You are on page 1of 28

NetAct 15.

Installing and Configuring NetAct User


Workstations
DN0567515
Issue: 1-2

The information in this document is subject to change without notice and describes only the product
defined in the introduction of this documentation. This documentation is intended for the use of
Nokia Solutions and Networks customers only for the purposes of the agreement under which
the document is submitted, and no part of it may be used, reproduced, modified or transmitted
in any form or means without the prior written permission of Nokia Solutions and Networks. The
documentation has been prepared to be used by professional and properly trained personnel, and
the customer assumes full responsibility when using it. Nokia Solutions and Networks welcomes
customer comments as part of the process of continuous development and improvement of the
documentation.
The information or statements given in this documentation concerning the suitability, capacity, or
performance of the mentioned hardware or software products are given as is and all liability arising
in connection with such hardware or software products shall be defined conclusively and finally in
a separate agreement between Nokia Solutions and Networks and the customer. However, Nokia
Solutions and Networks has made all reasonable efforts to ensure that the instructions contained
in the document are adequate and free of material errors and omissions. Nokia Solutions and
Networks will, if deemed necessary by Nokia Solutions and Networks, explain issues which may not
be covered by the document.
Nokia Solutions and Networks will correct errors in this documentation as soon as possible. I N N O
E V EN T WI LL N OKI A S O L UT I ON S A N D N E T W O R K S B E L I A B L E F O R E R R O R S
I N T H IS DO CU M EN TAT IO N OR F O R A N Y D A M A G E S , I N C L U D I N G B U T N O T
L IM I T ED TO SPEC IAL, D IR E C T, IN D I R E C T, I N C I D E N TA L O R C O N S E Q U E N T I A L
O R AN Y LOSSES, SU CH A S B U T N O T L I M I T E D TO L O S S O F P R O F I T, R E V E N U E,
B USI NESS IN T ER RU P T I ON , B U S I N E S S O P P O RT U N I T Y O R D ATA , T H AT M AY
A RI SE F RO M T H E USE OF T HI S D O C U M E N T O R T H E I N F O R M AT I O N I N I T.
NSN is a trademark of Nokia Solutions and Networks. Nokia is a registered trademark of Nokia
Corporation. Other product names mentioned in this document may be trademarks of their
respective owners, and they are mentioned for identification purposes only.
Copyright Nokia Solutions and Networks 2015/2/10. All rights reserved.

Nokia Solutions and Networks is continually striving to reduce the adverse environmental effects of
its products and services. We would like to encourage you as our customers and users to join us
in working towards a cleaner, safer environment. Please recycle product packaging and follow the
recommendations for power use and proper disposal of our products and their components. If you
should have questions regarding our Environmental Policy or any of the environmental services we
offer, please contact us at Nokia Solutions and Networks for additional information.

Installing and Configuring NetAct User Workstations

Contents
1 NetAct presentation tier solutions................................................................................................................ 4
2 Prerequisites.................................................................................................................................................... 7
2.1
2.2
2.3
2.4

Prerequisites for hardware........................................................................................................................7


Prerequisites for software......................................................................................................................... 7
Prerequisites for NetAct connectivity........................................................................................................ 8
Other prerequisites for the presentation tier.............................................................................................9

3 Standalone user workstation setup............................................................................................................ 10


3.1 Installing Java Runtime Environment..................................................................................................... 10
3.1.1 To install Java Runtime Environment:............................................................................................ 10
3.2 Configuring Java Web Start settings...................................................................................................... 11
3.2.1 Configuring Java Web Start settings in Windows.......................................................................... 11
3.2.1.1 To configure Java Web Start settings in Windows.................................................................11
3.2.2 Configuring Java Web Start settings in Linux................................................................................ 12
3.2.2.1 To configure Java Web Start settings in Linux...................................................................... 12
3.2.3 Configuring Java Web Start settings in Mozilla Firefox..................................................................13
3.3 Creating file associations........................................................................................................................ 14
3.3.1 Creating the file associations in Windows......................................................................................14
3.3.2 Creating the file associations in Linux............................................................................................14
3.4 Adding NetAct Server CA certificate to the client's trust-store............................................................... 15
3.4.1 About server CA certificates...........................................................................................................15
3.4.2 Downloading a server certificate to the client................................................................................ 15
3.4.2.1 To download a server certificate to a client........................................................................... 15
3.4.3 Installing the SSL CA certificate for JRE in a Windows client....................................................... 16
3.4.4 Installing the SSL CA certificate for JRE in a Linux client............................................................. 18
3.4.5 Installing the server CA certificate to a browser............................................................................ 19
3.4.5.1 To install the server CA certificate to a browser.................................................................... 19
3.5 Installing Adobe Flash Player plugin (optional)...................................................................................... 20
3.6 ICA client installation...............................................................................................................................20
3.6.1 Installing Citrix client on Windows..................................................................................................21
3.6.2 Installing Citrix client on Linux........................................................................................................22
3.6.3 Configuring CA certificates............................................................................................................. 23
3.6.4 Modifying Citrix Receiver preferences............................................................................................23
3.6.5 Configuring the secure connection to Node Manager server.........................................................24
3.7 Access Server setup............................................................................................................................... 24
3.8 Accessing NetAct Linux servers from the user workstation................................................................... 24
3.8.1 Accessing NetAct Linux servers with SSH.....................................................................................25
3.9 Starting NetAct applications on a standalone user workstation............................................................. 25
3.9.1 To start NetAct application on a standalone user workstation....................................................... 25
3.10 Configuring TCP retries on Linux client................................................................................................26
3.10.1 To configure TCP retries on Linux client...................................................................................... 26
3.11 Installing NetAct server CA certificate for NetAct Monitor launch.........................................................27

