Chapter 9 Sun Management Center Administration

This chapter provides the instructions for administrative tasks such as Sun Management Center backup, security key regeneration, and other tasks you can perform to resolve configuration problems with your Sun Management Center 3.5 installation.

This chapter discusses the following topics:

• Sun Management Center Backup and Recovery

• Regenerating Security Keys

• SNMP Daemons and Legacy Agents

• Reconfiguring Port Addresses

• Assigning an Agent to a Different Server

• Using Sun Management Center With a Firewall

• Enabling Network Address Translation Support

---

Note –

The procedures in this chapter assume that you installed Sun Management Center in the default file system /opt. If you installed Sun Management Center in a different location, substitute /opt with the name of the file system you chose in Step 8 in the procedure To Install Sun Management Center 3.5 on the Solaris Platform.

---

Sun Management Center Backup and Recovery

The es-backup command enables you to back up all base and add-on data in your database, and all of the configuration data in /var/opt/SUNWsymon/cfg. The es-restore command restores the database and configuration data from a previous backup.

Using es-backup

You should use es-backup to back up your database and configuration data as follows.

• On a scheduled, regular basis as part of standard maintenance

• Before performing a hardware or operating environment upgrade

• Before and after performing a Sun Management Center upgrade installation

• After a fresh Sun Management Center installation and setup

The syntax of the es-backup command is as follows:

es-backup [ -d backup-directory] [-y]

The following table describes the es-backup command parameters.

Table 9–1 es-backup Options

Option	Modifying Options	Description
-d	backup-directory	Back up the database and configuration data to the directory backup-directory.
-h		List the options for es-backup.
-y		Perform a non-interactive backup. You will not be prompted to stop Sun Management Center processes, nor will you be prompted for a backup directory name.  Note – If you do not specify a backup directory using the --d option, all database and configuration data is backed up to the directory /var/opt/SUNWsymon/backup.

To both minimize and prevent data loss, you should run es-backup on a routine basis to enable recovery of your most current data in the event of a system failure. You can create a cron entry for thees-backup -y script to run the script on a periodic basis. As part of the cron entry, you may also want to copy the contents of /var/opt/SUNWsymon/backup to an alternate directory.

---

Note –

By default, a non-interactive backup overwrites the contents of /var/opt/SUNWsymon/backup. If you have previously performed a non-interactive backup of Sun Management Center data, and you want to save the previous backup, copy the contents of the directory /var/opt/SUNWsymon/backup to another location before running a non-interactive backup.

---

The following procedure assumes that you installed Sun Management Center in the default directory /opt. If you did not install Sun Management Center in /opt, replace /opt with the name of the directory you specified in Step 8 in To Install Sun Management Center 3.5 on the Solaris Platform.

To Manually Back Up Sun Management Center Data to the Default Directory

1. Log in as root on the Sun Management Center server machine.

2. Stop all Sun Management Center processes.

   Type the command /opt/SUNWsymon/es-stop -A and press Return.

3. Backup your Sun Management Center data.

   Type the command /opt/SUNWsymon/es-backup and press Return.

   If any Sun Management Center processes are still running, you are notified that Sun Management Center must be shut down.

   You are asked whether you want to proceed. Type y and press Return.

4. Specify the backup directory.

   You are prompted for the directory path in which to store the backup. The default location /var/opt/SUNWsymon/backup is displayed.

   • To accept the default backup directory /var/opt/SUNWsymon/backup, press Return.

     If a prior backup has been performed using the default directory /var/opt/SUNWsymon/backup, you are asked whether to delete the old backups.

     • To keep the old backups, type n to exit the backup process, then copy /var/opt/SUNWsymon/backup to a different directory.

     • To overwrite the old backups, type y.

     es-backup stops all running processes, and then backs up the database and configuration data to /var/opt/SUNWsymon/backup. When the backup is completed, es-backup starts all Sun Management Center processes.

   • To specify a different backup directory, type the name of the directory and press Return.

     For example:

     # Enter full directory path to store the backup data files [/var/opt/SUNWsymon/backup]: /backup-set-1

     If the directory does not exist, you are asked whether you want to create the directory. Type y and press Return.

     es-backup stops all running processes, and then backs up the database and configuration data to the directory you specified. When the backup is completed, es-backup starts all Sun Management Center processes.

