This action might not be possible to undo. Are you sure you want to continue?
Kevin N. Smith Jeff Conrad March 6, 2009
Sample “deployment” on a small test lab • All using NNMi 8.11 • Will not address NNM 6.x/7.x to NNMi upgrades. This will be a virgin installation of NNMi 8.11 • Goal is to give you a feel for what is required and for you to see how straightforward the tasks are • This is abbreviated but the steps are similar for even our largest deployments • HP is writing an accompanying document “NNMi Deployment by Example”
Steps we’ll take
Initial Login and User Creation • Apply license • Configure Communication • Configure Discovery • Configure Monitoring • Configure Incidents, Traps and Automatic Actions • Configure the Graphical User Interface • Maintenance • Health Checks • Possible Use Scenarios
Other steps we will not cover include
sizing • NNMi now supports HTTPS and LDAP. • Integration with other products such as HP OM, HP UCMDB, and other 3rd party products • Configuring HA or Failover • Configuring a remote Oracle database • iSPIs • See the NNMi Deployment Guide for more information on these topics
has already been done
• Installation Hints
• Check all prerequisites especially kernel parameters, shared memory, semaphores, RAM, etc.
example is done on a Unix machine. Paths need to be converted for Windows.
After the install, validate processes are running
command line, run “ovstatus –c” for a basic check. • Most processes are now within the ovjboss so you must also run “ovstatus –v” for the details of the jboss services.
# ovstatus -v ovjboss object manager name: ovjboss state: RUNNING PID: 20413 last message: Initialization complete. exit status: additional info: SERVICE CPListener CommunicationModelService CommunicationParametersStatsService CustomPoller EventsCustomExportService ExtensionDeployer InstanceDiscoveryService IslandSpotterService
STATUS Service Service Service Service Service Service Service Service
is is is is is is is is
started started started started started started started started
KeyManager StagedSnmp StatePoller TrustManager Service Service Service Service is is is is started started started started
with browser (no more java plugins required) • http://myserver.example.com/nnm
Quick Tour of the GUI
1. 2. 3. 4.
Title Bar Main Menu Bar Workspace Navigation Panel Workspaces
5. 6. 7. 8.
Views View Panel View Toolbar Status Bar
log in with the system password created during installation
Create a new user
best to create an administrator account rather than using the system login
Click on the Configuration Workspace and select User Accounts and Roles.
Click on the New Icon to launch the Account Mapping form
Select the pull down menu to the right of the Account entry and select New. (It is a common mistake to try to simply type in the Account rather than creating a New one.)
Type in the User Name and Password (we’ll call ours “admin” and the password will be “adminpw”)
Select the role and hit save and close
now have an admin account
Try logging out and back in with the new account. You can see the user presently logged in to this session in the upper right.
Apply a license
comes with a 250 node instant on license. You don’t need to do anything to use this license. But once you hit 250 nodes, no other nodes will be discovered or monitored. • You can also obtain a temporary license from HP for initial trial. • You can apply the license via a GUI using
nnmlicense.ovpl NNM –g
via the command line using
nnmlicense.ovpl NNM -f ./mylicense.key
Go to the Configuration Workspace and select Communication Configuration
• • •
Select the Default Community Strings tab and click on the New icon. Enter all of your SNMP Read Community Strings here. Order does not matter. NNMi attempts all Comm Strings simultaneously and chooses the first one that succeeds. You can also modify the default timeout and retry attempts here. Consider unchecking the “Enable SNMP Address Discovery” check box. After making changes, save and close the form.
SNMP management address discovery
you have Cisco devices using loopback addresses, consider unchecking the “Enable SNMP Address Discovery” box. • That way, the loopback address is the only address that will ever be tried for SNMP communication.
List based discovery (similar to loadhosts of legacy NNM)
• More control • No surprises • Requires high level of knowledge of nodes • Only name or IP is required. No subnet masks required • Static data
Auto-discovery (we’ll use this for our example)
• Always up to date • Requires good “rules” to control breadth of discovery • By default, NNMi only discovery switches and routers (this is easily expanded)
to the Configuration Workspace and select Discovery Configuration.
the Auto-Discovery Rules tab and click on the New icon.
Fill out the Basics section and click on the New icon for the IP Address Ranges in this rule. The value for Ordering doesn’t matter in this case since we’ll only have one auto-discover rule.
• • • •
Type in a range. A rule can contain multiple ranges. Choose the Range Type (Inclusive for our example) Save and close the forms. We now have a discovery rule for the 15.2.*.* subnet.
