Cisco Active Network Abstraction Administrator’s Guide, 3.5 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
Important Notice Important Notice Cisco ANA 3.5 is a carrier-class, multi-vendor network and service management platform which builds a real-time virtual model of the network, serving as a live information base for value-added tools and applications for integration into an existing OSS environment. Cisco ANA 3.5 is a limited release by Cisco Systems of the existing features and functions of the Sheer DNA 4.0.1 software.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 The Product Documentation DVD is a comprehensive library of technical product documentation on portable media. The DVD enables you to access multiple versions of hardware and software installation, configuration, and command guides for Cisco products and to view technical documentation in HTML. With the DVD, you have access to the same documentation that is found on the Cisco website without being connected to the Internet.
Important Notice Cisco Product Security Overview Cisco provides a free online Security Vulnerability Policy portal at this URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.h tml From this site, you can perform these tasks: • Report security vulnerabilities in Cisco products. • Obtain assistance with security incidents that involve Cisco products. • Register to receive security information from Cisco.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.h tml The link on this page has the current PGP key ID in use.
Important Notice Submitting a Service Request Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Obtaining Additional Publications and Information Information about Cisco products, technologies, and network solutions is available from various online and printed sources. Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL: http://www.cisco.
Important Notice Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL: http://www.cisco.com/ipj Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL: http://www.cisco.com/en/US/products/index.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Page x Cisco Systems, Inc.
About This Guide About This Guide This Administrator’s Guide describes the structure and features of the Sheer™ Dynamic Network Abstraction (DNA) system. Sheer DNA Manage is the GUI client application designed to simplify and facilitate Sheer DNA administration. Sheer DNA Manage enables the System Administrator to configure and control the DNA system. Sheer DNA Manage interacts with the Sheer DNA Registry (“Golden Source”) to query and modify configuration information.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Chapter 10, Managing Sheer DNA Security, page 135, describes how Sheer DNA implements a three-dimensional security engine combining a role-based security mechanism with scopes that are granted to users. In addition, it describes managing users in the Sheer DNA platform, including, defining users and passwords. Appendix A, Utility Scripts, page 155, describes the Sheer DNA utility scripts including how to restart the Sheer DNA Platform.
Introducing Sheer DNA Table of Contents 1 2 Introducing Sheer DNA .................................................................. 1 1.1 The Sheer Solution...................................................................................................1 1.2 Sheer DNA Components..........................................................................................4 1.2.1 Autonomous VNE ................................................................................................4 1.2.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 4 5 6 General DNA Manage Tables ....................................................... 61 4.1 Working with DNA Manage Tables .......................................................................61 4.2 Finding Text in a Table ..........................................................................................63 4.3 Filtering Information ..............................................................................................
Introducing Sheer DNA 7 Managing Global Settings.......................................................... 107 7.1 Managing Client Licenses ...................................................................................107 7.1.1 7.2 Viewing DB Segments .........................................................................................112 7.3 Customizing a Message of the Day ....................................................................113 7.4 Managing Polling Groups.................
Cisco Active Network Abstraction Administrator’s Guide, 3.5 10.5 A Granting or Editing a User’s Rights ...................................................................146 10.5.1 General User’s Rights......................................................................................146 10.5.2 User’s Security Rights .....................................................................................148 10.5.3 Map User Permissions ................................................................
Introducing Sheer DNA 1 Introducing Sheer DNA About this chapter: This chapter describes the Sheer™ Dynamic Network Abstraction (DNA) platform and architecture. In addition, it provides a brief explanation of the terms used throughout this guide. The Sheer DNA Manage maintenance application is part of an overall Sheer solution; therefore, in order to better understand the Sheer DNA Manage environment, a brief overview of Sheer DNA is required.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Sheer DNA provides solutions for diverse network environments and applications. It offers an integrated network and service auto-discovery for network modeling, intelligent fault analysis and a highly flexible network configuration and activation engine. This enables fully correlated management of global scale networks supporting millions of subscribers and customers.
Introducing Sheer DNA • OSS/BSS (Vertical) Integration: open, flexible northbound adaptation framework to OSS/BSS applications, in a wide variety of APIs, protocols and information models • Scalability: a fully distributed solution implementing parallel processing that inherits the scaling properties of the network by creating a virtual model of it. Adding more Autonomous VNEs and/or more DNA Units easily supports network growth.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 1.2 Sheer DNA Components The Sheer DNA system is comprised of several key components, as described in the sections that follow. 1.2.1 Autonomous VNE The Autonomous VNEs (Virtual Network Elements) are software entities that run as a completely autonomous process within the Sheer DNA Units. Each VNE is assigned to manage a single Network Element (NE) instance using whatever southbound management interfaces the NE implements (e.g. SNMP or Telnet).
Introducing Sheer DNA Another important function of the Sheer DNA Gateway is to map network resources to the business context. This enables Sheer DNA to contain information that is not directly contained in the network (such as VPNs and Subscribers) and display it to northbound applications. Sheer DNA Unit The main purpose of the Sheer DNA Units is to host the Autonomous VNEs.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 • Sheer DNA Manage: A system administration and configuration tool for managing the entire Sheer DNA platform, as described below. • Sheer Registry Editor: A tool used for viewing and configuring the Sheer Registry. The Sheer DNA Clients support automatic client updates from the Sheer DNA Gateway using Web Start.
Introducing Sheer DNA 1.4 Additional Concepts and Terms The sections below include additional concepts and terms used in the Sheer DNA Manage application and throughout this guide. AVM The Sheer DNA Units are divided into AVMs (Autonomous Virtual Machines). These AVMs are Java processes that provide the necessary distribution support platform for executing and monitoring multiple VNEs.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 License Sheer DNA Client applications and BQL connectivity is based on installed license files. Sheer DNA Manage enables the administrator to control and monitor the number of Sheer DNA Client and BQL connections over a limited or unlimited period of time based on the client licenses installed.
Introducing Sheer DNA Protection Group A Protection Group is a cluster to which Units and Standby Units are related. In case of Unit failover then the Redundant Unit will be taken from the same Protection Group. Redundant Unit The Sheer DNA Unit comes with built-in redundancy for maximum up time and automatic switching.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Scopes A scope is a named collection of managed Network Elements that have been grouped together in order to allow a user to view and/or manage the Network Elements provided a given role. Grouping can be based on geographical location, Network Element type (such as DSLAM, router, SW, etc.), Network Element category (such as access, core, etc.) or any other division according to the network administrator’s requirements.
Introducing Sheer DNA Workflow A workflow consists of several tasks grouped together and arranged in a flowchart. All workflows are stored on the Sheer DNA Gateway. After a workflow is deployed, it is accessible using Sheer DNA Manage in order to view properties and status. Deployed workflow templates can be invoked via the Sheer DNA API using BQL. In addition, the user can view a history of the invoked workflows using Sheer EventVision.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Examples use the following conventions: Convention Description screen Examples of information displayed on the screen are set in Courier New font. Boldface screen Examples of text that the user must enter are set in Courier New bold font. < > Angle brackets enclose text that is not printed to the screen, such as passwords. [ ] Square brackets enclose default responses to system prompts.
