Juniper Networks Network and Security Manager

thingsplaneΔιακομιστές

9 Δεκ 2013 (πριν από 3 χρόνια και 10 μήνες)

1.206 εμφανίσεις

Juniper Networks
Network and Security Manager
CentOS Upgrade Guide
Release
2012.2
Published:2013-05-28
Revision 1
Copyright ©2013,Juniper Networks,Inc.
Juniper Networks,Inc.
1194 North Mathilda Avenue
Sunnyvale,California 94089
USA
408-745-2000
www.juniper.net
This product includes theEnvoy SNMPEngine,developedby EpilogueTechnology,anIntegratedSystems Company.Copyright ©1986-1997,
Epilogue Technology Corporation.All rights reserved.This programand its documentation were developed at private expense,and no part
of themis in the public domain.
This product includes memory allocation software developed by Mark Moraes,copyright ©1988,1989,1993,University of Toronto.
This product includes FreeBSDsoftware developed by the University of California,Berkeley,and its contributors.All of the documentation
and software included in the 4.4BSDand 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California.Copyright ©
1979,1980,1983,1986,1988,1989,1991,1992,1993,1994.The Regents of the University of California.All rights reserved.
GateDsoftware copyright ©1995,the Regents of the University.All rights reserved.Gate Daemon was originated and developed through
release 3.0by Cornell University and its collaborators.Gated is based on Kirton’s EGP,UCBerkeley’s routing daemon (routed),and DCN’s
HELLOrouting protocol.Development of Gated has been supported in part by the National Science Foundation.Portions of the GateD
software copyright ©1988,Regents of the University of California.All rights reserved.Portions of the GateDsoftware copyright ©1991,D.
L.S.Associates.
This product includes software developed by Maker Communications,Inc.,copyright ©1996,1997,Maker Communications,Inc.
Juniper Networks,Junos,Steel-Belted Radius,NetScreen,and ScreenOS are registered trademarks of Juniper Networks,Inc.in the United
States and other countries.The Juniper Networks Logo,the Junos logo,and JunosE are trademarks of Juniper Networks,Inc.All other
trademarks,service marks,registered trademarks,or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document.Juniper Networks reserves the right to change,modify,
transfer,or otherwise revise this publication without notice.
Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are
owned by or licensed to Juniper Networks:U.S.Patent Nos.5,473,599,5,905,725,5,909,440,6,192,051,6,333,650,6,359,479,6,406,312,
6,429,706,6,459,579,6,493,347,6,538,518,6,538,899,6,552,918,6,567,902,6,578,186,and 6,590,785.
Network and Security Manager CentOS Upgrade Guide
Copyright ©2013,Juniper Networks,Inc.
All rights reserved.
Revision History
May 2013—Revision 1
The information in this document is current as of the date on the title page.
YEAR2000NOTICE
Juniper Networks hardware and software products are Year 2000compliant.Junos OS has no known time-related limitations through the
year 2038.However,the NTPapplication is known to have some difficulty in the year 2036.
ENDUSERLICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks
software.Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at
http://www.juniper.net/support/eula.html.By downloading,installing or using such software,you agree to the terms and conditions of
that EULA.
Copyright ©2013,Juniper Networks,Inc.
ii
Table of Contents
About This Guide..................................................vii
Objectives.....................................................vii
Audience......................................................vii
Conventions....................................................vii
Documentation..................................................ix
Requesting Technical Support......................................x
Self-Help Online Tools and Resources............................xi
Opening a Case with JTAC.....................................xi
Part 1 Network and Security Manager CentOSUpgrade Procedures
Chapter 1 Upgrading CentOS 4.x to CentOS 5.7 on NSMAppliances...............3
Prerequisite.........................................................3
Upgrading an NSM Appliance OS.......................................3
Upgrade Using Local Hard disk......................................3
Upgrading Using CDROM..........................................5
Setting Up Administrative Accounts and Networking........................5
Logging In to the System..........................................5
Connecting an Appliance to the Network.............................5
Configuring and Refreshing NSM....................................6
Running NSM Setup..............................................6
NSMXpress Settings Menu.....................................7
Choice [1-8,Q,R]:Q............................................7
Sub Option Choice [1-8,Q,R]:5..................................7
Checking the Installation..........................................8
Chapter 2 Update Recovery Partition to a Factory Restore Version with CentOS
5.7...............................................................11
Performing Upgrade Recovery Partition..................................11
Restoring the System to Factory Setting.................................11
Changing the IP address..............................................12
Chapter 3 CentOS Upgrade Path Examples....................................13
Upgrade Paths.....................................................13
Scenario 1......................................................13
Scenario 2.....................................................14
Scenario 3.....................................................14
Scenario 4.....................................................14
Scenario 5.....................................................15
Scenario 6.....................................................15
Scenario 7......................................................15
iii
Copyright ©2013,Juniper Networks,Inc.
Scenario 8.....................................................15
Part 2 Index
Index.............................................................19
Copyright ©2013,Juniper Networks,Inc.
iv
Network and Security Manager CentOS Upgrade Guide
List of Tables
About This Guide..................................................vii
Table 1:Notice Icons.................................................viii
Table 2:Text Conventions............................................viii
Table 3:Syntax Conventions...........................................ix
Table 4:Network and Security Manager Publications.......................ix
v
Copyright ©2013,Juniper Networks,Inc.
Copyright ©2013,Juniper Networks,Inc.
vi
Network and Security Manager CentOS Upgrade Guide
About This Guide

