NNMi Deployment and Configuration Technical Webinar Kevin N. Smith Jeff Conrad March 6, 2009
Introduction Sample deployment on a small test lab All using NNMi 8.11 Will not address NNM 6.x/7.x to NNMi upgrades. This will be a virgin installation of NNMi 8.11 Goal is to give you a feel for what is required and for you to see how straightforward the tasks are This is abbreviated but the steps are similar for even our largest deployments HP is writing an accompanying document NNMi Deployment by Example http://support.openview.hp.com/selfsolve/manuals
Steps we ll take Initial Login and User Creation Apply license Configure Communication Configure Discovery Configure Monitoring Configure Incidents, Traps and Automatic Actions Configure the Graphical User Interface Maintenance Health Checks Possible Use Scenarios
Other steps we will not cover include Machine sizing NNMi now supports HTTPS and LDAP. Integration with other products such as HP OM, HP UCMDB, and other 3rd party products Configuring HA or Failover Configuring a remote Oracle database ispis See the NNMi Deployment Guide for more information on these topics
Assumptions Installation has already been done Installation Hints Check all prerequisites especially kernel parameters, shared memory, semaphores, RAM, etc. This example is done on a Unix machine. Paths need to be converted for Windows.
After the install, validate processes are running At command line, run ovstatus c for a basic check. Most processes are now within the ovjboss so you must also run ovstatus v for the details of the jboss services.
jboss processes # ovstatus -v ovjboss object manager name: ovjboss state: RUNNING PID: 20413 last message: Initialization complete. exit status: - additional info: SERVICE CPListener CommunicationModelService CommunicationParametersStatsService CustomPoller EventsCustomExportService ExtensionDeployer InstanceDiscoveryService IslandSpotterService KeyManager StagedSnmp StatePoller TrustManager STATUS Service is started Service is started Service is started Service is started Service is started Service is started Service is started Service is started Service is started Service is started Service is started Service is started
Initial Login Login with browser (no more java plugins required) http://myserver.example.com/nnm
Quick Tour of the GUI 1. Title Bar 2. Main Menu Bar 3. Workspace Navigation Panel 4. Workspaces 5. Views 6. View Panel 7. View Toolbar 8. Status Bar
Initially log in with the system password created during installation
Create a new user It s best to create an administrator account rather than using the system login
Click on the Configuration Workspace and select User Accounts and Roles.
Click on the New Icon to launch the Account Mapping form Select the pull down menu to the right of the Account entry and select New. (It is a common mistake to try to simply type in the Account rather than creating a New one.)
Type in the User Name and Password (we ll call ours admin and the password will be adminpw ) Select the role and hit save and close
We now have an admin account Try logging out and back in with the new account. You can see the user presently logged in to this session in the upper right.
Apply a license Product comes with a 250 node instant on license. You don t need to do anything to use this license. But once you hit 250 nodes, no other nodes will be discovered or monitored. You can also obtain a temporary license from HP for initial trial. You can apply the license via a GUI using nnmlicense.ovpl NNM g Or via the command line using nnmlicense.ovpl NNM -f./mylicense.key
Configure Communication Go to the Configuration Workspace and select Communication Configuration
Select the Default Community Strings tab and click on the New icon. Enter all of your SNMP Read Community Strings here. Order does not matter. NNMi attempts all Comm Strings simultaneously and chooses the first one that succeeds. You can also modify the default timeout and retry attempts here. Consider unchecking the Enable SNMP Address Discovery check box. After making changes, save and close the form.
SNMP management address discovery If you have Cisco devices using loopback addresses, consider unchecking the Enable SNMP Address Discovery box. That way, the loopback address is the only address that will ever be tried for SNMP communication.
Discovery Configuration List based discovery (similar to loadhosts of legacy NNM) More control No surprises Requires high level of knowledge of nodes Only name or IP is required. No subnet masks required Static data Auto-discovery (we ll use this for our example) Always up to date Requires good rules to control breadth of discovery By default, NNMi only discovery switches and routers (this is easily expanded)
Go to the Configuration Workspace and select Discovery Configuration.
Select the Auto-Discovery Rules tab and click on the New icon.
Fill out the Basics section and click on the New icon for the IP Address Ranges in this rule. The value for Ordering doesn t matter in this case since we ll only have one auto-discover rule.
Type in a range. A rule can contain multiple ranges. Choose the Range Type (Inclusive for our example) Save and close the forms. We now have a discovery rule for the 15.2.*.* subnet.