Getting Started with Sheer DNA Manage 2 Getting Started with Sheer DNA Manage About this chapter: This chapter describes the Sheer DNA Manage working environment and how to access Sheer DNA Manage tools and commands. It also provides instructions for launching and overviews operating the Sheer DNA Manage application-using menu and toolbar options. The Sheer DNA Manage window provides access to all of Sheer DNA Manage’s functionality.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 To start Sheer DNA Manage 1. From the Start menu, select the Programs folder, then Sheer DNA/Sheer DNA Manage. The Sheer DNA Manage - Login dialog box is displayed. Note: It is recommended that the administrator change the user name and login password after logging in for the first time. The last four Sheer DNA Gateways to which the user logged in successfully are displayed in the Host dropdown list.
Getting Started with Sheer DNA Manage 2.2 The Sheer DNA Manage Window The Sheer DNA Manage window is displayed below. Menu bar Toolbar Tree pane Shortcut menu Status bar Workspace The Sheer DNA Manage window is divided into areas or panes, as follows: • The Tree pane, as described on page 15. • The Workspace, as described on page 18. • The Status Bar, displays the memory usage of the application process and connection status.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Sheer DNA Manage enables the user to manage and maintain information in the Sheer DNA using the following branches in the Sheer DNA Manage window: • DNA Servers: Enables the administrator to manage information relating to the Sheer DNA Gateway, and Sheer DNA Units, including the AVMs and the VNEs in the Sheer DNA.
Getting Started with Sheer DNA Manage • Users: Enables the administrator to define and manage user accounts. For more information about the Users branch, refer to page 49. • Workflow Engine: Enables the administrator to manage workflow templates and running workflows in runtime. For more information about the Workflow Engine branch, refer to page 52. Clicking on a branch in the Tree pane enables the user to view information relating to the selected branch in the Workspace.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 2.2.2 Sheer DNA Manage Window Workspace The Workspace is displayed on the right side of the Sheer DNA Manage window and enables the user to view Sheer DNA Manage information according to the branch selected in the Tree pane. The information displayed varies according to the branch selected in the Tree pane. Note: Multiple rows can be selected using the standard Microsoft® Windows selection keys when a table is displayed in the Workspace.
Getting Started with Sheer DNA Manage Filter: Enables the user to define a filter on the information displayed in the table of the Workspace using the Filter dialog box. For more information, refer to page 63. Note: When a filter is applied the Set Selection Filter button and the Rewind All option under the Previous Selection Filter buttons is activated. Set Selection Filter: Applies filters to the selected line or lines.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 2.3.1 • Users, page 49. • Workflow Engine, page 52. DNA Servers Branch Sheer DNA Manage maintains a list of all of the DNA Servers defined in the system. The DNA Servers branch enables the user to add and remove DNA Unit Servers. The user can expand this branch to view a list of the Sheer DNA Units, Sheer DNA Gateway and AVMs. Each Sheer DNA Gateway, Sheer DNA Unit and AVM has its own sub-branch.
Getting Started with Sheer DNA Manage For more information about DNA Server menu and toolbar options: • Menu options, refer to page 21. • Toolbar options, refer to page 23. The Workspace area of the DNA Servers branch enables the user to view a list of all of the Sheer DNA Gateways and Sheer DNA Units and their status. Clicking on a column heading in the table in the Workspace sorts the Sheer DNA Units in ascending or descending order according to the selected column.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 • Help menu, as described on page 22. • Tree Pane shortcut menu, as described on page 23. • Workspace shortcut menu, as described on page 23. File Menu – DNA Servers Branch The File menu is displayed below. New DNA Unit Creates a new DNA Unit. Exit Exits Sheer DNA Manage. For more information, refer to page 56. Tools Menu – DNA Servers Branch The Tools menu is displayed below.
Getting Started with Sheer DNA Manage Tree Pane Menu – DNA Servers Branch When the user right-clicks on the DNA Servers branch the following menu is displayed: New DNA Unit The user can add a new Sheer DNA Unit to the Sheer DNA Servers. Workspace Shortcut Menu – DNA Servers Branch When the user right-clicks on a Sheer DNA Unit or DNA Gateway in the table in the Workspace the following menu is displayed: New AVM Adds an AVM to the selected Sheer DNA Unit. For more information, refer to page 80.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Search for a Sheer DNA Unit/AVM/VNE amongst all the Sheer DNA Servers. When a Sheer DNA Unit is selected in the table of the Workspace the following tools are displayed in the toolbar: Creates a new AVM in the selected Sheer DNA Unit or Gateway. Displays the properties of the selected Sheer DNA Unit. Deletes the selected Sheer DNA Unit. Search for a Sheer DNA Unit/AVM/VNE amongst all the Sheer DNA Servers.
Getting Started with Sheer DNA Manage An example of the Sheer DNA Manage window when a DNA Servers Entity sub-branch is selected is displayed below. Each row in the table in the Workspace enables the user to view the status of an AVM. The AVMs can be sorted in ascending or descending order by clicking on the column heading in the table. Note: Any changes that are made to the DNA Servers Entity sub-branch are saved automatically and registered immediately in the Sheer DNA.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 • Key: The key of the AVM, which is unique to the system. By default the key is displayed as “AVM + ID + timestamp”. For more information about DNA Server specific menu and toolbar options: • Menu options, refer to page 26. • Toolbar options, refer to page 28. DNA Server Entities Menus This section provides a description of each option available in the menus when the DNA Server sub-branch is selected.
Getting Started with Sheer DNA Manage Tree Pane Shortcut Menu – DNA Server Entities Branch When the user right-clicks on the DNA Server Entities sub-branch in the Tree pane the following shortcut menu is displayed: New AVM Adds an AVM to the selected Sheer DNA Unit. Properties Displays the properties of the selected Sheer DNA Unit. Switch This option is available when high availability is enabled and is only available for Sheer DNA Units. Manually switch to the standby Sheer DNA Unit.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Actions Enables the user to start or stop an AVM. Delete Deletes an AVM. Move AVM Move an entire AVM between DNA Units. Properties Displays the properties of the selected AVM and its status in the General tab of a dialog box.
Getting Started with Sheer DNA Manage For more information on the DNA Servers Entity sub-branch, refer to Chapter 6, Managing AVMs and VNEs. 2.3.3 AVM Branch The AVM sub-branch enables the user to manage information relating to the VNEs in a selected AVM.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 The following columns are displayed in the Workspace table: • Key: The unique key of the VNE. • IP Address: The IP address of the device as defined in Sheer DNA Manage. • Status: The status of the VNE, as follows: • Starting Up: When a VNE is started. • Up: The VNE is up. • Shutting Down When a VNE is stopped. • Down: The VNE is down. • Unreachable: Sheer DNA failed to access the VNE.
Getting Started with Sheer DNA Manage • Tree Pane shortcut menu, as described on page 31. • Workspace shortcut menu, as described on page 32. File Menu – AVM Branch The File menu is displayed below. New VNE Adds a VNE to the selected AVM. Note: A new VNE cannot be added to the reserved AVMs 0-100. Properties Displays the properties of the selected AVM and its status. Exit Exits Sheer DNA Manage.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Delete Deletes an AVM from the Sheer DNA Server. Note: Reserved AVMs 0-100 cannot be deleted. Move AVM Move an entire AVM between DNA Units. For more information, refer to page 86. Note: Reserved AVMs 0-100 cannot be moved. Properties Displays the properties of the selected AVM.
Getting Started with Sheer DNA Manage DNA Manage Toolbar – AVM Branch When the AVM sub-branch is selected in the Tree pane the following tools are displayed in the toolbar: Creates a new VNE in the selected AVM. Displays the properties of the selected AVM. Deletes the selected AVM. Starts the selected AVM. Stops the selected AVM. Search for a Sheer DNA Unit/AVM/VNE amongst all the Sheer DNA Servers.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Client Licenses The Client Licenses sub-branch enables control and monitoring of the number of Sheer DNA Client connections over a limited or unlimited period of time as defined in terms of the client license. The Sheer DNA Manage window with the Client Licenses sub-branch selected is displayed below.