5. Validate the backup.

   Type the command /opt/SUNWsymon/sbin/es-restore -c and press Return.

   You are prompted to enter the full directory path to the backup files. The default backup directory path /var/opt/SUNWsymon/backup is displayed.

   • If you chose the default backup directory /var/opt/SUNWsymon/backup, press Return.

   • If you specified a different backup directory, type the full path and name of the directory and press Return.

   es-restore validates the data in the backup directory. You are informed whether the backup data is valid.

   • If the backup is not valid, examine the backup log file /var/opt/SUNWsymon/install/backup_host-name.date and time string.process-id where:

     • host-name is the name of the server you used to create the backup

     • date and time string is the year, date, and time the backup was created

     • process-id is the process ID of the es-backup session that created the backup.

   • If the backup is valid, copy the backup directory to a different directory for safe keeping.

   The es-backup log file is /var/opt/SUNWsymon/install/backup_host-name.date and time string.process-id where:

   • host-name is the name of the server you used to perform the backup.

   • date and time string is the year, date, and time the backup was run.

   • process-id is the process ID of the es-backup session

Using es-restore

To restore your Sun Management Center database and configuration data, for example if your database has been corrupted due to a system failure, use the es-restore command.

The syntax of the es-restore command is as follows:

es-restore [-c] [ -d backup-directory]

The following table describes the es-restore command parameters.

Table 9–2 es-restore Options

Option	Modifying Options	Description
-c		Verify the backup files only. Do not restore the data.
-d	backup-directory	Restore the data using the backup files located in the directory backup-directory.
-h		List the options for es-restore.

The following procedure assumes that you installed Sun Management Center in the default directory /opt. If you did not install Sun Management Center in /opt, replace /opt with the name of the directory you specified in Step 8 in the procedure To Install Sun Management Center 3.5 on the Solaris Platform.

To Restore Sun Management Center Data Using the Default Backup Directory

1. Log in as root on the Sun Management Center server machine.

2. Stop all Sun Management Center processes.

   Type the command /opt/SUNWsymon/es-stop -A and press Return.

3. Type the command /opt/SUNWsymon/sbin/es-restore.

   If any Sun Management Center processes are still running, you are notified that Sun Management Center must be shut down.

   You are asked whether you want to proceed. Type y and press Return.

4. Specify the backup directory.

   You are prompted for the directory path to the backup files.. The default location /var/opt/SUNWsymon/backup is displayed.

   • If you are restoring Sun Management Center from the default backup directory /var/opt/SUNWsymon/backup, press Return.

   • If you are restoring Sun Management Center from a different backup directory, type the name of the directory and press Return.

   All Sun Management Center processes are stopped. es-restore validates the backup data in the specified directory.

   • If the backup data is corrupted, you are informed, and es-restore exits to the system prompt.

     If you decide not to restore the Sun Management Center data from a different backup, and want to restart Sun Management Center, type the command /opt/SUNWsymon/sbin/es-start -A and press Return.

   • If the backup data is valid, es-restore restores the database and configuration data from the specified directory.

     When the restore is completed, es-restore restarts all Sun Management Center processes.

   The es-restore log file is /var/opt/SUNWsymon/install/restore_host-name.date and time string.process-id where:

   • host-name is the name of the server you used to perform the restore

   • date and time string is the year, date, and time the restore was run

   • process-id is the process ID of the es-restore session

Regenerating Security Keys

Security keys are used to validate communications between the Sun Management Center server and agent. The server and agent cannot communicate with each other if the server and agent have different security keys.

The Sun Management Center setup process generates the security keys for Sun Management Center components using the following default settings:

• Valid Sun Management Center users are espublic and esmaster

• Sun Management Center superuser is esmaster

• The default security seed value is maplesyr

The software uses an eight-character password string as a seed to make the generated key unique. During setup, you determine whether to use the default Sun Management Center seed or to use a seed that you create. The same seed must be used for all server and agent setups in a given server context. For more information on server context, see “Access Control Definitions and Limitations” in the Sun Management Center 3.5 User's Guide.