Objectives on page vii
• Audience on page vii

Conventions on page vii
• Documentation on page ix

Requesting Technical Support on page x
Objectives
ThisNetworkandSecurityManager CentOSUpgradeGuidedescribeshowyoucanupgrade
CentOS on an Network and Security Manager (NSM) system.
Audience
This guide is intended primarily for IT administrators who are responsible for installing,
upgrading,and maintaining NSM.
Conventions
The sample screens used throughout this guide are representations of the screens that
appear when you install and configure the NSMsoftware.The actual screens may differ.
All examples showdefault file paths.If you do not accept the installation defaults,your
paths will vary fromthe examples.
Table 1 on page viii defines notice icons used in this guide.
vii
Copyright ©2013,Juniper Networks,Inc.
Table 1:Notice Icons
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Indicates a situation that might result in loss of data or hardware damage.Caution
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury froma laser.Laser warning
Table 2 on page viii defines text conventions used in this guide.
Table 2:Text Conventions
ExamplesDescriptionConvention
• Issue the clock source command.
• Specify the keyword exp-msg.
• Click User Objects
• Represents commands and keywords
in text.
• Represents keywords
• Represents UI elements
Bold typeface like this
user inputRepresents text that the user must type.Bold typeface like this
host1#
showip ospf
Routing Process OSPF 2 with Router
ID 5.5.0.250
Router is an area Border Router
(ABR)
Represents information as displayed on
the terminal screen.
fixed-width font
Ctrl + dIndicates that youmust press twoor more
keys simultaneously.
Key names linkedwithaplus (+) sign
• The product supports two levels of
access,user and privileged.
• clusterID,ipAddress.
• Emphasizes words
• Identifies variables
Italics
Object Manager >User Objects >Local
Objects
Indicates navigation paths through the UI
by clicking menu options and links.
The angle bracket (>)
Table 3 on page ix defines syntax conventions used in this guide.
Copyright ©2013,Juniper Networks,Inc.
viii
Network and Security Manager CentOS Upgrade Guide
Table 3:Syntax Conventions
ExamplesDescriptionConvention
terminal lengthRepresent keywordsWords in plain text
mask,accessListNameRepresent variablesWords in italics
diagnostic | lineRepresent a choice to select one keyword or
variable to the left or right of this symbol.The
keywordor variablecanbeoptional or required.
Words separated by the pipe ( | )
symbol
[ internal | external ]Represent optional keywords or variables.Words enclosed in brackets ( [ ] )
[ level1 | level2 | 11 ]*Represent optional keywords or variables that
can be entered more than once.
Words enclosed in brackets followed
by an asterisk ( [ ]*)
{ permit | deny } { in| out } { clusterId
| ipAddress }
Represent required keywords or variables.Words enclosed in braces ( { } )
Documentation
Table 4 on page ix describes documentation for NSM.
Table 4:Network and Security Manager Publications
DescriptionBook
Describes the steps to install the NSMmanagement systemon a
single server or on separate servers.It also includes information on
howtoinstall andruntheNSMuser interface.This guideis intended
for IT administrators responsible for the installation or upgrade of
NSM.
Network and Security
Manager Installation Guide
Describes howto use and configure key management features in
theNSM.It provides conceptual information,suggestedworkflows,
and examples.This guide is best used in conjunction with the NSM
OnlineHelp,whichprovidesstep-by-stepinstructionsfor performing
management tasks in the NSMUI.
This guide is intended for application administrators or those
individuals responsible for owning the server and security
infrastructure and configuring the product for multi-user systems.
It is also intended for device configuration administrators,firewall
and VPNadministrators,and network security operation center
administrators.
Network and Security
Manager Administration
Guide
Provides details about configuringdevice features for all supported
ScreenOS platforms.
Network and Security
Manager Configuring
ScreenOS Devices Guide
Provides details about configuringdevice features for all supported
Intrusion Detection and Prevention (IDP) platforms.
Network and Security
Manager Configuring
Intrusion Detection and
Prevention Devices Guide
ix
Copyright ©2013,Juniper Networks,Inc.
About This Guide
Table 4:Network and Security Manager Publications (continued)
DescriptionBook
Provides procedures for basic tasks in the NSMuser interface.It
also includes a brief overviewof the NSMsystemanda description
of the GUI elements.
Network and Security
Manager Online Help
Provides complete syntax and description of the SOAPmessaging
interface to NSM.
Network and Security
Manager API Guide
Provides the latest information about features,changes,known
problems,resolved problems,and systemmaximumvalues.If the
informationintheReleaseNotes differs fromtheinformationfound
in the documentation set,followthe Release Notes.
Release notes are included on the corresponding software CDand
are available on the Juniper Networks website.
Network and Security
Manager Release Notes
Provides details about configuring the device features for all
supported Infranet Controllers.
Network and Security
Manager Configuring
Infranet Controllers Guide
Provides details about configuring the device features for all
supported Secure Access Devices.
Network and Security
Manager ConfiguringSecure
Access Devices Guide
Provides details about configuring the device features for all
supported EXSeries platforms.
Network and Security
Manager Configuring EX
Series Switches Guide
Provides details about configuring the device features for all
supported J Series Services Routers and SRXSeries Services
Gateways.
Network and Security
Manager Configuring J
Series Services Routers and
SRX Series Services
Gateways Guide
Provides details about configuring the device features for MSeries
and MXSeries platforms.
Network and Security
Manager MSeries and MX
Series Devices Guide
Requesting Technical Support
Technical product support isavailablethroughtheJuniper NetworksTechnical Assistance
Center (JTAC).If you are a customer with an active J-Care or JNASCsupport contract,
or are covered under warranty,and need postsales technical support,you can access
our tools and resources online or open a case with JTAC.
• JTACpolicies—For a complete understanding of our JTACprocedures and policies,
reviewthe JTACUser Guide located at
http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
• Product warranties—For product warranty information,visit
http://www.juniper.net/support/warranty/.
Copyright ©2013,Juniper Networks,Inc.
x
Network and Security Manager CentOS Upgrade Guide

