For details about the ssonnmsetup command specification, including options, see ssonnmsetup in 5. Commands.
-
Set the incident definitions of SSO in NNMi.
The following table lists the incident definition file names and definition conditions.
The incident definition file ssoincident.def is set by using the nnmconfigimport.ovpl command.
If NNMi is stopped, start it before executing the nnmconfigimport.ovpl command. After moving the current directory to bin in the NNMi installation directory, execute the following command:
nnmconfigimport.ovpl -u user-name -p password -f $SSO_INCIDENT/ssoincident.def
The following describes the values that can be specified for the command arguments.
user-name: Specify the user name of the NNMi administrator.
password: Specify the password for the NNMi administrator account.
In a distributed configuration, the incident definition file ssoincident.def must be copied and registered to the management manager. Since the incident definition file needs to be registered only once, you do not need to perform registration for each host on which SSO is installed. Registration of apmtrap.def is unnecessary.
Note that the incident definition file must be copied and registered to NNMi on all other hosts specified as transmission destinations in the event destination definition file (ssodest.conf), as in a distributed configuration.
-
Set the protocol to be used for communication with the Web browser.
HTTP or HTTPS can be used as the protocol for communication between SSO and the Web browser. Use the ssoconsoled action definition file to set the protocol. For details on this file, see 6.3.23 ssoconsoled action definition file (ssoconsoled.def).
To use HTTPS as the communication protocol, an SSL server certificate is required. The certificate can be self-signed or signed by a CA (Certificate Authority).
Because SSO provides a self-signed certificate, if you use this certificate, you do not need to acquire a certificate from a CA.
For details about the settings for using a certificate issued by a CA, see 3.4.7 Settings for using a certificate issued by a CA.
-
Set the URL action definitions of SSO in NNMi.
The following table lists the URL action definition file names and recommended registration requirements.
Table 3‒2: Names of URL action definition files and recommended registration requirements No.
URL action definition file name
Registration requirement
1
- Japanese:
-
$SSO_URLACTION/ssourlaction.def
- English:
-
$SSO_URLACTION/ssourlaction_eng.def
- Chinese:
-
$SSO_URLACTION/ssourlaction_ch.def
Set this file to access the SSO console via HTTP when NNMi is not in a multi-tenant environment.
2
- Japanese:
-
$SSO_URLACTION/ssourlaction-mt.def
- English:
-
$SSO_URLACTION/ssourlaction-mt_eng.def
- Chinese:
-
$SSO_URLACTION/ssourlaction-mt_ch.def
Set this file to access the SSO console via HTTP when either of the following conditions is met:
-
NNMi is in a multi-tenant environment.
-
You want to control access to action menus based on role.
3
- Japanese:
-
$SSO_URLACTION/ssourlaction-https.def
- English:
-
$SSO_URLACTION/ssourlaction-https_eng.def
- Chinese:
-
$SSO_URLACTION/ssourlaction-https_ch.def
Set this file to access the SSO console via HTTPS when NNMi is not in a multi-tenant environment.
4
- Japanese:
-
$SSO_URLACTION/ssourlaction-https-mt.def
- English:
-
$SSO_URLACTION/ssourlaction-https-mt_eng.def
- Chinese:
-
$SSO_URLACTION/ssourlaction-https-mt_ch.def
Set this file to access the SSO console via HTTPS when either of the following conditions is met:
-
NNMi is in a multi-tenant environment.
-
You want to control access to action menus based on role.
In #1 and #2, the same menu items are registered for either of the above files, but the local settings differ. Select either one of these file names. If both are registered, only the definitions of the file that was registered last are valid.
In #3 and #4, the same menu items are registered for either of the above files, but the local settings differ. Select either one of these file names. If both are registered, only the definitions of the file that was registered last are valid.
The roles of the menu items registered in that definition file can be changed according to the operation. For details about the roles, see 2.6.2(2) Action menu access rights and 2.6.4(3) Action menu access rights.
TheURL action definition file is set by using the nnmconfigimport.ovpl command.
If NNMi is stopped, start it before executing the nnmconfigimport.ovpl command. After moving the current directory to bin in the NNMi installation directory, execute the following command:
nnmconfigimport.ovpl -u user-name -p password -f $SSO_URLACTION/ssourlaction.def
The following describes the values that can be specified for the command arguments.
user-name: Specify the user name of the NNMi administrator.
password: Specify the password for the NNMi administrator account.
Do not re-register the URL action definition file when you perform an upgrade installation of SSO. If you do so, resource status change events that were generated before the upgrade installation can no longer be used to display incident graphs.
However, you must re-register the URL action definition file if you set the NNM action address definition file when you upgrade SSO from a version earlier than 10-10.
In a distributed configuration, the URL action definition file must be copied and registered to the management manager. Since the URL action definition file needs to be registered only once, you do not need to perform registration for each host on which SSO is installed.
Note that the URL action definition file must be copied and registered to NNMi on all other hosts specified as transmission destinations in the event destination definition file (ssodest.conf), as in a distributed configuration.
-
Register the users for user authentication on the SSO console.
Set the user authentication method on the SSO console. Two user authentication methods are available. Set the desired method in the ssoconsoled action definition file. For details about the settings of the ssoconsoled action definition file, see 6.3.23 ssoconsoled action definition file (ssoconsoled.def).
- If the user authentication method is the SSO authentication method:
-
Execute the ssoauth -add command.
For details about the SSO console, see 2.1.1 SSO console.
For details about the ssoauth command, see ssoauth in 5. Commands.
- If the user authentication method is the JP1 authentication method:
-
For details about how to register the JP1/Base authentication user, see the JP1/Base User's Guide.
-
Set the community name.
For details about the settings of the community name, see 3.4.1 Setting the community name.
-
Set the resource collection conditions.
-
Set the process monitoring conditions.