Sun Management Center setup does not create UNIX accounts for the special users espublic and esmaster. You should not need to log into the Sun Management Center console using these user IDs. These IDs are reserved for internal communication between processes. However, some troubleshooting activities might require you to log in using one of these user IDs. If so, you have to create the user ID, and then assign a password using the usual UNIX commands useradd and passwd. The esmaster user ID bypasses normal permission checks, so use this ID with care. For normal operation, use an existing login account.

Setup provides an opportunity to specify an existing user as a Sun Management Center administrator. This user ID is added to the esadm and esdomadm groups as well as the esusers file. For more information on security and the Sun Management Center superuser, see “Sun Management Center Security” in Sun Management Center 3.5 User's Guide.

The security keys for the components need to be regenerated if one or more of the following is true:

• UDP ports of any of the Sun Management Center agents change

• Host names or IP addresses of the Sun Management Center agent host change

---

Note –

Changing the host name or the IP address of the Sun Management Center server is not supported.

---

To Regenerate the Security Keys

---

Note –

In these examples, shared-secret stands for a secret string of up to eight characters that is common to all machines in a server context. The string is required as an argument to the script base-usm-seed.sh. A default string (maplesyr) is provided by the software, but you can specify your own password if desired. This secret string or password is used to generate keys for communication between processes.

---

The following procedure applies to machines on which the Sun Management Center server, agent, or both server and agent are installed.

1. Log in as root.

2. Go to the /opt/SUNWsymon/sbin directory.

3. Regenerate the security keys.

   • If you installed only the agent layer, type:

     # ./es-run base-usm-seed.sh -s shared-secret -c agent -u public

   • If you installed only the server layer, type:

     # ./es-run base-usm-seed.sh -s shared-secret -c topology -u public # ./es-run base-usm-seed.sh -s shared-secret -c trap event cfgserver servers

   • If you installed both the agent and server layers on one host, type:

     # ./es-run base-usm-seed.sh -s shared-secret -u public

4. Restart the Sun Management Center server.

   For more information, see the Sun Management Center 3.5 Software Installation Guide.

SNMP Daemons and Legacy Agents

This section provides an overview of SNMP, and the procedure for configuring legacy SNMP agents as subagents of the Sun Management Center agent.

SNMP Overview

The Sun Management Center server uses SNMP to communicate with the Sun Management Center agents. SNMP also communicates with the other server components, such as the Topology manager, Configuration manager, Event manager, and Trap handler. By contrast, the Sun Management Center server uses remote method invocation (RMI) to communicate with the Sun Management Center consoles.

The SNMP port definitions for Sun Management Center components are defined in two files:

• The /var/opt/SUNWsymon/cfg/domain-config.x file exists in every machine running any Sun Management Center component

• The /var/opt/SUNWsymon/cfg/server-config.x file exists on machines that have the Sun Management Center server component installed

The domain-config.x file contains one configuration block for each of the SNMP-based Sun Management Center agents. Each configuration block contains at least one line that defines the port address for the corresponding agent. The default port definition for the Sun Management Center server is in the server-config.x file.

You can manually add hosts with Sun Management Center agents that use port addresses other than 161 to the administrative domain through the Create Topology Object window. Alternatively, you can discover these hosts automatically by specifying the port number in the discovery parameters. For more information on the Create Topology Object window, see “Manually Adding Objects to the Management Information Base” in the Sun Management Center 3.5 User's Guide. For more information on how hosts are discovered automatically, see “Adding Objects to the MIB Using the Discovery Manager” in the Sun Management Center 3.5 User's Guide. Because you can only specify one port number in addition to port 161, you should select an alternate port number and use that number for all agent installations.

Configuring a Legacy SNMP Agent as a Subagent of an Agent

A legacy SNMP agent is an SNMP agent that is not part of the Sun Management Center agent framework. You might need to configure one or more legacy agents as subagents of a Sun Management Center agent if you want to use the legacy agent with Sun Management Center.

Any legacy SNMP agent can be configured as a subagent of a Sun Management Center Agent provided that the following criteria are met:

• The legacy agent can run on a port other than 161

• The legacy agent configuration supports running that agent as a non-daemon process

• You have the legacy agent MIB definition file

The following procedure applies to machines on which the Sun Management Center server, agent, or both server and agent are installed.

