Installing and Configuring Netact User Workst

NetAct 15.2

Installing and Configuring NetAct UserWorkstationsDN0567515

Issue: 1-2

The information in this document is subject to change without notice and describes only the productdefined in the introduction of this documentation. This documentation is intended for the use ofNokia Solutions and Networks customers only for the purposes of the agreement under whichthe document is submitted, and no part of it may be used, reproduced, modified or transmittedin any form or means without the prior written permission of Nokia Solutions and Networks. Thedocumentation has been prepared to be used by professional and properly trained personnel, andthe customer assumes full responsibility when using it. Nokia Solutions and Networks welcomescustomer comments as part of the process of continuous development and improvement of thedocumentation.

The information or statements given in this documentation concerning the suitability, capacity, orperformance of the mentioned hardware or software products are given as is and all liability arisingin connection with such hardware or software products shall be defined conclusively and finally ina separate agreement between Nokia Solutions and Networks and the customer. However, NokiaSolutions and Networks has made all reasonable efforts to ensure that the instructions containedin the document are adequate and free of material errors and omissions. Nokia Solutions andNetworks will, if deemed necessary by Nokia Solutions and Networks, explain issues which may notbe covered by the document.

Nokia Solutions and Networks will correct errors in this documentation as soon as possible. IN NOEVENT WILL NOKIA SOLUTIONS AND NETWORKS BE LIABLE FOR ERRORSIN THIS DOCUMENTATION OR FOR ANY DAMAGES, INCLUDING BUT NOTLIMITED TO SPECIAL, DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIALOR ANY LOSSES, SUCH AS BUT NOT LIMITED TO LOSS OF PROFIT, REVENUE,BUSINESS INTERRUPTION, BUSINESS OPPORTUNITY OR DATA,THAT MAYARISE FROM THE USE OF THIS DOCUMENT OR THE INFORMATION IN IT.

NSN is a trademark of Nokia Solutions and Networks. Nokia is a registered trademark of NokiaCorporation. Other product names mentioned in this document may be trademarks of theirrespective owners, and they are mentioned for identification purposes only.

Copyright Nokia Solutions and Networks 2015/2/10. All rights reserved.

Nokia Solutions and Networks is continually striving to reduce the adverse environmental effects ofits products and services. We would like to encourage you as our customers and users to join usin working towards a cleaner, safer environment. Please recycle product packaging and follow therecommendations for power use and proper disposal of our products and their components. If youshould have questions regarding our Environmental Policy or any of the environmental services weoffer, please contact us at Nokia Solutions and Networks for additional information.

Installing and Configuring NetAct User Workstations

3

Contents1 NetAct presentation tier solutions................................................................................................................ 4

2 Prerequisites.................................................................................................................................................... 72.1 Prerequisites for hardware........................................................................................................................72.2 Prerequisites for software......................................................................................................................... 72.3 Prerequisites for NetAct connectivity........................................................................................................ 82.4 Other prerequisites for the presentation tier.............................................................................................9

3 Standalone user workstation setup............................................................................................................ 103.1 Installing Java Runtime Environment..................................................................................................... 10

3.1.1 To install Java Runtime Environment:............................................................................................ 103.2 Configuring Java Web Start settings...................................................................................................... 11

3.2.1 Configuring Java Web Start settings in Windows.......................................................................... 113.2.1.1 To configure Java Web Start settings in Windows.................................................................11

3.2.2 Configuring Java Web Start settings in Linux................................................................................ 123.2.2.1 To configure Java Web Start settings in Linux...................................................................... 12

3.2.3 Configuring Java Web Start settings in Mozilla Firefox..................................................................133.3 Creating file associations........................................................................................................................ 14

3.3.1 Creating the file associations in Windows......................................................................................143.3.2 Creating the file associations in Linux............................................................................................14

3.4 Adding NetAct Server CA certificate to the client's trust-store............................................................... 153.4.1 About server CA certificates...........................................................................................................153.4.2 Downloading a server certificate to the client................................................................................ 15

3.4.2.1 To download a server certificate to a client........................................................................... 153.4.3 Installing the SSL CA certificate for JRE in a Windows client....................................................... 163.4.4 Installing the SSL CA certificate for JRE in a Linux client............................................................. 183.4.5 Installing the server CA certificate to a browser............................................................................ 19

3.4.5.1 To install the server CA certificate to a browser.................................................................... 193.5 Installing Adobe Flash Player plugin (optional)...................................................................................... 203.6 ICA client installation...............................................................................................................................20

3.6.1 Installing Citrix client on Windows..................................................................................................213.6.2 Installing Citrix client on Linux........................................................................................................223.6.3 Configuring CA certificates............................................................................................................. 233.6.4 Modifying Citrix Receiver preferences............................................................................................233.6.5 Configuring the secure connection to Node Manager server.........................................................24

