| Close Window |
|
|
Network Registrar Help |
|
Network Registrar includes three roles that have broad powers to create other administrators and groups, add and edit administrator roles, add and edit owners and regions, and manage the servers:
The regional-admin at the regional cluster can also push administrators, groups, roles, owners, and regions to, and pull them from, the local clusters. For the regional-admin subroles required for these operations, see the Regional Administrator Subrole Requirements for Push and Pull Operations topic.
NOTE: If you delete all the user accounts, you can no longer log in to Network Registrar. Click here for an emergency remedy.
Network Registrar deployments consist of multiple local server clusters, and a single regional server cluster for centralized management. Each cluster maintains its own set of licenses and each license type has a separate key. Network Registrar prompts for these license keys on login to the local Web UI and regional Web UI. The licenses manage the following aspects of cluster management:
This means that at the regional cluster, you can set the central-cluster, addrspace, and router licenses. All three of these licenses are needed for full access to the regional features. At the local cluster, you can set the local-cluster and node-count licenses. All licenses except the node-count license have product evaluation options.
Use the List/Add Product Licenses page to add licenses for full regional access or additional functionality that you acquire for the product.
| Top of Page | Previous Section | Close Window |
If you have read-write privileges as a ccm-admin, you can add and delete product license keys on this page. If you have read-only privileges, you can only list the product license keys.
To add a product license key, obtain the license from Cisco and note the license key given to you for the feature. Add the valid key in the Key field (entry is not case sensitive and the hyphens are optional). There are separate license keys for the following features:
Enter the license key and click Add License. Once you add the valid key, the key appears in the table below the Key field. Each key is identified by license type (see the previous bulleted list), node count (if a local-cluster or node-count license), expiration date, and whether the license is for a time-limited product evaluation (false indicates that it is not an evaluation license).
To delete a key, click the Delete icon (
) next to the key name. You cannot modify a license key; you must delete it, then re-enter it.
| Top of Page | Top of Section | Close Window |
This page lists the administrators and their passwords, superuser statuses, and group assignments. If you are a regional-admin assigned the authentication subrole and have read-write privileges, you can add, choose for editing, and delete administrators. You can also push administrators to, and pull administrators from, the local clusters. If you have read-only privileges, you can only list and view the administrators.
The page initially shows the admin user, who has superuser access -- full Web UI access, including creating and editing users and license keys -- indicated by a check mark in the Superuser column. Multiple administrators can be superusers, but it is best to limit this kind of access.
NOTE: If you delete all of the user accounts, you can no longer log in to Network Registrar. Click here for an emergency remedy.
On this page:
After entering or choosing these items, click Add Administrator. The administrator now appears in the list below the entry fields. The list is in alphabetical order.
) next to the name in the list. This opens a Confirm Delete page. Click Delete to confirm, or Cancel to cancel, the deletion.| Top of Section | Related Local Section | Close Window |
This page appears if you click Push Admin or Push All Administrators on the List/Add Administrators page. It shows the administrator to be pushed (or All Administrators) and a choice of local clusters to which to push them.
The fields and choices on this page are:
| Field/Choice | Description |
| Data to Push | Administrator chosen to push to the local clusters, or All Administrators. Click the administrator link to open the View Administrator page. |
| Data Synchronization Mode | Mode to use to synchronize the regional and local clusters. Required. Click one of the radio buttons:
|
| Destination Clusters | List of known local clusters. Move the desired cluster or clusters from the Available field into the Selected field using <<. To choose all the clusters, click Select All, then << to move them. To remove one or more clusters, click its name or names in the Selected list, then click >> to move it or them to the Available list. You must move at least one cluster to Selected to make the push operation work. |
TIP: The cluster chosen and radio buttons are persistent, so that any future operations on this page will retain these settings.
After making these choices, click Push Data to Clusters, or Cancel. This opens the View Push Administrator Data Report page.
| Top of Page | Top of Section | Close Window |
This page appears if you click Push Data to Clusters on the Push Administrator Data to Local Clusters page. It shows a read-only summary of the results of the push operation. Click OK to return.
| Top of Page | Top of Section | Close Window |
At the regional cluster only, this page appears if you click Pull Replica Administrators on the List/Add Administrators page. It shows a tree view of the regional server's replica data for the local clusters' administrators. The tree has two levels, one for the clusters and one for the administrators in each cluster.
The columns on this page are:
| Column | Description |
| Name | Name of the local cluster and its administrators. If necessary, click the cluster name to open the Edit Server Cluster page. You can also view the administrator data by clicking its name to open the View Administrator page. |
| Update Replica Data | To update the replica data for the local cluster on the regional cluster, click the Replica icon ( ). |
| Pull Data | To pull a specific administrator, choose a synchronization mode, then click Pull Administrator next to its name. To pull all the administrators from the cluster, click Pull All Administrators to open the Report Pull Replica Administrators page. The synchronization modes are:
|
To return to the List/Add Administrators page without making changes. click Cancel.
| Top of Page | Top of Section | Close Window |
At the regional cluster only, this page appears when you pull administrators on the Select Replica Administrator Data to Pull page. It shows the changes that would be made were you to run the pull operation. To run the pull operation, click Run to open the Run Pull Replica Administrators page, or to cancel the operation, click Cancel.
| Top of Page | Top of Section | Close Window |
At the regional cluster only, this page appears when you click Run on the Report Pull Replica Administrators page. After looking at the actual data, click OK to return to the List/Add Administrators page.
| Top of Page | Top of Section | Close Window |
If you are a regional-admin with read-write privileges and assigned the authentication subrole, and you click an administrator's name on the List/Add Administrators page, you can change the administrator's password, superuser access status, and group assignment. If you have read-only privileges, you can only view the administrator information.
You cannot change the administrator's name on this page. However, you can change the password and superuser status. A check mark next to Superuser? indicates that the administrator is a superuser. (Be aware that there should be a limited number of these types of administrators.)
You can re-assign groups in the Groups area of this page. Groups are assigned when they appear in the Selected field and de-assigned when they appear in the Available field. Move one or more groups back and forth between these fields as desired by choosing them and clicking << or >>. The Select All button chooses all items in the Available list so that you can move all of them to the Selected list.
When you finish making changes, click Modify Administrator, or click Cancel to cancel the changes. You return to the List/Add Administrators page.
| Top of Page | Top of Section | Close Window |
This page lists the administrators and their passwords, superuser and NRCMD user statuses, and group membership. If you have read-write privileges as a ccm-admin assigned the authorization subrole, you can add, choose for editing, and delete administrators. If you have read-only privileges, you can only list and view the administrators.
The page initially shows the admin user, who has superuser access -- full Web UI and CLI access, including creating and editing users and license keys -- indicated by a check mark in the Superuser column. Multiple administrators can be superusers, but it is best to limit this kind of access to a few users only.
NOTE: If you delete all of the user accounts, you cannot log in to Network Registrar. Click here for an emergency remedy.
The NRCMD column indicates if the administrator has additional CLI (nrcmd program) access, with limited or full functions in the Web UI and CLI:
On this page:
After entering or choosing these items, click Add Administrator. The administrator now appears in the list below the entry fields. The list is in alphabetical order.
) next to the name in the list. This opens a Confirm Delete page. Click Delete to confirm, or Cancel to cancel, the deletion.| Top of Section | Related Regional Section | Close Window |
If you have read-write privileges as a ccm-admin assigned the authorization subrole, and you click an administrator's name on the List/Add Administrators page, you can change the administrator's password, superuser and additional CLI access status, and groups to which the administrator belongs. If you have read-only privileges, you can only view the administrator information.
