Table of contents

Introduction

CHARON-VAX products are distributed in form of a shell installation kit that contains : the acceptance of the EULA emphasizing the new conditions of licensing and a compressed package containing RPM modules for different components. Generally it is recommended to install all the RPM modules but it is possible to omit some RPM files if they are not needed.

CHARON installation consists of the following steps:

• Host system checks (hardware and software) to ensure the host platform meets the minimum CHARON-VAX installation requirements
• Installation of any 3rd party material, for example, the utilities required for CHARON-VAX
• Running the SHAR to unpack the RPM modules and their individual installation
• Installation of the CHARON-VAX license (hardware dongle or software license)
• Configuration of the CHARON-VAX host system. It assumes creating a specific user, configuring the network, etc.

Hardware Requirements

Number of CPU cores

Each CHARON emulated CPU requires a corresponding physical core. So the total number of the host CPUs must exceed the number of emulated CPUs since some of the host CPUs must be dedicated to serving CHARON I/O operations and host operating system needs. If several CHARON instances run in parallel, the required number of CPU cores is cumulative.

The table below lists the minimum and recommended number of CPUs required for each product:

When starting, the CHARON-VAX software checks the available number of host CPU cores. This check is based on the maximum number of VAX CPUs that can be emulated. Therefore the number of host CPU cores recommended for the maximum number of emulated CPUs - as shown in the right column of the table above - must be available. If the available number of host CPU cores is below this number, CHARON-VAX will issue a warning message. The CHARON-VAX software will work despite this warning.

Disable Hyper-Threading

Hyper-threading should be switched off completely. Disable hyper-threading in the BIOS settings of the physical host or, for a VMware virtual machine, edit the virtual machine properties, select the Resources tab then select Advanced CPU. Set the Hyper-threaded Core Sharing mode to None.  If Hyper-threading cannot be disabled, please contact Stromasys support for alternative resource requirements and instructions

CPU type and speed

Since CHARON-VAX utilizes LAHF instruction in VAX CPU emulation please avoid usage of early AMD64 and Intel 64 CPUs in CHARON host system since they lack it. AMD introduced the instruction with their Athlon 64, Opteron and Turion 64 revision D processors in March 2005 and Intel introduced it with the Pentium 4 G1 stepping in December 2005.

Concerning CPU speed, the general recommendation is that higher the CPU frequency is, better the emulated VAX performances will be. The minimum recommendation is at least 3 GHz.

Emulator-host Memory

The minimum host memory size:

• depends on the amount of VAX memory to be emulated and on the number of CHARON-VAX instances to be executed on one host.

• is calculated according to the following formula:

  The minimum host memory = (2Gb +  the amount of VAX memory emulated) per CHARON-VAX instance

The maximum amount of VAX memory that can be created in the CHARON-VAX/66x0 products and supported by OpenVMS/VAX is 3584 Mb. For details, see the memory size specifications.

Disk storage

The total amount of disk space required for Charon-VAX can be calculated as a sum of:

• 500 MB for the Charon software
• All the disk/tape image sizes plus 500 MB for the Charon software
• The space required for the host operating system.

Keep in mind that Temporary disk storage is often needed when setting up a new emulator instance, for example for source disks backups storage, software installation kits, and others.

When virtual disks/tapes are used to represent physical disk drives / magnetic tapes, the disk/tape image files have the same size as their hardware equivalent, regardless of their degree of utilization.

Ethernet adapters

CHARON-VAX networking requires dedicated host Ethernet adapters; their number must be equal to the emulated adapters to be configured in CHARON-VAX. One adapter (optionally) can be left to the host for TCP/IP networking, management interface, etc.

It is also possible to use virtual network interfaces but for performance considerations, it is recommended to use physical ones only.