Since we didn t enable ping sweep, we must provide a seed router to get the discovery started. Add the name or IP address of a router in this subnet to begin the discovery
NNMi uses the following sources of "hints": ARP cache Ping Sweep if configured BGP - Border Gateway Protocol CDP - Cisco Discovery Protocol EIGRP - Cisco Enhanced Interior Gateway Routing Protocol ENDP - Enterasys Discovery Protocol (also known as CDP - Cabletron Discovery Protocol) FDP - Foundry Discovery Protocol OSPF - Open Shortest Path First
You ll now begin to see nodes get discovered. You can view the list of discovered nodes in many places in the GUI. Try the Network Overview under the Topology Maps workspace. Note that this is usually an abbreviation of the entire set of nodes.
Monitoring Configuration Default Behavior NNMi monitors connected interfaces where connected means the interface has a discovered connection to another interface in NNMi. Most access switch ports would not be considered connected if you don t discover end nodes. Instead typically the uplink would be monitored. Router interface hosting an IP address are also usually monitored (may be overridden by an interface setting) NNMi does not ping nodes that support SNMP You may not need to make any additional changes
Example of monitoring the uplink
Steps to modify monitoring The basic steps to modify the monitoring in NNM include Create a node group and/or interface group Associate a monitoring setting (polling policy) with the group Prioritize the monitoring setting (nodes and interfaces can match multiple groups)
Suppose that we have some nodes with an IfAlias that begins with tunnel to. We have been instructed that these interfaces need to be monitored if their speed is also 9 Kbs. We ll need to create a filter to identify any interfaces that match this criterion. Then we ll apply a polling policy to these interfaces.
Creating an Interface Group Under the Configuration Workspace, select Interface Groups
Click on the New icon
Name the new Interface Group Create the filter expression using the logical operands Save the Interface Group Test the membership with Actions -> Show Members
Results of the membership test Watch out for any stale filters on this view that might be inadvertently applied
Apply a polling policy to the interface group In order to poll the interfaces defined by this filter, we must apply a polling policy to this group. Open the Monitoring Configuration view
Since we defined an Interface Filter, select the Interface Settings tab Note the current ordering values Click New
Select the Interface Group and enter in an Ordering value We want it to be higher that the other policies (lower number) Extend the polling beyond connected interfaces Save and Close the form
Testing the polling policy Identify the selected interfaces (We ll select Inventory->Interfaces and choose our filter in the pull-down menu.) Open one of the interfaces Select Actions -> Monitoring Settings
Validate the Interface Group policy that is applied Validate that the interface is being polled
Making Exceptions to polling Most polled objects can be Unmanaged or set to Out of Service
Incident Configuration With NNMi, you can change various aspects of an incident. Some examples include enabling an incident, formatting a message, enabling de-duplication and enabling rate correlation. Suppose we wish to enhance the Interface Down incident to include the Interface Alias in the message. Open the Incident Configuration view
Choose the Management Event Configuration tab and open the Interface Down incident
We add the argument $ifalias to our message See Valid Parameters for Configuring Incident Messages in the help.
Now new incidents that arrive in the browser will have the new message format If there is no Alias defined, it is shown as null
Trap Configuration Traps must be defined by a MIB Load MIBs into NNMi using the nnmincidentcfg.ovpl command Use the loadmib or loadtraps option depending on requirements # nnmincidentcfg.ovpl -u admin -p adminpw -loadmib./ruggedcom.mib Mib file loaded: /var/tmp/mibs/./ruggedcom.mib. # nnmincidentcfg.ovpl -u admin -p adminpw -loadmib./rcsysinfo.mib Mib file loaded: /var/tmp/mibs/./rcsysinfo.mib. # nnmincidentcfg.ovpl -u admin -p adminpw -loadtraps./ruggedcomtraps.mib Mib file loaded: /var/tmp/mibs/./ruggedcomtraps.mib. Number of traps: 4. The following traps were added to incident configuration: cfgchangetrap -.1.3.6.1.4.1.15004.5.4 swupgradetrap -.1.3.6.1.4.1.15004.5.3 powersupplytrap -.1.3.6.1.4.1.15004.5.2 generictrap -.1.3.6.1.4.1.15004.5.1
We now have four new traps defined in NNMi.