JTACHours of Operation —The JTACcenters have resources available 24 hours a day,
7 days a week,365 days a year.
Self-Help Online Tools and Resources
For quick and easy problemresolution,Juniper Networks has designed an online
self-service portal calledthe Customer Support Center (CSC) that provides you withthe
following features:
• Find CSCofferings:http://www.juniper.net/customers/support/

Find product documentation:http://www.juniper.net/techpubs/
• Find solutions and answer questions using our Knowledge Base:http://kb.juniper.net/
• Download the latest versions of software and reviewrelease notes:
http://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
https://www.juniper.net/alerts/
• Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
• Open a case online in the CSCCase Management tool:http://www.juniper.net/cm/
Toverifyserviceentitlement byproduct serial number,useour Serial Number Entitlement
(SNE) Tool:https://tools.juniper.net/SerialNumberEntitlementSearch/
Opening a Case with JTAC
You can open a case with JTACon the Web or by telephone.

Use the Case Management tool in the CSCat http://www.juniper.net/cm/.
• Call 1-888-314-JTAC(1-888-314-5822 toll-free in the USA,Canada,and Mexico).
For international or direct-dial options in countries without toll-free numbers,visit us at
http://www.juniper.net/support/requesting-support.html
xi
Copyright ©2013,Juniper Networks,Inc.
About This Guide
Copyright ©2013,Juniper Networks,Inc.
xii
Network and Security Manager CentOS Upgrade Guide
PART1
Network and Security Manager CentOS
Upgrade Procedures
• Upgrading CentOS 4.x to CentOS 5.7 on NSMAppliances on page 3

