Dell EMC OpenManage Network Manager Version 6.5.
Notes and Cautions A NOTE indicates important information that helps you make better use of your computer. A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. ____________________ © 2018 Dell Inc. Trademarks used in this text: Dell EMC™, the DELL EMC logo, PowerEdge™, PowerVault™, PowerConnect™, OpenManage™, EqualLogic™, KACE™, FlexAddress™ and Vostro™ are trademarks of Dell Inc.
Contents Preface Why OpenManage Network Manager? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Application Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating an IPv6 Discovery Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Discovering Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Tuning Discovery Ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Discovering Your Network . . . . . . . . . . . . .
Editing Custom Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Audit Trail/Job Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Modifying Job Viewer’s Appearance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Audit Trail Portlet . . . . . . . . . . . . . . . . . . .
Understanding Hierarchical View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Hierarchies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Up Google Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Up Nokia Maps . . . . . . . . . . . . . . . . . . .
Performance Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 Performance Monitoring Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360 Understanding Performance Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Application Server Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Compliance Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491 Compliance Policy Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 Using Change Management and Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496 Configuring Compliance Policy Groups . . . . . . . . . . . . . . . . . .
Adaptive CLI Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563 Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565 Scripts . . . . . . . .
Constraining Data Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664 Manage > Domain Access [Resources] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664 Site ID Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664 13 VLAN Visualization . . . . . . . . . . . . . . . . . .
Oracle Database Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 710 Debug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711 WMI Troubleshooting Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 715 WMI and Operating Systems . . . . . . . . . . .
16 Localization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753 Localization Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 754 Language and Dictionary Portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755 Adding the Language Portlet . . . . . . . . . . . . . . . . . . .
Managing Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 881 Maintaining Network Service Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 881 Importing a Network Service Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 891 Maintaining VNF Descriptors . . . . . . . . . . . . . . . . . . . . . . . . .
Client to Mediation Server (Direct Access, or Cut Thru) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1032 Email Network Element Config Differences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1033 JBoss Management Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1033 Ports and Application To Exclude from Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preface The Dell EMC OpenManage Network Manager (OMNM) application offers automated, consolidated configuration and control of your converged infrastructure resources, including servers, storage and network devices. You can customize OMNM, and unify multiple systems for a single view of infrastructure assets, monitoring, compliance auditing, troubleshooting.
• Database Serverstores and retrieves information about managed devices. The installation wizard displays these options because you can install each of them to separate servers. Single-server installations are possible. However, to manage larger networks and provide failover High Availability (HA) installations, distributed and redundant installations are also available.
Key Features The following are some key features of OpenManage Network Manager: Feature Description Customizable and Flexible Web Portal You can customize the web portal, even providing custom designed views of your data assigned to individual users. You can even create web portal accounts for departments, geographic areas, or other criteria. Automate and Schedule Device Discovery Device discovery populates OpenManage Network Manager’s database and begins network analysis.
In screens like Connected Devices on page 191 you can examine each section of device information and right-click components to see further applicable actions. For example, right-click to Show Performance, and edit and/or save that view of performance as another Performance Dashboard. Performance can also appear in portlets that Show Top Talkers (the busiest devices) or Show Key Metrics.
Online Help/Filter Access general online help by clicking Help from the OpenManage Network Manager portal header. Help appropriate to each portlet appears when you click the help tool (question mark) on the portlet title bar. By default, this opens a separate browser window, which is not necessarily always in front of the screen that calls it. Because it is separate, you can arrange the display so the help screen does not conceal the portlet it describes.
OMNM 6.5.
1 Getting Started The section outlines the steps in a typical OpenManage Network Manager (OMNM) installation. Because the software described here is both flexible and powerful, this section does not exhaustively describe all the details of available installations. Instead, references are made to those descriptions elsewhere in this guide, the OpenManage Network Manager Installation Guide, or online help. This guide assumes that the OMNM product is installed and operational.