You cannot change the administrator's name on this page. However, you can change the password, superuser status, and NRCMD user status. A check mark next to Superuser? indicates that the administrator is a superuser. (Be aware that there should be a limited number of these types of administrators.) The NRCMD user? field requires choosing limited or full. If you choose the null value, the administrator does not have additional CLI access, unless you also assigned superuser status.
You can also re-assign groups in the Groups area of this page. Groups are assigned when they appear in the Selected field and de-assigned when they appear in the Available field. Move one or more groups back and forth between these fields as desired by choosing them and clicking << or >>. The Select All button choose all items in the Available list so that you can move all of them to the Selected list.
When you finish making changes, click Modify Administrator, or click Cancel to cancel the changes. You return to the List/Add Administrators page.
| Top of Page | Top of Section | Close Window |
You assign roles to administrators through groups. Note that a group has no function unless it has at least one role assigned to it. Network Registrar provides a set of predefined groups that you can assign to local and regional cluster administrators.
Plan for the group names to reflect the intended role of its members so that you can define the correct administrators with them.
| Top of Page | Related Section | Close Window |
If you have read-write privileges and are assigned the authorization subrole, you can list, create, choose for editing, and delete administrator groups on this page. You can also push groups to, and pull groups from, the local clusters. If you have read-only privileges, you can only list administrator groups on this page.
Network Registrar provides predefined groups that include the corresponding predefined roles at the regional and local clusters, including the aggregate address-mgt-group and dns-mgt-group at the local cluster. (The predefined groups for each cluster are shown in the following tables). Also, an upgrade creates group names that are based on the direct role associations in the previous release.
| Predefined Local Cluster Group | Description | Automatic Role Assignment |
| addrblock-admin-group | Address block administrator group. | addrblock-admin |
| addrblock-admin-readonly-group | Read-only address block administrator group. | addrblock-admin-readonly |
| address-mgt-group | Address block, global, and DHCP administrator group. | addrblock-admin, ccm-admin, dhcp-admin |
| ccm-admin-group | Web UI administrator group. | ccm-admin |
| ccm-admin-readonly-group | Read-only Web UI administrator group. | ccm-admin-readonly |
| dhcp-admin-group | DHCP administrator group. | dhcp-admin |
| dhcp-admin-readonly-group | Read-only DHCP administrator group. | dhcp-admin-readonly |
| dns-mgt-group | Global, host, and zone administrator group. | ccm-admin, host-admin, zone-admin |
| host-admin-group | Host administrator group. | host-admin |
| host-admin-readonly-group | Read-only host administrator group. | host-admin-readonly |
| zone-admin-group | Zone administrator group. | zone-admin |
| zone-admin-readonly-group | Read-only zone administrator group. | zone-admin-readonly |
| Predefined Regional Cluster Group | Description | Automatic Role Assignment |
| central-cfg-admin-group | Central configuration administrator group. | central-cfg-admin |
| central-cfg-admin-readonly-group | Read-only central configuration administrator group. | central-cfg-admin-readonly |
| regional-addr-admin-group | Regional address administrator group. | regional-addr-admin |
| regional-addr-admin-readonly-group | Read-only regional address administrator group. | regional-addr-admin-readonly |
| regional-admin-group | Regional administrator group. | regional-admin |
| regional-admin-readonly-group | Read-only regional administrator group. | regional-admin-readonly |
) next to its name in the list. This opens a Confirm Delete page. Click Delete to delete the group, or Cancel to cancel the deletion.| Top of Page | Top of Section | Close Window |
This page appears if you click Push Group or Push All Groups on the List/Add Administrator Groups page. It shows the group to be pushed (or All Groups) and a choice of local clusters to which to push them.
The fields and choices on this page are:
| Field/Choice | Description |
| Data to Push | Group chosen to push to the local clusters, or All Groups. Click the group link to open the View Administrator Group page. |
| Data Synchronization Mode | Mode to use to synchronize at the regional and local clusters. Required. Click one of the radio buttons:
|
| Destination Clusters | List of known local clusters. Move the desired cluster or clusters from the Available field into the Selected field using <<. To choose all the clusters, click Select All, then << to move them. To remove one or more clusters, click its name or names in the Selected list, then click >> to move it or them to the Available list. You must move at least one cluster to Selected to make the push operation work. |
TIP: The cluster chosen and radio buttons are persistent, so that any future operations on this page will retain these settings.
After making these choices, click Push Data to Clusters, or Cancel. This opens the View Push Group Data Report page.
| Top of Page | Top of Section | Close Window |
This page appears if you click Push Data to Clusters on the Push Group Data to Local Clusters page. It shows a read-only summary of the results of the push operation. Click OK to return.
| Top of Page | Top of Section | Close Window |
At the regional cluster only, this page appears if you click Pull Replica Groups on the List/Add Administrator Groups page. It shows a tree view of the regional server's replica data for the local clusters' groups. The tree has two levels, one for the clusters and one for the groups in each cluster.
The columns on this page are:
| Column | Description |
| Name | Name of the local cluster and its groups. If necessary, click the cluster name to open the Edit Server Cluster page. You can also view the group data by clicking its name to open the View Group page. |
| Update Replica Data | To update the replica data for the local cluster on the regional cluster, click the Replica icon (). |
| Pull Data | To pull a specific group, choose a synchronization mode, then click Pull Group next to its name. To pull all the groups from the cluster, click Pull All Groups to open the Report Pull Replica Groups page. The synchronization modes are:
|
To complete the operations, click OK, or Cancel, to return to the List/Add Administrator Groups page.
| Top of Page | Top of Section | Close Window |
At the regional cluster only, this page appears when you pull groups on the Select Replica Group Data to Pull page. It shows the changes that would be made were you to run the pull operation. To run the pull operation, click Run to open the Run Pull Replica Groups page, or to cancel the operation, click Cancel
| Top of Page | Top of Section | Close Window |
At the regional cluster only, this page appears when you click Run on the Report Pull Replica Groups page. After looking at the actual data, click OK to return to the List/Add Administrator Groups page.
| Top of Page | Top of Section | Close Window |
If you have read-write privileges and are assigned the authorization subrole, and you click an administrator group's name on the List/Add Administrator Groups page, you can change the group's name, description, and assigned role or roles. If you have read-only privilege, you can only view the group information. The group name is required, is not case sensitive, but must be unique.
You can re-assign roles for the group in the Roles area. Roles are assigned when they appear in the Selected field and de-assigned when they appear in the Available field. Move one or more roles back and forth between these fields as desired by choosing it or them and clicking << or >>. The Select All button chooses all items in the Available list so that you can move all of them to the Selected list.
When you finish making changes, click Modify Group, or Cancel to cancel the changes. You return to the List/Add Administrator Groups page.
| Top of Page | Top of Section | Close Window |
Network Registrar provides two different sets of administrator roles for the regional and local clusters. You use these roles to define the kinds of actions and functions the administrators assigned to them can exercise.
| Top of Page | Previous Section | Close Window |
If you have read-write privileges as a regional-admin assigned the authorization subrole, you can list all administrator roles, choose the constrained roles for editing, and delete constrained roles (you cannot delete the predefined base roles). You can derive the constrained roles from the regional-admin, regional-addr-admin, and central-cfg-admin base roles. You can also push roles to, and pull roles from, the local clusters. If you have read-only privileges, you can only choose the administrator roles for viewing.
NOTE: If you assign an administrator multiple roles, one of which is read-only, the read-only functionality takes precedence for that role type.