3.7 Access Server setup............................................................................................................................... 243.8 Accessing NetAct Linux servers from the user workstation................................................................... 24

3.8.1 Accessing NetAct Linux servers with SSH.....................................................................................253.9 Starting NetAct applications on a standalone user workstation............................................................. 25

3.9.1 To start NetAct application on a standalone user workstation....................................................... 253.10 Configuring TCP retries on Linux client................................................................................................26

3.10.1 To configure TCP retries on Linux client......................................................................................263.11 Installing NetAct server CA certificate for NetAct Monitor launch.........................................................27

Installing and Configuring NetAct User Workstations NetAct presentation tier solutions

Issue: 1-2 DN0567515 4

1 NetAct presentation tier solutions

Presentation tier is a part of NetAct three-tier architecture, which consists of the following tiers:

Presentation tier for hosting client applications Business logic tier for hosting server applications and data access services Data tier for hosting data persistency services

Presentation tier contains client applications that you can see on your workstations. It has an impacton the NetAct performance because it shares the application load with the business logic tier.

The presentation tier has a minor effect on NetAct security because it separates NetAct users from thebusiness logic tier and the data tier. The presentation tier application can have direct access only tobusiness logic tier, but not to data tier or to network elements.

Node Manager Server has the Access Server functionalities. Customers can implement their own Ac-cess Server. However, Node Manager Server as user workstation is the standard option.

Below are described different ways how to access NetAct:

Standalone user workstation

The standalone solution consists of an individual NetAct user workstations in different locations. Inthis solution, you can access NetAct directly through your workstation.

NetAct access through user workstation solution can be viewed on the following figure:

Figure 1: Presentation tier - user workstation

For more information on how to access NetAct through standalone user workstation, see Stand-alone user workstation setup on page 10.

Access Server


Issue: 1-2 DN0567515 5

You can use a separate access server (a workstation located in a server farm) to access NetActapplications indirectly. All operator workstations are configured for NetAct usage.

The access server solution is displayed in the following figure:

Figure 2: Presentation tier - access server

Access server must meet the hardware, software, and other requirements, which have been de-fined for presentation tier. ICA Client (Independent Computing Architecture Client) and Citrix Serv-er in the figure above are used only as examples for application visualization and security solu-tions for the access server.

For more information on how to access NetAct through Access Server, see Access Server setupon page 24

Node Manager Server as user workstation

Node Manager Server is similar to the Access Server solution except that the client workstationconnect directly to the Node Manager Server.


Issue: 1-2 DN0567515 6

Figure 3: Node Manager Server as Workstation in NetAct

Installing and Configuring NetAct User Workstations Prerequisites

Issue: 1-2 DN0567515 7

2 Prerequisites

This chapter describes the hardware and software prerequisites for presentation tier.

Note:

If the application you are accessing is inactive for a period longer than the defined inac-tive period of 30 minutes, Re-authentication dialog is displayed. Enter the password inthe Re-authentication dialog to use the application again.

However, for Performance Manager application, Re-authentication dialog is displayedonly when a call from the application to the server is completed.

While accessing Operating Documentation, if you become inactive for more than 30 min-utes and then re-authenticate, do not click Back button. Instead navigate to the requiredtopic in the Contents pane.

2.1 Prerequisites for hardwareNokia Solutions and Networks does not deliver the presentation tier hardware.

The following table provides the hardware prerequisites for available solutions for presentation tier:

Resource User workstation Access server

Type Desktop or Laptop BL460c

CPU Single-core IA-32/64 compatible Multi-core IA-64 compatible

RAM 2GB+ 24/48 GB

Display Resolution 1600 x 1200 Not applicable

Free Disk Space 2GB 500 MB/User

Table 1: Hardware prerequisites for presentation tier

2.2 Prerequisites for softwareThe following table lists the software prerequisites for presentation tier:

Software User workstation

Operating system Windows 7 (64-bit) or Windows 8 (32-bit) Linux (64-bit)

Web browser Windows 7 (64 bit) or Windows 8 (32-bit) environment:

At least Microsoft Internet Explorer 11.0 (64-bit)


Issue: 1-2 DN0567515 8

Software User workstation

Note:

There is an exception as Alarm ReportsDashboard supports only Internet Explor-er 9.

Latest 32-bit version of Mozilla Firefox

Linux environment (any 64-bit distribution with GNOME2):

Latest 64-bit version of Mozilla Firefox

Adobe Flash Player Adobe Flash Player 11.1.0 or higher.

JRE/JWS Windows 7 or 8 environment (64-bit)

Java 7 Update 65 (64-bit)

Note: Some applications may require the32-bit version of Java 7 Update 65.

Linux environment (any 64-bit distribution with GNOME2):

Java 6 Update 65 (64-bit)

ICA Client (optional) XenApp 6.5 compatible.

This software is required to perform Element or NodeManager launch to establish connection to Node Manag-er server.