Getting Started with Sheer DNA Manage • Creation Date: The date when the license was implemented. • Client Type: The applications to which the user is authorized to connect, namely, BQL and/or Sheer DNA Client applications. For more information about: • Menus options, refer to page 35. • Toolbar options, refer to page 36. Client Licenses Menus This section provides a description of each option available in the menus when the Client Licenses sub-branch is selected.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Tree Pane Menu – Client Licenses Branch Right clicking on the Client Licenses sub-branch displays the following menu: New License Install a new license. Workspace Shortcut Menu – Client Licenses Branch When the user right-clicks in the table in the Workspace the following shortcut menu is displayed: Delete Deletes the selected license. Properties Displays the properties of the selected license.
Getting Started with Sheer DNA Manage DB Segments Branch The DB segments branch in Sheer DNA Manage displays a table describing the storage allocated for all database segments. An example of the Sheer DNA Manage window when the DB Segments branch is selected is displayed below. The following columns are displayed in the Workspace table when the DB Segments branch is selected: • Name: Name of the segment.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Service Disclaimer Message of the Day The Message of the Day sub-branch enables the user to define a message (service disclaimer) that will be displayed when a user logs in to the Sheer Client applications. An example of the Sheer DNA Manage window when the Message of the Day sub-branch is selected is displayed below.
Getting Started with Sheer DNA Manage Polling Groups The Polling Groups sub-branch enables the user to manage polling groups, by categorizing a group of devices to be polled according to pre-set intervals. The Polling Groups sub-branch is displayed below. The following columns are displayed in the Workspace table when the Polling Groups sub-branch is selected: • Polling Group: The polling group name defined by the user • Description: A description of the polling group.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 File Menu – Polling Groups Branch The File menu is displayed below. New Polling Group Creates a new polling group. Properties Displays the properties of the selected polling group. Exit Exits Sheer DNA Manage. Tree Pane Menu – Polling Groups Branch Right-clicking on the Polling Groups sub-branch displays the following menu: New Polling Group Creates a new polling group.
Getting Started with Sheer DNA Manage Toolbar – Polling Groups Branch When the Polling Groups sub-branch is selected in the Tree pane the toolbar contains the following tools: Creates a new polling group. Displays the properties of the selected polling group. Deletes the selected polling group. When a polling group is selected in the table in the Workspace, clicking Properties in the toolbar displays the properties of the polling group in a Properties dialog box.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 The Sheer DNA Manage window with the Protection Groups sub-branch selected is displayed below. The following columns are displayed in the Workspace table when the Protection Groups sub-branch is selected: • Name: The protection group name defined by the administrator. • Description: A description of the protection group. For more information about: • Menu options, refer to page 43. • Toolbar options, refer to page 44.
Getting Started with Sheer DNA Manage File Menu – Protection Groups Branch The File menu is displayed below. New Protection Group Creates a new protection group. Properties Displays the properties of the selected protection group. Exit Exits Sheer DNA Manage. Tree Pane Menu – Protection Groups Branch Right clicking on the Protection Groups sub-branch displays the following shortcut menu: New Protection Group Creates a new protection group.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Toolbar – Protection Groups Branch When the Protection Groups sub-branch is selected in the Tree pane the toolbar contains the following tools: Creates a new protection group. Displays the properties of the selected protection group. Deletes the selected protection group. For more information about protection groups, refer to the Cisco Active Network Abstraction High Availability User’s Guide. 2.3.
Getting Started with Sheer DNA Manage For more information about: • Menu options, refer to following section. • Toolbar, refer to page 46. Note: The menus and toolbar displayed in the Sheer DNA Manage window are context sensitive; the options vary depending on your selection in the Tree pane and Workspace. Scopes Menus This section provides a description of each option available in the menus when the Scopes branch is selected.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 New Scope Creates a new scope. Workspace Shortcut Menu – Scopes Branch When the user right-clicks in the table in the Workspace the following shortcut menu is displayed: Delete Deletes the selected scope. Properties Displays the properties of the selected scope. Note: The user cannot delete or edit the All Managed Elements scope in the table in the Workspace. For more information, refer to the Scopes section on page 140.
Getting Started with Sheer DNA Manage 2.3.6 Topology Branch The Topology branch enables the user to define static links between the Network Elements in order to supplement or override existing autodiscovered topology. The Sheer DNA Manage window with the Topology branch selected is displayed below. The Topology branch displays all of the static links defined in the system including the A Side and Z Side of the link. For more information about: • Menu options, refer to page 47.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 File Menu – Topology Branch The File menu is displayed below. New Static Link Creates a new static link. Properties This option is unavailable. Exit Exits Sheer DNA Manage. For more information, refer to page 56. Tree Pane Shortcut Menu – Topology Branch When the user right-clicks on the Topology branch in the Tree pane the following menu is displayed: New Static Link Creates a new static link.
Getting Started with Sheer DNA Manage Toolbar – Topology Branch The Topology branch contains the following tools: Opens the New Link dialog box enabling the user to create a link between two devices. For more information, refer to page 127. Deletes the selected static link. For more information about the Topology branch, refer to Chapter 8, Managing Links. 2.3.7 Users Branch The Users branch enables the administrator to define and manage user accounts.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Note: The default permission only applies at an application level, namely, all the activities that are related to GUI functionality, not the activities related to devices. For more information, refer to Chapter 10, Managing Sheer DNA Security. • Last Login: The date and time that the user last logged in. For more information about: • Menu options, refer to the following section. • Toolbar options, refer to page 51.
Getting Started with Sheer DNA Manage Exit Exits Sheer DNA Manage. For more information, refer to page 56. Tree Pane Menu – Users Branch When the user right-clicks on the Users branch in the Tree pane the following menu is displayed: New User Creates a new user for the current client station.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 2.3.8 Workflow Engine Branch The Workflow Engine branch enables the user to manage workflow templates and running workflows in runtime. The Workflow Engine branch includes the following sub-branches: • Templates: Displays a list of the deployed workflow templates and enables the user to view the properties of the workflow template. For more information, refer to the section below.
Getting Started with Sheer DNA Manage For more information about: • Menu options, refer to the following section. • Toolbar options, refer to page 54. Templates Menus This section provides a description of each option available in the menus when the Templates sub-branch is selected. The following menus are available: • Tools menu, as described on page 22. • Help menu, as described on page 22. • Tree Pane shortcut menu, as described the following section.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Toolbar – Templates Branch When the Templates sub-branch is selected in the Tree pane the toolbar contains the following tools: Deletes the selected workflow template. For more information about workflows, refer to the Cisco Active Network Abstraction Workflow User’s Guide.
Getting Started with Sheer DNA Manage • Name: The name of the workflow, as defined using the Sheer Workflow Editor. • State: The current status of the workflow, namely, Ready, Running, Done, or Aborted. For more information about: • Menu options, refer to the following section. • Toolbar options, refer to page 56. Workflows Menus This section provides a description of each option available in the menus when the Workflows sub-branch is selected.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Abort/Rollback Aborts the workflow and performs rollback if the workflow is running, or if the workflow has already been completed it performs rollback. Delete Deletes the workflow from the database. Note: A workflow can only be deleted from the database when it is Done or Aborted. It cannot be deleted while the process is still running. Properties Displays the properties (attributes) of the selected workflow, including its status.
