NNMi Deployment and Configuration Technical Webinar

Kevin N. Smith Jeff Conrad March 6, 2009

Introduction
Sample deployment on a small test lab All using NNMi 8.11 Will not address NNM 6.x/7.x to NNMi upgrades. This will be a virgin installation of NNMi 8.11 Goal is to give you a feel for what is required and for you to see how straightforward the tasks are This is abbreviated but the steps are similar for even our largest deployments HP is writing an accompanying document NNMi Deployment by Example

http://support.openview.hp.com/selfsolve/manuals

Steps well take

Initial Login and User Creation Apply license Configure Communication Configure Discovery Configure Monitoring Configure Incidents, Traps and Automatic Actions Configure the Graphical User Interface Maintenance Health Checks Possible Use Scenarios

Other steps we will not cover include

Machine

sizing NNMi now supports HTTPS and LDAP. Integration with other products such as HP OM, HP UCMDB, and other 3rd party products Configuring HA or Failover Configuring a remote Oracle database iSPIs See the NNMi Deployment Guide for more information on these topics

Assumptions
Installation

has already been done

Installation Hints
Check all prerequisites especially kernel parameters, shared memory, semaphores, RAM, etc.

This

example is done on a Unix machine. Paths need to be converted for Windows.

After the install, validate processes are running

At

command line, run ovstatus c for a basic check. Most processes are now within the ovjboss so you must also run ovstatus v for the details of the jboss services.

jboss processes
# ovstatus -v ovjboss object manager name: ovjboss state: RUNNING PID: 20413 last message: Initialization complete. exit status: additional info: SERVICE CPListener CommunicationModelService CommunicationParametersStatsService CustomPoller EventsCustomExportService ExtensionDeployer InstanceDiscoveryService IslandSpotterService

STATUS Service Service Service Service Service Service Service Service

is is is is is is is is

started started started started started started started started

KeyManager StagedSnmp StatePoller TrustManager Service Service Service Service is is is is started started started started

Initial Login
Login

with browser (no more java plugins required) http://myserver.example.com/nnm

Quick Tour of the GUI

1. 2. 3. 4.

Title Bar Main Menu Bar Workspace Navigation Panel Workspaces

5. 6. 7. 8.

Views View Panel View Toolbar Status Bar

 Initially

log in with the system password created during installation

Create a new user

Its

best to create an administrator account rather than using the system login

Click on the Configuration Workspace and select User Accounts and Roles.

Click on the New Icon to launch the Account Mapping form

Select the pull down menu to the right of the Account entry and select New. (It is a common mistake to try to simply type in the Account rather than creating a New one.)

Type in the User Name and Password (well call ours admin and the password will be adminpw)

Select the role and hit save and close

 We

now have an admin account

Try logging out and back in with the new account. You can see the user presently logged in to this session in the upper right.

Apply a license
Product

comes with a 250 node instant on license. You dont need to do anything to use this license. But once you hit 250 nodes, no other nodes will be discovered or monitored. You can also obtain a temporary license from HP for initial trial. You can apply the license via a GUI using
nnmlicense.ovpl NNM g
Or

via the command line using

nnmlicense.ovpl NNM -f ./mylicense.key

Configure Communication

Go to the Configuration Workspace and select Communication Configuration

Select the Default Community Strings tab and click on the New icon. Enter all of your SNMP Read Community Strings here. Order does not matter. NNMi attempts all Comm Strings simultaneously and chooses the first one that succeeds. You can also modify the default timeout and retry attempts here. Consider unchecking the Enable SNMP Address Discovery check box. After making changes, save and close the form.

SNMP management address discovery

If

you have Cisco devices using loopback addresses, consider unchecking the Enable SNMP Address Discovery box. That way, the loopback address is the only address that will ever be tried for SNMP communication.

Discovery Configuration

List based discovery (similar to loadhosts of legacy NNM)

More control No surprises Requires high level of knowledge of nodes Only name or IP is required. No subnet masks required Static data

Auto-discovery (well use this for our example)

Always up to date Requires good rules to control breadth of discovery By default, NNMi only discovery switches and routers (this is easily expanded)

 Go

to the Configuration Workspace and select Discovery Configuration.

 Select

the Auto-Discovery Rules tab and click on the New icon.

Fill out the Basics section and click on the New icon for the IP Address Ranges in this rule. The value for Ordering doesnt matter in this case since well only have one auto-discover rule.

Type in a range. A rule can contain multiple ranges. Choose the Range Type (Inclusive for our example) Save and close the forms. We now have a discovery rule for the 15.2.*.* subnet.