Update Recovery Partition to a Factory Restore Version with CentOS 5.7 on page 11
• CentOS Upgrade Path Examples on page 13
1
Copyright ©2013,Juniper Networks,Inc.
Copyright ©2013,Juniper Networks,Inc.
2
Network and Security Manager CentOS Upgrade Guide
CHAPTER1
Upgrading CentOS 4.x to CentOS 5.7 on
NSMAppliances
To resolve some security vulnerabilities in CentOS 4.Xreleases,in NSM2012.2 you need
toupgradeNSMappliancestoCentOS5.7.NSM2011.4and2010.3canalsorunonCentOS
5.7.This sections shows you howto upgrade your existing NSMXpress appliances to run
CentOS 5.7.
NOTE:After CentOSupgrade NSMdatabase and logs are retained without
any change.However,NSMOSIP,passwords and other OSlevel setting are
lost and need to be configured after upgrade.
• Prerequisite on page 3

Upgrading an NSMAppliance OS on page 3
• Setting Up Administrative Accounts and Networking on page 5
Prerequisite
The following are the prerequisites to upgrade NSMappliance OS:

CentOS5.7 ISONSMXpress-appliance-Centos5.7-v1.iso.
• Recovery partition update script UpdateRecoveryPartition_5.7_v1.sh.
• Linux build package of the current NSMversion.
Upgrading an NSMAppliance OS
This sections shows you howto upgrade an NSMappliance OSusing local harddisk and
CDROM.
Upgrade Using Local Hard disk
To upgrade CentOS 4.x to CentOS to 5.7 using upgrade script:
3
Copyright ©2013,Juniper Networks,Inc.
1.Download the CentOSUpgrade and Update Recovery Partition Script_v1 (by navigating
toToolssectionof theappropriateNSMrelease) totheNSMAppliance/tmpdirectory.
2.Download NSMAppliance ISOCentOS5.7_v1 (by navigating to Tools section of the
appropriate NSMrelease)/tmp directory.
3.Execute the downloaded script with CentOS 5.7 ISOimage using the following
commands:
#sh/tmp/UpdateRecoveryPartition_5.7_v1.sh
/tmp/NSMXpress-appliance-centos5.7-v1.iso
Example:
[root@NSMXpress tmp]# sh /tmp/UpdateRecoveryPartition_5.7_v1.sh
/tmp/NSMXpress-appliance-centos5.7-v1.iso
--- Running UpdateRecoveryPartition_5.7_v1.sh
Currently installed CentOS version is 5.7
Creating Mount directory..........................OK
Checking /var/cores disk space....................OK
Checking Mount for NSMXpress-appliance-r14-20130426-5.7.isoOK
Checking Mount for sda1...........................OK
Mounting /dev/sda1................................OK
Mounting NSMXpress-appliance-r14-20130426-5.7.iso.OK
Backing up existing BOOTLOADER....................OK
Replacing sda1 boot modules with NSMXpress-appliance-r14-20130426-5.7.isoOK
Replacing nsm.iso in sda1.........................OK
Copying ks.cfg upgrade ISO to HD..................OK
Modifying ks.cfg to boot from HD..................OK
Modifying Grub Menu...............................OK
Unmounting sda1...................................OK
Umounting NSMXpress-appliance-r14-20130426-5.7.isoOK
System is ready for REBOOT
[root@NSMXpress tmp]#
4.Reboot the NSMAppliance.
5.During reboot process,press any key to enter the menu when prompted.
Amenu screen with the following options are displayed:
• NSMXpress
• Rescue
• Upgrade OS to Centos 5.7
• Boot fromUSB to restore Previous OS (NowBooting Normally)
NOTE:For NSMXpress the last option is Boot fromSecondary Drive To
Restore Original OS.
6.Select Upgrade OSto CentOS5.7 option and press Enter.The following is displayed:
Copyright ©2013,Juniper Networks,Inc.
4
Network and Security Manager CentOS Upgrade Guide
Example:
Using this option will Upgrade the OS to CentOS 5.7 To confirm upgrade, type
upgrade at the password prompt. To abort and boot at the Rescue mode, just hit
<Enter> at the password prompt. Press any key.
7.Press any key for the password prompt.
8.Enter the password as upgrade and press Enter.
The CentOS upgrade process starts.The upgrade process will take approximately 15
minutes to upgraded to CentOS 5.7 successfully.
Upgrading Using CDROM
To reimage an appliance using CDROM:
1.Download the ISOfile fromNSMAppliance ISOCentOS5.7_v1 (by navigating to Tools
section of the appropriate NSMrelease),to a PCor Server having a DVDwriter.
2.Use a DVDburning tool to burn the image on a DVD.
3.Use an external USBDVDROMdrive for NSMXpress Series II or NSM3000appliance.
4.Change the boot sequence in the BIOS to boot fromthe USB DVDROMdrive.
5.Reboot the system.
When the systemboot fromDVDthe following grub options are displayed:
• rescue