Deploying Sheer DNA 3 Deploying Sheer DNA About this chapter: This chapter describes the steps that must be performed to deploy Sheer DNA and provides cross-references to the relevant sections in this Administrator’s Guide. 3.1 System Setup Flow The flow below describes the steps required to deploy Sheer DNA using Sheer DNA Manage and the order in which they must be performed. Step 1: Prepare a deployment plan Step 2: Set up and manage DNA Servers Step 2.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 • How many protection groups there are going to be and how Sheer DNA Units are going to be grouped together in protection groups (clusters), based on the following considerations: • Device type • Geographical location • Importance of device • Number of devices Note: The planning of Protection Groups in the deployment plan is only applicable when high availability is enabled.
Deploying Sheer DNA Step 3: Customize protection groups: Enables the administrator to change the default setup of Sheer DNA Units by customizing protection groups (clusters) and then assigning Sheer DNA Units to these groups. For more information, refer to Cisco Active Network Abstraction High Availability User’s Guide. Important Note: You must assign a DNA Unit and/or Redundant Unit to a specific Protection Group.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 3.2 User and View Setup Flow The flow below describes the steps required to setup Sheer DNA users and the view using Sheer DNA Manage and the order in which they should be performed.
General DNA Manage Tables 4 General DNA Manage Tables About this chapter: This chapter describes how to perform general Sheer DNA Manage functions when working with tables: Working with DNA Manage Tables, page 61, describes how to work with Sheer DNA Manage tables, including finding information, opening filters and exporting table information. Finding Text in a Table, page 63, describes how to sort a table by defining specific criterion.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 • Export table information. • Finding specific information in DNA Manage tables You can also find specific DNA Manage information, such as DNA Units, toolbar button and entering criteria into the AVM/VNE details using the Find dialog box. For more information, refer to section Finding a Unit/AVM/VNE on page 76. For more information about the Table toolbar, refer to page 18.
General DNA Manage Tables 4.2 Finding Text in a Table Sheer DNA Manage enables the user to search for information in the Workspace by entering the search criteria, for example, by entering a partial user name. Note: The tools displayed in the table are a generic component of Sheer DNA applications. To find text in a table 1. In the table toolbar, in the Find field enter the search criteria. 2. Press Enter. The row matching the search criteria is highlighted in the table.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 The following dropdown lists are displayed in the Filter dialog box: • • Field: Displays a dropdown list of all the columns displayed in the current table. Operator: Displays a dropdown list of the values included in the filter operation. The following checkbox is displayed in the Filter dialog box: • Not: Select this checkbox to filter the negative of the value in the Operator field.
General DNA Manage Tables 4.4 Setting Selection Filters The user can choose a line or specific set of lines, and display them in the table (all un-selected lines are hidden). The user may make continuous multiple line selections, setting the table content after each selection, using the Set Selection Filter button.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 2. Click the button. Only the selected line(s) remain in the table. To undo the previous filter selection 1. Select one or several lines and filter them out using the appropriate table toolbar buttons. 2. To undo the last filtering out selection, select the Previous Selection Filter button. The table will display all lines that appeared before your last filter selection. To undo all previous selected filter out options 1.
General DNA Manage Tables 4.5 Sorting a Table The tables displayed in Sheer DNA Manage can be sorted by defining specific criterion on a one-time only basis or continuously. To sort a table 1. In the toolbar, click . The Sort dialog box is displayed. The following dropdown lists are displayed in the Sort By area: • Sort By: A dropdown list of all of the columns displayed in the currently displayed table. The table is sorted firstly according to the selection made here.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 4.6 4. Select Once Only or Continuously/Repeatedly. 5. Click OK. The table information is sorted according to the filter defined. Exporting the Table to a File Sheer DNA Manage enables the user to export all the currently displayed data from the Workspace to a CSV file. Either the selected rows are exported or when nothing is selected the entire table is exported. The data can then be imported and viewed at a later stage.
Managing Sheer DNA Units 5 Managing Sheer DNA Units About this chapter: This chapter describes how to manage Sheer DNA Units. This includes adding and removing Sheer DNA Units, and viewing Sheer DNA Unit properties. What is a DNA Unit?, page 70, provides a description of a DNA Unit. Adding New Sheer DNA Units, page 71, describes how to add a new Sheer DNA Unit to the Sheer DNA fabric. Editing Sheer DNA Unit Properties, page 73, describes how to view the properties of a Sheer DNA Unit.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 5.1 What is a DNA Unit? The main purpose of the Sheer DNA Units is to host the Autonomous VNEs. The Sheer DNA Units are interconnected to form a fabric of VNEs that can inter-communicate with other VNEs regardless of which unit they are running on. Each Sheer DNA Unit can host thousands of Autonomous VNE processes (depending on the server system size).
Managing Sheer DNA Units The clustered N+m High Availability mechanism within the Sheer DNA Fabric is designed to handle the failure of a Sheer DNA Unit. Sheer DNA Unit availability is established in the Gateway, running a Protection Manager process, which continuously monitors all the Sheer DNA Units in the network.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 To add a new DNA Unit 1. Select the DNA Servers branch in the DNA Manage window Tree pane. The DNA Servers branch is displayed. 2. Right-click on the DNA Servers branch to display the shortcut menu and select New DNA Unit or in the toolbar click New Unit or from the File menu select New DNA Unit. The New DNA Unit dialog box is displayed.
Managing Sheer DNA Units • Standby Unit: Define whether a Sheer DNA Unit is defined (checkbox is selected) as a standby unit. • The Protection Group dropdown list displays the currently defined list of customized protection groups 3. Enter the IP Address of the new Sheer DNA Unit in the IP Address field. 4. Select the required protection group from the Protection Group dropdown list. 5. Click OK. The new Sheer DNA Unit is displayed in the Tree pane and the Workspace of the Sheer DNA Manage window.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 3. Right-click on the required Sheer DNA Unit or DNA Gateway branch to display the shortcut menu and select Properties, or in the toolbar click Properties or from the File menu, select Properties. The DNA Unit Properties dialog box is displayed. The following fields are displayed in the DNA Unit Properties dialog box: • IP Address: The IP Address of the Sheer DNA Unit or Sheer DNA Gateway.
Managing Sheer DNA Units 4. You can change the assigned DNA Unit protection group, as required, by selecting an option from the dropdown list. The Enable Unit Protection checkbox defines whether a Sheer DNA Unit is enabled (the checkbox is selected) for high availability. This option is selected by default when high availability is enabled.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 5.5 Finding a Unit/AVM/VNE A single search in Sheer DNA Manage can locate Sheer DNA Units, AVMs and VNEs among all Sheer DNA Servers according to specifically defined search criteria. To find a Unit/AVM/VNE 1. In the Sheer DNA Manage window Tree pane, select the DNA Servers branch or any sub-branch. The selected branch or sub-branch is displayed. 2. In the toolbar, click Find. The Find dialog box is displayed.
Managing Sheer DNA Units The following buttons are displayed in the Find dialog box: • Find: Searches for the DNA Unit/AVM/VNE from the selected point in the Tree pane, either up or down. • Cancel: Cancels the search and clears the Find dialog box. 3. Enter the search criteria in the Find field. 4. From the Types dropdown list select DNA Unit/AVM/VNE (optional). 5. From the Property area select a specific property (optional). 6. Select a direction, namely, Up or Down. 7. Click Find.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Page 78 Cisco Systems, Inc.