Software Requirements

• Red Hat Enterprise Linux (RHEL) and Oracle Linux 7.x to 9.x (64-bit)
• Rocky Linux 8.x and 9.x (64-bit)
• CentOS Linux 7.x - 64bit
• Hypervisors: VMware ESXi 5.5 – 8.0; Microsoft Hyper-V; KVM (require a supported Linux operating system running in the virtual machine).
  Note that prerequisites of additional products may limit the choice of hypervisors. For example, a VE license server VM requires VMware ESXi 6.5 or higher. Please refer to the appropriate documentation.

Host system preparation

The automatic installation of updates must be disabled.  Updates to the CHARON host must be done only in specific service maintenance periods established by the system administrator. Before applying new updates one must shutdown the operating system running on CHARON and stop all the running CHARON instances and services.

If a network-wide license (red dongle or software license) is going to be used, do the following:

• On the license server (where the network license will reside): open port 1947 for both TCP and UDP
• On the client, if broadcast search for remote licenses is to be used, UDP traffic from port 1947 of the license server to ports 30000-65535 of the client must be permitted.
  
  • If stricter firewall rules are required, it is possible to open the ports 30000-65535 and 1947 only for the "/usr/sbin/hasplmd" daemon.
• Both on license server and client: set default gateway

Please consult with your Linux User's Guide on details.

Before installation

1. Create a directory for the CHARON-VAX distribution as shown in the following example:
   
   

   # mkdir /charon_dist

2. On RHEL/CentOS 7, and RHEL 8, the "libev" package is required. If it is reported as missing during Charon installation on RHEL 7/8, check that the repository "extras" is included and enabled, if not, include and enable it. Please refer to your Linux distribution administrator's guide. The "libev" package is included in the "Base-OS" repository for RHEL/Rocky Linux 9, so there is no need to enable or install an additional repository.
   
   Command to enable the "extras" repository for RHEL 7.x:

   # yum-config-manager --enable rhel-7-server-extras-rpms

Please note:

• If you plan to install CHARON-VAX on the same server, both products, CHARON-VAX and CHARON-VAX, must have the same build number.
• If you upgrade from a previous version of CHARON-VAX, please stop all running CHARON virtual machines, uninstall CHARON products and reboot the Linux server (recommended) before proceeding with the installation steps described below.

Distribution preparation

Starting with version 4.12, Charon-VAX is delivered as a self-extracting shell-archive with a file name format as follows:

where:

To unpack the archive, perform the following steps:

• Copy the package file to some location in your filesystem, for example /var/tmp/charon-vax-4.12-21009-el90.sh
• Go to the directory where you wish to unpack the package, for example /charon_dist
• Run the archive shell script: # sh /path/to/<archive-name>
For example: # sh /var/tmp/charon-vax-4.12-21009-el90.sh

• Accept the EULA. To successfully unpack the archive, the end-user license agreement must be accepted.
• After this, the software packages making up the Charon-VAX kit will be extracted into a version-specific sub-directory of the current working directory of the user.

Example command and output:

Switch to the directory created when unpacking:

Example:

The distribution directory contains the following RPM files:

These packages are only required if you play to use HASP licensing. If you plan to use VE licensing, you should not install these packages.

Example:

Installation

Issue the following command to install all the RPM files present in the directory:

If you plan to use VE licensing, you can use the following command to only install the packages required for that:

Enter "y" to agree to install all the listed packages.

Example:

Check the installation process has completed successfully.

Example:

Re-login (as "root") to apply the PATH settings or execute the following command:

Please note:

The "charon-utils" package has the following dependencies:

• ethtool
• bridge-utils
• net-tools
• iproute
• NetworkManager

During "charon-utils" installation using "yum", these packages, with the exception of "bridge-utils", will be installed automatically from the standard repository if some of them are absent on the host system. In order to install the "bridge-utils", you must first install the EPEL (Extra Packages for Enterprise Linux) repository. Please see the EPEL web page for how to do this:

https://docs.fedoraproject.org/en-US/epel/

CHARON-VAX home directory

By default CHARON is installed in the "/opt/charon" directory. It has the following subdirectories:

The most important at this stage is the "/cfg" directory since it contains template configuration files with examples of typical configuration parameters and comments. This will be described in the next chapter.