The following table lists the predefined unconstrained regional cluster roles. You cannot delete these predefined unconstrained roles.
| Predefined Regional Role | Description |
| central-cfg-admin | Manages the local server cluster and routers to be centrally administered, along with DHCP objects, failover pairs, and zone distributions. |
| central-cfg-admin-readonly | Read-only variant of the central-cfg-admin role. |
| regional-addr-admin | Manages the address space allocated to organizations, delegates address blocks to local clusters, and views address utilization and lease history reports across the local clusters. |
| regional-addr-admin-readonly | Read-only variant of the regional-addr-admin role. |
| regional-admin | Manages administrators, groups, roles, and licenses, and views database change logs and tasks. The regional-admin includes subroles that determine what objects can be pushed to, or pulled from, the local clusters (see the Regional Administrator Subrole Requirements for Push and Pull Operations topic). |
| regional-admin-readonly | Read-only variant of the regional-admin role. |
TIP: Click the Refresh icon (
) next to the Name column heading to refresh the page.
) next to its name in the list. This opens a Confirm Delete page. Click Delete to delete the constrained role, or Cancel to cancel the deletion. You cannot delete a predefined unconstrained role.| Top of Section | Related Local Section | Close Window |
The following subroles of the regional-admin are required to push objects to, or pull objects from, the local clusters.
| Push/Pull Action | Required regional-admin Subrole |
| Administrators | authentication |
| Groups or Roles (only) | authorization |
| Owners and Regions | owner-region |
| Groups with related roles Roles with related groups |
authorization |
| Group with related owners/regions Roles with related owners/regions |
authorization and owner-region |
| Groups with related roles and owners/regions Roles with related groups and owners/regions |
authorization and owner-region |
| Top of Page | Top of Section | Close Window |
If you have read-write privileges as a regional-admin assigned the authorization subrole, and you add a central configuration administrator role or choose it to edit it on the List/Add Administrator Roles page, you are redirected to this page to finish creating or editing the role. The Add Central Configuration Administrator Role page appears when you first create the role; the Edit Central Configuration Administrator page appears when you edit the role. If you have read-only privileges and you click the role name on the List/Add Administrator Roles page, you can only view the role information.
NOTE: You must click Add Role on the Add Central Configuration Administrator Role page to finish creating the role.
These are the fields and choices for adding an administrator role:
| Field/Choice | Description |
| Role Name | Role name. Required. You can edit this field if it is a constrained role, but not if it is an unconstrained role, and the value must be unique. |
| Role Type | Base role, in this case, central-cfg-admin, which you cannot edit. To grant the role read-only privileges to choices made on this page, click a check mark in Read Only Role. If the role is read-only, the words [Read Only] appear. |
| Role Restrictions: Owners | Restricts the role to manage DHCP and zone data with particular owners only. Optional. For this role to have any effect, you must either click a check mark in All Owners, or choose at least one predefined owner (created by clicking Owners on the Secondary Navigation bar; see the Listing and Adding Owners topic). Click one or more owner names in the Available list, then click << to move it or them to the Selected list. To choose all the owners, click Select All, then << to move them. To remove one or more owner restrictions, click the owner name or names in the Selected list, then click >> to move it or them to the Available list. NOTE: The owner restriction intersects with that of the region restriction. The role can manage only objects qualified by both the owner and region. TIP: If you want the role to manage the DHCP and zone data managed by all current and future defined owners, click a check mark in All Owners. |
| Role Restrictions: Regions | Restricts the role to manage address blocks or subnets located in particular regions only. Optional. For this role to have any effect, you must either click a check mark in All Regions, or choose at least one predefined region (created by clicking Regions on the Secondary Navigation bar; see the Listing and Adding Regions topic). Click one or more region names in the Available list, then click << to move it or them to the Selected list. To choose all the regions, click Select All, then << to move them. To remove one or more region restrictions, click the region name or names in the Selected list, then click >> to move it or them to the Available list. NOTE: The region restriction intersects with that of the owner restriction. The role can manage only objects qualified by both the region and owner. TIP: If you want the role to manage the DHCP and zone data managed by all current and future defined regions, click a check mark in All Regions. |
| Role Restrictions: Subroles | Defines subrole restrictions for the role. Optional. You can choose one or more of the following subroles for the central configuration administrator role:
All Subroles is check marked by default to adopt all of the subroles. You must remove the check mark to assign the individual subroles. Click one or more of these subroles in the Available list, then click << to move it or them to the Selected list. To choose all the subroles, click Select All, then << to move them. To remove one or more subrole restrictions, click the subrole name or names in the Selected list, then click >> to move it or them to the Available list. |
| Groups | Groups who should adopt this role. Optional. Click one or more group names in the Available list, then click << to move it or them to the Selected list. To choose all the groups, click Select All, then << to move them. To de-assign one or more groups from the role, click the name or names in the Selected list, then click >> to move it or them to the Available list. |
When you finish making changes to the appropriate fields, click Add Role or Modify Role. (You must click Add Role on the Add Central Configuration Administrator Role page to finish creating the role). To cancel the creation or changes, click Cancel. You return to the List/Add Administrator Roles page. Refresh that page before choosing any more items for editing.
| Top of Page | Top of Section | Close Window |
If you have read-write privileges as a regional-admin assigned the authorization subrole, and you create a regional cluster address space administrator role or choose it to edit it on the List/Add Administrator Roles page, you are redirected to this page to finish creating or editing the role. The Add Regional Address Space Administrator Role page appears when you first create the role; the Edit Regional Address Space Administrator page appears when you edit the role. If you have read-only privileges and you click the role name on the List/Add Administrator Roles page, you can only view the role information.
NOTE: You must click Add Role on the Add Regional Address Space Administrator Role page to finish creating the role.
These are the fields and choices for adding an administrator role:
| Field/Choice | Description |
| Role Name | Role name. Required. You can edit this field if it is a constrained role, but not if it is an unconstrained role, and the value must be unique. |
| Role Type | Base role, in this case, regional-addr-admin, which you cannot edit. To grant the role read-only privileges to choices made on this page, check mark Read Only Role. If the role is read-only, the words [Read Only] appear. |
| Role Restrictions: Owners | Restricts the role to manage address blocks or subnets with particular owners only. Optional. The owners must be predefined or available by clicking Owners on the Secondary Navigation bar (see the Listing and Adding Owners topic). Click one or more owner names in the Available list, then click << to move it or them to the Selected list. To choose all the owners, click Select All, then << to move them. To remove one or more owner restrictions, click the owner name or names in the Selected list, then click >> to move it or them to the Available list. NOTE: The owner restriction intersects with that of the region restriction. The role can manage only objects qualified by both the owner and region. TIP: If you want the role to manage the address blocks or subnets managed by all current and future defined owners, click a check mark in All Owners. |
| Role Restrictions: Regions | Restricts the role to manage address blocks or subnets located in particular regions only. Optional. The regions must be predefined or available by clicking Regions on the Secondary Navigation bar (see the Listing and Adding Regions topic). Click one or more region names in the Available list, then click << to move it or them to the Selected list. To choose all the regions, click Select All, then << to move them. To remove one or more region restrictions, click the region name or names in the Selected list, then click >> to move it or them to the Available list. NOTE: The region restriction intersects with that of the owner restriction. The role can manage only objects qualified by both the region and owner. TIP: If you want the role to manage the address blocks or subnets in all current and future defined regions, click a check mark in All Regions. |
| Role Restrictions: Subroles | Defines subrole restrictions for the role. Optional. You can choose one or more of the following subroles for the regional cluster address space administrator role:
All Subroles is check marked by default to adopt all of the subroles. You must remove the check mark to assign the individual subroles. Click one or more of these subroles in the Available list, then click << to move it or them to the Selected list. To choose all the subroles, click Select All, then << to move them. To remove one or more subrole restrictions, click the subrole name or names in the Selected list, then click >> to move it or them to the Available list. |
| Groups | Groups who should adopt this role. Optional. Click one or more group names in the Available list, then click << to move it or them to the Selected list. To choose all the groups, click Select All, then << to move them. To de-assign one or more groups from the role, click the name or names in the Selected list, then click >> to move it or them to the Available list. |
When you finish making changes to the appropriate fields, click Add Role or Modify Role. (You must click Add Role on the Add Regional Address Space Administrator Role page to finish creating the role). To cancel the creation or changes, click Cancel. You return to the List/Add Administrator Roles page. Refresh that page before choosing any more items for editing.