This software is required to install Citrix client on Win-dows(3.4 Enterprise). For more information on the instal-lation procedure, see Installing Citrix client on Windows.

This software is required to install Citrix client on Lin-ux(13.0). For more information on the installation proce-dure, see Installing Citrix client on Linux.

Table 2: Software prerequisites for presentation tier

2.3 Prerequisites for NetAct connectivityNetAct IP addresses must be reachable and their Fully Qualified Domain Names (FQDN) must be re-solvable from all NetAct user workstations, in particular the IP addresses of all NetAct VMs.


Issue: 1-2 DN0567515 9

You must add either:

the needed entries into the Corporate DNS having the IP-addresses of the NetAct cluster, or the IP-addresses of the NetAct cluster into the host's file of the given user workstation client.

The IP addresses mentioned above are usually based on the address allocation plan created for thesite before the NetAct installation.

The same requirement applies to the Access Server as well.

You can use the nslookup command to test name resolving.

You must be able to use the ping command between the client PC and the NetAct servers.

2.4 Other prerequisites for the presentation tierThe third-party software components,which are included in NetAct, can have stricter presentation tiersoftware requirements.

The following table lists other prerequisites for the presentation tier:

Item User workstation

Firewall Firewall ports between presentation tier and business logic tier must be de-fined according to NetAct firewall security policies.

Name Resolution Presentation tier must be capable of resolving DNS names of NetAct sys-tem, physical servers and logical high availability containers. Presentationtier must also be capable to resolve Node Managers short names, for exam-ple, labMBR1 -> 10.1.100.80. Solution might be to add NetAct domainand Node Manager subdomain to DNS suffix in Advanced TCP/IP Set-tings in IPv4 properties for Network Connection or add all entries (alsoNode Managers) to C:\Windows\System32\drivers\etc\hosts file.

Privileges The third-party software installation to the presentation tier requires adminis-trator privileges.

CA Certificate Installation of a specific CA certificate for the JRE and Web browser may berequired.

Table 3: Other prerequisites for presentation tier

Installing and Configuring NetAct User Workstations Standalone user workstation setup

Issue: 1-2 DN0567515 10

3 Standalone user workstation setup

This chapter provides procedures on how to configure NetAct user workstations.

3.1 Installing Java Runtime Environment

Prerequisites

Before you install Java Runtime Environment, the operating system and web browser must beinstalled in the user workstation

You must have administrator rights to the user workstation.

Install Java Runtime Environment (JRE) and Java Web Start (JWS) on a client machine.

Note:

You must install JRE and JWS as a user with administrator privileges.

You must have access to the Internet or local revocation server. Enterprises with managednetworks and without access to the Internet (resulting in no access to the revocation servicesprovided by Certificate Authorities) will see a significant delay in startup times. To avoid suchdelay, you have to disable revocation check through the Java Control Panel (JCP).

For information on how to disable revocation check, refer http://www.java.com/en/download/help/revocation_options.xml.

Note that disabling on line revocation checking should only be considered in managed envi-ronments as it decreases security protections.

3.1.1 To install Java Runtime Environment:

1. Navigate to a website where you can download a version of the JRE.

For example, http://www.oracle.com/technetwork/java/archive-139210.html.

2. Click Java SE Runtime Environment 7u51.

3. Select Accept License Agreement and select the relevant JRE.

Note:

Install either the 32-bit or 64-bit JRE depending on the browser you use for accessingNetAct. If you use 32-bit and 64-bit browsers interchangeably, you need to install both 32-bit and 64-bit JRE.

4. Follow the installation instructions provided by the website.


Issue: 1-2 DN0567515 11

3.2 Configuring Java Web Start settings

3.2.1 Configuring Java Web Start settings in WindowsDefine network settings and Java version for Java Web Start in Windows operating system.

3.2.1.1 To configure Java Web Start settings in Windows

1. Locate and launch Java Control Panel application for the JRE version, which you have chosen.

For example, on Windows 7, open Java Control Panel from Start Control Panel Programs Java.

Expected outcome:

The Java Control Panel window opens.

2. On the General tab, click Network Settings....

3. Configure the proxy settings.

If there is no need to use network proxies, select Direct connection.

Note:

Contact your system administrator to find out whether you need to use a proxy for yournetwork connection. It is recommended that you do not use network proxies, as someproxy configurations may cause problems with the NetAct Monitor application.

4. On the General tab, click Settings..., and Set the amount of disk space for storing temporaryfiles to atleast 10GB and click OK.

5. Click OK.

6. On the Java tab, under Java Runtime Environment Settings, click View.

The Java Runtime Environment Settings window displays a list of JREs installed on the ma-chine.

7. Select the Enabled check box corresponding to your JRE version.

If the Java Runtime Versions list is empty, click the Find button. JRE Finder window opens.

1. Click Next. Select the directory where your chosen JRE version has been installed, forexample, C:\Program Files\Java\jre6.