Installing and Configuring NetAct User Workstations

NetAct presentation tier solutions

1 NetAct presentation tier solutions


Presentation tier is a part of NetAct three-tier architecture, which consists of the following tiers:
Presentation tier for hosting client applications
Business logic tier for hosting server applications and data access services
Data tier for hosting data persistency services
Presentation tier contains client applications that you can see on your workstations. It has an impact
on the NetAct performance because it shares the application load with the business logic tier.
The presentation tier has a minor effect on NetAct security because it separates NetAct users from the
business logic tier and the data tier. The presentation tier application can have direct access only to
business logic tier, but not to data tier or to network elements.
Node Manager Server has the Access Server functionalities. Customers can implement their own Access Server. However, Node Manager Server as user workstation is the standard option.
Below are described different ways how to access NetAct:
Standalone user workstation
The standalone solution consists of an individual NetAct user workstations in different locations. In
this solution, you can access NetAct directly through your workstation.
NetAct access through user workstation solution can be viewed on the following figure:

Figure 1: Presentation tier - user workstation

For more information on how to access NetAct through standalone user workstation, see Standalone user workstation setup on page 10.
Access Server

Issue: 1-2

DN0567515

Installing and Configuring NetAct User Workstations

NetAct presentation tier solutions

You can use a separate access server (a workstation located in a server farm) to access NetAct
applications indirectly. All operator workstations are configured for NetAct usage.
The access server solution is displayed in the following figure:

Figure 2: Presentation tier - access server

Access server must meet the hardware, software, and other requirements, which have been defined for presentation tier. ICA Client (Independent Computing Architecture Client) and Citrix Server in the figure above are used only as examples for application visualization and security solutions for the access server.
For more information on how to access NetAct through Access Server, see Access Server setup
on page 24
Node Manager Server as user workstation
Node Manager Server is similar to the Access Server solution except that the client workstation
connect directly to the Node Manager Server.

Issue: 1-2

DN0567515

Installing and Configuring NetAct User Workstations

NetAct presentation tier solutions

Figure 3: Node Manager Server as Workstation in NetAct

Issue: 1-2

DN0567515

Installing and Configuring NetAct User Workstations

Prerequisites

2 Prerequisites
This chapter describes the hardware and software prerequisites for presentation tier.
Note:
If the application you are accessing is inactive for a period longer than the defined inactive period of 30 minutes, Re-authentication dialog is displayed. Enter the password in
the Re-authentication dialog to use the application again.
However, for Performance Manager application, Re-authentication dialog is displayed
only when a call from the application to the server is completed.
While accessing Operating Documentation, if you become inactive for more than 30 minutes and then re-authenticate, do not click Back button. Instead navigate to the required
topic in the Contents pane.

2.1 Prerequisites for hardware


Nokia Solutions and Networks does not deliver the presentation tier hardware.
The following table provides the hardware prerequisites for available solutions for presentation tier:
Resource

User workstation

Access server

Type

Desktop or Laptop

BL460c

CPU

Single-core IA-32/64 compatible

Multi-core IA-64 compatible

RAM

2GB+

24/48 GB

Display Resolution

1600 x 1200

Not applicable

Free Disk Space

2GB

500 MB/User

Table 1: Hardware prerequisites for presentation tier

2.2 Prerequisites for software


The following table lists the software prerequisites for presentation tier:
Software
Operating system

User workstation
Windows 7 (64-bit) or Windows 8 (32-bit)
Linux (64-bit)

Web browser

Windows 7 (64 bit) or Windows 8 (32-bit) environment:


At least Microsoft Internet Explorer 11.0 (64-bit)

Issue: 1-2

DN0567515

Installing and Configuring NetAct User Workstations

Software

Prerequisites

User workstation
Note:
There is an exception as Alarm Reports
Dashboard supports only Internet Explorer 9.
Latest 32-bit version of Mozilla Firefox
Linux environment (any 64-bit distribution with GNOME
2):
Latest 64-bit version of Mozilla Firefox

Adobe Flash Player

Adobe Flash Player 11.1.0 or higher.

