Name
[Windows Manager]
Installation_folder\SVROR\Manager\bin\rcxnetworkservice - NS Appliance Operations
[Linux Manager]
/opt/FJSVrcvmr/bin/rcxnetworkservice - NS Appliance Operations
Format
rcxnetworkservice create -ip ipaddress -user user -passwd password -file file.xml [-name name] [-mgrnet network/mask {-gw gateway | -gw name=gateway[, name=gateway]...}] rcxnetworkservice delete -ip ipaddress -user user -passwd password -file file.xml [-name name] rcxnetworkservice setup -ip ipaddress -user user -passwd password -file file.xml [-name name] rcxnetworkservice register -file file.xml rcxnetworkservice unregister -file file.xml rcxnetworkservice update -ip ipaddress -user user -passwd password -file file.xml -image image [-name name] [-mgrnet network/mask {-gw gateway | -gw name=gateway[, name=gateway]...}] rcxnetworkservice list -ip ipaddress -user user -passwd password rcxnetworkservice start -ip ipaddress -user user -passwd password -file file.xml [-name name] rcxnetworkservice stop -ip ipaddress -user user -passwd password -file file.xml [-name name] [-force] rcxnetworkservice restart -ip ipaddress -user user -passwd password -file file.xml [-name name] [-force] rcxnetworkservice lserver -file file
rcxnetworkservice registerimage
rcxnetworkservice deploy -ip ipaddress -user user -passwd password -file file.xml [-name name] [-mgrnet network/mask {-gw gateway | -gw name=gateway[, name=gateway]...}] rcxnetworkservice preconfig -ip ipaddress -user user -passwd password -file file.xml -config config.xml [-name name] rcxnetworkservice lanctl -ip ipaddress -user user -passwd password -mac mac1,mac2
rcxnetworkservice reuse -ip ipaddress -user user -passwd password -file file.xml [-name name]
rcxnetworkservice fcctl -ip ipaddress -user user -passwd password -path {multi | single} rcxnetworkservice certctl -name name -sync
rcxnetworkservice appext -ip ipaddress -user user -passwd password
rcxnetworkservice modify -ip ipaddress -user user -passwd password -type server -attr mngip=ipaddress,mask=mask,gw={gateway | none} rcxnetworkservice modify -ip ipaddress -user user -passwd password -type server -attr nsmng_oldip=oldipaddress,nsmng_newip=newipaddress,mgrgw=gateway,mgrnet=network/mask
rcxnetworkservice modify -ip ipaddress -user user -passwd password -type server -attr nsmng_oldip=oldipaddress,nsmng_newip=newipaddress,mgrgw=none
Description
rcxnetworkservice is the command used to operate NS Appliances.
Subcommands
Creates an NS Appliance on a dedicated server for the NS Appliance, as a VM guest.
When creating an NS Appliance in a subnet other than that of the manager's admin LAN, specify the -mgrnet option and the -gw option.
Deletes an NS Appliance.
When the delete subcommand is executed, NS Appliance is deleted even if it is running. For this reason, confirm that the NS Appliance is not being used before executing the delete subcommand.
When executing the rcxadm netdevice show command, if nothing is displayed in the line of "AllocatedResources[XXX]:", the corresponding NS Appliance is not being used on the L-Platform.
For details on the rcxadm netdevice show command, refer to "3.8 rcxadm netdevice" in the "Reference Guide (Command/XML) CE".
Sets up an NS Appliance.
Configure the following information, when "Pre-configuration information (PresettingInfo)" in the network configuration information file (XML definition) has been omitted.
Item Name | Description |
|---|---|
Host name | Host name of the NS Appliance Specify the name attribute value of the Netdevice element in the network configuration information file (XML definition). |
SNMP community name | The community name of the SNMP agent for the NS Appliance Specify the value of the ReadCommunity element in the network configuration information file (XML definition). |
Account | The account for accessing the NS Appliance Specify the value of the User element in the network configuration information file (XML definition). |
Password | The password for the access account of the NS Appliance Specify the value of the Password element in the network configuration information file (XML definition). |
Administrator password | The administrator password for the access account of the NS Appliance Specify the value of the PrivilegedPassword element in the network configuration information file (XML definition). |
Session log collection level | Collection level of NS Appliance session log. Specify INFO level. |
Event log audit level | Event log audit level which is not the same as the access control rule of the NS appliance. Configure normal (match-normal). |
telnet idle timeout | Monitors timeout of telnet sessions of NS Appliance Set 5 minutes for the interval of idle timeout. |
Application identification | Identifies applications used for NS Appliance
|
Configure the following information, when "Simple" is specified in "Pre-configuration information (PresettingInfo)" in the network configuration information file (XML definition).