2. Click Next. The following window displays the JREs that have been found.


Issue: 1-2 DN0567515 12

3. Select the line corresponding to your chosen JRE version, and click Finish.

8. Click OK to close the Java Runtime Environment Settings window.

9. Click OK to close the Java Control Panel application.

The required JRE is enabled.

Note:

For information on updating Java, see Java update needed while launching NetAct Moni-tor.

3.2.2 Configuring Java Web Start settings in LinuxDefine network settings and Java version for Java Web Start in the Linux operating system.

3.2.2.1 To configure Java Web Start settings in Linux

1. Locate and launch Java Control Panel for JRE version that you have chosen.

In the terminal window, move to JRE installation directory.

The default JRE installation directory is /usr/java//bin.

2. Run the command: ./ControlPanel

Expected outcome:

Java Control Panel window opens.

3. On the General tab, click Network Settings....

4. Configure the proxy settings.

If there is no need to use network proxies, select Direct connection.

Note:

Contact your system administrator to find out whether you need to use a proxy for yournetwork connection. It is recommended that you do not use network proxies, as someproxy configurations may cause working problems with the NetAct Monitor application.

5. On the General tab, click Settings..., and Set the amount of disk space for storing temporaryfiles to atleast 10GB.

6. Click OK.

7. On the Java tab, under Java Runtime Environment Settings, click View.


Issue: 1-2 DN0567515 13

The Java Runtime Environment Settings window displays a list of JREs installed on the ma-chine.

8. Select Enabled check box corresponding to your JRE version.

If Java Runtime Versions list is empty, click the Find button. JRE Finder window opens.

1. Click Next. Select the directory where your version has been installed.2. Click Next.3. Select the line corresponding to your JRE version and click Finish.

9. Click OK to close the Java Runtime Environment Settings window.

10. Click OK to close the Java Control Panel application.

The required JRE is enabled.

3.2.3 Configuring Java Web Start settings in Mozilla FirefoxIn Firefox, you can define the JRE version to be used to open JNLP (Java Network Launch Protocol)files. This setting applies to all Java Web Applications opened from Firefox.

Java web start temporary file maximum size must be at least 10GB. You can configure this by navigat-ing to in Start Control Panel Java Settings Disk space and setting the Set the amountof disk space for storing temporary files to 10GB.

1. Launch Mozilla Firefox.

2. Select Firefox Options Options.

3. Select Applications tab.

4. From Content Type list, select JNLP File.

Note: If the JNLP File entry does not exist, launch any JNLP application, for example,NetAct Monitor and then return to this list.

5. In the Action column, select the Use other option from the drop-down list.

Note:


Issue: 1-2 DN0567515 14

Select Always ask option to select a specific JRE version manually each time an appli-cation is launched.

6. In Select Helper Application dialog, click Browse to locate the directory where the required Javaversion is installed and select the javaws executable.

7. Click OK.

8. In the Options window, click OK.

For Internet Explorer, JRE in use is defined by Environment Variables.

3.3 Creating file associationsTo be able to launch NetAct applications successfully from the NetAct Start, configure file associationsin Windows and Linux user workstations. Associate file type .jnlp to the javaws application and filetype .ica to the Citrix ICA Client Engine.

You can create the associations in Windows-based NetAct user workstations by changing settings inControl Panel and in Linux-based NetAct user workstations by using the Web browser.

The exact procedure depends on the operating system and web browser and it's version installed onthe user workstation.

3.3.1 Creating the file associations in WindowsTo create the file associations needed by NetAct on user workstations in Windows 7 and Windows 8:

1. If you are configuring the user workstation, log in as an administrator user to the user workstation.If you are configuring the Access Server, log in as an administrator to the Access server.

2. Select Start Settings Control Panel Default Programs Associate a file type orprotocol with a program.

Expected outcome

A list of file types along with the Description and the Current Default field is displayed.

3. Check whether .jnlp is associated with Java Web Start Launcher. If it is not associated, clickon Change Program, and associate .jnlp to C:\Program Files\Java\\bin\javaws.exe.

4. Check whether .ica is associated with Citrix Connection Manager . If it is not associated,click on Change Program , and associate .ica to C:\Program Files (x86)\Citrix\ICAClient\wfcrun32.exe.


Issue: 1-2 DN0567515 15

3.3.2 Creating the file associations in LinuxIn Linux, file associations are created when the user workstation package is installed. If this is not thecase, follow the instructions in this section.

To create the file associations needed by NetAct on user workstations in Linux:

1. If you are configuring the user workstation, log in as root user to the user workstation. If you areconfiguring the Access Server, log in as an administrator to the Access server.

2. Open the mime type association window from the web browser by selecting Preferences/Options... Helper Applications/Application/File Types

3. Associate MIME type application/x-java-jnlp-file for files with extension/suffix jnlp toapplication /opt/Nokia//javaws/javaws.