JRE/JWS

Windows 7 or 8 environment (64-bit)


Java 7 Update 65 (64-bit)
Note: Some applications may require the
32-bit version of Java 7 Update 65.

Linux environment (any 64-bit distribution with GNOME


2):
Java 6 Update 65 (64-bit)
ICA Client (optional)

XenApp 6.5 compatible.


This software is required to perform Element or Node
Manager launch to establish connection to Node Manager server.
This software is required to install Citrix client on Windows(3.4 Enterprise). For more information on the installation procedure, see Installing Citrix client on Windows.
This software is required to install Citrix client on Linux(13.0). For more information on the installation procedure, see Installing Citrix client on Linux.

Table 2: Software prerequisites for presentation tier

2.3 Prerequisites for NetAct connectivity


NetAct IP addresses must be reachable and their Fully Qualified Domain Names (FQDN) must be resolvable from all NetAct user workstations, in particular the IP addresses of all NetAct VMs.
Issue: 1-2

DN0567515

Installing and Configuring NetAct User Workstations

Prerequisites

You must add either:


the needed entries into the Corporate DNS having the IP-addresses of the NetAct cluster, or
the IP-addresses of the NetAct cluster into the host's file of the given user workstation client.
The IP addresses mentioned above are usually based on the address allocation plan created for the
site before the NetAct installation.
The same requirement applies to the Access Server as well.
You can use the nslookup command to test name resolving.
You must be able to use the ping command between the client PC and the NetAct servers.

2.4 Other prerequisites for the presentation tier


The third-party software components,which are included in NetAct, can have stricter presentation tier
software requirements.
The following table lists other prerequisites for the presentation tier:
Item

User workstation

Firewall

Firewall ports between presentation tier and business logic tier must be defined according to NetAct firewall security policies.

Name Resolution

Presentation tier must be capable of resolving DNS names of NetAct system, physical servers and logical high availability containers. Presentation
tier must also be capable to resolve Node Managers short names, for example, labMBR1 -> 10.1.100.80. Solution might be to add NetAct domain
and Node Manager subdomain to DNS suffix in Advanced TCP/IP Settings in IPv4 properties for Network Connection or add all entries (also
Node Managers) to C:\Windows\System32\drivers\etc\hosts file.

Privileges

The third-party software installation to the presentation tier requires administrator privileges.

CA Certificate

Installation of a specific CA certificate for the JRE and Web browser may be
required.

Table 3: Other prerequisites for presentation tier

Issue: 1-2

DN0567515

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

3 Standalone user workstation setup


This chapter provides procedures on how to configure NetAct user workstations.

3.1 Installing Java Runtime Environment


Prerequisites
Before you install Java Runtime Environment, the operating system and web browser must be
installed in the user workstation
You must have administrator rights to the user workstation.
Install Java Runtime Environment (JRE) and Java Web Start (JWS) on a client machine.
Note:
You must install JRE and JWS as a user with administrator privileges.
You must have access to the Internet or local revocation server. Enterprises with managed
networks and without access to the Internet (resulting in no access to the revocation services
provided by Certificate Authorities) will see a significant delay in startup times. To avoid such
delay, you have to disable revocation check through the Java Control Panel (JCP).
For information on how to disable revocation check, refer http://www.java.com/en/
download/help/revocation_options.xml.
Note that disabling on line revocation checking should only be considered in managed environments as it decreases security protections.

3.1.1 To install Java Runtime Environment:


1. Navigate to a website where you can download a version of the JRE.
For example, http://www.oracle.com/technetwork/java/archive-139210.html.
2. Click Java SE Runtime Environment 7u51.
3. Select Accept License Agreement and select the relevant JRE.
Note:
Install either the 32-bit or 64-bit JRE depending on the browser you use for accessing
NetAct. If you use 32-bit and 64-bit browsers interchangeably, you need to install both 32bit and 64-bit JRE.
4. Follow the installation instructions provided by the website.

