Sei sulla pagina 1di 76

NNMi Deployment and Configuration Technical Webinar

Kevin N. Smith Jeff Conrad March 6, 2009

NNMi Deployment and Configuration Technical Webinar Kevin N. Smith Jeff Conrad March 6, 2009

Introduction

Sample “deployment” on a small test lab

All using NNMi 8.11

Will not address NNM 6.x/7.x to NNMi upgrades. This will be a virgin installation of NNMi 8.11

Goal is to give you a feel for what is required and for you to see how straightforward the tasks are

This is abbreviated but the steps are similar for even our largest deployments

HP is writing an accompanying document “NNMi Deployment by Example” http://support.openview.hp.com/selfsolve/manuals

writing an accompanying document “NNMi Deployment by Example” • http://support.openview.hp.com/selfsolve/manuals

Steps we’ll take

Initial Login and User Creation

Apply license

Configure Communication

Configure Discovery

Configure Monitoring

Configure Incidents, Traps and Automatic Actions

Configure the Graphical User Interface

Maintenance

Health Checks

Possible Use Scenarios

Actions • Configure the Graphical User Interface • Maintenance • Health Checks • Possible Use Scenarios

Other steps we will not cover include

Machine sizing

NNMi now supports HTTPS and LDAP.

Integration with other products such as HP OM, HP UCMDB, and other 3rd party products

Configuring HA or Failover

Configuring a remote Oracle database

iSPIs

See the NNMi Deployment Guide for more information on these topics

Configuring a remote Oracle database • iSPIs • See the NNMi Deployment Guide for more information

Assumptions

Installation has already been done

Installation Hints

Check all prerequisites especially kernel parameters, shared memory, semaphores, RAM, etc.

This example is done on a Unix machine. Paths need to be converted for Windows.

shared memory, semaphores, RAM, etc. • This example is done on a Unix machine. Paths need

After the install, validate processes are running

At command line, run “ovstatus –c” for a basic check. Most processes are now within the ovjboss so you must also run “ovstatus –v” for the details of the jboss services.

Most processes are now within the ovjboss so you must also run “ovstatus –v” for the

jboss processes

# ovstatus -v ovjboss

object manager name: ovjboss

state:

RUNNING

PID:

20413

last message:

Initialization complete.

exit status:

-

additional info:

SERVICE

STATUS

CPListener

Service is started

CommunicationModelService

Service is started

CommunicationParametersStatsService

Service is started

CustomPoller

Service is started

EventsCustomExportService

Service is started

ExtensionDeployer

Service is started

InstanceDiscoveryService

Service is started

IslandSpotterService

Service is started

KeyManager

Service is started

StagedSnmp

Service is started

StatePoller

Service is started

TrustManager

Service is started

started StagedSnmp Service is started StatePoller Service is started TrustManager Service is started

Initial Login

Login with browser (no more java plugins required) http://myserver.example.com/nnm

Initial Login • Login with browser (no more java plugins required) • http://myserver.example.com/nnm

Quick Tour of the GUI

Quick Tour of the GUI 1. Title Bar 2. Main Menu Bar 3. Workspace Navigation Panel

1. Title Bar

2. Main Menu Bar

3. Workspace Navigation Panel

4. Workspaces

5. Views

6. View Panel

7. View Toolbar

8. Status Bar

2. Main Menu Bar 3. Workspace Navigation Panel 4. Workspaces 5. Views 6. View Panel 7.

Initially log in with the system password created during installation

• Initially log in with the system password created during installation

Create a new user

It’s best to create an administrator account rather than using the system login

Create a new user • It’s best to create an administrator account rather than using the

Click on the Configuration Workspace and select User Accounts and Roles.

• Click on the Configuration Workspace and select User Accounts and Roles.