4. Associate MIME type application/x-ica for files with extension/suffix ica to application /opt/Nokia/ICAClient/wfica.sh.

3.4 Adding NetAct Server CA certificate to the client's trust-store

3.4.1 About server CA certificatesCertificates are needed to secure connections and to authenticate entities in the network. Installing theserver certification authority (CA) certificate on the client gives you a secure connection, removes 3security warning popups and allows IE to work properly. Without the server CA certificate IE works on-ly if set to intranet mode and even then, it displays a certificate error in the url field.

The certificate of the CA that has issued the HTTPS server certificate, for example, the NetAct Serv-er CA certificate, must be imported as a trusted CA into the used Java Runtime Environment (JRE)and the Web browser. The server CA certificate is needed on the client workstation to perform the SSLserver authentication. Download the certificate to all workstations.

Install the server CA certificate to

The JRE (cacerts file) used by Java Web Start (for launching NetAct Monitor) The Web browser

Due to security and compatibility considerations, NetAct includes a Certification Authority applicationfor generating certificates.

3.4.2 Downloading a server certificate to the clientDownload the server CA certificate file to the client workstation.

3.4.2.1 To download a server certificate to a client

1. Open your browser and navigate to https:///


Issue: 1-2 DN0567515 16

where is the fully qualified domain name of the cluster (load balancer) or in case ofsingle server setup, the fully qualified name of the server. Your system administrator can provideyou with the system fqdn.

2. If you are using Internet Explorer, and Protected Mode is On:

a) Double-click Protected Mode:On in the Internet Explorer status bar.

b) Click Trusted Sites.

c) Click Sites button.

d) In the Add this website to the zone field, enter system FQDN, and click Add.

where system FQDN is https:/// entered in Step 1.

e) Click Close, and OK.

f) Restart Internet Explorer.

3. Log in using your NetAct account.

4. Click the Certification Authority icon (by default located in the Security folder).

5. On the right, click Select on the line that starts cn=NetAct Server CA...

6. In the left panel, click Download CA.

7. Click Download CA certificate.

8. Save the file.

For Internet Explorer: select Save as, browse the location where you want to save the certificatefile and click Save.

For Mozilla Firefox:select Save File and click OK.

3.4.3 Installing the SSL CA certificate for JRE in a Windows clientThis is an example of importing the SSL CA certificate to the JRE keystore in a Windows client.

The certificate is required if you use NetAct Monitor.

With these instructions, use the same certificate as in Downloading the server CA certificate to a Win-dows client.

Note:

Install the certificate as a user with administrative rights. You must have write permission tothe cacerts file.

1. To view current certificates in Java keystore:

a) Execute:


Issue: 1-2 DN0567515 17

C:\Users\Administrator>"C:\Program Files (x86)\Java\jre\bin\keytool.exe" -list -keystore "C:\Program Files (x86)\Java\jre\lib\security\cacerts

where is the JRE version installed on your system.

b) Enter keystore password, for example, changeit.

2. If the JRE keystore already contains one Server CA certificate and you need to install a new onefor the same server, first remove the current certificate.

You may need to install a new certificate if you have recently re-installed the server, for example.

To delete the current certificate, use the following command:

C:\Documents and Settings\Administrator> "C:\Program Files\Java\jre\bin\keytool.exe" -delete -alias my-server-ca -keystore "C:\Program Files\Java\jre\lib\security\cacerts"

Note:

For Windows 7, if you are using a 32-bit browser, the keytool path is C:\ProgramFiles(x86)\Java\jre\bin\keytool.exe.

If you do not remember the alias of your certificate, get a list of all the existing certificate aliases byrunning the following command:

C:\Documents and Settings\Administrator> "C:\Program Files\Java\jre\bin\keytool.exe" -list -v -keystore "C:\Program Files\Java\jre\lib\security\cacerts" > certificates.txt

This example command redirects the output to a certificates.txt file.

3. Import your certificate into the JRE keystore with the keytool application.

For example:

C:\Document and Settings\Administrator> "C:\Program Files\Java\jre\bin\keytool.exe" -import -file "C:\\ca.cer" -storepass changeit -alias my-server-ca -keystore "C:\Program Files\Java\jre\lib\security\cacerts"

Note:

For Windows 7, if you are using a 32-bit browser, the keytool path is C:\ProgramFiles(x86)\Java\jre\bin\keytool.exe.


Issue: 1-2 DN0567515 18

Keytool scripts parameter -storepass is the password for accessing the certificate in thekeystore. If you later want to remove the certificate from the keystore, you must have thispassword available. The example above sets changeit as the password value.

The parameter -alias defines a label that helps to identify the certificate, especially if you havemultiple certificates in the keystore for different servers. The alias must be unique. If you laterwant to remove the certificate from the keystore, you must have this alias available to refer to thecertificate.

The example above sets my-server-ca as the alias value.