Non-privileged user account creation

Create a non-privileged user account named "charon" for running CHARON:

Any existing user can also be used to run CHARON. In this case issue the following command to include this existing user into these specific groups:

Example:

Please note: If the emulator will be configured to use a physical console ("/dev/ttyNN"), it must either be run as the root user or the non-privileged user must be a member of the dialout group.

Charon License installation

Charon-VAX requires a valid product license to run the emulator. You have the choice of "VE" or "HASP" licensing. These are mutually exclusive. More information can be found below and in the CHARON-VAX for Linux Licensing section.

VE Licensing

VE licensing requires that a license server be installed and running that can serve a valid license. Stromasys recommends that you deploy a separate, dedicated system for the license server. If you need to set up a license sever, please refer to Virtual Environment (VE) License Server Documentation. If you already have a running VE license server, see the following and if necessary the CHARON-VAX for Linux Licensing section.

For Charon-AXP/VAX, the configuration of primary and (optionally) backup license server must be specified in the emulator configuration file using a text editor.

Configuration file general format:

set session license_key_id = "VE://<license-server-IP-Address>[:<port>]/[<passphrase>/]"

Description of the parameters:

• <license-server-IP>: the IP address of the VE license server (127.0.0.1 if the VE license server is on the same host).
• <port>: the TCP port on which the license is served (if not specified, the default port 8083 will be used).
• <passphrase>: the passphrase of the correct product section on the license (optional). The parameter may be required for the emulator in some cases to identify the correct section.

To configure a backup license server, add the backup license server information to the same line after the primary license server information:

set session license_key_id = "VE://<primary-licserv-IP-Address>[:<port>]/<passphrase>/, VE://<backup-licserv-IP-Address>[:<port>]/<passphrase>/"

Only one backup server can be configured. The backup server typically provides a license limited to a certain number of runtime hours should the primary server become unavailable. If all valid licenses are lost or removed while an emulator is running, there is a grace period (configured on the license; default: 2 hours). The grace period is the time period during which the emulator continues to run after its license has been lost or removed. If there is no valid license after the grace period ends, the emulator will stop (this could cause data loss for a running guest system).

HASP Licensing

Regular HASP USB dongle

If CHARON license is located on a regular USB dongle, just connect it to the host USB port.

If the CHARON host is accessed remotely, please note that regular HASP licenses cannot be displayed and used to start a CHARON virtual machine. As a workaround it is possible to install CHARON as a daemon (service). This procedure will be described later.

Network HASP USB dongle

If the CHARON license is a network license (red USB dongle), it is possible either to connect it to the host USB port (to use it locally and provide it to other hosts on the local network at the same time) or to install it on a local network "license server" for remote access from this particular host.

If a remote license server is to be used:

• Copy the aksusbd-7.63-1.i386.rpm and charon-license-4.10-<build>.<OS identifier>.x86_64.rpm files (see above) to the server, for example "/tmp"
• Login as "root" to the server.
• Switch to that directory.

• Install the copied files using "yum".
  Example:

  # cd /tmp # yum install aksusbd* charon-license-*

• Connect the network HASP dongle to one of the server USB ports.

The network HASP (red dongles) licenses have no restrictions with respect remote access

Software license

If CHARON license is a software license (SL), it is installed on the host using the following procedure:

1. Run hasp_srm_view utility in the following way to get the host fingerprint file ("my_host.c2v" in this example):

   # hasp_srm_view -fgp my_host.c2v

2. Send the resulting file to STROMASYS. In return STROMASYS will provide you with a ".v2c" file, for example "your_license.v2c".
3. Copy the received file to any folder on the CHARON host, invoke the system default web browser and enter URL http://localhost:1947 to display the "Sentinel Admin Control Center" (ACC) web interface. This interface allows you to view and manage the CHARON licenses.
4. In the ACC perform the following steps: select Update/Attach from the menu on the left pane then use the Browse button to select the received file and click on the Apply File button to install the license.
5. Ensure that the software license is now visible in the "Sentinel Keys" section of the ACC.