Action Configuration You can add automatic actions to incidents. Usually done on Management Events rather than SNMP Traps because it s hard to predict the rate and volume of traps. NNMi automatic actions can either be executable commands or command line scripts or Python Scripts. In NNMi, actions are based on Lifecycle State change for incidents. Suppose you want to take an action when an interface goes down and another action when the interface comes back up again. Both actions should be placed on the InterfaceDown incident One should be associated with the Lifecycle State of Registered and the other should be associated with the Lifecycle State of Closed There usually will not be an associated up incident.
Suppose we have a script called writelog.ovpl that we want to run when a Node Down incident arrives As root, copy the writelog.ovpl script into the actions directory Windows: \Documents and Settings\All Users\Application Data\HP\HP BTO Software\shared\nnm\actions UNIX: /var/opt/ov/shared/nnm/actions Confirm that the command is executable
Open the Management Event Configuration tab from within the Incident Configuration Form Open the Node Down incident
Select the Action Configuration tab and click on the New button
Select the appropriate Lifecycle state (Registered in our example), Command Type (ScriptOrExecutable in our example) and the name of the command (specify the full path). Save and Close the form
Last, we must enable the action by checking the Enable box. Save and Close the form
Now we should test the action. The easiest way to do this is to look for a previous occurrence of this incident and modify the lifecycle state
We can practice running this action by setting the Lifecycle State back to Registered. This will cause our action to execute after you save this form (thus saving the Lifecycle State change). After saving it, we verify that our action ran as expected. We can look at the log file that this sample action script writes to. We should then set the Lifecycle State back to Closed and save the incident to return it to its original state.
GUI Configuration - Node Group Map Configuration (aka containers) Container maps can be created that will show nodes that are contained in a Node Group Let s suppose that we wish to create some logical containers for a few different subnets and also nodes based on names. Subnet A = Management Address of 192.25.*.* Data Center = nodes that have a system name beginning with data_center Let s suppose we wish to create the hierarchy of groups: My Network My Important Subnets Subnet A Data Center
Easiest to work from the leaf groups first We create a Node Group for Subnet A Test it as previously shown
Now create a node group for the Data Center
Next we must create a Node Group Map for each Node Group in the hierarchy
Save the Layout on each Node Group Map
For branch node group maps, no filter is necessary. Instead we only need to specify the hierarchy by selecting the Child Node Groups. Again must create the map for the group.
We now have a map hierarchy that we can drill down and back. In our example, you can open the Node Group Map for the node group My Network.
From this map, we can drill down (double click) and back with the arrows
Background graphics can be easily added We can also change the status propagation algorithms
Maintenance Backup and Restore Full backup nnmbackup.ovpl / nnmrestore.ovpl Embedded database backup nnmbackupembdb.ovpl / nnmrestoreembdb.ovpl Configuration Export and Import Allows for pinpoint configuration snapshots Make a snapshot before making any config change nnmconfigexport.ovpl / nnmconfigimport.ovpl
Maintenance of traps Need to regularly clean traps from the NNMi database (not the trap store) nnmtrimincidents.ovpl u system p mypassword -age 1 -incr weeks -origin SnmpTrap trimonly quiet HP is writing a whitepaper on trap tools NNMi Trap (nnmtrapconfig.ovpl) Service NNMi User Interface incoming traps Trap Store nnmtrapdump.ovpl NNMi Database
Health Checks Run ovstatus v to make sure the jboss processes are running well Launch the Help->About HP Network Node Manager i-series menu item for a listing of some important data points.
Check Free Memory, State Poller and Custom Poller Health
Possible Usage Scenarios Management by Exception
Layer 2 map showing outage
Investigate history of status, incidents Run actions like ping, trace route, etc.
Map based management
List based management
Miscellaneous Tips Use the embedded database even for large scale. Use caution with SNMP timeout configuration. This timeout value is incremented with each timeout and can grow quickly beyond your original intention. Keep your ping timeout and your SNMP timeout fairly equal in time. Use the Conclusions tab in the Node Form to understand why the current status is set for the node. Reduce the number of connections between node groups via the End Points Filter in the Node Group Map settings form. Do not use a @ in your SNMP strings. This is a reserved character for Cisco devices and causes NNMi grief if used.
Other resources Visit http://h20230.www2.hp.com/selfsolve/manuals to find the latest Deployment and Migration Guide for NNMi. Other whitepapers are being placed on this site regularly Visit our new NNMi upgrade website http://www.hp.com/go/nnmi NNMi Blog www.hp.com/go/nnmblog Feel free to contact me with questions kevin.n.smith@hp.com