4. Type yes when prompted with Trust this certificate.

3.4.4 Installing the SSL CA certificate for JRE in a Linux clientThis is an example of inserting the SSL CA certificate to the JRE keystore in a Linux client.

The certificate is required if you use NetAct Monitor.

With these instructions, use the same certificate as in Downloading the CA server certificate to a Linuxclient.

To perform this task, you must have writing permission to the keystore of your Java installation,typically at /usr/java/jre/lib/security/cacerts and you must be rootuser.

1. If the JRE keystore already contains one Server CA certificate and you need to install a new onefor the same server, first remove the current certificate

You may need to install a new certificate if you have recently re-installed the server, for example.

To delete the current certificate, use the following command, for example:

# /usr/java/jre/bin/keytool -delete -alias my-server-ca-keystore "/usr/java/jre/lib/security/cacerts"

If you do not remember the alias of your certificate, get a list of all the existing certificate aliases byexecuting the following command:

# /usr/java/jre/bin/keytool -list -v-keystore "/usr/java/jre/lib/security/cacerts" > certificates.txt

This example command redirects the output to a certificates.txt file.

2. Insert your certificate in the JRE keystore with the keytool application.

Enter:

# /usr/java/jre/bin/keytool -importcert


Issue: 1-2 DN0567515 19

-file "/ca.cer" -storepass changeit -alias my-server-ca -keystore "/usr/java/jre/lib/security/cacerts

Keytool scripts parameter -storepass is the password for accessing the certificate in thekeystore. If you later want to remove the certificate from the keystore, you must have thispassword available. The example above sets changes it as the password value.

The parameter -alias defines a label that helps to identify the certificate, especially if you havemultiple certificates in the keystore for different servers. The alias must be unique. If you laterwant to remove the certificate from the keystore, you must have this alias available to refer to thecertificate.

The example above sets my-server-ca as the alias value.

3. Type yes when prompted with Trust this certificate.

3.4.5 Installing the server CA certificate to a browserInstall the server CA certificate to your browser using the Certification Authority application.

Note:

Each workstation user has to install the server CA certificate to a browser.

Note:

In this procedure, the certificate is copied over an unsecure network connection. It should on-ly be used in an uncompromised, trusted network. The procedure is faster and more conve-nient than the other method where the certificate is moved from server to a client on a de-tachable medium, although the latter method is more secure.

Note:

These instructions assume that the server CA, NetAct Server CA, is being used as theCA that has issued the HTTPS server certificate.

3.4.5.1 To install the server CA certificate to a browser

1. Open your browser and navigate to https:///

where is the fully qualified domain name of the cluster (load balancer). Yoursystem administrator can provide you with the system fqdn.


3. Click the Certification Authority application (by default located in the Security folder).

The Certification Authority application opens.

4. Select the certification authority.


Issue: 1-2 DN0567515 20

In the Available Certification Authorities list, click Select on the line Select cn=NetActServer CA.

5. In the left pane, click Download CA.

6. In the right pane, click Install CA certificate.

7. Install the certificate.

Internet Explorer: In the File Download dialog, click Open, and then click Install Certificate. TheCertificate Import Wizard starts.

Note:

Ensure that the server CA certificate is installed in the Trusted Root Certification Author-ities store. In some operating systems you have to explicitly select trusted store in theCertificate Import Wizard's Certificate Storage page.

Note:

The download and installation of the NetAct Server CA certificate does not support thefriendly name attribute. You can safely leave the attribute undefined, or you can use theWeb browser's certificate management dialog to set the friendly name for the certificate.

Mozilla Firefox: In the Downloading certificate dialog, select the Trust this CA to identify websites check box and click OK.

The Certification Authority application installs the server CA certificate to your browser.

3.5 Installing Adobe Flash Player plugin (optional)Adobe Flash Player is a freeware multimedia plugin for web browsers. It is responsible for viewingmultimedia, Rich Internet Applications and streaming video and audio.

To view Rich Media documentation you need to install Adobe Flash Player plugin on your web brows-er.

Requirements of Adobe Flash Player plugin for Windows and Linux are described on the product webpage. For more information, see http://www.adobe.com/products/flashplayer/tech-specs.html.

To install Adobe Flash Player on your web browser:

1. Go to http://get.adobe.com/flashplayer and download the installer.2. Double-click the downloaded installer and follow the on-screen instructions.

Expected outcome

Adobe Flash Player is installed on your web browser.