erase-reinstall
• memtest86
6.Select erase-reinstall and let the automated installation complete.
7.Refresh NSMand interface configuration after automated the installation.
Setting Up Administrative Accounts and Networking
Logging In to the System

Log inas anadministrator using the passwordabc123,andchange the passwordwhen
prompted.
Connecting an Appliance to the Network
To connect an NSMappliance to the network,followthe prompts as displayed in the
console:

Please enter newIPaddress for interface eth0
Enter the value 10.205.10.161.

Please enter newsubnet mask for interface eth0
5
Copyright ©2013,Juniper Networks,Inc.
Chapter 1:Upgrading CentOS 4.x to CentOS 5.7 on NSMAppliances
Enter the value 255.255.0.0.
• Enter the default gateway as a dotted-decimal IPaddress:
Enter the value 10.205.10.161.
NOTE:

The values used are examples.
• If youenter anincorrect value,amessageappears that directs youtoenter
your responses in dotted-decimal format.
• To configure your systemwith a web browser,connect to
https://10.205.10.161/administration.
Configuring and Refreshing NSM
To configure and refresh NSM:
1.Log in as a root user using the command sudo su -.
When you are prompted for a password,provide the administrator password you set
previously in “Logging In to the System” on page 5.
2.Download the appropriate NSMbuild fromJuniper Software Download Page by
navigating to Tools section of the appropriate NSMrelease.
3.Extract the download zip files using the command unzip NSM_Build.zip.
4.Execute the following commands sh <NSM_Build.sh>and select the Refresh option.
Running NSMSetup
Use the nsm_setup command to configure DNS.The menu options available are:
1> Change Password
2> Set Interfaces
3> Set Routing
4> Change Hostname
5> Set DNS Servers
6> Change Time Options
7> Forward Local Status Emails
8> System Security Update
Q> Quit
R> Redraw menu
Choice [1-8,Q,R]:
Q> Quit
R> Redraw menu
Copyright ©2013,Juniper Networks,Inc.
6
Network and Security Manager CentOS Upgrade Guide
NSMXpress Settings Menu
1> Change Password
2> Set Interfaces
3> Set Routing
4> Change Hostname
5> Set DNS Servers
6> Change Time Options
7> Forward Local Status Emails
8> System Security Update
Q> Quit
R> Redraw menu
Choice [1-8,Q,R]:Q
Select a change to cancel it:
1> DNS add: 10.206.194.50
A> Apply all changes
M> Make more changes
C> Cancel all changes and quit
R> Redraw menu
Choice [1,A,M,C,R]: A
Applying Changes...
Re-loading database
Done!
Sub Option Choice [1-8,Q,R]:5
DNS name server options:
1> Add a nameserver
M> Return to Main Menu
R> Redraw menu
Choice [1,M,R]: 1
Please type the new nameserver in dotted decimal notation:
10.206.194.50
NSMXpress Settings Menu
1> Change Password
2> Set Interfaces
3> Set Routing
4> Change Hostname
5> Set DNS Servers
6> Change Time Options
7> Forward Local Status Emails
8> System Security Update
Q> Quit
R> Redraw menu
Choice [1-8,Q,R]: Q
Select a change to cancel it:
7
Copyright ©2013,Juniper Networks,Inc.
Chapter 1:Upgrading CentOS 4.x to CentOS 5.7 on NSMAppliances
1> DNS add: 10.206.194.50
A> Apply all changes
M> Make more changes
C> Cancel all changes and quit
R> Redraw menu
Choice [1,A,M,C,R]: A
Applying Changes...
Re-loading database
Done!
NOTE:The option 9>Configure Extended HAis available only in NSM3000
Series appliances.
Checking the Installation
Check if the build is installed and running.The sample out is as mentioned below:
[root@NSMXpress ~]# /etc/init.d/guiSvr status
[root@NSMXpress ~]# /etc/init.d/devSvr status
[root@NSMXpress ~]# /etc/init.d/devSvr version
[root@NSMXpress ~]# /etc/init.d/guiSvr version
=================================================================
[root@NSMXpress ~]# /etc/init.d/guiSvr status
nsm owner is nsm
Retrieving status...
guiSvrManager (pid 24588)..........................ON
guiSvrMasterController (pid 24766).................ON
guiSvrDirectiveHandler (pid 24969).................ON
guiSvrLicenseManager (pid 25223)...................ON
guiSvrStatusMonitor (pid 25387)....................ON
guiSvrWebProxy (pid 25599).........................ON
[root@NSMXpress ~]# /etc/init.d/devSvr status
nsm owner is nsm
Retrieving status...
devSvrDbSvr (pid 25936)............................ON
devSvrManager (pid 26095)..........................ON
devSvrLogWalker (pid 26253)........................ON
devSvrDataCollector (pid 26434)....................ON
devSvrDirectiveHandler (pid 26662).................ON
devSvrProfilerMgr (pid 26924)......................ON
devSvrStatusMonitor (pid 28084)....................ON
[root@NSMXpress ~]# /etc/init.d/devSvr version
nsm owner is nsm
Retrieving version information...
devSvrDbSvr PostgreSQL 8.1.7
devSvrManager 2009.1r1a (Build LGB12z1a15)
devSvrLogWalker 2009.1r1a (Build LGB12z1a15)
devSvrDataCollector 2009.1r1a (Build LGB12z1a15) 11/06/09
devSvrDirectiveHandler 2009.1r1a (Build LGB12z1a15) 11/06/09
devSvrProfilerMgr 2009.1r1a (Build LGB12z1a15)
devSvrStatusMonitor 2009.1r1a (Build LGB12z1a15)
[root@NSMXpress ~]# /etc/init.d/guiSvr version
nsm owner is nsm
Retrieving version information...
guiSvrManager 2009.1r1a (Build LGB12z1a15)
Copyright ©2013,Juniper Networks,Inc.
8
Network and Security Manager CentOS Upgrade Guide
guiSvrMasterController 2009.1r1a (Build LGB12z1a15) 11/06/09
guiSvrDirectiveHandler 2009.1r1a (Build LGB12z1a15) 11/06/09
guiSvrLicenseManager 2009.1r1a (Build LGB12z1a15) 11/06/09
guiSvrStatusMonitor 2009.1r1a (Build LGB12z1a15)
guiSvrWebProxy 2009.1r1a (Build LGB12z1a15) 11/06/09
[root@NSMXpress ~]#
9
Copyright ©2013,Juniper Networks,Inc.
Chapter 1:Upgrading CentOS 4.x to CentOS 5.7 on NSMAppliances
Copyright ©2013,Juniper Networks,Inc.
10
Network and Security Manager CentOS Upgrade Guide
CHAPTER2
Update Recovery Partition to a Factory
Restore Version with CentOS 5.7
This chapter explains howto update the recovery partition to a factory restore version
2012.1r1 with CentOS 5.7.
• Performing Upgrade Recovery Partition on page 11