| Top of Page | Top of Section | Close Window |
If you have read-write privileges as a regional-admin with the authorization subrole, and you create a regional cluster administrator role or choose it to edit it on the List/Add Administrator Roles page, you are redirected to this page to finish creating or editing the role. The Add Regional Administrator Role page appears when you first create the role; the Edit Regional Administrator page appears when you edit the role. If you have read-only privileges and you click the role name on the List/Add Administrator Roles page, you can only view the role information.
NOTE: You must click Add Role on the Add Regional Administrator Role page to finish creating the role.
These are the fields and choices for adding an administrator role:
| Field/Choice | Description |
| Role Name | Role name. Required. You can edit this field if it is a constrained role, but not if it is an unconstrained role, and the value must be unique. |
| Role Type | Base role, in this case, regional-admin, which you cannot edit. To grant the role read-only privileges to choices made on this page, click a check mark in Read Only Role. If the role is read-only, the words [Read Only] appear. |
| Role Restrictions: | NOTE: Regional administrators cannot be constrained by owners or regions. |
| Subroles | Defines subrole restrictions for the role. Optional. You can choose one or more of the following subroles for the regional cluster administrator role:
All Subroles is check marked by default to adopt all of the subroles. You must remove the check mark to assign the individual subroles. Click one or more of these subroles in the Available list, then click << to move it or them to the Selected list. To choose all the subroles, click Select All, then << to move them. To remove one or more subrole restrictions, click the subrole name or names in the Selected list, then click >> to move it or them to the Available list. |
| Groups | Groups who should adopt this role. Optional. Click one or more group names in the Available list, then click << to move it or them to the Selected list. To choose all the groups, click Select All, then << to move them. To de-assign one or more groups from the role, click the name or names in the Selected list, then click >> to move it or them to the Available list. |
When you finish making changes to the appropriate fields, click Add Role or Modify Role. (You must click Add Role on the Add Regional Administrator Role page to finish creating the role). To cancel the creation or changes, click Cancel. You return to the List/Add Administrator Roles page. Refresh that page before choosing any more items for editing.
| Top of Page | Top of Section | Close Window |
This page appears if you click Push Role or Push All Roles on the List/Add Administrator Roles page. It shows the role to be pushed (or All Roles) and a choice of local clusters to which to push them.
The fields and choices on this page are:
| Field/Choice | Description |
| Data to Push | Role chosen to push to the local clusters, or All Roles. Click the role link to open the View Role page for the role type. |
| Data Synchronization Mode | Mode to use to synchronize at the regional and local clusters. Required. Click one of the radio buttons:
|
| Push Associated Groups (Always Replace) | Mark this with a check mark if you want the associated groups pushed with the role so that they replace any existing ones at the local cluster. This choice is enabled by default. |
| Push Associated Owners and Regions (Always Ensure) | Mark this with a check mark if you want the associated owner and regions pushed (without replacing any existing ones the local cluster). This choice appears only if you have the owner-region subrole defined, and is enabled by default. |
| Destination Clusters | List of known local clusters. Move the desired cluster or clusters from the Available field into the Selected field using <<. To choose all the clusters, click Select All, then << to move them. To remove one or more clusters, click its name or names in the Selected list, then click >> to move it or them to the Available list. You must move at least one cluster to Selected to make the push operation work. |
TIP: The cluster choice and radio buttons are persistent, so that any future operations on this page will retain these settings.
After making these choices, click Push Data to Clusters, or Cancel. This opens the View Push Role Data Report page.
| Top of Page | Top of Section | Close Window |
This page appears if you click Push Data to Clusters on the Push Role Data to Local Clusters page. It shows a read-only summary of the results of the push operation. Click OK to return.
| Top of Page | Top of Section | Close Window |
At the regional cluster only, this page appears if you click Pull Replica Roles on the List/Add Administrator Roles page. It shows a tree view of the regional server's replica data for the local clusters' roles. The tree has two levels, one for the clusters and one for the roles in each cluster.
The columns on this page are:
| Column | Description |
| Name | Name of the local cluster and its roles. If necessary, click the cluster name to open the Edit Server Cluster page. You can also view the role data by clicking its name to open the View Role page for the role type. |
| Update Replica Data | To update the replica data for the local cluster on the regional cluster, click the Replica icon (). |
| Pull Data | To pull a specific role, choose a synchronization mode, then click Pull Role next to its name. To pull all the roles from the cluster, click Pull All Roles to open the Report Pull Replica Roles page. The synchronization modes are:
|
| Pull Associated Owners (Always Ensure) | Click a check mark in this box if you want to pull the associated owners with the role, if applicable. This option appears only if you have the owner-region subrole enabled for the role. |
To return to the List/Add Administrator Groups page without performing a pull operation, click Cancel.
| Top of Page | Top of Section | Close Window |
At the regional cluster only, this page appears when you pull roles on the Select Replica Role Data to Pull page. It shows the changes that would be made were you to run the pull operation. To run the pull operation, click Run to open the Run Pull Replica Roles page, or to cancel the operation, click Cancel
| Top of Page | Top of Section | Close Window |
At the regional cluster only, this page appears when you click Run on the Report Pull Replica Roles page. After looking at the actual data, click OK to return to the List/Add Administrator Roles page.
| Top of Page | Top of Section | Close Window |
If you have read-write privileges as a ccm-admin assigned the authentication subrole, you can list all administrator roles, choose the constrained roles for editing, and delete only the constrained roles (you cannot delete the predefined base roles). You can derive the constrained roles only from the following three base roles:
If you have read-only privileges, you can only choose the administrator roles for viewing.
NOTE: If you assign an administrator multiple roles, one of which is read-only, the read-only functionality takes precedence for that role type.
The following table lists the predefined unconstrained roles and their automatic group assignments. You cannot delete these predefined unconstrained roles.
| Predefined Local Role | Description | Group Assignment |
| addrblock-admin | DHCP address block administrator base role. | address-mgt-group |
| addrblock-admin-readonly | Read-only DHCP address block administrator base role. | -- |
| ccm-admin | Web UI administrator base role. | address-mgt-group, dns-mgt-group |
| ccm-admin-readonly | Read-only Web UI administrator base role. | -- |
| dhcp-admin | DHCP administrator base role. | address-mgt-group |
| dhcp-admin-readonly | Read-only DHCP administrator base role. | -- |
| host-admin | Host administrator base role. | dns-mgt-group |
| host-admin-readonly | Read-only host administrator base role. | -- |
| zone-admin | Zone administrator base role. | dns-mgt-group |
| zone-admin-readonly | Read-only zone administrator base role. | -- |
TIP: Click the Refresh icon () next to the Name column heading to refresh the page.
