Documentation

Configuring the NMS Mode on the Atlas 500 AI Edge Station (Model 3000)

Prerequisites

  • The system time of the Atlas 500 AI edge station (model 3000) to be managed must be the same as that of FusionDirector. Otherwise, the management may fail.
  • The Atlas 500 AI edge station (model 3000) 21.0.4 (1.0.33) and later versions must be used together with FusionDirector 1.7.2 and later versions. Otherwise, the reported dynamic and static information may be incomplete after the device is managed by FusionDirector, and some functions become unavailable.

Procedure

  1. Enter https://Atlas IES IP address in the search box of the browser and press Enter to go to the Atlas IES page.
  2. Choose Maintenance > NMS Registration from the main menu.

  3. In Select NMS Mode, select FusionDirector and set related parameters.

    If multiple IP addresses are configured on the same NIC, a random IP address is displayed on FusionDirector. As a result, the device cannot be identified. You can specify the IP address to be managed by FusionDirector by binding the IP address to an egress route. For example, if the IP address of FusionDirector is 192.168.100.15 and the NIC on the device has two IP addresses 192.168.1.100 and 192.168.1.101, you can run the ip route add 192.168.100.15 via 192.168.1.1 src 192.168.1.100 command to enable FusionDirector to manage 192.168.1.100.

    Table 1 Item description

    Item

    Description

    Node ID

    ID of the device connected to FusionDirector. Retain the default value.

    NOTE:

    If the Atlas 500 AI edge station (model 3000) is faulty and replaced, the node ID of the Atlas 500 AI edge station (model 3000) must be the same as that of the original Atlas 500 AI edge station (model 3000). Choose Menu > Devices > Device List > Edge Devices on the FusionDirector WebUI to query the node ID information of the faulty device.

    Server Name
    • If you import a user-defined service certificate to FusionDirector, you need to import the root certificate of the corresponding CA to the edge device to verify the user-defined service certificate of FusionDirector. You can import the root certificate clicking FusionDirector Root Certificate File on the WebUI. In addition, you need to set the Server Name parameter to verify the domain name of the user-defined service certificate of FusionDirector. The value must be the same as the CN field of the user-defined service certificate of FusionDirector. (CN refers to Common Name.)
    • If a Huawei-set service certificate is used, you do not need to set Server Name.
      NOTE:

      The CN field of the user-defined service certificate cannot contain "huawei". Otherwise, the device fails to interconnect with FusionDirector.

    IP Address

    IP address for accessing FusionDirector.

    Account

    Account for accessing FusionDirector. The default value is EdgeAccount.

    Password
    Password for accessing FusionDirector.
    • If the version of FusionDirector is 1.7 or later, obtain the password by referring to "Configuration Quick Start > Edge Device > Adding an Edge Device" in the FusionDirector Operation Guide.
    • If the FusionDirector version is earlier than 1.7, obtain the password by referring to "Configuration Quick Start > Edge Device > Registering FusionDirector NMS Information" in the FusionDirector Operation Guide.

    FusionDirector Root Certificate File

    Click to upload the root certificate file.

    This parameter is optional. You must import the certificate for the first connection. For security purposes, you are advised to use your own certificates and public and private key pairs and periodically update them to ensure certificate validity and security. If the device fails to connect to FusionDirector because the certificate has expired or is revoked, import the root certificate file again. For security purposes, the root certificate must meet the following requirements:
    • Use RSA with a key of 3072 bits or more if an asymmetrical encryption algorithm is used.
    • Use SHA2 with a key of 256 bits or more if a hash algorithm is used.

    You are advised to upload the custom root certificate. In addition, Huawei provides a root certificate on its official website. To obtain it, perform the following steps:

    Log in to FusionDirector, choose Menu > System Settings > Security > Certificates > Service Certificates from the main menu, and click Export to download the certificate package rootCerts.zip to the local PC. Decompress the downloaded certificate package to obtain the rootCertChain.crt certificate.

    NOTE:

    After uploading the FusionDirector root certificate, import a CRL to check whether the FusionDirector root certificate is revoked. If yes, the device cannot communicate with FusionDirector. For details about how to import a CRL, see 5.

    FusionDirector Interconnection Test
    • If you select Yes, the node ID and the connectivity between the device and FusionDirector are tested. If the test fails, the NMS mode switchover fails. The interconnection test is performed by default.
    • If you select No, the node ID and the connectivity between the device and FusionDirector will not be tested. The NMS mode switchover is successful, but the edge station may not be managed by FusionDirector.

    In the offline centralized configuration where FusionDirector cannot be connected, you can skip the interconnection test. However, the FusionDirector parameters must be valid. That is, the node ID of each Atlas 500 AI edge station (model 3000) must be unique on FusionDirector, and the IP address, user name, and password are valid. The interconnection test is recommended in other scenarios to prevent management failures caused by incorrect input.
  4. Click Save.
  5. (Optional) Import the CRL.
    1. Obtain the CRL from the CA. Example:
      Click PKI Download Management, select CRL from Type, and click Search. Download the CRL shown in Figure 1 to the local PC.
      Figure 1 Obtaining the CRL
    2. Log in to the Atlas 500 CLI.
    3. Run the develop command to enter the Atlas 500 development mode.
    4. Upload the CRL (obtained in 5.a) to a directory (for example, /var) on the Atlas 500 AI edge station (model 3000).
    5. Run the following command to switch to the /opt/middleware/AtlasEdge/edge_work_dir/edge_om/bin directory:
      cd /opt/middleware/AtlasEdge/edge_work_dir/edge_om/bin
    6. Import the CRL.
      ./updateCRL.sh --crlPath=/var/newCrl.crl --forceupdate=true --active=true
      Table 2 Parameter description

      Parameter

      Description

      --crlPath

      Path of the CRL, for example, /var/newCrl.crl.

      --forceupdate
      Whether to forcibly update the CRL if the CRL imported is earlier than the one that already exists:
      • true: updates the existing CRL forcibly.
      • false: leaves the existing CRL not updated.

      --active

      Whether the imported CRL takes effect immediately:

      • true: makes the imported CRL take effect immediately. The AtlasEdge program will restart for the CRL to take effect immediately. You need to confirm the restart. If you enter yes, the CRL takes effect immediately after the AtlasEdge is restarted. If you enter no, the CRL will take effect only after you manually restart the AtlasEdge, or when the AtlasEdge is started next time.
      • false: makes the imported CRL take effect only after you manually restart the AtlasEdge or when the AtlasEdge is started next time.