Restoring the Systemto Factory Setting on page 11
• Changing the IPaddress on page 12
Performing Upgrade Recovery Partition
To performupgrade recovery partition:
1.Downloadthe script UpdateRecoveryPartition_5.7_v1.shfromthe CentOSUpgradeand
Update Recovery Partition Script_v1 (by navigating to Tools section of the appropriate
NSMrelease) for upgrading CentOS 5.7 to the NSMAppliance under/tmp directory.
2.Download NSMXpress-Centos5.7-recup-RS-v1.iso or
NSMXpress-Centos5.7-recup-CM-v1.iso ISOimages depending on whether appliance
is RS or CM) fromthe Update Recovery Partition ISOfor CMServer_v1 and Update
RecoveryPartitionISOfor RSServer_v1 by navigatingtoTools sectionof theappropriate
NSMrelease.
3.Copy the images to the NSMAppliance under/tmp directory for update recovery
partition on CentOS 5.7 using the script.
4.Execute the downloaded script with CentOS 5.7 ISOimage using the command:
RSAppliance—#sh/tmp/UpdateRecoveryPartition_5.7_v1.sh
/tmp/NSMXpress-Centos5.7-recup-RS-v1.iso.
CMAppliance—#sh/tmp/UpdateRecoveryPartition_5.7_v1.sh
/tmp/NSMXpress-Centos5.7-recup-CM-v1.iso.
5.Reboot the NSMAppliance.
Restoring the Systemto Factory Setting
1.During reboot process,press any key to enter the menu when prompted.
11
Copyright ©2013,Juniper Networks,Inc.
Amenu screen with the following options are displayed:
• NSMXpress