) next to its name in the list. This opens a Confirm Delete page. Click Delete to delete the constrained role, or Cancel to cancel the deletion. You cannot delete a predefined unconstrained role.| Top of Section | Related Regional Section | Close Window |
If you have read-write privileges as a ccm-admin assigned the authorization subrole, and you create a CCM administrator constrained role or click its name to edit it on the List/Add Administrator Roles page, you are redirected to this page to finish creating or editing the role. The Add CCM Administrator Role page appears when you first create the role; the Edit CCM Administrator page appears when you edit the role. If you have read-only privileges and you click the role name on the List/Add Administrator Roles page, you can only view the role information.
NOTE: You must click Add Role on the Add CCM Administrator Role page to finish creating the role.
These are the fields and choices for adding an administrator role:
| Field/Choice | Description |
| Role Name | Apart from a base role, you can edit the role name, but the value must be unique. |
| Role Type | Base role, in this case, ccm-admin, which you cannot edit. To grant a constrained role read-only privileges to choices made on this page, click a check mark in Read Only Role. If an unconstrained role is read-only, the words [Read Only] appear. |
| Role Restrictions: Subroles | Defines subrole restrictions for the role. Optional. You can choose one or more of the following subroles for the CCM administrator role:
All Subroles is check marked by default to adopt all of the subroles. You must remove the check mark to assign the individual subroles. Click one or more of these subroles in the Available list, then click << to move it or them to the Selected list. To choose all the subroles, click Select All, then << to move them. To remove one or more subrole restrictions, click the subrole name or names in the Selected list, then click >> to move it or them to the Available list. |
| Groups | Groups who should adopt this role. Optional. Click one or more group names in the Available list, then click << to move it or them to the Selected list. To choose all the groups, click Select All, then << to move them. To de-assign one or more groups from the role, click the name or names in the Selected list, then click >> to move it or them to the Available list. |
When you finish making changes to the appropriate fields, click Add Role or Modify Role. (You must click Add Role on the Add CCM Administrator Role page to finish creating the role). To cancel the creation or changes, click Cancel. You return to the List/Add Administrator Roles page. Refresh that page before choosing any more items for editing.
| Top of Page | Top of Section | Close Window |
If you have read-write privileges as a ccm-admin assigned the authorization subrole, and you create a zone administrator constrained role or click its name to edit it on the List/Add Administrator Roles page, you are redirected to this page to finish creating or editing the role. The Add Zone Administrator Role page appears when you first create the role; the Edit Zone Administrator page appears when you edit the role. If you have read-only privileges and you click the role name on the List/Add Administrator Roles page, you can only view the role information.
You can assign zone restrictions to the role either by zone name or indirectly by the owner of the zone. Restricting by zones or owner is mutually exclusive.
NOTE: You must click Add Role on the Add Zone Administrator Role page to finish creating the role.
These are the fields and choices for adding an administrator role:
| Field/Choice | Description |
| Role Name | Apart from a base role, you can edit the role name, but the value must be unique. |
| Role Type | Base role, in this case, zone-admin, which you cannot edit. To grant the role read-only privileges to choices made on this page, click a check mark in Read Only Role. If an unconstrained role is read-only, the words [Read Only] appear. |
| Zone Restrictions | |
| Zone Name Regular Expression | Regular expression of the names of zones that the role can manage. Optional. The value you enter in the Zone Name Regular Expression field can contain wildcards. For example, to restrict the role to zone names that include the string example, enter the value .*example.* in the field. The "." indicates "any single character" and the "*" indicates "any number of these characters." The characters can also be null characters, so that this example would pick up zones such as example.com and anotherexample.net. See the Regular Expression Metacharacter Syntax topic for the metacharacters that you can use in this field. |
| Edit Owners | Click a check mark in this box if you want the role to edit the zone owners for the defined zones. Optional. |
| Access Secondary Zones | Click a check mark in this box if you want the role to access secondary zones for the defined zones. Optional. |
| Access Reverse Zones | Click a check mark in this box if you want the role to access reverse zones for the defined zones. Optional. |
| By Zones: Zones | Zone or zones that the role should manage. (Clicking a check mark removes it from the By Owner box.) Optional. At least one zone is required to be effective. Click one or more zone names in the Available list, then click << to move it or them to the Selected list. To choose all the zones, click Select All. To remove one or more zone restrictions, click the zone name or names in the Selected list, then click >> to move it or them to the Available list. If you want the role to manage all current and future zones, click a check mark in All Zones; this greys out the zone choices. To move all the Selected entries to the Available list, click Deselect All. |
| By Owner: Owners | Owner that determines the zones or zones that the role should manage. (Clicking a check mark removes it from the By Zones box.) The role can manage only those zones owned by the specified owner. Click one or more owner names in the Available list, then click << to move it or them to the Selected list. To choose all the owners, click Select All. To disassociate one or more owners from the role, choose the owner name or names in the Selected list, then click >> to move it or them into the Available list. If you want the role to manage the zones of all current and future owners, click a check mark in All Owners; this greys out the owner choices. Optional, but if By Owner is used, the owner must point to at least one owner to be effective. |
| Groups | Groups who should adopt this role. Optional. Click one or more group names in the Available list, then click << to move it or them to the Selected list. To choose all the groups, click Select All, then << to move them. To de-assign one or more groups from the role, click the name or names in the Selected list, then click >> to move it or them to the Available list. |
When you finish making changes to the appropriate fields, click Add Role or Modify Role. (You must click Add Role on the Add Zone Administrator Role page to finish creating the role). To cancel the creation or changes, click Cancel. You return to the List/Add Administrator Roles page. Refresh that page before choosing any more items for editing.
| Top of Page | Top of Section | Close Window |
If you have read-write privileges as a ccm-admin assigned the authorization subrole, and you create a host administrator constrained role or choose it to edit it on the List/Add Administrator Roles page, you are redirected to this page to finish creating or editing the role. The Add Host Administrator Role appears when you first create the role; the Edit Host Administrator page appears when you edit the role. If you have read-only privileges and you click the role name on the List/Add Administrator Roles page, you can only view the role information.
NOTE: You must click Add Role on the Add Host Administrator Role page to finish creating the role.
These are the fields and choices for adding an administrator role:
| Field/Choice | Description |
| Role Name | Apart from a base role, you can edit the role name, but the value must be unique. |
| Role Type | Base role, in this case, host-admin, which you cannot edit. To grant the role read-only privileges to choices made on this page, click a check mark in Read Only Role. If an unconstrained role is read-only, the words [Read Only] appear. |
| Zone Restrictions | Restricts the zone or zones that you want the administrator with this role to manage. Optional. You must define at least one zone for the role to be effective, and it must be predefined or available by clicking Zone on the Primary Navigation bar (see the Listing and Adding Zones topic). Click one or more zone names in the Available list, then click << to move it or them to the Selected list. To choose all the zones, click Select All, then << to move them. To remove one or more zone restrictions, click the zone name or names in the Selected list, then click >> to move it or them to the Available list. To move all the Selected entries to the Available list, click Deselect All. TIP: If you want the role to manage all current and future defined zones, click a check mark in All Zones. |
| IP Restrictions | Restricts the IP address range or ranges that you want the administrator with this role to manage. Optional. The ranges must be predefined subnet ranges by clicking Address Space on the Primary Navigation bar and Subnet on the Secondary Navigation bar (see the Editing a Subnet topic). Click an IP address range or ranges in the Available list, then click << to move it or them to the Selected list. To choose all the ranges, click Select All, then << to move them. To remove one or more IP restrictions, click the range or ranges in the Selected list, then click >> to move it or them to the Available list. TIP: If you want the role to manage all current and future IP ranges, click a check mark in All IPRanges. |
| Host Restrictions | Restricts the administrator with this role to manage hosts with specific names. Optional. The value you enter in the Host Name Regular Expression field can contain wildcards. For example, to restrict the role to host names that include the string examplehost, enter the value .*examplehost.* in the field. The "." indicates "any single character" and the "*" indicates "any number of these characters." The characters can also be null characters, so that this example would pick up hosts such as examplehost101 and just examplehost. See the Regular Expression Metacharacter Syntax topic for the metacharacters you can use in this field. Remember to structure the match by considering that host names are not case sensitive. |
| Groups | Groups who should adopt this role. Optional. Click one or more group names in the Available list, then click << to move it or them to the Selected list. To choose all the groups, click Select All, then << to move them. To de-assign one or more groups from the role, click the name or names in the Selected list, then click >> to move it or them to the Available list. |
When you finish making changes to the appropriate fields, click Add Role or Modify Role. (You must click Add Role on the Add Host Administrator Role page to finish creating the role). To cancel the creation or changes, click Cancel. You return to the List/Add Administrator Roles page. Refresh that page before choosing any more items for editing.