Managing AVMs and VNEs 6 Managing AVMs and VNEs About this chapter: This chapter describes defining and managing AVMs and VNEs. Creating AVMs, page 80, describes how to define an AVM for a Sheer DNA Unit Server. AVM Status, page 82, describes the status of AVMs when they are created and loaded. Viewing and Editing an AVM’s Properties, page 83, describes how to view and edit an AVM’s properties. Deleting an AVM, page 84, describes how to delete AVMs.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 6.1 Creating AVMs Sheer DNA Manage enables the user to define AVMs for DNA Unit Servers. Every AVM (Autonomous Virtual Machine) in the Sheer DNA Fabric is by default managed by the watchdog protocol. Sheer DNA Manage enables the administrator to define AVMs for Sheer DNA Units and enable or disable the watchdog protocol on the AVM. In order to define an AVM: • The Sheer DNA Unit must be installed.
Managing AVMs and VNEs 3. Right-click on the required Sheer DNA Unit to display the menu and select New AVM or in the toolbar click New AVM or from the File menu select New AVM. The New AVM dialog box is displayed. The following fields are displayed in the New AVM dialog box: • DNA Unit: The IP address of the selected Sheer DNA Unit. Note: The Sheer DNA Unit does not have to be Up to create a new AVM.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 • Enable AVM Protection: By default this option is selected enabling the watchdog protocol on the AVM when high availability is enabled. For more information, refer to the Cisco Active Network Abstraction High Availability User’s Guide. Note: It is highly recommended that the user does not disable this option if high availability is enabled.
Managing AVMs and VNEs • 6.2.1 Shutting Down: When a Stop (command) option is issued, and while the command is being executed (some processes may still be running), the status of the AVM is Shutting Down. Admin and Oper Mode AVM Status The table below describes the status of an AVM depending on the Admin and Oper modes, as displayed in the Status column of the AVMs table. The Admin mode is the administrative instructions that are sent to the VNE.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 The AVM Properties dialog box is displayed with the details of the selected AVM, including, the IP address/key of the Sheer DNA Unit. The following field is displayed in the AVM Properties dialog box: • 4. Status: The status of the AVM, namely, Up, Down or Unreachable. For more information, refer to the section AVM Status on page 82. Edit the details of the AVM, as required.
Managing AVMs and VNEs To delete an AVM 1. Select the DNA Servers branch in the Sheer DNA Manage window’s Tree pane. The DNA Servers branch is displayed. 2. Expand the DNA Servers branch and select the required AVM sub-branch in the Tree pane. 3. Right-click to display the menu and select Delete. A warning message is displayed. 4. Click Yes. A confirmation message is displayed. 5. Click OK. The selected AVM is deleted from the selected Sheer DNA Unit.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 • When the AVM is stopped the Down state is displayed in the Workspace. Note: When the AVM status is displayed as Down, the status remains Down and no-reload will take place. 6.6 Moving AVMs Sheer DNA Manage enables the administrator to move an entire AVM between Sheer DNA Units. Note: Reserved AVMs 0-100 cannot be moved. Sheer DNA Manage automatically checks the status of the AVM/VNE before it is moved.
Managing AVMs and VNEs 3. Right-click to display the menu and select Move AVM. The Move to dialog box is displayed. The Move to dialog box displays a tree-and-branch representation of the selected Sheer DNA Server and its Units, excluding the Sheer DNA Unit in which the AVM is currently located. The highest level of the tree displays the Sheer DNA Server. The branches can be expanded and collapsed in order to display and hide information. 4.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 After Sheer DNA Manage installs and runs the process, samples the device and collects the data a VNE (Managed Element) is created. The VNE includes tables and physical inventory, and this Managed Element can be accessed using Sheer NetworkVision. 6.7.1 VNE Status The status of VNEs is affected by Admin and Oper mode. Admin mode is the administrative instructions that are sent to the VNE.
Managing AVMs and VNEs While in maintenance mode (temporary state) a VNE: • Does not change state on its own, unless the user explicitly (manually) switches the VNE back to active state. • Never polls the device. • Does not report any alarms, including device reachability. • Maintains any existing links. • Does not fail on verification requests. For more information about maintenance mode, refer to page 104. 6.7.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 A VNE must be loaded into the bootstrap of the Sheer DNA Unit before it starts monitoring its underlying NE. This changes the administrative status of the VNE to Up, and ensures that the VNE is loaded on subsequent restarts of the Sheer DNA Unit. Loading the VNE also starts the VNE immediately. For more information on the status of VNEs, refer to page 88.
Managing AVMs and VNEs 3. Right-click in the Tree pane to display the shortcut menu and select New VNE, or from File menu select New VNE or in the toolbar, click New VNE. The New VNE dialog box is displayed. The New VNE dialog box contains the following tabs: • General tab, page 92, enables the user to manage VNE information in the connected Sheer DNA (Mandatory Name and IP fields). • SNMP tab, page 94, enables the user to support polling and accessing devices using SNMPv1, SNMPv2c and SNMPv3.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 6.8.1 General Tab The General tab enables the user to manage VNE information in the connected Sheer DNA. The following VNE identification fields are displayed in the Identification area: • VNE Name: The name of the VNE that is used as a unique key throughout the system (Sheer NetworkVision, DNA Manage, EventVision). Note: This name is also used for VNE manipulation commands. • IP Address: The IP address of the device.
Managing AVMs and VNEs • Cloud: Loads an unmanaged network segment. Specific cloud configuration is provided on a per project basis. • ICMP: The VNE uses this ICMP-based reachability test to validate communication with the managed device by continuously sending ICMP packets. Note: When this option is selected the ICMP tab is enabled (the SNMP, Telnet / SSH and Polling tabs are disabled). • Scheme: Defines the VNE modeling components investigated during the discovery process.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 6.8.2 SNMP Tab The SNMP tab enables the user to support polling and accessing devices using SNMPv1, SNMPv2 and SNMPv3. Selecting the SNMP tab displays the following dialog box: The following checkbox and radio buttons are displayed in the SNMP tab of the New VNE dialog box: • Enable SNMP: Check this option to enable the SNMP communication protocol so that the user can work with it.
Managing AVMs and VNEs The following fields are displayed in the SNMP V1/V2 Settings area: • Read: The SNMP Read Community status, namely, Public or Private, as defined by the user. • Write: The SNMP Write Community status, namely, Public or Private, as defined by the user. Note: The SNMP V3 Settings area is only enabled when SNMP V3 is selected. The following fields are displayed in the SNMP V3 Settings area: • Authentication: Select one of the following: • No: No authentication is required.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 6.8.3 Telnet / SSH Tab The Telnet / SSH tab enables the user to define the Telnet command sequence and support SSH for device access (reachability) and investigation.
Managing AVMs and VNEs • • • • SSH1: When SSH1 is selected the Port field automatically displays 22. In addition, the SSH information fields are enabled in the tabbed dialog box. Port: When Telnet is selected this field automatically displays 23. When SSH1 is selected this field automatically displays 22. The user can edit the port number displayed. Prompt: The expected Telnet/SSH string. This information is displayed in the table (in the relevant column) after clicking Add.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 • • 6.8.4 Cipher: Sheer DNA supports polling devices using the SSH protocol, which defines a set of ciphers, namely, encryption algorithms, that may be used to encrypt data. This field provides a dropdown list of the available cipher options, namely, 3DES (default), DES and Blowfish. Authentication: Displays the option Password. ICMP Tab The ICMP tab enables repetitive sending of packets to a device to verify that the device is reachable.