To Configure a Legacy SNMP Agent as a Subagent of an Agent

1. Log in as root.

2. If the file /var/opt/SUNWsymon/cfg/subagent-registry-d.x does not exist, copy the file from the /opt/SUNWsymon/base/cfg directory:

   # cp /opt/SUNWsymon/base/cfg/subagent-registry-d.x /var/opt/SUNWsymon/cfg/

3. In the file /var/opt/SUNWsymon/cfg/subagent-registry-d.x, find the block that is similar to the following block:

   # sa2 = { # type = legacy # persist = false # snmpPort = "20001" # errorAction = restart # startCommand = "/usr/lib/snmp/mibiisa -p %port" # stopCommand = "kill -9 %pid" # pollInterval = 60 # pollHoldoff = 60 # oidTrees = 1.3.6.1.2.1 # snmpVersion = SNMPv1 # securityLevel = noauth # securityName = espublic # }

4. Remove the comment symbols (#) at the beginning of the line so that the code now looks like the following code.

   sa2 = { type = legacy persist = false snmpPort = "20001" errorAction = restart startCommand = "/usr/lib/snmp/mibiisa -p %port" stopCommand = "kill -9 %pid" pollInterval = 60 pollHoldoff = 60 managedTrees = "mib-2 sun" oidTrees = 1.3.6.1.2.1 snmpVersion = SNMPv1 securityLevel = noauth securityName = espublic }

5. Modify the lines as follows:

   • Change sa2 to the unique subagent name for the agent.

   • Set type to legacy.

   • Set persist to false if the subagent is stopped when the Sun Management Center agent exits. If this value is true, then the Sun Management Center agent does not stop the subagent when the Sun Management Center agent exits.

   • Set snmpPort to the UDP port number on which you want to run the subagent.

   • Set errorAction to restart, ignore, or kill. If the restart option is used, the Sun Management Center agent tries to restart if the agent encounters an error when communicating with the subagent.

   • Set startCommand to the mandatory command to start the subagent. This command should contain %port, which is replaced by the value that is given in snmpPort.

   • Set stopCommand to the command to stop the process. %pid can represent the process ID (PID) of the subagent process.

   • Set pollInterval to the time in seconds in which the Sun Management Center agent polls the subagent.

   • Set pollHoldoff to the time in seconds after which the first poll is done on the subagent after the Sun Management Center agent starts the subagent.

   • Set oidTrees to a space-separated list of SNMP OIDs managed by the subagent.

   • Set snmpVersion to either SNMPv1 or SNMPv2.

   • Set securityLevel to either priv, auth, or noauth.

   • Set securityName to the SNMPv1 community name or SNMPv2 security name you want to use.

   For more details, refer to the descriptions in the subagent-registry-d.x file.

6. Stop and restart Sun Management Center to make the changes effective.

   1. Type /opt/SUNWsymon/sbin/es-stop -A to stop Sun Management Center.

      Wait for all processes to stop successfully.

   2. Type /opt/SUNWsymon/sbin/es-start -A to start Sun Management Center.

      Wait for all processes to start successfully.

   See Chapter 8, Starting and Stopping Sun Management Center for further information.

Reconfiguring Port Addresses

This section describes how to configure Sun Management Center software when port addresses might conflict. See Table 9–3 for a list of the default ports for each Sun Management Center component.

---

Note –

The Sun Management Center setup process checks whether each default port is in use. If the port is not in use, the default port is assigned. If a port is in use, you are given the opportunity to specify a separate port. In either case, the port assignments are stored in the configuration files, as described in SNMP Overview.

---

Default Ports

The default ports used by Sun Management Center components might be used by other processes already installed on the system. If you install Sun Management Center using the default port assignments, you might encounter port conflicts and be unable to start Sun Management Center. The Sun Management Center setup process checks the ports for each component. The process prompts you to either assign an alternate port or use the default port.

The following table lists the Sun Management Center components and the default port for each component. See To Determine Whether a Port Is Used to find out how to check whether a port is in use.