Issue: 1-2

DN0567515

10

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

3.2 Configuring Java Web Start settings


3.2.1 Configuring Java Web Start settings in Windows
Define network settings and Java version for Java Web Start in Windows operating system.
3.2.1.1 To configure Java Web Start settings in Windows
1. Locate and launch Java Control Panel application for the JRE version, which you have chosen.
For example, on Windows 7, open Java Control Panel from Start Control Panel Programs
Java.
Expected outcome:
The Java Control Panel window opens.
2. On the General tab, click Network Settings....
3. Configure the proxy settings.
If there is no need to use network proxies, select Direct connection.
Note:
Contact your system administrator to find out whether you need to use a proxy for your
network connection. It is recommended that you do not use network proxies, as some
proxy configurations may cause problems with the NetAct Monitor application.
4. On the General tab, click Settings..., and Set the amount of disk space for storing temporary
files to atleast 10GB and click OK.
5. Click OK.
6. On the Java tab, under Java Runtime Environment Settings, click View.
The Java Runtime Environment Settings window displays a list of JREs installed on the machine.
7. Select the Enabled check box corresponding to your JRE version.
If the Java Runtime Versions list is empty, click the Find button. JRE Finder window opens.
1. Click Next. Select the directory where your chosen JRE version has been installed, for
example, C:\Program Files\Java\jre6.
2. Click Next. The following window displays the JREs that have been found.

Issue: 1-2

DN0567515

11

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

3. Select the line corresponding to your chosen JRE version, and click Finish.
8. Click OK to close the Java Runtime Environment Settings window.
9. Click OK to close the Java Control Panel application.
The required JRE is enabled.
Note:
For information on updating Java, see Java update needed while launching NetAct Monitor.

3.2.2 Configuring Java Web Start settings in Linux


Define network settings and Java version for Java Web Start in the Linux operating system.
3.2.2.1 To configure Java Web Start settings in Linux
1. Locate and launch Java Control Panel for JRE version that you have chosen.
In the terminal window, move to JRE installation directory.
The default JRE installation directory is /usr/java/<release_number>/bin.
2. Run the command: ./ControlPanel
Expected outcome:
Java Control Panel window opens.
3. On the General tab, click Network Settings....
4. Configure the proxy settings.
If there is no need to use network proxies, select Direct connection.
Note:
Contact your system administrator to find out whether you need to use a proxy for your
network connection. It is recommended that you do not use network proxies, as some
proxy configurations may cause working problems with the NetAct Monitor application.
5. On the General tab, click Settings..., and Set the amount of disk space for storing temporary
files to atleast 10GB.
6. Click OK.
7. On the Java tab, under Java Runtime Environment Settings, click View.

Issue: 1-2

DN0567515

12

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

The Java Runtime Environment Settings window displays a list of JREs installed on the machine.
8. Select Enabled check box corresponding to your JRE version.
If Java Runtime Versions list is empty, click the Find button. JRE Finder window opens.
1. Click Next. Select the directory where your version has been installed.
2. Click Next.
3. Select the line corresponding to your JRE version and click Finish.
9. Click OK to close the Java Runtime Environment Settings window.
10. Click OK to close the Java Control Panel application.
The required JRE is enabled.

3.2.3 Configuring Java Web Start settings in Mozilla Firefox


In Firefox, you can define the JRE version to be used to open JNLP (Java Network Launch Protocol)
files. This setting applies to all Java Web Applications opened from Firefox.
Java web start temporary file maximum size must be at least 10GB. You can configure this by navigating to in Start Control Panel Java Settings Disk space and setting the Set the amount
of disk space for storing temporary files to 10GB.
1. Launch Mozilla Firefox.
2. Select Firefox Options Options.
3. Select Applications tab.
4. From Content Type list, select JNLP File.
Note: If the JNLP File entry does not exist, launch any JNLP application, for example,
NetAct Monitor and then return to this list.

5. In the Action column, select the Use other option from the drop-down list.
Note:

Issue: 1-2

DN0567515

13

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

Select Always ask option to select a specific JRE version manually each time an application is launched.
6. In Select Helper Application dialog, click Browse to locate the directory where the required Java
version is installed and select the javaws executable.
7. Click OK.
8. In the Options window, click OK.
For Internet Explorer, JRE in use is defined by Environment Variables.

3.3 Creating file associations


To be able to launch NetAct applications successfully from the NetAct Start, configure file associations
in Windows and Linux user workstations. Associate file type .jnlp to the javaws application and file
type .ica to the Citrix ICA Client Engine.
You can create the associations in Windows-based NetAct user workstations by changing settings in
Control Panel and in Linux-based NetAct user workstations by using the Web browser.
The exact procedure depends on the operating system and web browser and it's version installed on
the user workstation.

3.3.1 Creating the file associations in Windows


To create the file associations needed by NetAct on user workstations in Windows 7 and Windows 8:
1. If you are configuring the user workstation, log in as an administrator user to the user workstation.
If you are configuring the Access Server, log in as an administrator to the Access server.
2. Select Start Settings Control Panel Default Programs Associate a file type or
protocol with a program.
Expected outcome
A list of file types along with the Description and the Current Default field is displayed.
3. Check whether .jnlp is associated with Java Web Start Launcher. If it is not associated, click
on Change Program, and associate .jnlp to C:\Program Files\Java\<jre version
folder>\bin\javaws.exe.
4. Check whether .ica is associated with Citrix Connection Manager . If it is not associated,
click on Change Program , and associate .ica to C:\Program Files (x86)\Citrix\ICA
Client\wfcrun32.exe.