Managing AVMs and VNEs 6.8.5 Polling Tab When customizing polling rates, special consideration should be given to the following: • • Fast polling rates (30 sec) provide high data accuracy • Fast change tracking (VC table, profile changes) and accurate flows vs. • Constant polling generating high NE CPU utilization, high network traffic, polling overlaps, and starvation for scheduled polling Slow polling rates (30 min) will affect data accuracy • Slow change tracking, stuck flows, invalid information vs.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Selecting the Polling tab displays the following dialog box: The following radio buttons are displayed in the Polling Method area: • Group: The VNE inherits the polling rates from the polling group selected in the dropdown list. By default, the VNE inherits the polling rates from the Default polling group. For more information about creating customized polling groups, refer to Chapter 7, Managing Global Settings.
Managing AVMs and VNEs The following polling interval fields are displayed in the Polling Intervals area: • Status: Sets the polling rate for status-related information, such as device status (up/down), port status, admin status and so on. The information is related to the operational and administrative status of the Network Element. The default setting is 60 seconds. • Configuration: Sets the polling rate for configuration-related information, such as VC tables, scrambling and so on.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 3. Right-click on the required VNE in the VNEs Properties table in the Workspace to display the shortcut menu, and select Properties or from File menu, select Properties or in the toolbar click Properties. The VNE Properties dialog box is displayed with the details of the selected VNE. For more details about the fields displayed in the VNE Properties dialog box, refer to page 91.
Managing AVMs and VNEs • 6.10 Maintenance: Click this button to move the VNE to maintenance mode, so that no alarms will be sent. If this is done when the VNE has been stopped this has no meaning for the VNE. • DNA Unit: The current Sheer DNA Unit that hosts the VNE. • AVM: The current AVM number, which changes according to the Sheer DNA Unit selected to show one of the available AVMs on that Sheer DNA Unit. 4. Edit the details of the VNE, as required. 5. Click Apply. 6. Click OK.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 6.11 Changing the VNE’s State Sheer DNA Manage enables the user to start or stop a VNE or move a VNE to maintenance mode. Starting the VNE adds the VNE to the server bootstrap. Stopping the VNE removes the VNE from the server bootstrap. During normal operation, NEs often undergo maintenance operations and planned outages (software upgrades, hardware modifications, cold reboots and so on).
Managing AVMs and VNEs 4. Right-click to display the shortcut menu and select one of the following: 5. 6.12 • Actions | Start or in the toolbar click • Actions | Stop or in the toolbar click • Actions | Maintenance or in the toolbar click . . . The state of the VNE changes based on your selection: • If the VNE is started a confirmation message is displayed. Click OK. An Up status will eventually be displayed in the VNEs Properties table in the Workspace.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 4. Select Move VNEs from the shortcut menu. The Move To dialog box is displayed: The Move To dialog box displays a tree-and-branch representation of the selected Sheer DNA Server, its Units and AVMs, excluding the AVM in which the VNE is currently located. The highest level of the tree displays the Sheer DNA Server. The branches can be expanded and collapsed in order to display and hide information. 5.
Managing Global Settings 7 Managing Global Settings About this chapter: This chapter describes how to define and manage the Sheer DNA Manage global settings, including, client licenses, polling groups, protection groups and customizing a message of the day (service disclaimer). Managing Client Licenses, page 107, describes how to install and uninstall a client license. In addition, it describes viewing client license properties.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 To install a license Page 108 1. Select the Client Licenses sub-branch in the Sheer DNA Manage window’s Tree pane. The Client Licenses table is displayed. 2. Right-click the Client Licenses sub-branch to display the shortcut menu and select New License, or from the File menu select New License or in the toolbar click New License. The New Client License dialog box is displayed. 3. Copy the key from the file provided to you by Sheer Networks.
Managing Global Settings 4. Paste the information in the New Client License dialog box. 5. Click OK. The new license information is displayed in the Workspace. The administrator can uninstall the client license, for example, if it has expired. Note: The default license cannot be deleted. To uninstall a license 7.1.1 1. Select the Client Licenses sub-branch in the Sheer DNA Manage window’s Tree pane. The Client Licenses sub-branch is displayed (refer to page 108). 2.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 3. Right-click to display the shortcut menu and select Properties, or from the File menu select Properties or in the toolbar click Properties. The Client License Properties dialog box is displayed. The following fields are displayed at the top of the Client License Properties dialog box: • Page 110 License Type: The license type, namely: • Fixed: The number of installed users are identified by user names or IP addresses or both.
Managing Global Settings When the properties of the license are displayed in the Workspace table then the properties of the allocated users are displayed as follows: • IP: Where the license is location based, (namely, limited to a specific seat), this is the IP address from which logins will be allowed for this license. • BQL Enabled: Indicates whether the license includes BQL connections or just the Client applications. • Account Name: The username used to login. 4. Click Cisco Systems, Inc.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 7.2 Viewing DB Segments Sheer DNA Manage enables the administrator to view and monitor the following: • Database segments’ storage allocation information • Database disk usage • Database growth The information is automatically checked by the system. To view the DB Segments • Select the DB Segments branch in the Sheer DNA Manage window’s Tree pane. The DB Segments are displayed in the Workspace.
Managing Global Settings 7.3 Customizing a Message of the Day Sheer DNA Manage enables the user to define a message (service disclaimer) that is displayed when the user logs in to any Sheer Client application (optional). The user must accept the message before logging in. If the user does not accept the message the user will be unable to login. The message supports HTML format. The message can be changed, as required; however, only one message is applied at any given point in time.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 To remove a message of the day 7.4 1. Select the Message of the Day sub-branch in the Sheer DNA Manage window’s Tree pane. 2. In the Workspace, select the text in the Message area and press Delete on your keyboard. 3. Click Save. A confirmation message is displayed. 4. Click OK. The message is no longer displayed when the user logs in to the Sheer Client applications.
Managing Global Settings • System. Sets the polling rate for system-related information, such as device name, device location and so on. • Topology Layer 1 Counters. Sets the polling rate of the topology process as an interval for the Layer 1 counter. This is an ongoing process. • Topology Layer 2 Counters. Sets the polling rate of the topology process as an interval for the Layer 2 counter. This process is available on demand. Note: All polling rates are expressed in seconds.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 7.4.2 Customizing a Polling Group Sheer DNA Manage enables the user to create and customize new polling groups. The new polling groups that are created can then be used when defining a VNE. For more information, refer to the section Defining VNEs on page 89. Warning: Changing the polling rates may result in excess traffic and Network Element crashes. To create and customize a polling group Page 116 1.
Managing Global Settings 4. Right-click to display the shortcut menu and select New Polling Group or from the File menu select New Polling Group or in the toolbar click New. The New Polling Group dialog box is displayed. The following fields are displayed at the top of the New Polling Group dialog box: • Name: The polling group name defined by the user. • Description: A description of the polling group. 5. Type the name and description of the polling group in the appropriate fields.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 • System: Sets the polling rate for system-related information, such as device name, device location and so on. The following fields are displayed in the Topology area: • Layer 1: Sets the polling rate of the topology process as an interval for the Layer 1 counter. This is an ongoing process. • Layer 2: Sets the polling rate of the topology process as an interval for the Layer 2 counter. This is process is available on demand. 6.