Item Name | Description |
|---|---|
Host name | Host name of the NS Appliance Specify the name attribute value of the Netdevice element in the network configuration information file (XML definition). |
SNMP community name | The community name of the SNMP agent for the NS Appliance Specify the value of the ReadCommunity element in the network configuration information file (XML definition). |
Account | The account for accessing the NS Appliance Specify the value of the User element in the network configuration information file (XML definition). |
Password | The password for the access account of the NS Appliance Specify the value of the Password element in the network configuration information file (XML definition). |
Administrator password | The administrator password for the access account of the NS Appliance Specify the value of the PrivilegedPassword element in the network configuration information file (XML definition). |
Session log collection level | Collection level of the session log of NS Appliance firewalls Specify INFO level. |
Message log collection level | Collection level of NS appliance message logs Specify INFO level. |
Event log audit level | Event log audit level which is not the same as the access control rule of the NS appliance. Specify uncollected (match-none). |
telnet idle timeout | Monitors timeout of telnet sessions of NS Appliance Set 5 minutes for the interval of idle timeout. |
Application identification | Identifies applications used for NS Appliance
|
Access control conditions | Depending on the following conditions, perform configuration of packet discard.
|
When executing the setup subcommand on multiple NS Appliances at the same time, setup of some of the NS Appliances may fail. In that case, specify the -name option, and execute the -setup subcommand on the NS Appliances on which setup failed.
Registers an NS Appliance as a network device in the network device tree.
If the ruleset folder does not exist, it will be automatically created.
Information
If there is hardware device information in the specified network configuration information file (XML definition), hardware devices will be also registered.
Unregisters an NS Appliance from the manager.
Any hardware devices configured in the specified network configuration information file (XML definition) will be also unregistered.
The ruleset folder will not be deleted. Manually delete it if necessary.
To unregister particular network devices only, use the rcxadm netdevice delete command.
For details on the rcxadm netdevice command, refer to "3.8 rcxadm netdevice" in the "Reference Guide (Command/XML) CE".
Performs software update of NS Appliance.
When the update subcommand is executed, software update is performed on the NS Appliance even if it is running.
For this reason, stop the NS Appliance before executing the update subcommand.
When the NS Appliance belongs to any subnets other than that of the manager's admin LAN, specify the -mgrnet option and the -gw option.
Information
New NS Appliances created using the create subcommand on the same dedicated server for NS Appliances for which software update has been performed will be created with the same software updates applied.
Displays a list of NS Appliances.
For an NS Appliance created on a dedicated server for the NS Appliance specified using the -ip option, the following information is displayed:
Item Name | Description |
|---|---|
NAME | Name of the NS Appliance IP address of the network device. |
STATUS | Status of the NS Appliance One of the following is displayed:
|
TYPE | Information on the NS appliance type One of the following is displayed:
|
Starts an NS Appliance.
Stops an NS Appliance.
When executing the stop subcommand for the NS Appliance which has not been set up using the rcxnetworkservice setup command, specify the -force option.
If the stop subcommand is executed without the -force option specified, an error will occur.
Restarts an NS Appliance.
The restart subcommand cannot be used on an NS Appliance which has not been set up using the rcxnetworkservice setup command. Stop the NS Appliance using the -force option of the stop subcommand, and then start it using the start subcommand.
Creates a physical L-Server for NS Appliance.
L-Servers can be created using commands when the following conditions are satisfied. If these conditions are not satisfied, create them using the GUI.
When creating a dedicated server for NS Appliances using SAN storage
When using an admin LAN in which NIC1 and NIC2 are in a redundant configuration
Information
The XML file specified when creating the dedicated server for NS Appliances is saved using the following filename in the same folder as the specified file:
NS_XML_filename.xml |
Example
Specified file: /root/ns_server
File to be saved: /root/NS_ns_server.xml
Registers the cloning image for NS option that is stored in the image file storage folder with ROR CE manager.
Deploys (creates or configures) NS appliances
When creating an NS Appliance in a subnet other than that of the manager's admin LAN, specify the -mgrnet option and the -gw option.
Performs pre-configuration of NS appliances.