Table 9–3 Sun Management Center Default Port Addresses

Layer	Component	Default Port Number
Agent	Agent	161
Server	Trap handler	162
Server	Event manager	163
Server	Topology manager	164
Server	Configuration manager	165
Server	Platform	166
Advanced System Monitoring Add-on	System event and configuration tracking component cstservice	167
Server	Agent information caching component Metadata	168
Server	Server RMI	2099
Server	Database	2521
Server	Grouping	5600
Tomcat	Web server	8006
Server	Web server default port	8080
Server	Web server secure port	8443

To Determine Whether a Port Is Used

In a terminal window, type /bin/netstat -an | grep portnumber where portnumber is the port number that you want to query. For example:

# /bin/netstat -an | grep 8443 #

• If the port is not in use, only the command-line prompt is returned as shown above.

• If the port is in reserved or in use, the status of the port is returned. For example:

  # /bin/netstat -an | grep 1161 # *.1161 Idle # /bin/netstat -an | grep 8080 # 172.16.0.0.8080 *.* 0 0 24576 0 LISTEN

  where 172.16.0.0 is the IP address of the machine on which you entered the netstat command.

Reconfiguring Sun Management Center Ports

To reconfigure Sun Management Center ports, use the es-config command. The syntax for the es-config command is:

es-config [ -Admh ] [ -p component-name ] [ -c component:channel ] [ -P MinPort:MaxPort ]

The following table describes the es-config parameters.

Table 9–4 es-config Options

Option		Description
		Display all ports used by the Sun Management Center 3.5 base product
-A		Configure all ports
-P	MinPort:MaxPort	Configure the probe mechanism port range where MinPort is the starting port number and MaxPort is the ending port number. The range of ports must be at least 100, for example, 1024:1124. The ports are used by the probe mechanism to execute ad hoc commands for communication between the Sun Management Center server and agent. Valid port numbers are 1024-64500. Note – You must configure the port range to support communication between the Sun Management Center server and agent through a firewall.
-d		Restore all ports to the 3.5 default value. See Table 9–3.
-c	component:channel	Enable or disable the component channels being logged. Valid Sun Management Center components for which channels can be controlled are topology, cfgserver, event, cstservice, trap, metadata, agent, platform, and platform_instances. Valid channels are debug, info, error, status, and history.
-h		List the es-config options.
-m		Configure module configuration propagation by adding a list of user names to the es-mcp-users configuration file.
-n		Enable Network Address Translation support.
-p	component-name	Configures port to be used by the Sun Management Center component component-name. Valid components are topology, cfgserver, event, cstservice, trap, metadata, rmi, agent, grouping, HTTP, HTTPS, platform, and platform_instances.

The following procedures provide examples of how to use the es-config command to reconfigure Sun Management Center port assignments.

To Reconfigure the Agent SNMP Port

1. Log in as root on the Sun Management Center server-layer machine.

2. Locate an unused port.

   See To Determine Whether a Port Is Used.

3. Type /opt/SUNWsymon/sbin/es-config -p agent.

   es-config stops all Sun Management Center processes. The port numbers currently assigned to the Sun Management Center components are then displayed. The port number assigned to the agent is displayed next, and you are prompted to enter the port number.

   # ./es-config -p agent Following ports are occupied by Sun Management Center: 161,162,163,164,165,167,168,166,5600,2099,8080,8443. Sun Management center agent component is presently using port:161 Hit RETURN key to continue with present configuration. Enter the port number you would like to use for agent component [ 1100 to 65535 ]:

4. Type the port number that you want to assign, or press Return to use the default 161 port assignment.

   You are asked whether you want to start the Sun Management Center components.

5. Type y to start the Sun Management Center components, or type n if you do not want to start the components.

To Reconfigure the Server RMI Port Address

1. Log in as root on the Sun Management Center server-layer machine.

2. Locate an unused port.

   See To Determine Whether a Port Is Used.

3. Type /opt/SUNWsymon/sbin/es-config -p rmi.

   es-config stops all Sun Management Center processes. The port numbers currently assigned to the Sun Management Center components are then displayed. The port number assigned to the server is displayed next, and you are prompted to enter the port number. For example:

   # ./es-config -p rmi Following ports are occupied by Sun Management Center: 161,162,163,164,165,167,168,166,5600,2099,8080,8443. Sun Management center agent component is presently using port:2099 Hit RETURN key to continue with present configuration. Enter the port number you would like to use for rmi component [ 1100 to 65535 ]:

4. Type the port number that you want to assign, or press Return to use the default port assignment.

   You are asked whether you want to start the Sun Management Center components.