Managing Global Settings 7.4.4 Deleting a Polling Group Sheer DNA Manage enables the user to delete polling groups. To delete a polling group 1. Select the Global Settings branch in the Sheer DNA Manage window’s Tree pane and choose the Polling Groups sub-branch. The Polling Groups are displayed in Polling Groups table in the Workspace. 2. Right-click on the required polling group in the Polling Group table in the Workspace to display the shortcut menu, and select Delete.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 In addition, the maximum and minimum tolerance levels can be customized through the system registry. When a VNE is using normal polling and CPU usage is high, Sheer DNA waits for the maximum CPU usage threshold value (upper tolerance level) to be exceeded five times (default) and only then does the VNE move to slow polling, as shown in the diagram below.
Managing Global Settings When the VNE is using slow polling and CPU usage drops to a regular level (or below the minimum value), Sheer DNA waits for the VNE to drop below the maximum CPU usage threshold value twice (default) and only then does the VNE return to normal polling. In the example below CPU usage is polled 5 times and it is above the maximum value, so the VNE moves to slow polling. The CPU usage then drops to a regular level (or below the minimum value).
Cisco Active Network Abstraction Administrator’s Guide, 3.5 To create a protection group 1. Select the Global Settings branch in the Sheer DNA Manage window’s Tree pane. The Global Settings branch is displayed. 2. Expand the Global Settings branch and select the required sub-branch in the Tree pane. 3. Select the Protection Groups sub-branch in the Sheer DNA Manage window’s Tree pane. The Protection Groups table is displayed in the Workspace. 4.
Managing Global Settings 7.5.1 Checking Assignment of Protection Groups to DNA Units The administrator can view the protection groups to which the Sheer DNA Units are currently assigned. In so doing, the administrator can, at a glance, check that the configuration or assignment matches the initial deployment plan. To check the Sheer DNA Units-protection groups assignments • 7.5.2 Select the DNA Servers branch in the Sheer DNA Manage window’s Tree pane.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 3. Right-click on the required Sheer DNA Unit to display the shortcut menu and select Properties, or In the toolbar click or From the File menu select Properties. The DNA Unit Properties dialog box is displayed. The Protection Group dropdown list displays the currently customized protection groups. For more information about defining a new protection group, refer to the section Managing Protection Groups on page 121.
Managing Global Settings 7.5.3 Viewing and Editing Protection Group Properties The administrator can view the properties of a protection group, for example, the description. In addition, the administrator can edit the description of the protection group. To view and edit a protection group’s properties 1. Select the Global Settings branch in the DNA Manage window’s Tree pane. The Global Settings branch is displayed. 2. Expand the Global Settings branch and select the Protection Groups sub-branch. 3.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 7.5.4 Deleting a Protection Group Sheer DNA Manage enables the user to delete protection groups. Note: Check that you are deleting the correct protection group, as there may be a DNA Unit using the protection group. To delete a protection 1. Select the Global Settings branch in the DNA Manage window’s Tree pane. The Global Settings branch is displayed. 2. Expand the Global Settings branch and select the Protection Groups sub-branch. 3.
Managing Links 8 Managing Links About this chapter: This chapter describes how to add and remove a static link between two ports of two Network Elements in the network. These static links will override any existing auto-discovered topology in the system. A static link is identical in all respects to a link that was auto-discovered. Static links can be viewed using the Topology branch and in the device topology static key in the relevant Golden Source AVM .xml file.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 To create a new static link 1. Select the Topology branch in the Sheer DNA Manage window. The Topology branch is displayed. Note: Any changes made in the Topology branch are saved automatically and are registered immediately in the Sheer DNA. Page 128 Cisco Systems, Inc.
Managing Links 2. Right-click to display the menu and select New Static Link or from File menu select New Static Link or in the toolbar click New Static Link. The New Static Link dialog box is displayed. The A Side and Z Side dropdown lists enable the user to select the devices and required port on which they want to create the static link. When a device is selected from the dropdown list the physical inventory of the device is displayed in the related area of the dialog box. 3. Cisco Systems, Inc.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 4. Expand the tree and select the A Side and Z Side port of each device. For more information about the icons and severity displayed in this dialog box, refer to the Cisco Active Network Abstraction NetworkVision User’s Guide. 5. Click Create. The link is validated and a confirmation message is displayed. Note: The Create button is only enabled when A Side and Z Side ports are selected.
Managing Links 6. Click Close. The New Static Link dialog box is closed and the newly created link between the two devices is displayed in the Workspace. Note: The new link is created with the rule A Side < Z Side lexicographically. For example, if the user selected A Side = PE-West and Z Side = PE-East. The link that is created and displayed in the table, will be A Side = PE-East and Z Side = PE-West. 8.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Page 132 Cisco Systems, Inc.
Managing Workflows 9 Managing Workflows About this chapter: This chapter briefly describes the Workflow Engine branch in the Sheer DNA Manage application. About the Sheer Workflow Editor, below, provides an overview of the Sheer Workflow Editor. Workflow Engine Branch, page 134, briefly describes the Workflow Engine sub-branches, namely, Templates and Workflows. For more information about the Workflow Engine branch menus and toolbar, refer to page 52. 9.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 After a workflow is deployed, it is accessible via Sheer DNA Manage for viewing properties and status. Deployed workflows can be invoked via the Sheer DNA API using BQL. 9.2 Workflow Engine Branch The Workflow Engine branch in Sheer DNA Manage enables the user to manage the workflow templates and running workflows in runtime. Note: The Workflow Engine branch is only enabled upon installation of the relevant license.
Managing Sheer DNA Security 10 Managing Sheer DNA Security About this chapter: This chapter describes how Sheer DNA implements a two-dimensional security engine combining a role-based security mechanism with scopes (groups of Network Elements) that are granted to users. In addition, it describes managing users in the Sheer DNA platform, including, defining users and passwords.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 After the user is allocated a scope (list of Network Elements) and a role, the user can then perform various activities on the Network Elements included in the scope, as follows: • Activate services. • Manage alarms in Sheer NetworkVision. • Manipulate graphical Network Elements in the map. • View Network Element, inventory, and link properties. • Add Network Elements to the map view. • Manipulate business tags per Network Element.
Managing Sheer DNA Security • Operator: Configure business tags and manage most day-to-day operations. • Viewer: View only access to the network and to non-privileged system functions. Note: Roles can be granted per scope or at an application level (namely, all the activities that are related to GUI functionality, not the activities related to devices). Users can have different roles for different scopes. Role functionality is incremental.
Cisco Active Network Abstraction Administrator’s Guide, 3.
Managing Sheer DNA Security 10.2 Customizing Security Flow The flow below describes the steps required to customize security using Sheer DNA Manage and the order in which they must be performed.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 10.3 Creating Scopes Sheer DNA Manage enables the administrator to group a collection of managed Network Elements together in order to enable the user to view and/or manage the Network Elements based on the user’s role or permission. Once a scope is created it can be assigned to a user. Multiple scopes can be assigned to a single user and a single scope can be assigned to multiple users.
Managing Sheer DNA Security 2. Right-click to display the menu and select New Scope or from File menu select New Scope or in the toolbar click New Scope. The New Scope dialog box is displayed. The following fields are displayed in the New Scope dialog box: • Scope: The name of the scope (unique). • Available Devices: A list of all of the available devices. • Active Devices: A list of all of the active devices defined for the scope.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 10.3.1 Editing a Scope and Viewing a Scope Properties Sheer DNA Manage enables the administrator to edit the details of a scope and to view the scope’s properties. To edit a scope or view scope properties 1. Select the Scopes branch in the Sheer DNA Manage window’s Tree pane. The Scopes table is displayed in the Workspace. 2. Select the scope that you want to edit or view in the Workspace. 3.