Issue: 1-2

DN0567515

14

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

3.3.2 Creating the file associations in Linux


In Linux, file associations are created when the user workstation package is installed. If this is not the
case, follow the instructions in this section.
To create the file associations needed by NetAct on user workstations in Linux:
1. If you are configuring the user workstation, log in as root user to the user workstation. If you are
configuring the Access Server, log in as an administrator to the Access server.
2. Open the mime type association window from the web browser by selecting Preferences/
Options... Helper Applications/Application/File Types
3. Associate MIME type application/x-java-jnlp-file for files with extension/suffix jnlp to
application /opt/Nokia/<jre_version>/javaws/javaws.
4. Associate MIME type application/x-ica for files with extension/suffix ica to application /
opt/Nokia/ICAClient/wfica.sh.

3.4 Adding NetAct Server CA certificate to the client's trust-store


3.4.1 About server CA certificates
Certificates are needed to secure connections and to authenticate entities in the network. Installing the
server certification authority (CA) certificate on the client gives you a secure connection, removes 3
security warning popups and allows IE to work properly. Without the server CA certificate IE works only if set to intranet mode and even then, it displays a certificate error in the url field.
The certificate of the CA that has issued the HTTPS server certificate, for example, the NetAct Server CA certificate, must be imported as a trusted CA into the used Java Runtime Environment (JRE)
and the Web browser. The server CA certificate is needed on the client workstation to perform the SSL
server authentication. Download the certificate to all workstations.
Install the server CA certificate to
The JRE (cacerts file) used by Java Web Start (for launching NetAct Monitor)
The Web browser
Due to security and compatibility considerations, NetAct includes a Certification Authority application
for generating certificates.

3.4.2 Downloading a server certificate to the client


Download the server CA certificate file to the client workstation.
3.4.2.1 To download a server certificate to a client
1. Open your browser and navigate to https://<system_fqdn>/
Issue: 1-2

DN0567515

15

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

where <system_fqdn> is the fully qualified domain name of the cluster (load balancer) or in case of
single server setup, the fully qualified name of the server. Your system administrator can provide
you with the system fqdn.
2. If you are using Internet Explorer, and Protected Mode is On:
a) Double-click Protected Mode:On in the Internet Explorer status bar.
b) Click Trusted Sites.
c) Click Sites button.
d) In the Add this website to the zone field, enter system FQDN, and click Add.
where system FQDN is https://<system_fqdn>/ entered in Step 1.
e) Click Close, and OK.
f) Restart Internet Explorer.
3. Log in using your NetAct account.
4. Click the Certification Authority icon (by default located in the Security folder).
5. On the right, click Select on the line that starts cn=NetAct Server CA...
6. In the left panel, click Download CA.
7. Click Download CA certificate.
8. Save the file.
For Internet Explorer: select Save as, browse the location where you want to save the certificate
file and click Save.
For Mozilla Firefox:select Save File and click OK.

3.4.3 Installing the SSL CA certificate for JRE in a Windows client


This is an example of importing the SSL CA certificate to the JRE keystore in a Windows client.
The certificate is required if you use NetAct Monitor.
With these instructions, use the same certificate as in Downloading the server CA certificate to a Windows client.
Note:
Install the certificate as a user with administrative rights. You must have write permission to
the cacerts file.
1. To view current certificates in Java keystore:
a) Execute:

Issue: 1-2

DN0567515

16

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

C:\Users\Administrator>"C:\Program Files (x86)\Java\jre<java_version>


\bin\keytool.exe" -list -keystore "C:\Program Files (x86)\Java
\jre<java_version>\lib\security\cacerts
where <java_version> is the JRE version installed on your system.
b) Enter keystore password, for example, changeit.
2. If the JRE keystore already contains one Server CA certificate and you need to install a new one
for the same server, first remove the current certificate.
You may need to install a new certificate if you have recently re-installed the server, for example.
To delete the current certificate, use the following command:
C:\Documents and Settings\Administrator> "C:\Program Files\Java\
jre<java_version>\bin\keytool.exe" -delete -alias my-server-ca
-keystore "C:\Program Files\Java\jre<java_version>\lib\security\
cacerts"
Note:
For Windows 7, if you are using a 32-bit browser, the keytool path is C:\Program
Files(x86)\Java\jre<java_version>\bin\keytool.exe.
If you do not remember the alias of your certificate, get a list of all the existing certificate aliases by
running the following command:
C:\Documents and Settings\Administrator> "C:\Program Files\Java\
jre<java_version>\bin\keytool.exe" -list -v -keystore "C:\Program
Files\Java\jre<java_version>\lib\security\cacerts" > certificates.txt
This example command redirects the output to a certificates.txt file.
3. Import your certificate into the JRE keystore with the keytool application.
For example:
C:\Document and Settings\Administrator> "C:\Program Files\Java\
jre<java_version>\bin\keytool.exe" -import -file "C:\<path to
certificate>\ca.cer" -storepass changeit -alias my-server-ca keystore "C:\Program Files\Java\jre<java_version>\lib\security\
cacerts"
Note:
For Windows 7, if you are using a 32-bit browser, the keytool path is C:\Program
Files(x86)\Java\jre<java_version>\bin\keytool.exe.