Since we didnt enable ping sweep, we must provide a seed router to get the discovery started. Add the name or IP address of a router in this subnet to begin the discovery

 NNMi

uses the following sources of "hints":

ARP cache Ping Sweep if configured BGP - Border Gateway Protocol CDP - Cisco Discovery Protocol EIGRP - Cisco Enhanced Interior Gateway Routing Protocol ENDP - Enterasys Discovery Protocol (also known as CDP - Cabletron Discovery Protocol) FDP - Foundry Discovery Protocol OSPF - Open Shortest Path First

Youll now begin to see nodes get discovered. You can view the list of discovered nodes in many places in the GUI. Try the Network Overview under the Topology Maps workspace. Note that this is usually an abbreviation of the entire set of nodes.

Monitoring Configuration
Default

Behavior

NNMi monitors connected interfaces where connected means the interface has a discovered connection to another interface in NNMi. Most access switch ports would not be considered connected if you dont discover end nodes. Instead typically the uplink would be monitored. Router interface hosting an IP address are also usually monitored (may be overridden by an interface setting) NNMi does not ping nodes that support SNMP You may not need to make any additional changes

 Example

of monitoring the uplink

Steps to modify monitoring

The basic steps to modify the monitoring in NNM include

Create a node group and/or interface group Associate a monitoring setting (polling policy) with the group Prioritize the monitoring setting (nodes and interfaces can match multiple groups)

Suppose that we have some nodes with an IfAlias that begins with tunnel to. We have been instructed that these interfaces need to be monitored if their speed is also 9 Kbs. Well need to create a filter to identify any interfaces that match this criterion. Then well apply a polling policy to these interfaces.

Creating an Interface Group

Under the Configuration Workspace, select Interface Groups

 Click

on the New icon

Name the new Interface Group Create the filter expression using the logical operands Save the Interface Group Test the membership with Actions -> Show Members

 Results

of the membership test Watch out for any stale filters on this view that might be inadvertently applied

Apply a polling policy to the interface group

In order to poll the interfaces defined by this filter, we must apply a polling policy to this group. Open the Monitoring Configuration view

Since we defined an Interface Filter, select the Interface Settings tab Note the current ordering values Click New

Select the Interface Group and enter in an Ordering value We want it to be higher that the other policies (lower number)

Extend the polling beyond connected interfaces Save and Close the form

Testing the polling policy

Identify the selected interfaces (Well select Inventory->Interfaces and choose our filter in the pull-down menu.)

Open one of the interfaces Select Actions -> Monitoring Settings

 Validate

the Interface Group policy that is applied Validate that the interface is being polled

Making Exceptions to polling

Most polled objects can be Unmanaged or set to Out of Service

Incident Configuration
With NNMi, you can change various aspects of an incident. Some examples include enabling an incident, formatting a message, enabling de-duplication and enabling rate correlation. Suppose we wish to enhance the Interface Down incident to include the Interface Alias in the message. Open the Incident Configuration view

Choose the Management Event Configuration tab and open the Interface Down incident

We add the argument $ifAlias to our message See Valid Parameters for Configuring Incident Messages in the help.

Now new incidents that arrive in the browser will have the new message format If there is no Alias defined, it is shown as null

Trap Configuration
Traps must be defined by a MIB Load MIBs into NNMi using the nnmincidentcfg.ovpl command Use the loadMib or loadTraps option depending on requirements

# nnmincidentcfg.ovpl -u admin -p adminpw -loadMib ./ruggedcom.mib Mib file loaded: /var/tmp/mibs/./ruggedcom.mib. # nnmincidentcfg.ovpl -u admin -p adminpw -loadMib ./rcsysinfo.mib Mib file loaded: /var/tmp/mibs/./rcsysinfo.mib. # nnmincidentcfg.ovpl -u admin -p adminpw -loadTraps ./ruggedcomtraps.mib Mib file loaded: /var/tmp/mibs/./ruggedcomtraps.mib. Number of traps: 4. The following traps were added to incident configuration: cfgChangeTrap - .1.3.6.1.4.1.15004.5.4 swUpgradeTrap - .1.3.6.1.4.1.15004.5.3 powerSupplyTrap - .1.3.6.1.4.1.15004.5.2 genericTrap - .1.3.6.1.4.1.15004.5.1

 We

now have four new traps defined in NNMi.