Specify the following information:
Item Name | Description |
|---|---|
Interface definition on the public LAN | Interface on the NS appliance public LAN Configure the following items based on the information in the NS appliance pre-configuration file (XML definition).
|
Definition of the route information (routing). | NS appliance route information Configure the values of the gateway element in the NS appliance pre-configuration file (XML definition). |
For details on the pre-configuration settings, refer to "C.2 Pre-configuration".
Configures the network settings of the physical server for NS appliance.
Only specify it when using the internal disk of the physical server for NS appliance.
After executing this command, the physical server for an NS appliance restarts.
Initializes and reconfigures an NS Appliance.
The following settings are initialized:
Configuration definitions
The following information is deleted:
Logs
Certificates
SLB error response files
For details on the information reconfigured, refer to the setup subcommand.
Sets the FC path configuration of a physical L-Server for NS Appliances.
Specify only when using the SAN storage on which the physical L-Server for NS Appliances operates.
After executing this command, the physical L-Server for an NS Appliance restarts.
Performs management of certificate information for NS Appliances.
Changes the maximum number of NS Appliances that operate on the dedicated server for NS Option from 10 to 20.
After executing this command, the dedicated server for NS Appliance is restarted.
Changes the settings of the dedicated server for NS Option.
Options
In ipaddress, specify an IP address to access the dedicated server for NS Appliances used for NS Appliance creation.
In user, specify a user ID to use to access the dedicated server for NS Appliances used for NS Appliance creation.
In password, specify the password for the user ID to use to access the dedicated server for NS Appliances used for NS Appliance creation.
In file.xml, specify the network configuration information file (XML definition).
When using a network configuration information file (XML definition) in which batch creation of multiple network devices is defined, the operation will be performed on all defined NS Appliances.
Up to 10 NS Appliances (or 20 when expanded) can be created on a single dedicated server for NS Appliances.
Up to 10 (or 20 when expanded) different pieces of information can be specified for NS Appliances in the network configuration information file (XML definition) for NS Appliance operations.
When creating multiple dedicated servers for NS Appliances, create the same number of network configuration information files (XML definitions) as the number of dedicated servers.
In config.xml, specify the pre-configuration file (XML definition) of the NS appliance.
It is necessary to define the information corresponding to the NS appliance defined in the network configuration information file (XML definition) specified using the -file option.
For details on the NS appliance pre-configuration file (XML definition), refer to "2.2.3.4 NS Appliance Pre-configuration File".
In name, specify the device name of the target NS Appliance.
The operation will be only performed on NS Appliances with device names specified in the network configuration information file (XML definition).
In network/mask, specify the network address and mask value of the admin LAN of the manager.
In network, specify the address in the IPv4 address format.
In mask, specify a number between 1 and 32.
Example
When the admin LAN network address is 192.168.1.0 with a 24-bit mask
-mgrnet 192.168.1.0/24 |
In gateway, specify the IP address of the gateway used by the NS Appliance to access the admin LAN of the manager, in the IPv4 address format.
When multiple NS Appliances are defined in the network configuration information file (XML definition) specified using the -file option, the gateway for all NS Appliances to be created will have the IP address specified in gateway. To configure different gateways for individual NS Appliances, specify the -gw option using the name=gateway format.
Example
When setting 192.168.1.1 for the gateway of the NS Appliance
-gw 192.168.1.1 |
In name, specify the device name (the name attribute value of the Netdevice element) defined in the network configuration information (XML definition) specified using the -file option.
In gateway, specify the IP address of the gateway used by the NS Appliance specified for name to access the admin LAN of the manager, in the IPv4 address format.
When multiple NS Appliances are defined in the network configuration information file (XML definition) specified using the -file option, specify the gateways for individual NS Appliances, separating them using commas (",").
Example
When creating NS Appliances (NS1 and NS2) and setting 192.168.1.1 and 192.168.2.1 for the gateways of NS1 and NS2, respectively
-gw NS1=192.168.1.1,NS2=192.168.2.1 |
Forcibly stops or restarts an NS Appliance.
In image, specify the update image of the NS Appliance.
Specify the file created in "2.2.3.6 Configuration Files for Creating Dedicated Physical L-Servers for NS Appliance".
Specify the MAC addresses of NICs used for the admin LAN of a physical server using colons (":") as delimiters.
When using two MAC addresses, separate them using commas (",").