Issue: 1-2

DN0567515

17

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

Keytool scripts parameter -storepass is the password for accessing the certificate in the
keystore. If you later want to remove the certificate from the keystore, you must have this
password available. The example above sets changeit as the password value.
The parameter -alias defines a label that helps to identify the certificate, especially if you have
multiple certificates in the keystore for different servers. The alias must be unique. If you later
want to remove the certificate from the keystore, you must have this alias available to refer to the
certificate.
The example above sets my-server-ca as the alias value.
4. Type yes when prompted with Trust this certificate.

3.4.4 Installing the SSL CA certificate for JRE in a Linux client


This is an example of inserting the SSL CA certificate to the JRE keystore in a Linux client.
The certificate is required if you use NetAct Monitor.
With these instructions, use the same certificate as in Downloading the CA server certificate to a Linux
client.
To perform this task, you must have writing permission to the keystore of your Java installation,
typically at /usr/java/jre<java_version>/lib/security/cacerts and you must be root
user.
1. If the JRE keystore already contains one Server CA certificate and you need to install a new one
for the same server, first remove the current certificate
You may need to install a new certificate if you have recently re-installed the server, for example.
To delete the current certificate, use the following command, for example:
# /usr/java/jre<java_version>/bin/keytool -delete -alias my-server-ca
-keystore "/usr/java/jre<java_version>/lib/security/cacerts"
If you do not remember the alias of your certificate, get a list of all the existing certificate aliases by
executing the following command:
# /usr/java/jre<java_version>/bin/keytool -list -v
-keystore "/usr/java/jre<java_version>/lib/security/cacerts" >
certificates.txt
This example command redirects the output to a certificates.txt file.
2. Insert your certificate in the JRE keystore with the keytool application.
Enter:
# /usr/java/jre<java_version>/bin/keytool -importcert

Issue: 1-2

DN0567515

18

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

-file "<path to certificate>/ca.cer" -storepass changeit -alias my-server-ca


-keystore "/usr/java/jre<java_version>/lib/security/cacerts
Keytool scripts parameter -storepass is the password for accessing the certificate in the
keystore. If you later want to remove the certificate from the keystore, you must have this
password available. The example above sets changes it as the password value.
The parameter -alias defines a label that helps to identify the certificate, especially if you have
multiple certificates in the keystore for different servers. The alias must be unique. If you later
want to remove the certificate from the keystore, you must have this alias available to refer to the
certificate.
The example above sets my-server-ca as the alias value.
3. Type yes when prompted with Trust this certificate.

3.4.5 Installing the server CA certificate to a browser


Install the server CA certificate to your browser using the Certification Authority application.
Note:
Each workstation user has to install the server CA certificate to a browser.
Note:
In this procedure, the certificate is copied over an unsecure network connection. It should only be used in an uncompromised, trusted network. The procedure is faster and more convenient than the other method where the certificate is moved from server to a client on a detachable medium, although the latter method is more secure.
Note:
These instructions assume that the server CA, NetAct Server CA, is being used as the
CA that has issued the HTTPS server certificate.
3.4.5.1 To install the server CA certificate to a browser
1. Open your browser and navigate to https://<system_fqdn>/
where <system_fqdn> is the fully qualified domain name of the cluster (load balancer). Your
system administrator can provide you with the system fqdn.
2. Log in using your NetAct account.
3. Click the Certification Authority application (by default located in the Security folder).
The Certification Authority application opens.
4. Select the certification authority.

Issue: 1-2

DN0567515

19

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

In the Available Certification Authorities list, click Select on the line Select cn=NetAct
Server CA.
5. In the left pane, click Download CA.
6. In the right pane, click Install CA certificate.
7. Install the certificate.
Internet Explorer: In the File Download dialog, click Open, and then click Install Certificate. The
Certificate Import Wizard starts.
Note:
Ensure that the server CA certificate is installed in the Trusted Root Certification Authorities store. In some operating systems you have to explicitly select trusted store in the
Certificate Import Wizard's Certificate Storage page.
Note:
The download and installation of the NetAct Server CA certificate does not support the
friendly name attribute. You can safely leave the attribute undefined, or you can use the
Web browser's certificate management dialog to set the friendly name for the certificate.
Mozilla Firefox: In the Downloading certificate dialog, select the Trust this CA to identify web
sites check box and click OK.
The Certification Authority application installs the server CA certificate to your browser.