Please note:

• It is also possible to use the "hasp_update" utility for applying ".v2c" files.
• The Software Licenses (SL) are always network licenses, they have no restrictions with respect to being displayed or accessed via a remote connection.
• A "Provisional" (demo) license does not require collecting a fingerprint. For its installation start at step 3 in the sequence above

License validity verification

To check the CHARON license validity, invoke the hasp_srm_view utility to make sure that CHARON license is visible is correct:

• Text of the license is displayed correctly by the hasp_srm_view utility, no error messages are shown.
• The content of the license looks correct. For example: license number, major and minor versions, minimum and maximum build numbers, CHARON-VAX products and allowed hardware (CHARON-VAX models) should be checked. More details on the license content can be found in the CHARON-VAX Licensing chapter of this Guide.

Example:

If multiple licenses are available, it is possible to check them using the "-all" parameter with the hasp_srm_view utility in the following way:

# hasp_srm_view -all

It it also possible to display the license content for one specific key using the "-key" parameter and specifying the Key Id (see "# hasp_srm_view -h" for more)

Reminder: If the CHARON host is accessed over a remote connection, please note that regular HASP licenses cannot be displayed and used in this case. As a workaround it is possible to install CHARON as a daemon (service). This procedure will be described later.

Troubleshooting

If the CHARON license content cannot be displayed by the hasp_srm_view utility or it is incorrect, check the license is available and correctly used:

1. Invoke the system default web browser and enter the URL http://localhost:1947 to display the "Sentinel Admin Control Center" (ACC) web interface.
2. Click on "Sentinel Keys" link to open the corresponding page.
3. Make sure that one and only one CHARON HASP or SL license is present.

To facilitate troubleshooting, Stromasys recommends to enable logging from the Sentinel Admin Control Center as described in this article: Enabling logging in Sentinel Admin Control Center.

Removing licenses can be done by physical disconnection of the corresponding USB HASP keys from CHARON host and physical disconnection of the network HASP keys from all hosts on the local network (or by disabling remote access to network licenses from the CHARON host - see detailed explanations below).

For license servers accessible only via non-broadcast search it is also possible to disable access to network licenses if only a local license is to be used: Click on the "Configuration" link to open the "Configuration for Sentinel Manager" page.

Uncheck the "Allow Access to Remote Licenses" checkbox from the "Access to Remote License Managers" tab then press the "Submit" button to apply changes.

Please note:

Starting with Charon-AXP/VAX 4.9 for Linux and Charon-AXP/VAX version 4.8 for Windows the Charon emulator products do not follow the settings in the Sentinel ACC with respect to querying remote license servers and network visibility. They perform a broadcast search for network licenses even if this has been disabled in the Sentinel ACC. If this behavior has to be prevented for specific reasons, the network access of the system has to be temporarily restricted or disabled, for example by blocking the relevant traffic in a firewall. Another possibility would be to block access to the network license at the license server side.

Note that such methods can negatively impact other functions of the system or, in the case of blocking access to a network license on the server, even the functions on other license clients.

You can use the set session license_key_id parameter to force the emulator to use exact license IDs.

Example:

set session license_key_id=1877752571

It is also possible to have one "main" and one "backup" license in case the main license becomes unavailable:

set session license_key_id="1877752571,354850588"

CHARON-VAX checks its licenses from time to time starting with main license. If it becomes unavailable, it attempts to access the backup license.

Network configuration

In most cases CHARON will use a network. In this case CHARON requires one or more dedicated network interfaces with any other protocols including TCP/IP removed at the host level.