| Top of Page | Top of Section | Close Window |
Use the following metacharacters in specifying regular expressions in the following places:
NOTE: Although the regular expression value matching is case sensitive, the server considers host and zone names as not case sensitive.
| Metacharacter | Description |
| (chars) (parentheses) | Treats the characters between the parentheses as a single text block. For an example of grouping using blocks, see the use of the backslash (\). |
| . (dot) | Matches any single character. For example, host. matches any name starting with host and ending with a single character, such as host1. To include the dot as an actual character, escape it using a \ (see backslash); for example, .*\.com.. |
| * (asterisk) | Matches the previous character or block zero or more times. For example, host1* matches host, host1, host11, host111, and so on. |
| ? (question mark) | Matches the previous character or block zero or one times only. For example, host1? matches host and host1 only (compare with *). |
| + (plus sign) | Matches the previous character or block one or more times. For example, host1+ matches host1, host11, host111, and so on, but not host (compare with *). |
| [chars] (square brackets) | Matches any character (or range of characters) or block in the square brackets. For example, host[19]* matches host, host1, host19, host9199, and so on; the range statement [a–z] matches all lowercase characters. |
| [^chars] (caret in square brackets) | Excludes from the match any characters (or range of characters) or block in the square brackets. For example, host[^0].* matches any name starting with host, except if it immediately follows with a zero (so that host0101 would be excluded). |
| ^ (caret) | Start of the line. For example, ^[^0–9].* matches any name not starting with a digit. |
| $ (dollar sign) | End of the line. For example, .*[^9]$ matches any name not ending with a 9. |
| {x,y} (curly brackets) | Bounding syntax that matches the last character or block at least x and not more than y times. For example, host[123]{1,3} matches host1, host11, and host123. |
| chars | chars | Matches the text before or after the operator. For example, ([a–z] | [A–Z])+ matches any lowercase or uppercase name of one or more characters. |
| \ (backslash=escape character) | Because the characters (, ), [, ], ., *, ?, +, ^, and $ are special symbols, you must escape each one using a backslash (which is also a special symbol). For example, host(\([1–999]\))?\\?[a–z]? matches host(1) through host(999)\z. |
| Top of Page | Related Host Section Related Zone Section | Close Window |
If you have read-write privileges as a ccm-admin assigned the authorization subrole, and you click a DHCP administrator role on the List/Add Administrator Roles page, you can edit the role on the Edit DHCP Administrator Role page. If you have read-only privileges and you click the role name on the List/Add Administrator Roles page, you can only view the role information.
| Field/Choice | Description |
| Role Name | Always dhcp-admin or dhcp-admin-readonly. You cannot edit this field. |
| Role Type | Base role, in this case, dhcp-admin. You cannot edit this field. If read-only, the words [Read Only] appear. |
| Groups | Group or groups that should adopt this role. Optional. This role has address-mgt-group automatically chosen, unless it is a read-only role, in which case it has no group automatically chosen. Click additional group or groups in the Available list, then click << to move it or them to the Selected list. To choose all the groups, click Select All. To disassociate one or more groups from the role, click the name or names in the Selected list, then click >> to move it or them to the Available list. |
When you finish making changes to the appropriate fields, click Modify Role. To cancel the changes, click Cancel. You return to the List/Add Administrator Roles page. Refresh that page before choosing any more items for editing.
| Top of Page | Top of Section | Close Window |
If you have read-write privileges as a ccm-admin assigned the authorization subrole, and you click an address block administrator role on the List/Add Administrator Roles page, you can edit the role on the Edit Address Block Administrator Role page. If you have read-only privileges and you click the role name on the List/Add Administrator Roles page, you can only view the role information.
| Field/Choice | Description |
| Role Name | Always addrblock-admin or addrblock-admin-readonly. You cannot edit this field. |
| Role Type | Base role, in this case, addrblock-admin. You cannot edit this field. If read-only, the words [Read Only] appear. |
| Groups | Group or groups that should adopt this role. Optional. This role has address-mgt-group automatically chosen, unless it is a read-only role, in which case it has no group automatically chosen. Click additional group or groups in the Available list, then click << to move it or them to the Selected list. To choose all the groups, click Select All. To disassociate one or more groups from the role, click the name or names in the Selected list, then click >> to move it or them to the Available list. |
When you finish making changes to the appropriate fields, click Modify Role. To cancel the changes, click Cancel. You return to the List/Add Administrator Roles page. Refresh that page before choosing any more items for editing.
| Top of Page | Top of Section | Close Window |
At the local cluster, you can secure dynamic DNS updates using keys. This allows DNS and DHCP servers to verify that requests and responses come from an authorized source. Both the DNS and DHCP servers can read and process transaction signature (TSIG) data from Network Registrar or other servers. TSIG is supported only as of Network Registrar Release 6.0, and in that release only for dynamic DNS updates. As of Network Registrar Release 6.1, support was added for queries and zone transfers.
| Top of Page | Previous Section | Close Window |
If you have read-write privileges as a ccm-admin assigned the authentication subrole, you can list, add, choose for editing, and delete TSIG keys. Adding and editing a key involves adding its name, a time skew value, and a secret value. If you have read-only privileges, you can only list the TSIG keys to choose for viewing.
| Field | Description |
| Name | Shared secret key name, in domain name syntax. Required. The name should reflect the names of the hosts that share that key. For example, the hosta.-hostb.example.com. key. |
| Algorithm | Preset as hmac-md5. You cannot edit the algorithm. |
| Security Type | Preset as TSIG. You cannot edit the security type. |
| Time Skew | Time that the time stamp in packets signed with this key can differ from the local system time. Optional. You can use the h, m, and s tag letters for time values expressed in hours, minutes, and seconds, respectively. If you omit the tag, the value is in seconds. For example, the following values are identical: 5m and 300. The range is from 1s to 1h. The default is 300 seconds (5 minutes). |
| Secret | Shared secret value of the key, as a base64 encoded string. Required. The secret value should be at least 16 bytes long. To generate a random secret, use the Network Registrar cnr_keygen utility (see the Generating Random TSIG Keys topic). |
) next to the name in the list. This opens a Confirm Delete page.| Top of Page | Top of Section | Close Window |
You can use the Network Registrar cnr_keygen utility to generate random TSIG key secrets so that you add them to the Secret field on the List/Add Encryption Keys page or Edit Encryption Key page.