Click on the New Icon to launch the Account Mapping form

• Click on the New Icon to launch the Account Mapping form • Select the pull

Select the pull down menu to the right of the Account entry and select New. (It is a common mistake to try to simply type in the Account rather than creating a New one.)

entry and select New. (It is a common mistake to try to simply type in the

Type in the User Name and Password (we’ll call ours “admin” and the password will be “adminpw”)

(we’ ll call ours “admin” and the password will be “adminpw”) • Select the role and

Select the role and hit save and close

(we’ ll call ours “admin” and the password will be “adminpw”) • Select the role and

We now have an admin account

• We now have an admin account • Try logging out and back in with the

Try logging out and back in with the new account. You can see the user presently logged in to this session in the upper right.

logging out and back in with the new account. You can see the user presently logged

Apply a license

Product comes with a 250 node instant on license. You don’t need to do anything to use this license. But once you hit 250 nodes, no other nodes will be discovered or monitored.

You can also obtain a temporary license from HP for initial trial.

You can apply the license via a GUI using

nnmlicense.ovpl NNM –g

Or via the command line using

nnmlicense.ovpl NNM -f ./mylicense.key

license via a GUI using nnmlicense.ovpl NNM –g • Or via the command line using nnmlicense.ovpl

Configure Communication

Go to the Configuration Workspace and select Communication Configuration

Configure Communication • Go to the Configuration Workspace and select Communication Configuration

Select the Default Community Strings tab and click on the New icon. Enter all of your SNMP Read Community Strings here.

Order does not matter. NNMi attempts all Comm Strings simultaneously and chooses the first one that succeeds.

You can also modify the default timeout and retry attempts here. Consider unchecking the “Enable SNMP Address Discovery” check box. After making changes, save and close the form.

Consider unchecking the “Enable SNMP Address Discovery” check box. After making changes, save and close the

SNMP management address discovery

If you have Cisco devices using loopback addresses, consider unchecking the “Enable SNMP Address Discovery” box. That way, the loopback address is the only address that will ever be tried for SNMP communication.

box. • That way, the loopback address is the only address that will ever be tried

Discovery Configuration

List based discovery (similar to loadhosts of legacy NNM)

More control

No surprises

Requires high level of knowledge of nodes

Only name or IP is required. No subnet masks required

Static data

Auto-discovery (we’ll use this for our example)

Always up to date

Requires good “rules” to control breadth of discovery

By default, NNMi only discovery switches and routers (this is easily expanded)

to control breadth of discovery • By default, NNMi only discovery switches and routers (this is

Go to the Configuration Workspace and select Discovery Configuration.

• Go to the Configuration Workspace and select Discovery Configuration.

Select the Auto-Discovery Rules tab and click on the New icon.

• Select the Auto-Discovery Rules tab and click on the New icon.

Fill out the Basics section and click on the New icon for the IP Address Ranges in this rule. The value for Ordering doesn’t matter in this case since we’ll only have one auto-discover rule.

in this rule. The value for Ordering doesn’t matter in this case since we’ ll only

Type in a range. A rule can contain multiple ranges.

Choose the Range Type (Inclusive for our example)

Save and close the forms.

We now have a discovery rule for the 15.2.*.* subnet.

Type (Inclusive for our example) • Save and close the forms. • We now have a

Since we didn’t enable “ping sweep”, we must provide a seed router to get the discovery started.

Add the name or IP address of a router in this subnet to begin the discovery

router to get the discovery started. • Add the name or IP address of a router

NNMi uses the following sources of "hints":

ARP cache

Ping Sweep if configured

BGP - Border Gateway Protocol

CDP - Cisco Discovery Protocol

EIGRP - Cisco Enhanced Interior Gateway Routing Protocol

ENDP - Enterasys Discovery Protocol (also known as CDP - Cabletron Discovery Protocol)

FDP - Foundry Discovery Protocol

OSPF - Open Shortest Path First

known as CDP - Cabletron Discovery Protocol) • FDP - Foundry Discovery Protocol • OSPF -

You’ll now begin to see nodes get discovered. You can view the list of discovered nodes in many places in the GUI. Try the Network Overview under the Topology Maps workspace.

Note that this is usually an abbreviation of the entire set of nodes.