Issue: 1-2 DN0567515 21

3.6 ICA client installation

3.6.1 Installing Citrix client on Windows

Prerequisites

1. Uninstall the existing Citrix client software installed on your workstation - with tool provided byCitrix.

http://support.citrix.com/article/CTX137494

2. Click Download.

3. Extract the downloaded package and double-click ReceiverCleanupUtility.exe.

4. Click Run command in the dialog box.

5. In the pop-up box, click 1 to remove the old version.

6. Press any key in the command prompt after the uninstallation is complete


Issue: 1-2 DN0567515 22

7. Download the new version 3.4 from the following website:

https://www.citrix.com/downloads/citrix-receiver/legacy-client-software/receiver-for-windows-34-enterprise.html

8. Run the installation package to install the new Citrix client.

9. Click Install button - to start the installation.

3.6.2 Installing Citrix client on Linux

1. Download the Citrix client software for Linux 13.0 from website:

https://www.citrix.com/downloads/citrix-receiver/linux/receiver-for-linux-130.html

The below table lists the packages available for Linux 13.0:

File name Packages

Debian(.deb file) x86 -32-bit and 64-bit packages (containing32-bit binaries)

ARM -32-bit packages for armel and armhfplatforms


Issue: 1-2 DN0567515 23

File name Packages

RPM Package Manager(.rpm file) x86 -32-bit and 64-bit packages (containing 32-bit binaries)

Tarball(.tar.gz file) x86 and ARM -32-bit binaries in a tarball pack-age are available for x86, armel, and armhfplatforms

Table 4: Packages available for Linux 13.0

2. To install the Citrix Receiver for Linux 13.0,see

http://support.citrix.com/proddocs/topic/receiver-linux-13-0/linux-install.html

After the Citrix Receiver is installed, see Accessing published Desktop from Citrix webpage to checkwhether the node manager server desktop can be accessed from Citrix Receiver.

3.6.3 Configuring CA certificatesPerform the following steps only if you want to launch the application from Node Manager Serverthrough SSL.

1. Log in to NetAct Start Page.

See Launching the NetAct Start Page

2. Click Security Certification Authority.

The Available Certification Authorities page appears.

3. In the Available Certification Authorities page, click Select cn=NetAct Server CA.

4. Click Download CA.

5. In the Get the CA Certificate page, click Download CA certificate.

6. After download, click Install Certificate.

7. On the Certificate Import Wizard, click Next.

8. Select Place all certificates in the following store option, and click Browse.

9. Select Trusted Root Certification Authorities and click OK.

10. Click Next, and then click Finish.


Issue: 1-2 DN0567515 24

3.6.4 Modifying Citrix Receiver preferencesPerform the following steps to modify the Citrix Receiver preferences.

1. Double-click the Citrix Receiver icon available at the bottom right corner of the desktop.

2. Click Advanced Online Plug-in Settings Change Server.

3. Enter server URL, and click Update.

Server URL can be,

https://. (SSL used, SSL port not changed) https://.:12443 (SSL used, SSL port changed) http://. (SSL not used)

4. Click Update.

5. Enter \ and , and click Log On.

6. Click Advanced Online Plug-in Settings Options Application.

7. Select either Show application in Start Menu or Show application on desktop.

Expected outcome

Depending on your selection, the applications are displayed either in Start Menu or on the desktop.

3.6.5 Configuring the secure connection to Node Manager serverThe communication between user workstations and Node Manager member server must be SSL-secured.

For more information, see Configuring secure connection to Node Manager Server

3.7 Access Server setupConfiguring the Access Server is same as configuring Standalone user workstation. Perform the stepsmentioned in Standalone user workstation setup to configure Access Server.

Note:

The configuration must be performed on the Access Server as an administrator.

3.8 Accessing NetAct Linux servers from the user workstationYou can access NetAct Linux servers remotely, in other words, over the network, from the user work-station using SSH.


Issue: 1-2 DN0567515 25

3.8.1 Accessing NetAct Linux servers with SSH

You can access NetAct Linux servers from the user workstation using SSH. Protocol SSH and Port 22are used for this connection.

To copy the hostnames of all VMs:

1. Login to the VM where sqm_collector_npm is running and execute the following command:

cat /etc/hosts

2. Copy the ouput and paste it in hosts file in C:\Windows\System32\drivers\etc of userworkstation.

To access NetAct Linux servers using SSH:

3. From the command line, enter the command:

$ ssh user@

For example, enter:

$ ssh user@my_linas_host.my.domain.com

4. Enter password.

3.9 Starting NetAct applications on a standalone user workstation

Prerequisites

Before launching NetAct applications, ensure that you have configured the client machine and thebrowser to use Java 7 Update 51 and the correct Java Web Start version.

3.9.1 To start NetAct application on a standalone user workstation

1. Launch a browser.

Note:

The following web browsers are supported:

Internet Explorer 11.0 The latest Mozilla Firefox version

Note:


Issue: 1-2 DN0567515 26

Ensure that you use your default browser when starting NetAct, since NetAct Monitor dis-plays its online help in the default browser. To set your preferred browser as the defaultbrowser, check the browser's options.

2. Navigate to the following address:

https:///

where is the fully qualified domain name of the cluster (load balancer). Yoursystem administrator can provide you with the system fqdn.


The NetAct Start Page opens.