Execute the cnr_keygen key generator utility from a DOS prompt, or a Solaris or Linux shell. On Windows, the utility is, by default, in the C:\Program Files\Network Registrar\Local\bin folder. On Solaris and Linux, the utility is in the install-path/usrbin directory. An example of its usage on Solaris is:
$ /opt/nwreg2/local/usrbin/cnr_keygen -n hosta.-hostb.example.com. -b 16 -s 300
key "hosta.-hostb.example.com." {
algorithm hmac-md5;
secret "xGVCsFZ0/6e0N97HGF50eg==";
# cnr-time-skew 300;
# cnr-security-type TSIG;
};
The only required input is the key name. The following table describes the options:
| Option | Description |
| -n name | Key name. Required. The maximum length is 255 bytes. |
| -a hmac-md5 | Algorithm. Optional. Only HMAC-MD5 is currently supported. |
| -b bytes | Byte size of the secret. Optional. The default is 16 bytes. The valid range is 1 through 64 bytes. |
| -s skew | Time skew for the key, in seconds -- the maximum difference between the time stamp in packets signed with this key and the local system time. Optional. The default is 300 seconds. The range is 1 through 3600 seconds. |
| -t tsig | Type of security used. Optional. Only TSIG is currently supported. |
| -h | Help. Optional. Displays the syntax and options of the cnr_keygen utility. |
| -v | Version. Optional. Displays the version of the cnr_keygen utility. |
Enter the secret value in the Secret field on the List/Add Encryption Keys page or Edit Encryption Key page. You can also redirect the output to a file if you use the > or >> indicators at the end of the command line. The > overwrites the file and the >> appends to the file. For example:
$ /opt/nwreg2/local/usrbin/cnr_keygen -n example.com. > keyfile.txt $ /opt/nwreg2/local/usrbin/cnr_keygen -n example.com. >> addtokeyfile.txt
Then, import the file using the following CLI command:
nrcmd> import keys keyfile.txt
Remember to refresh the list of keys using the Refresh icon () if you imported the key file using the CLI.
| Top of Page | Related Section | Close Window |
If you have read-write privileges and you click a key name on the List/Add Encryption Keys page, you can edit the key by modifying its name, time skew value, and secret value. If you have read-only privileges, you can only view the key data.
| Field | Description |
| Name | Shared secret key name, in domain name syntax. You cannot edit this value. |
| Algorithm | Preset at hmac-md5. You cannot edit this value. |
| Security Type | Preset at TSIG. You cannot edit this value. |
| Time Skew | Time that time stamps in packets signed with this key can differ from the local system time. Optional. You can use the h, m, and s tag letters for time values expressed in hours, minutes, and seconds, respectively. If you omit the tag, the value is in seconds. For example, the following values are identical: 5m and 300. The range is from 1s to 1h. The default is 300 seconds (5 minutes). |
| Secret | Shared secret value of the key, in base64 encoding. Required. The secret value should be at least 16 bytes long. To generate a random secret, use the Network Registrar cnr_keygen utility (see the Generating Random TSIG Keys topic). |
To unset values the Time Skew and Secret fields, click a check mark in Unset?, then click Unset Fields. When you finish making changes, click Modify Key, or Cancel to cancel the edits. You return to the List/Add Encryption Keys page. Refresh that page before choosing any more items for editing.
| Top of Page | Top of Section | Close Window |
At the local cluster, access control lists (ACLs) provide a way to assign security keys to the DNS server or to individual zones. ACLs also provide an easier way to manage dynamic update restrictions with a more versatile form of listing authorized networks and hosts. You can set the following types of ACLs:
| Top of Page | Previous Section | Close Window |
If you have read-write privileges as a ccm-admin assigned the authentication subrole, you can list, add, choose for editing, and delete ACLs. Adding and editing an ACL involves adding its name and a match list. If you have read-only privileges, you can only list the ACLs to choose for viewing.
The Match List field can include one or more of the following, separated by commas:
Here is how to proceed on this page:
) next to the name in the list. This opens a Confirm Delete page. Do not delete an ACL referenced in another ACL's match list.| Top of Page | Top of Section | Close Window |
If you have read-write privileges as a ccm-admin assigned the authentication subrole, and you click an ACL name on the List/Add Access Control Lists page, you can edit the ACL by modifying its match list. If you have read-only privileges, you can only view the match list data.
The match list can be one or more of the following, separated by commas:
Click Modify ACL, or Cancel to cancel. You return to the List/Add Access Control Lists page. Refresh that page before choosing any more items for editing.
| Top of Page | Top of Section | Close Window |
At the regional cluster, you can manage the Network Registrar local server agent, CCM server, and RIC server from the Web UI. At the local cluster, you can manage the Network Registrar protocol servers (DNS, DHCP, and TFTP), MCD server, and local server agent. Managing these servers involves determining their current state and health, and starting, stopping, or reloading the protocol servers, if necessary. This function requires the server-management subrole of the ccm-admin role.
NOTE: If you find a server error, investigate the server log file for a configuration error, correct the error, return to this page, then refresh the page.
The columns on this page are:
| Column | Description |
| Name | Description of each server, such as Local Server Agent. |
| IP Address | IP address of the server, or 127.0.0.1 for the local host. |
| Type | Type of server -- At the local cluster:
At the regional cluster:
You can edit the regional cluster CCM server by clicking its name to open the Edit CCM Server page. |
| State | State of the protocol server, which can be initialized, running, or disabled. If the Web UI cannot determine the state, ? appears. |
| Health | Relative health of the protocol server, as a color indicator:
If the Web UI cannot determine the server's health, ? appears. Note that the DHCP server is healthy only if at least one scope of addresses exists. |
| Statistics | For statistics on the protocol server, click the Statistics icon ( ) in the column. This opens the Statistics for Server page. |
| View Log | To view the log file for the server, click the View Log icon ( ) in the column. This opens the Log for Server page. |
| Start/Stop/Reload | Click the:
If any of these functions is unsuccessful, a red X appears in the column. |
Refresh the list. The page indicates when it was last refreshed. To move from this page, click any other Navigation bar choice.
| Top of Page | Top of Section | Close Window |
At the regional cluster, you can edit the CCM server to set its subnet utilization and lease history polling and trimming intervals and related attributes.
NOTE: The prerequisite to capturing subnet utilization and lease history data is that scopes and address ranges are set up, leases issued, and the DHCP server enabled for this data collection. For details, see Querying Subnet Utilization or Querying Lease History.
The CCM server performs background trimming, which trims off the subnet utilization and lease history data older than a certain age at regular intervals. The polling intervals (how often polling occurs) for both are set by default to every four hours. The trimming intervals for both are set by default to 24 hours, and the trimming ages (how far back to go in time before trimming) to 24 weeks. The CCM server retries polling once by default if it fails, and you can set the time offset of specifically when during the day you want polling to occur (using a 24-hour clock value).
NOTE: If you set the trimming interval to zero, no background trimming occurs. Also, the trimming and compacting operations require an administrator to be assigned the database subrole of the regional-admin role.
To trim the data right away or compact it, set the two Trimming/Compacting attributes at the bottom of the page, then use one of the trimming or compacting controls:
The controls on this page are:
| Control | Description |
| Modify CCM Server | Effect the attribute value changes you make on the page. |
| Unset Fields | Click a check mark in the Unset? box for the attributes you want to unset, then click the button. |
| Cancel | Cancel all operations on this page. |
| Trim All Subnet Utilization | Initiate subnet utilization trimming. |
| Compact All Subnet Utilization | Initiate compacting the subnet utilization data. |
| Trim All Lease History | Initiate lease history trimming. |
| Top of Page | Top of Section | Close Window |
This page shows the log for the specific server chosen by clicking the View Log icon () on the Manage Servers page. This function is available to all users.