3.5 Installing Adobe Flash Player plugin (optional)


Adobe Flash Player is a freeware multimedia plugin for web browsers. It is responsible for viewing
multimedia, Rich Internet Applications and streaming video and audio.
To view Rich Media documentation you need to install Adobe Flash Player plugin on your web browser.
Requirements of Adobe Flash Player plugin for Windows and Linux are described on the product web
page. For more information, see http://www.adobe.com/products/flashplayer/tech-specs.html.
To install Adobe Flash Player on your web browser:
1. Go to http://get.adobe.com/flashplayer and download the installer.
2. Double-click the downloaded installer and follow the on-screen instructions.
Expected outcome
Adobe Flash Player is installed on your web browser.

Issue: 1-2

DN0567515

20

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

3.6 ICA client installation


3.6.1 Installing Citrix client on Windows
Prerequisites
1. Uninstall the existing Citrix client software installed on your workstation - with tool provided by
Citrix.
http://support.citrix.com/article/CTX137494
2. Click Download.
3. Extract the downloaded package and double-click ReceiverCleanupUtility.exe.
4. Click Run command in the dialog box.
5. In the pop-up box, click 1 to remove the old version.

6. Press any key in the command prompt after the uninstallation is complete

Issue: 1-2

DN0567515

21

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

7. Download the new version 3.4 from the following website:


https://www.citrix.com/downloads/citrix-receiver/legacy-client-software/receiver-for-windows-34enterprise.html
8. Run the installation package to install the new Citrix client.
9. Click Install button - to start the installation.

3.6.2 Installing Citrix client on Linux


1. Download the Citrix client software for Linux 13.0 from website:
https://www.citrix.com/downloads/citrix-receiver/linux/receiver-for-linux-130.html
The below table lists the packages available for Linux 13.0:
File name

Packages

Debian(.deb file)

x86 -32-bit and 64-bit packages (containing


32-bit binaries)
ARM -32-bit packages for armel and armhf
platforms

Issue: 1-2

DN0567515

22

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

File name

Packages

RPM Package Manager(.rpm file)

x86 -32-bit and 64-bit packages (containing 32bit binaries)

Tarball(.tar.gz file)

x86 and ARM -32-bit binaries in a tarball package are available for x86, armel, and armhf
platforms

Table 4: Packages available for Linux 13.0

2. To install the Citrix Receiver for Linux 13.0,see


http://support.citrix.com/proddocs/topic/receiver-linux-13-0/linux-install.html
After the Citrix Receiver is installed, see Accessing published Desktop from Citrix webpage to check
whether the node manager server desktop can be accessed from Citrix Receiver.

3.6.3 Configuring CA certificates


Perform the following steps only if you want to launch the application from Node Manager Server
through SSL.
1. Log in to NetAct Start Page.
See Launching the NetAct Start Page
2. Click Security Certification Authority.
The Available Certification Authorities page appears.
3. In the Available Certification Authorities page, click Select cn=NetAct Server CA.
4. Click Download CA.
5. In the Get the CA Certificate page, click Download CA certificate.
6. After download, click Install Certificate.
7. On the Certificate Import Wizard, click Next.
8. Select Place all certificates in the following store option, and click Browse.
9. Select Trusted Root Certification Authorities and click OK.
10. Click Next, and then click Finish.

Issue: 1-2

DN0567515

23

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

3.6.4 Modifying Citrix Receiver preferences


Perform the following steps to modify the Citrix Receiver preferences.
1. Double-click the Citrix Receiver icon available at the bottom right corner of the desktop.
2. Click Advanced Online Plug-in Settings Change Server.
3. Enter server URL, and click Update.
Server URL can be,
https://<hostname>.<domain name> (SSL used, SSL port not changed)
https://<hostname>.<domain name>:12443 (SSL used, SSL port changed)
http://<hostname>.<domain name> (SSL not used)
4. Click Update.
5. Enter <domain name>\<user> and <password>, and click Log On.
6. Click Advanced Online Plug-in Settings Options Application.
7. Select either Show application in Start Menu or Show application on desktop.
Expected outcome
Depending on your selection, the applications are displayed either in Start Menu or on the desktop.

3.6.5 Configuring the secure connection to Node Manager server


The communication between user workstations and Node Manager member server must be SSLsecured.
For more information, see Configuring secure connection to Node Manager Server

3.7 Access Server setup


Configuring the Access Server is same as configuring Standalone user workstation. Perform the steps
mentioned in Standalone user workstation setup to configure Access Server.
Note:
The configuration must be performed on the Access Server as an administrator.