5. Type y to start the Sun Management Center components, or type n if you do not want to start the components.

Assigning an Agent to a Different Server

This section provides the instructions to assign an agent that is monitored by one Sun Management Center server to another Sun Management Center server.

In the following procedure, assume an agent is currently monitored from Sun Management Center server Machine-A, and you want to reassign the agent to Sun Management Center server Machine-B.

Reassigning an agent to a different server consists of two main steps as follows.

• Reassign the agent to a different server

• Clear the agent's cache entry from the original server

When an agent has been reassigned to a different server, a cached entry still exists in the original server for the agent. The cached entry must be cleared from the original server using the es-servercontrol.sh script to prevent access conflicts. If the cached entry is not cleared from the original server, the original server can still access the agent.

To Assign an Agent to a Different Server

1. Log in as root on the agent machine.

2. Reassign the agent to a different server

   To assign the agent to a different server, you must set up the agent using the command es-setup -F.

   Type /opt/SUNWsymon/sbin/es-setup -F.

   You are prompted for the security key seed.

3. Enter the security seed.

   An encrypted security key is need for communications between all Sun Management Center processes. The key is generated based on the password you provide, which must be between one and eight characters long, and contain no spaces. Entries that are greater than eight characters are truncated to eight characters.

   Make sure that you type the same security seed password that you provided during the original installation and setup process for Step 7 in Setting Up Base Products and Add-ons on the Solaris Platform.

   1. Type the password for the seed to generate the security keys.

   2. Type the password again.

   You are prompted for the SNMPv1 community string.

4. Specify the SNMPv1 community security string.

   The community string is used for SNMP security.

   Make sure that you type the same community string that you provided during the original installation and setup process for Step 8 in Setting Up Base Products and Add-ons on the Solaris Platform.

   You are informed that Machine-A is configured as your Sun Management Center server, where Machine-A is the actual name of the server to which the agent currently is assigned. For example:

   # Machine-A appears to be configured as your Sun Management Center server. Is this correct (y|n|q)

   Type n. You are prompted for the Sun Management Center server hostname.

5. Provide the hostname of the server to which you want to reassign the agent.

   Type the name of the server. For example:

   Machine-A appears to be configured as your Sun Management Center server. Is this correct (y|n|q) n Please enter the Sun Management Center Server Hostname: Machine-B

   You are asked whether you want to start the Sun Management Center agent.

6. Start the agent.

   • If you want to start Sun Management Center now, type y.

     The setup script starts Sun Management Center using es-start -A. See Starting Components Using es-start for information about es-start.

     Also, see Starting the Console for instructions on how to start the Sun Management Center console.

   • If you want to start Sun Management Center later, type n. See Chapter 8, Starting and Stopping Sun Management Center when you are ready to start Sun Management Center.

7. Log in as root on the original server.

8. Type the command /opt/SUNWsymon/base/sbin/es-servercontrol.sh.

   • If the ESROOT environment variable is set, you are prompted for the Sun Management Center server host name. Go to Step 10.

   • If the ESROOT environment variable is not set, you are notified and prompted for the ESROOT directory.

9. Specify the ESROOT directory.

   The ESROOT environment variable specifies the location of the Sun Management Center SUNWsymon directory.

   # The ESROOT environment variable is not set. Enter ESROOT [/opt/SUNWsymon]:

   Press Return to accept the displayed default of /opt/SUNWsymon, or type the full path to the SUNWsymon directory.

10. Specify the Sun Management Center server host name.

    You are prompted for the server host name.

    Enter the hostname of the Sun Management Center server [Machine-A]:

    Press Return to accept the displayed default hostname, or type the server hostname. The server hostname must be the name of the original server to which the agent was assigned.

    You are prompted for the server port.

11. Specify the Sun Management Center server port.

    The server port is the remote method invocation (RMI) port used by the Sun Management Center server. See Table 9–3 for further information.

    The current RMI port is displayed.

    Enter the port of the Sun Management Center server [2099]:

    Press Return to accept the displayed port, or type the port that is used for RMI.