Since we didn’t enable “ping sweep”, we must provide a seed router to get the discovery started. • Add the name or IP address of a router in this subnet to begin the discovery
uses the following sources of "hints":
• ARP cache • Ping Sweep if configured • BGP - Border Gateway Protocol • CDP - Cisco Discovery Protocol • EIGRP - Cisco Enhanced Interior Gateway Routing Protocol • ENDP - Enterasys Discovery Protocol (also known as CDP - Cabletron Discovery Protocol) • FDP - Foundry Discovery Protocol • OSPF - Open Shortest Path First
You’ll now begin to see nodes get discovered. You can view the list of discovered nodes in many places in the GUI. Try the Network Overview under the Topology Maps workspace. • Note that this is usually an abbreviation of the entire set of nodes.
• NNMi monitors “connected” interfaces where connected means the interface has a discovered connection to another interface in NNMi. Most access switch ports would not be considered connected if you don’t discover end nodes. Instead typically the uplink would be monitored. • Router interface hosting an IP address are also usually monitored (may be overridden by an interface setting) • NNMi does not ping nodes that support SNMP • You may not need to make any additional changes
of monitoring the uplink
Steps to modify monitoring
The basic steps to modify the monitoring in NNM include
• Create a node group and/or interface group • Associate a monitoring setting (polling policy) with the group • Prioritize the monitoring setting (nodes and interfaces can match multiple groups)
• • • •
Suppose that we have some nodes with an IfAlias that begins with “tunnel to”. We have been instructed that these interfaces need to be monitored if their speed is also 9 Kbs. We’ll need to create a filter to identify any interfaces that match this criterion. Then we’ll apply a polling policy to these interfaces.
Creating an Interface Group
Under the Configuration Workspace, select Interface Groups
on the New icon
Name the new Interface Group • Create the filter expression using the logical operands • Save the Interface Group • Test the membership with Actions -> Show Members
of the membership test • Watch out for any “stale” filters on this view that might be inadvertently applied
Apply a polling policy to the interface group
In order to poll the interfaces defined by this filter, we must apply a polling policy to this group. • Open the Monitoring Configuration view
Since we defined an Interface Filter, select the Interface Settings tab • Note the current “ordering” values • Click New
Select the Interface Group and enter in an Ordering value • We want it to be “higher” that the other policies (lower number)
Extend the polling beyond connected interfaces Save and Close the form
Testing the polling policy
Identify the selected interfaces (We’ll select Inventory->Interfaces and choose our filter in the pull-down menu.)
Open one of the interfaces Select Actions -> Monitoring Settings
the Interface Group policy that is applied • Validate that the interface is being polled
Making Exceptions to polling
Most polled objects can be Unmanaged or set to Out of Service
With NNMi, you can change various aspects of an incident. Some examples include enabling an incident, formatting a message, enabling de-duplication and enabling rate correlation. • Suppose we wish to enhance the Interface Down incident to include the Interface Alias in the message. • Open the Incident Configuration view
Choose the Management Event Configuration tab and open the Interface Down incident
We add the argument $ifAlias to our message • See “Valid Parameters for Configuring Incident Messages” in the help.
Now new incidents that arrive in the browser will have the new message format • If there is no Alias defined, it is shown as null
Traps must be defined by a MIB • Load MIBs into NNMi using the nnmincidentcfg.ovpl command • Use the –loadMib or –loadTraps option depending on requirements
# nnmincidentcfg.ovpl -u admin -p adminpw -loadMib ./ruggedcom.mib Mib file loaded: /var/tmp/mibs/./ruggedcom.mib. # nnmincidentcfg.ovpl -u admin -p adminpw -loadMib ./rcsysinfo.mib Mib file loaded: /var/tmp/mibs/./rcsysinfo.mib. # nnmincidentcfg.ovpl -u admin -p adminpw -loadTraps ./ruggedcomtraps.mib Mib file loaded: /var/tmp/mibs/./ruggedcomtraps.mib. Number of traps: 4. The following traps were added to incident configuration: cfgChangeTrap - .22.214.171.124.4.1.15004.5.4 swUpgradeTrap - .126.96.36.199.4.1.15004.5.3 powerSupplyTrap - .188.8.131.52.4.1.15004.5.2 genericTrap - .184.108.40.206.4.1.15004.5.1
now have four new traps defined in NNMi.