Overview under the Topology Maps workspace. • Note that this is usually an abbreviation of the

Monitoring Configuration

Default Behavior

NNMi monitors “connected” interfaces where connected means the interface has a discovered connection to another interface in NNMi. Most access switch ports would not be considered connected if you don’t discover end nodes. Instead typically the uplink would be monitored. Router interface hosting an IP address are also usually monitored (may be overridden by an interface setting) NNMi does not ping nodes that support SNMP You may not need to make any additional changes

interface setting) • NNMi does not ping nodes that support SNMP • You may not need

Example of monitoring the uplink

• Example of monitoring the uplink
• Example of monitoring the uplink

Steps to modify monitoring

The basic steps to modify the monitoring in NNM include

Create a node group and/or interface group

Associate a monitoring setting (polling policy) with the group

Prioritize the monitoring setting (nodes and interfaces can match multiple groups)

(polling policy) with the group • Prioritize the monitoring setting (nodes and interfaces can match multiple

Suppose that we have some nodes with an IfAlias that begins with “tunnel to”.

We have been instructed that these interfaces need to be monitored if their speed is also 9 Kbs.

We’ll need to create a filter to identify any interfaces that match this criterion.

Then we’ll apply a polling policy to these interfaces.

filter to identify any interfaces that match this criterion. • Then we’ll apply a polling policy

Creating an Interface Group

Under the Configuration Workspace, select Interface Groups

Creating an Interface Group • Under the Configuration Workspace, select Interface Groups

Click on the New icon

• Click on the New icon

Name the new Interface Group

Create the filter expression using the logical operands

Save the Interface Group

Test the membership with Actions -> Show Members

using the logical operands • Save the Interface Group • Test the membership with Actions -

Results of the membership test Watch out for any “stale” filters on this view that might be inadvertently applied

of the membership test • Watch out for any “stale” filters on this view that might

Apply a polling policy to the interface group

In order to poll the interfaces defined by this filter, we must apply a polling policy to this group.

Open the Monitoring Configuration view

defined by this filter, we must apply a polling policy to this group. • Open the

Since we defined an Interface Filter, select the Interface Settings tab

Note the current “ordering” values

Click New

defined an Interface Filter, select the Interface Setti ngs tab • Note the current “ordering” values

Select the Interface Group and enter in an Ordering value

We want it to be “higher” that the other policies (lower number)

it to be “higher” that the other policies (lower number) • Extend the polling beyond connected

Extend the polling beyond connected interfaces

Save and Close the form

that the other policies (lower number) • Extend the polling beyond connected interfaces • Save and

Testing the polling policy

Identify the selected interfaces (We’ll select Inventory->Interfaces and choose our filter in the pull-down menu.)

and choose our filter in the pull-down menu.) • Open one of the interfaces • Select

Open one of the interfaces

Select Actions -> Monitoring Settings

choose our filter in the pull-down menu.) • Open one of the interfaces • Select Actions

Validate the Interface Group policy that is applied Validate that the interface is being polled

• Validate the Interface Group policy that is applied • Validate that the interface is being

Making Exceptions to polling

Most polled objects can be Unmanaged or set to Out of Service

Making Exceptions to polling • Most polled objects can be Unmanaged or set to Out of

Incident Configuration

With NNMi, you can change various aspects of an incident. Some examples include enabling an incident, formatting a message, enabling de-duplication and enabling rate correlation.

Suppose we wish to enhance the Interface Down incident to include the Interface Alias in the message.

Open the Incident Configuration view

the Interface Down incident to include the Interface Alias in the message. • Open the Incident

Choose the Management Event Configuration tab and open the Interface Down incident

• Choose the Management Event Configuration tab and open the Interface Down incident

We add the argument $ifAlias to our message See “Valid Parameters for Configuring Incident Messages” in the help.

the argument $ ifAlias to our message • See “ Valid Parameters for Configuring Incident Messages