    You are prompted for the Sun Management Center superuser ID.

12. Specify the superuser ID.

    The superuser ID is the administration user ID that you assigned during the original installation and setup process. See Step 10 in Setting Up Base Products and Add-ons on the Solaris Platform.

    The current superuser ID is displayed.

    Enter the Sun Management Center Superuser ID [esmaster]:

    Press Return to accept the displayed ID, or type the administrator ID.

    You are prompted for the superuser password.

13. Type the password.

    A list of server control functions is displayed.

14. Clear the server cache.

    Type 1 to select Clear the Server Context Cache. For example:

    Select one of the following Server control functions: 0) View the Server Context Cache 1) Clear the Server Context Cache 2) Remove a host from the Server Context Cache 3) Remove a host:port from the Server Context Cache 4) View the SNMP OID (Finder) Cache 5) Clear the SNMP OID (Finder) Cache 6) Remove a host from the SNMP OID (Finder) Cache 7) Remove a host:port from the SNMP OID (Finder) Cache 8) Remove a host:port from the Cfgserver Engines Table 9) Exit Please Enter Your Selection [9]:1

    The server cache is cleared, and the server control list is displayed again. Type 9 to exit server control and return to the system prompt.

Using Sun Management Center With a Firewall

A firewall is a software or hardware device that controls access between networks. The firewall is located where one network connects to another network, for example, at the point where a corporate intranet connects to the global Internet. Due to increased security awareness, many organizations have implemented security policies within their networks using firewall technology. Because the Sun Management Center software uses a distributed architecture model, you must use the es-config to restrict the ports that Sun Management Center uses for firewalls.

The following procedures provide examples of how to use the es-config command to restrict the Sun Management Center firewall port assignments to the port range 6000 to 6150.

To Restrict the Firewall Port Range

1. Log in as root on the Sun Management Center server-layer machine.

2. Locate a range of unused ports.

   See To Determine Whether a Port Is Used.

3. Type /opt/SUNWsymon/sbin/es-config -P 6000:6150.

   ---

   Note –

   The difference between the starting port number and the ending port number must be at least 100.

   ---

   es-config stops all Sun Management Center processes. The port numbers currently assigned to the Sun Management Center components are then displayed. You are then informed that /var/opt/SUNWsymon/cfg/domain-config.x has been updated for the new configuration.

   You are asked whether you want to start the Sun Management Center components.

4. Type y to start the Sun Management Center components, or type n if you do not want to start the components.

Enabling Network Address Translation Support

If your network uses Network Address Translation (NAT), you must enable NAT support after you have installed and set up Sun Management Center 3.5. You cannot start Sun Management Center until you have enabled NAT support for each server, agent, and console machine in your network as described in the following procedure. See Appendix D, Network Address Translation for more information about NAT.

The following procedure assumes you installed Sun Management Center in the default directory /opt. If you did not install Sun Management Center in /opt, replace /opt with the name of the directory you specified in Step 8 in To Install Sun Management Center 3.5 on the Solaris Platform.

To Enable NAT Support

1. Log in as root on the machine for which you want to enable Network Address Translation support.

2. Type /opt/SUNWsymon/sbin/es-config -n.

   es-config stops all Sun Management Center processes. The port numbers currently assigned to the Sun Management Center components are then displayed.

   You are asked to provide the host name for the machine. The machine name is displayed.

3. Provide the machine host name.

   • If you are configuring the Sun Management Center server machine for NAT, press Return.

   • If you are configuring a Sun Management Center agent or console machine, type the name of the Sun Management Center server, and then press Return.

   ---

   Note –

   Depending on the Sun Management Center 3.5 components installed on the machine, one or more informational messages could be displayed.

   ---

   You are informed that Network Address Translation support is enabled for the machine. You are then asked whether you want to start the Sun Management Center components.

4. Determine whether to start Sun Management Center 3.5.

   ---

   Caution –

   Do not start Sun Management Center until you have enabled NAT support for each machine in your network that uses Network Address Translation. The Sun Management Center agent will not run unless NAT support has been enabled for each machine.

   ---

   Type y to start the Sun Management Center components, or type n if you do not want to start the components.