OMNM Administrative Tools | Getting Started OMNM Administrative Tools In addition to the OpenManage Network Manager (OMNM) Control Panel on page 22, this section describes the following portlets, editors, and windows used by a system administrator or anyone else responsible for the tasks described in this section: • • • • • Aging Policies Editor Quick Navigation Portlet Network Tools License Viewer Window Common Setup Tasks Portlet Control Panel Use the Control panel to configure access to the OpenManage
OMNM Administrative Tools | Getting Started Administrator To configure information for your login, look for the bar titled with your account login’s name. It has the following lines beneath it: My Account— This configures your information as a user, including your e-mail address, password, and so on. Contacts Center—This configures contacts, in other words, people within your system that you are following.
OMNM Administrative Tools | Getting Started Users perform tasks using the portal. Administrators can create new users or deactivate existing users. You can organize users in a hierarchy of organizations and delegate administrative rights. After creating them, add Users to roles which configure their permissions for access and action with the Actions menu to the right of a listed user, or during user creation.
OMNM Administrative Tools | Getting Started Admin users on the OpenManage Network Manager pages, or for users who have the portlet on their Public or Private pages (which makes them the owner of that instance). Without OpenManage Network Manager portlets, URLs for pages labeled public are accessible even to users who do not log in. Some portlets provide extra settings—for example Alarms portlet’s charting options, or the Top N portlets number of Top Items. These persist too.
OMNM Administrative Tools | Getting Started Portal > Password Policies This panel lets you configure password policies for your installation. It includes options that configure whether and when change to passwords must occur, syntax checking, history, expiration, and lockout policies for failed logins. NOTE: For users of Multitenant sites, logins require the prepended site prefix. For example, an admin user in customer site with prefix BP, logs in as BP-admin.
OMNM Administrative Tools | Getting Started Monitoring—Lets you see details like accessed URLs, number of hits, and so on, for live sessions on the portal. Click a session to see its details. This is usually turned off in production for performance reasons. Plugins Configuration— Configure access to portlets and features like themes, layouts and so on. By default, only administrators can add portlets/plugins to their pages.
OMNM Administrative Tools | Getting Started Click the Actions Edit button to see and configure its permissions. Notice that you have the option to view Assigned or All permissions or search for the permission you want to locate. Click Actions Edit button to modify the type of permissions available. The following describes the actions of the permissions, when selected: 28 Action Default Behavior read Enables Details, Topology and View as PDF write Enables the Edit, Save, and Import/Export.
OMNM Administrative Tools | Getting Started The Advanced button lets you configure each functional permissions by type. For example, expand the Read list to specify READ permissions to all or selected functions. When you hover the cursor over a functional permission, tooltips provide a description. NOTE: If you upgrade your installation and new permissions are available, edit the Administrator Role, and notice an enabled Add button indicates new permissions are available.
OMNM Administrative Tools | Getting Started To view and manage such policies, right-click an item with them (for example, an alarm), or click Manage > Control Panel, and under Redcell click Database Aging Policies. Policies appear in the Aging Policies tab of this screen, with columns that indicate whether the policy is Enabled, the Policy Name, Details (description), Scheduled Intervals and icons triggering three Actions (Edit, Delete and Execute).
OMNM Administrative Tools | Getting Started Disabled - Controls whether or not this type of audit trail is saved to the database. If disabled is checked, then audit trail entries of this type are not saved. Emit Event - Controls whether or not to emit an event when this type of audit trail is created. This can be useful, for example, if you want to forward audit log entries to a northbound system.
OMNM Administrative Tools | Getting Started In addition to automatically detecting mediation servers, you can click Add Server to configure additional mediation servers. When creating a new server, enter a Name, Description and IP Address. You can also Create Partition (or select from Existing Partitions), choosing a Name, Description, Routable Domain, and Routing Entries (click the ‘+’ to add your entries to the list).
OMNM Administrative Tools | Getting Started Redcell > Filter Management This screen, accessible from Go to > Control Panel lets you manage the filters in OpenManage Network Manager. Click the Delete icon to the right of a listed filter to remove it from the system. Click the disk icon to export the filter. Clicking the Import button at the top of the screen lets you import previously exported filters.
OMNM Administrative Tools | Getting Started Use this editor to configure filters. Enter a Name and Description, and use the green plus (+) to select an entity type from a subsequent screen. Checking Shared makes the filter available for all users, not just your user. You can add groups of filter criteria (click Add Group) that logical AND (Match All) or OR (Match Any) with each other. Click Clear Conditions to remove criteria.