You can add automatic actions to incidents. • Usually done on Management Events rather than SNMP Traps because it’s hard to predict the rate and volume of traps. • NNMi automatic actions can either be executable commands or command line scripts or Python Scripts. • In NNMi, actions are based on Lifecycle State change for incidents. • Suppose you want to take an action when an interface goes down and another action when the interface comes back up again.
• Both actions should be placed on the InterfaceDown incident • One should be associated with the Lifecycle State of “Registered” and the other should be associated with the Lifecycle State of “Closed” • There usually will not be an associated “up” incident.
we have a script called writelog.ovpl that we want to run when a Node Down incident arrives • As root, copy the writelog.ovpl script into the actions directory • Windows:
\Documents and Settings\All Users\Application Data\HP\HP BTO Software\shared\nnm\actions
that the command is executable
Open the Management Event Configuration tab from within the Incident Configuration Form • Open the Node Down incident
Select the Action Configuration tab and click on the New button
Select the appropriate Lifecycle state (Registered in our example), Command Type (ScriptOrExecutable in our example) and the name of the command (specify the full path). • Save and Close the form
Last, we must enable the action by checking the Enable box. • Save and Close the form
Now we should test the action. The easiest way to do this is to look for a previous occurrence of this incident and modify the lifecycle state
We can practice running this action by setting the Lifecycle State back to Registered. This will cause our action to execute after you save this form (thus saving the Lifecycle State change). • After saving it, we verify that our action ran as expected. We can look at the log file that this sample action script writes to. We should then set the Lifecycle State back to Closed and save the incident to return it to its original state.
GUI Configuration - Node Group Map Configuration (aka containers)
Container maps can be created that will show nodes that are contained in a Node Group • Let’s suppose that we wish to create some logical containers for a few different subnets and also nodes based on names.
• Subnet A = Management Address of 192.25.*.* • Data Center = nodes that have a system name beginning with “data_center”
Let’s suppose we wish to create the hierarchy of groups:
My Network àMy Important Subnets àSubnet A àData Center
Easiest to work from the leaf groups first • We create a Node Group for Subnet A • Test it as previously shown
create a node group for the Data Center
Next we must create a Node Group Map for each Node Group in the hierarchy
the Layout on each Node Group Map
“branch” node group maps, no filter is necessary. Instead we only need to specify the hierarchy by selecting the Child Node Groups. • Again must create the map for the group.
We now have a map hierarchy that we can drill down and back. In our example, you can open the Node Group Map for the node group “My Network”.
this map, we can drill down (double click) and back with the arrows
Background graphics can be easily added We can also change the status propagation algorithms
• Full backup • nnmbackup.ovpl / nnmrestore.ovpl • Embedded database backup • nnmbackupembdb.ovpl / nnmrestoreembdb.ovpl
Export and Import
• Allows for pinpoint configuration snapshots • Make a snapshot before making any config change
nnmconfigexport.ovpl / nnmconfigimport.ovpl
Maintenance of traps
Need to regularly clean traps from the NNMi database (not the trap store)
nnmtrimincidents.ovpl –u system –p mypassword -age 1 -incr weeks -origin SnmpTrap –trimOnly –quiet
HP is writing a whitepaper on trap tools
NNMi Trap (nnmtrapconfig.ovpl) Service NNMi User Interface
Trap Store NNMi Database
Run ovstatus –v to make sure the jboss processes are running well • Launch the Help->About HP Network Node Manager i-series menu item for a listing of some important data points.
Check Free Memory, State Poller and Custom Poller Health
Possible Usage Scenarios
2 map showing outage
history of status, incidents • Run actions like ping, trace route, etc.
Map based management
List based management
Use the embedded database even for large scale. • Use caution with SNMP timeout configuration. This timeout value is incremented with each timeout and can grow quickly beyond your original intention. Keep your ping timeout and your SNMP timeout fairly equal in time. • Use the Conclusions tab in the Node Form to understand why the current status is set for the node. • Reduce the number of connections between node groups via the End Points Filter in the Node Group Map settings form. • Do not use a “@” in your SNMP strings. This is a reserved character for Cisco devices and causes NNMi grief if used.
Visit http://h20230.www2.hp.com/selfsolve/manuals to find the latest Deployment and Migration Guide for NNMi.
Other whitepapers are being placed on this site regularly • Visit our new NNMi upgrade website • http://www.hp.com/go/nnmi
• www.hp.com/go/NNMblog • Feel free to contact me with questions firstname.lastname@example.org
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.