Managing Sheer DNA Security To delete a scope 1. Select the Scopes branch in the Sheer DNA Manage window’s Tree pane. The Scopes table is displayed in the Workspace. 2. Select the scope that you want to delete in the Workspace. Note: Multiple rows can be selected using the standard Microsoft® Windows selection keys. 3. 10.4 Right-click the required scope to display the shortcut menu, and select Delete. The scope is deleted and is not displayed in the Workspace.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 To define a user account 1. Select the Users branch in the Sheer DNA Manage window. The Users branch is displayed. 2. Right-click to display the menu and select New User or from File menu select New User or in the toolbar click New User. The New User dialog box is displayed. Note: Clicking Page 144 displays the current password rules. Cisco Systems, Inc.
Managing Sheer DNA Security The following fields are displayed in the New User dialog box: • User Name: The new user’s name used for logging in (mandatory). Note: The user name is unique and a maximum of 20 characters may be used. Special characters may not be used. • Full Name: The full name of the user (optional). Note: A maximum of 20 characters may be used, but no special characters may be used. • • Description: A free text description of the user (optional).
Cisco Active Network Abstraction Administrator’s Guide, 3.5 10.5 3. Enter a unique User Name (mandatory). 4. Enter a Full Name and Description (optional). 5. Enter a Password (mandatory). 6. Enter the password again in the Confirm Password field (mandatory). 7. Select a security access role for the new user from the Role dropdown list. 8. Click Create. The new user name and default security access role are displayed in the Workspace.
Managing Sheer DNA Security 3. From the shortcut menu, select Properties. The Properties dialog box is displayed with the General tab selected by default. The General tab contains general user account information and the following fields are displayed: • User Name: The current user’s name. The user name cannot be modified. • Last Login: The date and time that the user last logged in. • Full Name: The full user name. • Description: A description of the user.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 • • • 4. Limit Connections to: The number of instances of the Sheer DNA Client applications that the user can access at any one time. For example, if the number of connections is limited to 10, the user can have 5 instances of Sheer DNA Manage and 5 instances of Sheer NetworkVision open at the same time. If the user then tries to open an instance of Sheer EventVision the user will be unable to do so.
Managing Sheer DNA Security 3. Select the Security tab. The following tab is displayed. The Security tab controls the user’s capability to view and manage the application, and Network Elements by granting the user scopes and security access roles. By default a new user is assigned a Viewer security access role. The following columns are displayed in the table in the Security tab of the Properties dialog box: • Scope Name: The name of the scope.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 4. Click Add to add the scope to the Active Rights of the user. The Security Level dialog box is displayed. The following area is displayed in the Security Level dialog box: • Available Scopes: Lists all of the predefined and unassigned scopes. The following dropdown list is displayed in the Security Level dialog box: • Page 150 Security Level: Displays the security access roles for the defined scopes.
Managing Sheer DNA Security 10.5.3 Map User Permissions Sheer DNA Manage enables the administrator to assign a map(s) to the user. When the user logs in to Sheer NetworkVision, the user can only open and manage the map(s) assigned to the user by the administrator. To assign maps to a user 1. Select the Users branch in the Sheer DNA Manage window’s Tree pane. The DNA Users table is displayed in the Workspace. 2. Right-click the required user to display the shortcut menu, and select Properties.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 The following buttons are displayed between the available maps and assigned maps lists in the Map tab: Moves the selected map to the Assigned Maps list. Move the entire available map list to the Assigned Maps list. Removes a selected map from the assigned map list to the Available Map list. Removes the entire assigned map list to the Available Map list. 4.
Managing Sheer DNA Security In addition, the current user can also initiate a change of password, where the user will be required to enter the old password in order to validate the new password. To change a user’s password (administrator) 1. Select the Users branch in the Sheer DNA Manage window’s Tree pane. The Users table is displayed in the Workspace. 2. Select the user in the Workspace whose password you want to change. 3.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Page 154 3. Enter the new password in the New Password and Confirm Password fields. 4. Click OK. A confirmation message is displayed. 5. Click OK. The Change User Password dialog box is closed. Cisco Systems, Inc.
Utility Scripts A Utility Scripts About this appendix: This appendix describes the Sheer DNA utility scripts. Restarting Sheer DNA Gateway, below, describes how to restart the Sheer DNA Gateway from the Unix command line. Restarting a Sheer DNA Unit, page 155, describes how to restart a Sheer DNA Unit from the Unix command line. Executing a Command on all Sheer DNA Units, page 156, describes the script used to execute a given command on all of the Sheer DNA Units. A.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Restarting a machine may cause some of the VNEs running on the machine to be reported as unreachable. This is due to handshake protocols with the Sheer DNA Unit that will fail due to the unavailability of the VNEs. Restarting a machine will abort all active queries, flows and transactions that are currently being executed within the VNEs that run on the restarted Sheer DNA Unit. To restart a Sheer DNA Unit 1.
Golden Source Registry B Golden Source Registry About this appendix: This appendix provides details of the Golden Source Registry. The Golden Source registry is the master registry responsible for maintaining, distributing, and updating registry configuration files to all of the Sheer DNA Units and the Sheer DNA Gateway server. The master copy of the Golden source files is centrally located on the Sheer DNA Gateway server: ~sheer/Main/registry/ConfigurationFiles • /0.0.0.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 The screen below displays the registry files for each Sheer DNA server and the Golden Source hives. The Golden Source mechanism enables consistent management of the entire system. Each Sheer DNA Unit and Sheer DNA Gateway has its own set of registry configuration files and parameters. The registry files are replicated automatically during the installation of the Sheer DNA Unit and Sheer DNA Gateway.
Ports Used by Sheer DNA C Ports Used by Sheer DNA About this appendix: This appendix provides a list of the ports used by the various Sheer DNA Server and Client applications.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Page 160 Cisco Systems, Inc.
Drools Rules Engine D Drools Rules Engine About this appendix: This appendix introduces and describes the Drools rules engine. Drools Rules Engine Overview, below, introduces the Drools rules engine components and terminology. Drools and ANA Integration, page 162, explains how Drools is integrated within Cisco ANA. Drools Definitions in ANA, page 162, describes Drools within ANA. Upgrading Rule Files, page 163, describes the rule upgrade process. D.
Cisco Active Network Abstraction Administrator’s Guide, 3.5 • • D.2 A rule can perform many types of actions, such as: • Add or remove an object from the working memory • Modify an object • Execute a method on one of the objects The Agenda is where Drools stores the list of rules to be fired. Drools and ANA Integration The Drools rule engine enables the user to extend the ANA alarm correlation mechanism with user-defined rules and business logic.
Drools Rules Engine The Drools parameters are stored in the ANA registry file mmvm.xml under the event-management key: • Context ID - the Drools context name • Rule file name – the name of the respective rule file. • D.4 the specified rule (the file name under mmvm.xml). Upgrading Rule Files To upgrade a rule file: 1. Make a copy of the required rule file (pre.drl or post.drl), and edit it. 2. Copy the updated file (under a temporary name) to the ANA Gateway (directory ~sheer/Main/data).
Cisco Active Network Abstraction Administrator’s Guide, 3.5 Page 164 Cisco Systems, Inc.
