Cisco Systems 10200 manual Setup Non-Interactive SSH Login to External Archive Server

Chapter 3 Monitoring and Backing Up the BTS

Log Archive Facility (LAF)

The steps to set up the authorization in external archive server and turn the LAF processes to active is listed below:

Setup Non-Interactive SSH Login to External Archive Server

Note The external archive system is recommended to be located such that it can be accessed by the management network. In such a case, the static routes in the CA system should be explicitly set so that the traffic to the external archive system is routed through the management network see section (“Adding Static Routes” section for more details). Otherwise, the traffic is routed through the default network (i.e. signaling network) and may not be able to reach the external archive system.

Step 1 Log in to the Cisco BTS 10200 primary EMS as root.

Step 2 From the EMS, login to the external archive server via ssh to get the external archive server added to the /.ssh/known_hosts file.

Step 3 Log off from the external archive server.

Step 4 While still logged in on the primary EMS as root, generate an SSH key.

a.Execute cd /opt/BTSossh/bin.

b.Execute ssh-keygen -t rsa.

c.Press Enter to accept the default file name for the key (/.ssh/id_rsa).

d.Enter y if prompted to choose whether to overwrite the existing file.

e.Press Enter when prompted to enter a passphrase (i.e. no passphrase).

f.Transfer the resulting file (/.ssh/id_rsa.pub) to a temporary location on the external archive server.

Step 5 Set up the external archive server with the key generated in Step 4.

a.Login to the external archive system as root.

b.If a /.ssh/authorized_keys file does not exist on the external archive system, rename the id_rsa.pub file (copied from the Cisco BTS 10200 EMS) to /.ssh/authorized_keys. If the file does exist, append the id_rsa.pub file to it.

Step 6 On the primary EMS, execute

ssh root@abcd

where abcd is the IP address or fully-qualified domain name of the external archive server.

Step 7 Verify that login to the external archive server is successful and that no prompts for username or password are issued.

Step 8 Run enableLAF in EMS platform directories (i.e. /opt/ems/bin and /opt/bdms/bin)

Step 9 Repeat Steps 1-8 for the secondary EMS, primary CA and secondary CA. (In CA, the platform directories are /opt/OptiCall/CAxxx/bin, /opt/OptiCall/FSPTCyyy/bin, /opt/OptiCall/FSAINzzz/bin).

Note Billing has a similar mechanism/steps to SFTP their Call Detail Blocks (CDB) files to an external machine. If the LAF and Billing use the same target machine, then in both EMS, perform Steps 1-7 only once. You must still run Step 8 to enable LAF. And you must still run Steps 1 -9 in CA nodes.