The log items are ordered by date and time, historically from earliest to latest, and include the log item description. You can view the items in two different ways by clicking the View Log icon () at the top of the page, and you toggle between the two ways with each click:
Note that both views operate independently. If you step through one view using the arrow keys, you must also step through the other view to get to the same items.
To return to managing the server, click Return to Manage Servers in Table view.
| Top of Section | Viewing Statistics | Close Window |
This page shows the statistics for the DHCP, DNS, or TFTP server chosen by clicking the View Log icon () on the Manage Servers page, or on the Manage DHCP Server or Manage DNS Server page. This function is available to all users.
You can click the name of each statistic attribute for an explanation. The DNS server also includes Performance, Query, Security, Error, and Max Counter statistics.
To return to managing the server, click Return to Manage Servers.
| Top of Section | Viewing Logs | Close Window |
The CCM change log lists a set of all changes to the configuration database, in reverse chronological order (most recent first). To view these change logs at the local cluster, you must be a ccm-admin assigned the database subrole. At the regional cluster, you must be a regional-admin assigned the database subrole.
The columns in the change log are:
| Column | Description |
| DBSN | Database sequence number, or an identification number for the change event. Listed with the most recent one at the top. |
| Date | Date and time the change occurred. |
| Administrator | Name of the administrator who made the change, or (init) or (auth-init) for preconfigured data, (task) for a task (see the Listing CCM Tasks topic), or various "sync" entries for synched scopes, resource records, and zone distributions. |
| Entry Count | Number of entries in the change set. |
Click any sequence number in the DBSN column to see more specific information on the change entry. The View CCM Change Set page appears.
TIP: Click the Refresh icon () from time to time to refresh the list with the most recent changes. Note that the page shows up to only the last n number of change log entries, based on what n is set in the Change Page Size field (see the Searching for Items and Changing Page Size topic).
| Top of Page | MCD Change Log | Close Window |
The CCM change set lists the entries for the change log sequence number you choose on the View CCM Change Log page. Change sets are groups of one or more changes to a single object. The top of the page lists the change log item. Below it are the CCM database entries and any tasks created for the change set. You can step through the change log items using the Previous Page (
) and Next Page (
) icons next to the DBSN column heading. Note that the next page is actually the lower DBSN.
The columns in the Change Entries table are:
| Column | Description |
| Index | Index number of the change set, beginning with 0. |
| Operation | Operation performed on the object in the database, such as Add CCMSubnet or Modify CCMIPRange. |
| Data | Object attributes added or changed. Added objects appear in S-expression format, with the object identified by its Class Name. Modified objects appear by OID number, attribute changed, and the old and new values of the change. |
The columns in the Task Entries For Change Set table are:
| Column | Description |
| Index | Index number of the task, beginning with 0. |
| Operation | Task performed for the object in the database. |
To return to the View CCM Change Log page, click Return to Change Set List.
| Top of Page | Top of Section | Close Window |
The MCD change log lists a set of all changes to the server configuration database, in reverse chronological order (most recent first). To view the MCD change logs at the local cluster, you must be a ccm-admin assigned the database subrole.
The columns in the change log are:
| Column | Description |
| DBSN | Database sequence number, or an identification number for the change event. Listed with the most recent one at the top. |
| Date | Date and time that the change occurred. |
| Administrator | Name of the administrator or network object that made the change, or (init) or (auth-init) for preconfigured data or (task) for a task. |
| Entry Count | Number of changes that the administrator made. |
Click any sequence number in the DBSN column to see specific information on the change entry. The View MCD Change Set page appears.
TIP: Click the Refresh icon () from time to time to refresh the list with the most recent changes. Note that the page shows up to only the last n number of change log entries, based on what n is set in the Change Page Size field (see the Searching for Items and Changing Page Size topic)
| Top of Page | CCM Change Log | Close Window |
The MCD change set lists the change sets for the specific change log sequence number you choose on the View MCD Change Log page. Change sets are groups of one or more changes to a single object. The top of the page lists the change log item and below it are the MCD database change sets for this change log item. You can step through the change set items using the Previous Page () and Next Page () icons next to the DBSN column heading. Note that the next page is actually the lower DBSN.
The columns in the Change Entries table are:
| Column | Description |
| Index | Index number of the change set, beginning with 0. |
| Operation | Operation performed on the object in the database, such as Add Network and Modify Zone. |
| Data | Object attributes added or changed. Added objects appear in S-expression format, with the object identified by its Class Name. Modified objects appear by OID number, attribute changed, and the old and new values of the change. |
The columns in the Task Entries For Change Set table are:
| Column | Description |
| Index | Index number of the task, beginning with 0. |
| Operation | Task performed for the object in the database, such as AddCNRNetwork. |
To return to the View MCD Change Log page, click Return to Change Set List.
| Top of Page | Top of Section | Close Window |
The CCM task list displays the database tasks associated with object additions and modifications. The tasks refer back to change set DBSN numbers for change logs. To view these change tasks at the local cluster, you must be a ccm-admin assigned the database subrole. At the regional cluster, you must be a regional-admin assigned the database subrole.
You can expand and contract the tree of change sets to display the tasks for each change set by clicking the plus sign (+) next to any of the DBSN sequence numbers. You can expand all the entries by clicking Expand All, or collapse them all by clicking Collapse All. Clicking the DBSN sequence number itself opens the View CCM Change Set page for that change entry.
Refresh this page every time you open it. You can step through the tasks using the Previous Page () and Next Page () icons at the bottom of the page.
The columns in the table are:
| Column | Description |
| DBSN | Index number of the change set, beginning with 0. |
| Task ID | ID number of the task, beginning with 1. |
| Task Description | Simple task description, as task : data,[data]. |
| Top of Page | MCD Tasks | Close Window |
The MCD task list displays the database tasks associated with object additions and modifications. The tasks refer back to change set DBSN sequence numbers for change logs.To view the MCD tasks at the local cluster, you must be a ccm-admin assigned the database subrole.
You can expand and contract the tree of change sets to display the tasks for each change set by clicking the plus sign (+) next to any of the DBSN sequence numbers. You can expand all the entries by clicking Expand All, or collapse them all by clicking Collapse All. Clicking the DBSN sequence number itself opens the View MCD Change Set page for that change entry.
Refresh this page every time you open it. You can step through the tasks using the Previous Page () and Next Page () icons at the bottom of the page.
The columns in the table are:
| Column | Description |
| DBSN | Index number of the change set, beginning with 0. |
| Task ID | ID number of the task, beginning with 1. |
| Task Description | Simple task description, as task : data,[data]. |
| Top of Page | CCM Tasks | Close Window |
If you accidentally delete all the roles by which you can log in to Network Registrar (those having superuser, ccm-admin, or regional-admin privileges), you can recover by creating a username/password pair in the install-path/conf/priv/local.superusers file. You must create this file, have write access to it, and include a line in it with the format:
username password
After you create the file, stop and restart the Network Registrar server agent. Use this username and password for the next login session.
CAUTION: Using the local.superusers file causes reduced security. Therefore, use this file only in emergencies such as when temporarily losing all login access. Once logged in, create a superuser account in the usual way, then delete the local.superusers file or its contents.| Top of Page | Top of Section | Close Window |
(10) -- optimal health
-- less than optimal health
(0) -- stopped.
) to start or restart the server
) to stop the server