Rescue
• Re-install CentOS 5.7 image with 2012.1R1 NSMbuild

Boot fromSecondary Drive To Restore Original OS
2.Select Re-install CentOS5.7 image with 2012.1R1 NSMbuild option and press Enter.
The following is displayed:
Example:
Using this option will completely erase your appliance and load the CentOS 5.7
default image. No data recovery is possible after re-installing. To confirm
erase and re-install, type "erase" at the password prompt. To abort and
boot into Rescue mode, just hit Enter at the password prompt. Press any key.
3.Press any key for the password prompt.
4.Enter the password as erase and press Enter.
Update recovery process on CentOS 5.7 starts.The process will take approximately
30minutes for Re-installing CentOS 5.7 image with 2012.1R1 NSMbuild.Please note
that the re-imaging is always to 2012.1R1 irrespective of whichever build is currently
present in the appliance.
5.Enter username,password,and configure the IP,subnet mask and,default gateway
addresses.
After updaterecovery partitionusingscript,NSMis turnedoff and,Dev andGui server,
IPs will be192.168.0.2.As aworkaroundchangetheIPs accordingtothemanagement
IPof the NSMCentral Manager and Regional Server and start the NSMservices.
Changing the IPaddress
To change the IPaddress:
1.Edit/var/netscreen/DevSvr/devSvr.cfgandchangetheGUI Server addressguiSvr1.addr
on line 6.
2.In NSMGUI navigate to Administer > Server Manager > Server.
3.Open the guiSvr,modify the IPaddress,and save the file.
4.Open the devSvr,modify the IP,save the file.
5.Restart the NSMServer processes.
Copyright ©2013,Juniper Networks,Inc.
12
Network and Security Manager CentOS Upgrade Guide
CHAPTER3
CentOS Upgrade Path Examples
This chapter describes some examples for CentOS upgrade path.

Upgrade Paths on page 13
Upgrade Paths
The upgrade scenarios requires the following components:
• ISOimage

CentOS Upgrade and Update Recovery Partition Script
• NSMbuilds of main and patch releases as mentioned in the scenarios.
Scenarios availablefor CentOSupgradeonNSM3000andNSMSeries II appliances are:
• Scenario 1 on page 13

Scenario 2 on page 14
• Scenario 3 on page 14

Scenario 4 on page 14
• Scenario 5 on page 15

Scenario 6 on page 15
• Scenario 7 on page 15

Scenario 8 on page 15
Scenario 1
2009.1r1a ( CentOS4.x ) to 2010.3s7( CentOS4.X) through CentOS5.7 ISOto 2010.3s7,
2010.3s12,2012.1R6&2012.2R2 on NSMxpress II Appliance.
The purpose of this scenarios is to check if CentOS upgrade works for 2010.3s7.This
scenario covers the following:

Migration from2009.1.r1a (SAM) build having 4.x CentOS version to 2010.3s7 build
having CentOS 4.x.

Upgradation of CentOS to 5.7 using ISO.
13
Copyright ©2013,Juniper Networks,Inc.

Migration to 2010.3s12,user interface testing and continue migration to 2012.1R6 and
2012.2R2
Scenario 2
2009.1r1a ( CentOS4.x ) to 2011.4s4( CentOS4.X) through CentOS5.7 ISOto 2011.4s4,
2011.4s9,2012.1R6&2012.2R2 on NSMXpress RS appliance.
The purpose of this scenarios is to check if CentOS upgrade works for 2011.4s4.This
scenario covers the following:
• Migration from2009.1.r1a (SAM) build having 4.x CentOS version to 2011.4s4 build
having CentOS 4.x.
• Upgradation of CentOS to 5.7 using ISO.
• Migration to 2011.4s9,user interface testing and continue migration to 2012.1R6 and
2012.2R2.
• Update recovery partition using ISOScript
NSMXpress-appliance-r15-20130426-5.7-RS.iso.
Scenario 3
2009.1r1a ( CentOS4.x ) to 2012.1R1( CentOS4.X) through CentOS5.7 ISOto 2012.1R1,
2012.1R6&2012.2R2 on NSM3000appliance
The purpose of this scenarios is to check if CentOS upgrade works for 2012.1R1.This
scenario covers the following:

Migration from2009.1.r1a (SAM) build having 4.x CentOS version to 2012.1R1 build
having CentOS 4.x.