Two ways of network configuration are possible:

• With the help of the "ncu" utility
• Manually

The first way is recommended. Use the manual approach only in absence of the "ncu" utility or if it is impossible to use it.

Configuration with NCU utility

Login as root and enter "ncu". The following menu will appear:

The utility lists the available network interfaces (both physical and virtual) and indicates whether they are dedicated to the host or to CHARON and whether they are currently in use by the host operating system.

"ncu" offers several options:

• Dedicate interface to CHARON (option "1")
• Release interface to host (option "2")
• Create a bridge between a chosen physical network interface and the Linux virtual network and create a number of virtual network interfaces (option "3")
• Remove the Linux virtual network and all the created virtual network interfaces (option "4")
• Add VLAN (option "5")
• Remove VLAN (option "6")
• Print status (option "7") - use it to display status of network interfaces and the menu shown above
• Exit (option "8")

In the example above we see 2 network interfaces, "eth0" and "eth1", that are are dedicated to the host and the host uses only the interface "eth0".

Let's dedicate the interface "eth1" to CHARON-VAX.

Enter "1" then "eth1":

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Add VLAN
6 - Remove VLAN
7 - Print status
8 - Exit

Now the interface "eth1" is dedicated to CHARON-VAX:

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Add VLAN
6 - Remove VLAN
7 - Print status
8 - Exit

Enter "8" to return to the console prompt.

Now "eth1" can be used by CHARON-VAX.

Manual Configuration

Choosing network interface

To choose an interface to be used for CHARON networking, do the following:

Choose an interface to be used by CHARON, for example "eth1"

Designation of network interface to CHARON

To designate the chosen interface to CHARON open up the file "/etc/sysconfig/network-scripts/ifcfg-ethN" (where N is the number of the interface to be used for CHARON, in this case it is "1") and make sure that all the IP-setup related parameters are removed. The file must look like this:

Switching off the offload parameters

Determine what additional parameters are currently set to "on" on the host network adapter to be used by CHARON using the following command:

Example:

Use "ethtool" to switch off all the offload parameters:

Example:

For the example above let's create a temporary file containing the commands to be executed at system startup as the offload parameters must be switched off following each reboot:

Let's suppose the name of the file is "offload_off_eth1.txt". To execute it on system startup, execute the following command (example):

Final steps

• Reboot the host system
• Login as user "charon"
• Verify the offload parameters are effective

Upgrade from previous version

To upgrade an already installed CHARON-VAX kit to a more recent one:

1. Ensure your license allows you to upgrade to that version. If not, please generate a C2V file and send it to STROMASYS for update. See CHARON-VAX for Linux utilities - 'hasp_srm_view' utility
2. Prepare the new kit RPM files as it is described in "CHARON-VAX for Linux installation#Before installation" and "CHARON-VAX for Linux installation#Distribution preparation" sections.
3. Stop all running CHARON-VAX instances.
4. Make sure that no template files (i.e. "mv3k6.cfg.template") have been used for your specific configuration otherwise copy those files to a dedicated folder.
5. Login as "root" user.
6. Remove the old CHARON-VAX version as described in the "CHARON-VAX for Linux deinstallation" chapter and reboot the Linux server (recommended).
7. Proceed with the same instructions on the new kit installation as described in the "CHARON-VAX for Linux installation#Installation" section.
8. Once installation is completed, it is recommended to reboot the Linux server (possible issues with licenses detection could occur).

9. Install the license for the new CHARON-VAX as described in the "CHARON-VAX for Linux installation#License installation" section.

10. Start all the CHARON-VAX services stopped at step #3.

Please note:

If you did not reboot your Linux server at step 6, you may experience issues with 'aksusbd' service installation and then license detection.

Example:

Installing : aksusbd-8.13-1.x86_64 1/5
Failed to execute operation: Access denied
Failed to restart aksusbd.service: Access denied

To solve this problem, remove all Charon installed product and restart from step 6 above.