Example
When mac1 is "X1:X2:X3:X4:X5:X6", and mac2 is "Y1:Y2:Y3:Y4:Y5:Y6" for the admin LAN NICs of a physical server.
-mac X1:X2:X3:X4:X5:X6,Y1:Y2:Y3:Y4:Y5:Y6
Specify the FC path configuration of a physical L-Server for NS Appliances.
Specify "multi" to change the FC path configuration from a single path configuration to a multi-path configuration.
Specify "single" to change the FC path configuration from a multi-path configuration to a single configuration.
Registers certificate information registered in the NS Appliance to the management information of the ROR manager.
Changes the settings of the dedicated server for NS Appliance.
Changes the admin LAN network settings for the dedicated server for NS Appliance.
In ipaddress, using the IPv4 address format, specify the admin IP address after change.
In mask, using the IPv4 address format, specify the subnet mask after change.
In gateway, specify the IP address of the gateway used by the dedicated server for NS Appliance to access the admin LAN of the manager, in the IPv4 address format. When not specifying the gateway or deleting it, specify "none".
For the IP address of the admin IP address or the default gateway, specify it within the range of 1.0.0.1 - 126.255.255.254, 128.0.0.1 - 191.255.255.254, or 192.0.0.1 - 223.255.255.254.
The admin IP address and the default gateway IP address must be in the same subnet.
After specifying this command, the dedicated server for NS Appliance is restarted.
Example
When configuring an admin LAN network for a dedicated server for NS Appliance specifying 192.168.1.10 for the IP address, 255.255.255.0 for the subnet mask, and 192.168.1.1 for the default gateway
-attr mngip=192.168.1.10,mask=255.255.255.0,gw=192.168.1.1
When configuring an admin LAN network specifying 192.168.1.10 for the IP address, 255.255.255.0 for the subnet mask, and not specifying or deleting the default gateway
-attr mngip=192.168.1.10,mask=255.255.255.0,gw=none
Update the admin LAN IP address and the gateway information of the NS Appliance management information.
In oldipaddress, using the IPv4 address format, specify the admin IP address before change.
In newipaddress, using the IPv4 address format, specify the admin IP address after change.
In gateway, specify the IP address of the gateway used by the NS Appliance to access the admin LAN of the manager, in the IPv4 address format.
In network/mask, specify the network address and mask value of the admin LAN of the manager.
In network, using the IPv4 format, specify the network address of the admin LAN of the manager.
In mask, specify the mask length of the network address of the admin LAN of the manager using a number between 1 and 32.
For the IP address of the admin IP address or the gateway, specify it within the range of 1.0.0.1 - 126.255.255.254, 128.0.0.1 - 191.255.255.254, or 192.0.0.1 - 223.255.255.254.
When not updating the gateway information, specify it in the following format.
-attr nsmng_oldip=oldipaddress,nsmng_newip=newipaddress,mgrgw=non
Example
When configuring the gateway IP address as 192.168.1.1, and admin LAN network address and the mask value of the gateway IP address as 192.168.1.0 and 24 respectively, after changing the admin IP address of the NS appliance from 192.168.1.10 to 192.168.1.20
-attr nsmng_oldip=192.168.1.10,nsmng_newip=192.168.1.20, mgrgw=192.168.1.1,mgrnet=192.168.1.0/24
Update the admin LAN IP address information of the NS Appliance management information.
In oldipaddress, using the IPv4 address format, specify the admin IP address before change.
In newipaddress, using the IPv4 address format, specify the admin IP address after change.
For the IP address of the admin IP address, specify it within the range of 1.0.0.1 - 126.255.255.254, 128.0.0.1 - 191.255.255.254, or 192.0.0.1 - 223.255.255.254.
When updating the gateway information, specify it in the following format.
-attr nsmng_oldip=oldipaddress,nsmng_newip=newipaddress,mgrgw=gateway,mgrnet=network/mask
Example
When changing the admin IP address of the NS Appliance from 192.168.1.10 to 192.168.1.20
-attr nsmng_oldip=192.168.1.10,nsmng_newip=192.168.1.20,mgrgw=none
Example
When displaying the list of NS Appliances on the dedicated server for NS Appliances.
>rcxnetworkservice list -ip 192.168.1.1 -user USER1 -passwd PASSWORD
NAME STATUS TYPE
---- ------ ----
192.168.1.10 running Firewall
192.168.1.11 stop Firewall/SLB |
