Alcatel-Lucent OmniAccess 3500 사용자 설명서
OmniAccess 3500 Nonstop Laptop Guardian Administration Guide
Chapter 4. OmniAccess 3500 NLG Infrastructure
Maintenance
Maintenance
This chapter describes the procedures that are needed for maintenance of the
infrastructural components of the OmniAccess 3500 NLG platform after they are
installed.
infrastructural components of the OmniAccess 3500 NLG platform after they are
installed.
Backing Up and Restoring the OmniAccess 3500 NLG Gateway
Configuration
Configuration
The backup-and-restore procedures described in this section should be applied to
recover from the complete failure of an OmniAccess 3500 NLG gateway unit, when the
failed unit is replaced with a new one.
The criticality of the specific OmniAccess 3500 NLG gateway instance drives the choice
for the backup frequency and for the location of the backup repository. At a minimum,
it is recommended to backup the configuration data at least once a day, and to store
the backup files in two geographically separated backup repository sites.
recover from the complete failure of an OmniAccess 3500 NLG gateway unit, when the
failed unit is replaced with a new one.
The criticality of the specific OmniAccess 3500 NLG gateway instance drives the choice
for the backup frequency and for the location of the backup repository. At a minimum,
it is recommended to backup the configuration data at least once a day, and to store
the backup files in two geographically separated backup repository sites.
Automatic Backup Configuration
The following steps are required for configuration of the automatic backup procedure:
1. Make sure that the gateway already has all the files that it needs to establish
1. Make sure that the gateway already has all the files that it needs to establish
secure connections with other network nodes:
o
Keytab File: File containing the credentials of the gateway for authentication
with the Active Directory Server (ADS). The file must necessarily be uploaded
to the gateway before any interaction with the Active Directory (AD)
with the Active Directory Server (ADS). The file must necessarily be uploaded
to the gateway before any interaction with the Active Directory (AD)
infrastructure can start. This includes the case where the method used for
authentication of one or more user groups changes from RADIUS to AD.
authentication of one or more user groups changes from RADIUS to AD.
o
CA Certificate: Digital certificate of the Certificate Authority (CA), which
includes the CA’s public key and digital signature. The same CA certificate is
installed in the OmniAccess 3500 NLG cards.
includes the CA’s public key and digital signature. The same CA certificate is
installed in the OmniAccess 3500 NLG cards.
o
CA Certificate Revocation List: List of certificates issued by the Certificate
Authority that have been revoked before their natural expiration.
Authority that have been revoked before their natural expiration.
o
Gateway Certificate: Certificate (public key) of the gateway, used by peer
network nodes for encryption of the messages they send to the gateway.
o
Gateway Private Key: Secret key used by the gateway to decrypt the messages
it receives from peer network nodes (including the OmniAccess 3500 NLG
cards).
it receives from peer network nodes (including the OmniAccess 3500 NLG
cards).
In the unlikely case that the files listed have not already been uploaded, follow
the procedure described in the File Upload section of this document (page 22) to
install the files in the gateway.
the procedure described in the File Upload section of this document (page 22) to
install the files in the gateway.
2. Add a pass rule to the Rules table (through the [Gateway|Configure Advanced
Settings|Rules|New] command path) to allow traffic from the gateway to the
designated backup server. The rule is typically set for the Ethernet interface of
the gateway that faces the private portion of the enterprise network (LAN). In the
designated backup server. The rule is typically set for the Ethernet interface of
the gateway that faces the private portion of the enterprise network (LAN). In the
70