Action Configuration
You can add automatic actions to incidents. Usually done on Management Events rather than SNMP Traps because its hard to predict the rate and volume of traps. NNMi automatic actions can either be executable commands or command line scripts or Python Scripts. In NNMi, actions are based on Lifecycle State change for incidents. Suppose you want to take an action when an interface goes down and another action when the interface comes back up again.

Both actions should be placed on the InterfaceDown incident One should be associated with the Lifecycle State of Registered and the other should be associated with the Lifecycle State of Closed There usually will not be an associated up incident.

 Suppose

we have a script called writelog.ovpl that we want to run when a Node Down incident arrives As root, copy the writelog.ovpl script into the actions directory Windows:
\Documents and Settings\All Users\Application Data\HP\HP BTO Software\shared\nnm\actions
UNIX:

/var/opt/OV/shared/nnm/actions
Confirm

that the command is executable

Open the Management Event Configuration tab from within the Incident Configuration Form Open the Node Down incident

Select the Action Configuration tab and click on the New button

Select the appropriate Lifecycle state (Registered in our example), Command Type (ScriptOrExecutable in our example) and the name of the command (specify the full path). Save and Close the form

Last, we must enable the action by checking the Enable box. Save and Close the form

Now we should test the action. The easiest way to do this is to look for a previous occurrence of this incident and modify the lifecycle state

We can practice running this action by setting the Lifecycle State back to Registered. This will cause our action to execute after you save this form (thus saving the Lifecycle State change). After saving it, we verify that our action ran as expected. We can look at the log file that this sample action script writes to. We should then set the Lifecycle State back to Closed and save the incident to return it to its original state.

GUI Configuration - Node Group Map Configuration (aka containers)

Container maps can be created that will show nodes that are contained in a Node Group Lets suppose that we wish to create some logical containers for a few different subnets and also nodes based on names.

Subnet A = Management Address of 192.25.*.* Data Center = nodes that have a system name beginning with data_center

Lets suppose we wish to create the hierarchy of groups:

My Network My Important Subnets Subnet A Data Center

Easiest to work from the leaf groups first We create a Node Group for Subnet A Test it as previously shown

 Now

create a node group for the Data Center

Next we must create a Node Group Map for each Node Group in the hierarchy

 Save

the Layout on each Node Group Map

 For

branch node group maps, no filter is necessary. Instead we only need to specify the hierarchy by selecting the Child Node Groups. Again must create the map for the group.

We now have a map hierarchy that we can drill down and back. In our example, you can open the Node Group Map for the node group My Network.

 From

this map, we can drill down (double click) and back with the arrows

Background graphics can be easily added We can also change the status propagation algorithms

Maintenance
Backup

and Restore

Full backup nnmbackup.ovpl / nnmrestore.ovpl Embedded database backup nnmbackupembdb.ovpl / nnmrestoreembdb.ovpl

Configuration

Export and Import

Allows for pinpoint configuration snapshots Make a snapshot before making any config change
nnmconfigexport.ovpl / nnmconfigimport.ovpl

Maintenance of traps

Need to regularly clean traps from the NNMi database (not the trap store)
nnmtrimincidents.ovpl u system p mypassword -age 1 -incr weeks -origin SnmpTrap trimOnly quiet

HP is writing a whitepaper on trap tools

NNMi Trap (nnmtrapconfig.ovpl) Service NNMi User Interface

incoming traps

Trap Store NNMi Database

nnmtrapdump.ovpl

Health Checks
Run ovstatus v to make sure the jboss processes are running well Launch the Help->About HP Network Node Manager i-series menu item for a listing of some important data points.

Check Free Memory, State Poller and Custom Poller Health

Possible Usage Scenarios

Management

by Exception

 Layer

2 map showing outage

 Investigate

history of status, incidents Run actions like ping, trace route, etc.

Map based management

List based management

Miscellaneous Tips
Use the embedded database even for large scale. Use caution with SNMP timeout configuration. This timeout value is incremented with each timeout and can grow quickly beyond your original intention. Keep your ping timeout and your SNMP timeout fairly equal in time. Use the Conclusions tab in the Node Form to understand why the current status is set for the node. Reduce the number of connections between node groups via the End Points Filter in the Node Group Map settings form. Do not use a @ in your SNMP strings. This is a reserved character for Cisco devices and causes NNMi grief if used.

Other resources

Visit http://h20230.www2.hp.com/selfsolve/manuals to find the latest Deployment and Migration Guide for NNMi.

Other whitepapers are being placed on this site regularly Visit our new NNMi upgrade website http://www.hp.com/go/nnmi
NNMi

Blog

www.hp.com/go/NNMblog Feel free to contact me with questions kevin.n.smith@hp.com