4. On the NetAct Start Page, you can access all the NetAct applications configured for you.

Note: When you launch a NetAct Java application for the first time, the application isdownloaded on your computer. This can take a while.

Note:

When you launch a NetAct Java application, your browser may prompt you about what to dowith the start.jnlp file. Click Open With, select the JRE Java Web Start (javaws), thenselect the Do this automatically from now on check box (if desired) and click OK. Makesure that you use the Java Web Start version that was installed during client setup (in otherwords, when installing Java 7 Update 51). For more information on updating Java, see Javaupdate needed while launching NetAct Monitor.

If the browser does not prompt you about what to use when you launch the application, it islikely that your browser preferences already contain a binding for .jnlp files. Check thatthey point to the Java Web Start version mentioned above.

3.10 Configuring TCP retries on Linux clientThe default TCP settings of the Linux operating system can cause the client to wait for about fifteenminutes after a temporary network outage. The following settings quicken TCP error detection and re-covery.

3.10.1 To configure TCP retries on Linux client

1. Log in to the Linux client workstation as user root.

2. Edit file /etc/sysctl.conf to have the following line: net.ipv4.tcp_retries2=5


Issue: 1-2 DN0567515 27

Note:

Any use of unreliable network (for example using a modem), or leaving the Linux defaultvalue of 15 will cause connection hiccups. Therefore, it is advisable to change the defaultvalue from 15 to 5 to speed up the recovery process and resume the communication.

3. Execute the command: sysctl net.ipv4.tcp_retries2=5

3.11 Installing NetAct server CA certificate for NetAct Monitor launchWhen using any version of Java 7 Update 51, you must install the NetAct server CA certificates beforelaunching NetAct Monitor. Perform the following steps to install NetAct server CA certificate.

1. Log in to the NetAct Start Page with a user account that has permissions for CertificationAuthority.

a) From a browser window, enter the URL: https:///

where is the fully qualified domain name of the NetAct cluster (Java EE loadbalancer). Your system administrator can provide you with the .

b) Enter your login name and password.

c) Click Log In OK

Expected outcome

The NetAct Start Page appears.

2. To open Certification Authority, click Security Certification Authority.

3. From the left navigation pane, click List authorities.


Issue: 1-2 DN0567515 28

The Available Certification Authorities page opens on the main display pane.

4. To select the NetAct Server CA, click Select beside the NetAct Server CA.

5. Click Download CA.

6. On the Get the CA certificate page, click Download CA certificate.

7. Click Save to save the certificate to the desired location.

8. After download, click Install Certificate.

9. On the Certificate Import Wizard, click Next.

10. Select Place all certificates in the following store option, and click Browse.

11. Select Trusted Root Certification Authorities and click OK.

12. Click Next, and then click Finish.

13. To launch NetAct Monitor, click Monitoring Monitor.

14. Select I accept the risk and want to run this application check box and click Run.

Contents1 NetAct presentation tier solutions2 Prerequisites2.1 Prerequisites for hardware2.2 Prerequisites for software2.3 Prerequisites for NetAct connectivity2.4 Other prerequisites for the presentation tier

3 Standalone user workstation setup3.1 Installing Java Runtime Environment3.1.1 To install Java Runtime Environment:

3.2 Configuring Java Web Start settings3.2.1 Configuring Java Web Start settings in Windows3.2.1.1 To configure Java Web Start settings in Windows

3.2.2 Configuring Java Web Start settings in Linux3.2.2.1 To configure Java Web Start settings in Linux

3.2.3 Configuring Java Web Start settings in Mozilla Firefox

3.3 Creating file associations3.3.1 Creating the file associations in Windows3.3.2 Creating the file associations in Linux

3.4 Adding NetAct Server CA certificate to the client's trust-store3.4.1 About server CA certificates3.4.2 Downloading a server certificate to the client3.4.2.1 To download a server certificate to a client

3.4.3 Installing the SSL CA certificate for JRE in a Windows client3.4.4 Installing the SSL CA certificate for JRE in a Linux client3.4.5 Installing the server CA certificate to a browser3.4.5.1 To install the server CA certificate to a browser

3.5 Installing Adobe Flash Player plugin (optional)3.6 ICA client installation3.6.1 Installing Citrix client on Windows3.6.2 Installing Citrix client on Linux3.6.3 Configuring CA certificates3.6.4 Modifying Citrix Receiver preferences3.6.5 Configuring the secure connection to Node Manager server

3.7 Access Server setup3.8 Accessing NetAct Linux servers from the user workstation3.8.1 Accessing NetAct Linux servers with SSH

3.9 Starting NetAct applications on a standalone user workstation3.9.1 To start NetAct application on a standalone user workstation

3.10 Configuring TCP retries on Linux client3.10.1 To configure TCP retries on Linux client

3.11 Installing NetAct server CA certificate for NetAct Monitor launch