Now new incidents that arrive in the browser will have the new message format If there is no Alias defined, it is shown as null

that arrive in the browser will have the new message format • If there is no

Trap Configuration

Traps must be defined by a MIB

Load MIBs into NNMi using the nnmincidentcfg.ovpl command

Use the –loadMib or –loadTraps option depending on requirements

# nnmincidentcfg.ovpl -u admin -p adminpw -loadMib ./ruggedcom.mib Mib file loaded: /var/tmp/mibs/./ruggedcom.mib.

# nnmincidentcfg.ovpl -u admin -p adminpw -loadMib ./rcsysinfo.mib Mib file loaded: /var/tmp/mibs/./rcsysinfo.mib.

# nnmincidentcfg.ovpl -u admin -p adminpw -loadTraps ./ruggedcomtraps.mib Mib file loaded: /var/tmp/mibs/./ruggedcomtraps.mib. Number of traps: 4. The following traps were added to incident configuration:

cfgChangeTrap - .1.3.6.1.4.1.15004.5.4 swUpgradeTrap - .1.3.6.1.4.1.15004.5.3 powerSupplyTrap - .1.3.6.1.4.1.15004.5.2 genericTrap - .1.3.6.1.4.1.15004.5.1

swUpgradeTrap - .1.3.6.1.4.1.15004.5.3 powerSupplyTrap - .1.3.6.1.4.1.15004.5.2 genericTrap - .1.3.6.1.4.1.15004.5.1

We now have four new traps defined in NNMi.

• We now have four new traps defined in NNMi.

Action Configuration

You can add automatic actions to incidents.

Usually done on Management Events rather than SNMP Traps because it’s hard to predict the rate and volume of traps.

NNMi automatic actions can either be executable commands or command line scripts or Python Scripts.

In NNMi, actions are based on Lifecycle State change for incidents.

Suppose you want to take an action when an interface goes down and another action when the interface comes back up again.

Both actions should be placed on the InterfaceDown incident

One should be associated with the Lifecycle State of “Registered” and the other should be associated with the Lifecycle State of “Closed”

There usually will not be an associated “up” incident.

be associated with the Lifecycle State of “Closed” • There usually will not be an associated

Suppose we have a script called writelog.ovpl that we want to run when a Node Down incident arrives

As root, copy the writelog.ovpl script into the actions directory

Windows:

\Documents and Settings\All Users\Application Data\HP\HP BTO Software\shared\nnm\actions

UNIX:

/var/opt/OV/shared/nnm/actions

Confirm that the command is executable

HP BTO Software \shared\nnm\actions • UNIX: / var/opt/OV/shared/nnm/actions • Confirm that the command is executable

Open the Management Event Configuration tab from within the Incident Configuration Form Open the Node Down incident

Open the Management Event Configuration tab from within the Incident Configuration Form • Open the Node

Select the Action Configuration tab and click on the New button

• Select the Action Configuration tab and click on the New button

Select the appropriate Lifecycle state (Registered in our example), Command Type (ScriptOrExecutable in our example) and the name of the command (specify the full path).

Save and Close the form

(ScriptOrExecutable in our example) and the name of the command (specify the full path). • Save

Last, we must enable the action by checking the Enable box.

Save and Close the form

• Last, we must enable the action by checking the Enable box. • Save and Close

Now we should test the action. The easiest way to do this is to look for a previous occurrence of this incident and modify the lifecycle state

action. The easiest way to do this is to look for a previous occurrence of this

We can practice running this action by setting the Lifecycle State back to Registered. This will cause our action to execute after you save this form (thus saving the Lifecycle State change).

After saving it, we verify that our action ran as expected. We can look at the log file that this sample action script writes to. We should then set the Lifecycle State back to Closed and save the incident to return it to its original state.

writes to. We should then set the Lifecycle State back to Closed and save the incident

GUI Configuration - Node Group Map Configuration (aka containers)

Container maps can be created that will show nodes that are contained in a Node Group

Let’s suppose that we wish to create some logical containers for a few different subnets and also nodes based on names.