3.8 Accessing NetAct Linux servers from the user workstation


You can access NetAct Linux servers remotely, in other words, over the network, from the user workstation using SSH.

Issue: 1-2

DN0567515

24

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

3.8.1 Accessing NetAct Linux servers with SSH


You can access NetAct Linux servers from the user workstation using SSH. Protocol SSH and Port 22
are used for this connection.
To copy the hostnames of all VMs:
1. Login to the VM where sqm_collector_npm is running and execute the following command:
cat /etc/hosts
2. Copy the ouput and paste it in hosts file in C:\Windows\System32\drivers\etc of user
workstation.
To access NetAct Linux servers using SSH:
3. From the command line, enter the command:
$ ssh user@<the fully qualified name of the host>
For example, enter:
$ ssh user@my_linas_host.my.domain.com
4. Enter password.

3.9 Starting NetAct applications on a standalone user workstation


Prerequisites
Before launching NetAct applications, ensure that you have configured the client machine and the
browser to use Java 7 Update 51 and the correct Java Web Start version.

3.9.1 To start NetAct application on a standalone user workstation


1. Launch a browser.
Note:
The following web browsers are supported:
Internet Explorer 11.0
The latest Mozilla Firefox version
Note:

Issue: 1-2

DN0567515

25

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

Ensure that you use your default browser when starting NetAct, since NetAct Monitor displays its online help in the default browser. To set your preferred browser as the default
browser, check the browser's options.
2. Navigate to the following address:
https://<system_fqdn>/
where <system_fqdn> is the fully qualified domain name of the cluster (load balancer). Your
system administrator can provide you with the system fqdn.
3. Log in using your NetAct account.
The NetAct Start Page opens.
4. On the NetAct Start Page, you can access all the NetAct applications configured for you.
Note: When you launch a NetAct Java application for the first time, the application is
downloaded on your computer. This can take a while.

Note:
When you launch a NetAct Java application, your browser may prompt you about what to do
with the start.jnlp file. Click Open With, select the JRE Java Web Start (javaws), then
select the Do this automatically from now on check box (if desired) and click OK. Make
sure that you use the Java Web Start version that was installed during client setup (in other
words, when installing Java 7 Update 51). For more information on updating Java, see Java
update needed while launching NetAct Monitor.
If the browser does not prompt you about what to use when you launch the application, it is
likely that your browser preferences already contain a binding for .jnlp files. Check that
they point to the Java Web Start version mentioned above.

3.10 Configuring TCP retries on Linux client


The default TCP settings of the Linux operating system can cause the client to wait for about fifteen
minutes after a temporary network outage. The following settings quicken TCP error detection and recovery.

3.10.1 To configure TCP retries on Linux client


1. Log in to the Linux client workstation as user root.
2. Edit file /etc/sysctl.conf to have the following line: net.ipv4.tcp_retries2=5

Issue: 1-2

DN0567515

26

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

Note:
Any use of unreliable network (for example using a modem), or leaving the Linux default
value of 15 will cause connection hiccups. Therefore, it is advisable to change the default
value from 15 to 5 to speed up the recovery process and resume the communication.
3. Execute the command: sysctl net.ipv4.tcp_retries2=5

3.11 Installing NetAct server CA certificate for NetAct Monitor launch


When using any version of Java 7 Update 51, you must install the NetAct server CA certificates before
launching NetAct Monitor. Perform the following steps to install NetAct server CA certificate.
1. Log in to the NetAct Start Page with a user account that has permissions for Certification
Authority.
a) From a browser window, enter the URL: https://<system_fqdn>/
where <system_fqdn> is the fully qualified domain name of the NetAct cluster (Java EE load
balancer). Your system administrator can provide you with the <system_fqdn>.
b) Enter your login name and password.
c) Click Log In OK
Expected outcome
The NetAct Start Page appears.
2. To open Certification Authority, click Security Certification Authority.
3. From the left navigation pane, click List authorities.

Issue: 1-2

DN0567515

27

Installing and Configuring NetAct User Workstations

Standalone user workstation setup

The Available Certification Authorities page opens on the main display pane.
4. To select the NetAct Server CA, click Select beside the NetAct Server CA.
5. Click Download CA.
6. On the Get the CA certificate page, click Download CA certificate.
7. Click Save to save the certificate to the desired location.
8. After download, click Install Certificate.
9. On the Certificate Import Wizard, click Next.
10. Select Place all certificates in the following store option, and click Browse.
11. Select Trusted Root Certification Authorities and click OK.
12. Click Next, and then click Finish.
13. To launch NetAct Monitor, click Monitoring Monitor.
14. Select I accept the risk and want to run this application check box and click Run.

Issue: 1-2

DN0567515

28