Upgradation of CentOS to 5.7 using ISO.
• Migration to 2012.1R6,user interface testing and continue migration to 2012.2R2.
Scenario 4
2009.1r1a ( CentOS4.x ) to 2012.2( CentOS4.X) through CentOS5.7 ISO to 2012.2 and
2012.2R2 on NSMXpress Central Manager Appliance.
Thepurposeof thisscenariosistocheckif CentOSupgradeworksfor 2012.2.Thisscenario
covers the following:
• Migrationfrom2009.1.r1a(SAM) buildhaving4.xCentOSversionto2012.2buildhaving
CentOS 4.x.
• Upgradation of CentOS to 5.7 using ISO.

Migration to 2012.2,user interface testing and continue migration to 2012.2R2
• Update recovery Partition using ISOScript
NSMXpress-appliance-r15-20130426-5.7-CM.iso.
Copyright ©2013,Juniper Networks,Inc.
14
Network and Security Manager CentOS Upgrade Guide
Scenario 5
2009.1r1a ( CentOS4.x ) to 2010.3s7( CentOS4.X) through CentOS5.7 ISO to 2010.3s7
and 2012.2R2 on NSM3000appliance.
The purpose of this scenarios is to check if CentOS upgrade works for 2010.3s7.This
scenario covers the following:
• Migration from2009.1.r1a (SAM) build having 4.x CentOS version to 2010.3s7 build
having CentOS 4.x.
• Upgradation of CentOS to 5.7 using ISO.
• Migration to 2012.2R2
• Update recovery Partition using ISOScript
NSMXpress-appliance-r15-20130426-5.7-RS.iso.
Scenario 6
2009.1r1a ( CentOS4.x ) to 2011.4s4( CentOS4.X) through CentOS5.7 ISOto 2011.4s4&
2012.2R2 on NSM-Xpress-CMAppliance.
The purpose of this scenarios is to check if CentOS upgrade works for 2011.4s4.This
scenario covers the following:
• Migration from2009.1.r1a (SAM) build having 4.x CentOS version to 2011.4s4 build
having CentOS 4.x.
• Upgradation of CentOS to 5.7 using ISO.

Migration to 2012.2R2.
Scenario 7
2009.1r1a ( CentOS4.x ) to 2012.2( CentOS4.X) through CentOS5.7 ISO to 2012.2 &
2012.2R2 on NSMXpress Regional Server Appliance.
Thepurposeof thisscenariosistocheckif CentOSupgradeworksfor 2012.2.Thisscenario
covers the following::

Migrationfrom2009.1.r1a(SAM) buildhaving4.xCentOSversionto2012.2buildhaving
CentOS 4.x.

Upgradation of CentOS to 5.7 using ISO.
• Migration to 2012.2R2

Update recovery Partition using ISOScript
NSMXpress-appliance-r15-20130426-5.7-RS.iso.
Scenario 8
2009.1r1a ( CentOS4.x ) to 2012.1R1( CentOS4.X) through CentOS5.7 ISOto 2012.1R1 &
2012.2R2 on NSMXpress II appliance.
15
Copyright ©2013,Juniper Networks,Inc.
Chapter 3:CentOS Upgrade Path Examples
The purpose of this scenarios is to check if CentOS upgrade works for 2012.1R1.This
scenario covers the following:

Migration from2009.1.r1a (SAM) build having 4.x CentOS version to 2012.1R1 build
having CentOS 4.x.

Upgradation of CentOS to 5.7 using ISO.
• Migration to 2012.2R2

Update recovery Partition using ISOscript
NSMXpress-appliance-r15-20130426-5.7-RS.iso.
Copyright ©2013,Juniper Networks,Inc.
16
Network and Security Manager CentOS Upgrade Guide
PART2
Index
• Index on page 19
17
Copyright ©2013,Juniper Networks,Inc.
Copyright ©2013,Juniper Networks,Inc.
18
Network and Security Manager CentOS Upgrade Guide
Index
C
customer support......................................................................x
contacting JTAC.................................................................x
S
support,technical See technical support
T
technical support
contacting JTAC.................................................................x
19
Copyright ©2013,Juniper Networks,Inc.
Copyright ©2013,Juniper Networks,Inc.
20
Network and Security Manager CentOS Upgrade Guide