Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 325

Managing Large Binary Data Files (Secure Access and Infranet Controller Devices Only)
Copyright © 2010, Juniper Networks, Inc.
inventory immediately by clicking the Reconcile button in the Device Inventory window.
You do not need to run the Inventory Diff tool, although you might choose to do so if you
want to know what the differences are.
You might also need to reconcile the device inventory after activating a modeled device.
The Reconcile button becomes active for this purpose after you issue an Activate Device
directive on a device with connection status "Update Needed".
If you issue an Update Device directive while the inventories are not synchronized, NSM
will return an error message telling you that it cannot complete the request until you have
reconciled the inventories.
If a member device of a Junos cluster reboots and connects back to NSM, the hardware
inventory might show as "Out-of-Sync" in the Device list table because the device takes
some time to fully initialize the chassis modules. You can reconcile the inventories to get
NSM back in sync with the device.
If the operating system is upgraded using the device CLI or Web UI, the Software Inventory
Status will change to "Out of Sync" when the device reboots and reconnects to NSM.
For this special case, you must reconcile the inventory by right-clicking the device in the
Device Manager and selecting Adjust OS Version. It is the only option available from the
drop-down list if the operating system versions are not synchronized. See "Adjusting the
Device OS Version" on page 269 for details.
Large binary data files that form a part of the configuration of Secure Access and Infranet
Controller devices are handled differently from the remainder of the configuration in
NSM. The size of some of these binary files could make configurations large enough to
overload resources on the NSM server. Consequently, only the large binary files you specify
are imported into NSM, and those files are configured as shared objects, which avoids
duplication if they are applied to multiple devices.
Large binary data files are not imported with the rest of the configuration during a normal
device import operation. Instead, the file is represented in the device configuration tree
by a stub containing an MD5 hash and file length designation. If you need to manage
such a file in NSM, you upload the file separately, and configure it as a shared object. To
include the file as part of the device object in NSM, you must then establish a link between
the node in the device configuration tree and the shared binary data object. When you
establish the link, a pointer to the shared binary data object replaces the MD5 hash and
length.
After you have established the link, an Update Device directive will push all linked binary
data files to the device along with the rest of the device configuration. No binary data is
pushed for nodes that still contain the MD5 hash and length designators.
If you do not need to manage a large binary data file from NSM, then you do not need to
include it in the device object configuration. For example, suppose you have a hosted
Java applet that resides on a Secure Access device, and you have no intention of updating
this applet. In this case, no shared object creation or file upload is necessary. NSM device
objects will contain only the MD5 hash stub for these endpoints. Any delta configuration
Chapter 7: Managing Devices
275