Subnet A = Management Address of 192.25.*.* Data Center = nodes that have a system name beginning with “data_center”

Let’s suppose we wish to create the hierarchy of groups:

My Network

àMy Important Subnets àSubnet A àData Center

s suppose we wish to create the hierarchy of groups: My Network à My Important Subnets

Easiest to work from the leaf groups first

We create a Node Group for Subnet A

Test it as previously shown

• Easiest to work from the leaf groups first • We create a Node Group for

Now create a node group for the Data Center

• Now create a node group for the Data Center

Next we must create a Node Group Map for each Node Group in the hierarchy

• Next we must create a Node Group Map for each Node Group in the hierarchy

Save the Layout on each Node Group Map

• Save the Layout on each Node Group Map

For “branch” node group maps, no filter is necessary. Instead we only need to specify the hierarchy by selecting the Child Node Groups. Again must create the map for the group.

we only need to specify the hierarchy by selecting the Child Node Groups. • Again must

We now have a map hierarchy that we can drill down and back. In our example, you can open the Node Group Map for the node group “My Network”.

that we can drill down and back. In our example, you can open the Node Group

From this map, we can drill down (double click) and back with the arrows

• From this map, we can drill down (double click) and back with the arrows

Background graphics can be easily added

We can also change the status propagation algorithms

• Background graphics can be easily added • We can also change the status propagation algorithms

Maintenance

Backup and Restore

Full backup

nnmbackup.ovpl / nnmrestore.ovpl

Embedded database backup

nnmbackupembdb.ovpl / nnmrestoreembdb.ovpl

Configuration Export and Import

Allows for pinpoint configuration snapshots Make a snapshot before making any config change

nnmconfigexport.ovpl / nnmconfigimport.ovpl

configuration snapshots • Make a snapshot before making any config change nnmconfigexport.ovpl / nnmconfigimport.ovpl

Maintenance of traps

Need to regularly clean traps from the NNMi database (not the trap store)

nnmtrimincidents.ovpl –u system –p mypassword -age 1 -incr weeks -origin SnmpTrap –trimOnly –quiet

HP is writing a whitepaper on trap tools

NNMi

Trap

(nnmtrapconfig.ovpl)

NNMi User Interface NNMi Database
NNMi
User
Interface
NNMi Database
Service incoming traps Trap Store nnmtrapdump.ovpl
Service
incoming
traps
Trap Store
nnmtrapdump.ovpl

Health Checks

Run ovstatus –v to make sure the jboss processes are running well

Launch the Help->About HP Network Node Manager i-series menu item for a listing of some important data points.

• Launch the Help->About HP Network Node Manager i-series menu item for a listing of some

Check Free Memory, State Poller and Custom Poller Health

• Check Free Memory, State Poller and Custom Poller Health

Possible Usage Scenarios

Management by Exception

Possible Usage Scenarios • Management by Exception
Possible Usage Scenarios • Management by Exception

Layer 2 map showing outage

• Layer 2 map showing outage

Investigate history of status, incidents Run actions like ping, trace route, etc.

• Investigate history of status, incidents • Run actions like ping, trace route, etc.

Map based management

Map based management

List based management

List based management

Miscellaneous Tips

Use the embedded database even for large scale.

Use caution with SNMP timeout configuration. This timeout value is incremented with each timeout and can grow quickly beyond your original intention. Keep your ping timeout and your SNMP timeout fairly equal in time.

Use the Conclusions tab in the Node Form to understand why the current status is set for the node.

Reduce the number of connections between node groups via the End Points Filter in the Node Group Map settings form.

Do not use a “@” in your SNMP strings. This is a reserved character for Cisco devices and causes NNMi grief if used.

Do not use a “@” in your SNMP strings. This is a reserved character for Cisco

Other resources

Visit http://h20230.www2.hp.com/selfsolve/manuals to find the latest Deployment and Migration Guide for NNMi.

Other whitepapers are being placed on this site regularly

Visit our new NNMi upgrade website

http://www.hp.com/go/nnmi

NNMi Blog

www.hp.com/go/NNMblog

Feel free to contact me with questions kevin.n.smith@hp.com

• NNMi Blog • www.hp.com/go/NNMblog • Feel free to contact me with questions kevin.n.smith@hp.com