OMNM Administrative Tools | Getting Started Follow the directions in Setting Up Google Maps on page 255 to set the application to use those maps. User Interface > Job Viewer The Job Viewer panel lets you select the following options and set the popup width: Show Job Viewer—Checking this displays the job viewer after Execution (most cases). Leaving it unchecked does not display it, although you can still view jobs with My Alerts in the lower left portion of the screen.
OMNM Administrative Tools | Getting Started The Equipment Display setting controls how equipment labels are shown in the performance dashboards. The default is to display the IP address. You can also have it display the device name. The Port/Interface Display setting lets you select between showing the Port/Interface Name of the Port/Interface description. Server This panel lets you override the system defaults for web client time-outs.
OMNM Administrative Tools | Getting Started Aging Policies Editor When you click Add Policy, a selector appears where select the kind of policy you want to create and the then the editor appears. If you click the Edit icon to the right of a listed policy, the Aging Policies Editor appears with that policy’s information already filled out, ready to modify.
OMNM Administrative Tools | Getting Started DAP SubPolicies Some Options tabs include sub-policies for individual attribute retention. Click Add SubPolicy or click the Edit button to the right of listed policies to access the editor. The fields vary depending on the policy selected. Editing Tips Archiving options that appear in the Aging Policies Editor vary, based on type of policy selected.
OMNM Administrative Tools | Getting Started Aging Policies Options The Options tab in this editor can vary, depending on the type of policy. Fields can include the following: Keep [Aged Item] for this many days—The number of days to keep the aged item before archiving it. Archive [Aged Item]— Check this to activated archiving according to this policy. Sub-Policies Some types of Database Aging Policies can have sub-policies that further refine the aging for their type of contents.
OMNM Administrative Tools | Getting Started Repositories When you select a repository in the Aging Policies Editor, the available policies come from what is configured in this tab of the editor. Available repositories appear listed in the initial screen. Like the Aging Policies Editor, you can click Add Repository to create a new repository, and Edit or Delete selected, listed policies with the icons in the Action column.
OMNM Administrative Tools | Getting Started OpenManage Network Manager automatically writes to any configured failover repository if the primary repository is full or not writable. NOTE: To view any archived DAP file, use dapviewer. Type oware in a command shell, then, after pressing [Enter], type dapviewer to use this utility. Quick Navigation Portlet By default, the Quick Navigation portlet is available from the Home page. Admin users and Power users can see all tasks listed.
OMNM Administrative Tools | Getting Started Network Tools The Network Tools portlet lets you invoke a variety of existing functions on a device without having the device currently discovered. It typically appears listed as an available Application to install as a portlet. Before you can use the tools, you must enter an IP address in the appropriate field.
OMNM Administrative Tools | Getting Started MIB Browser Tool The first button displays the MIB browser with default SNMP settings. You can Edit the settings to match the device’s SNMP community settings and then save them. The next time Network Tools invokes the MIB browser, it defaults to your previous settings. Once you are done editing the SNMP settings, click Save. Click the Browse tab to look through available MIBs as you would ordinarily do in MIB browser.
OMNM Administrative Tools | Getting Started Direct Access - SSH/SSH V2 Direct Access for SSH or SSH V2 first prompts for a user name and password. The Use LF instead of CR LF checkbox suppresses carriage returns when you click Enter key. This is necessary for some devices (for example: some Dell Power Connect devices). Once you log in, OpenManage Network Manager attempts to connect with SSH or SSH V2 using the user id and password provided.
OMNM Administrative Tools | Getting Started You might also have to add the OMNM server IP Address to the Java Security Exception Site list. OMNM 6.5.
OMNM Administrative Tools | Getting Started License Viewer Window Use the License Viewer window to examine the licenses for your system’s capabilities, monitor license expirations, and register a license. Access the License Viewer window by clicking the License Management button from the Settings > Application Configuration Settings portlet.
OMNM Administrative Tools | Getting Started When this event occurs, the portal status bar color changes and displays the following message, which includes the number of days until license expiration: Your Application Server license will expire in 30 days causing the system to shutdown in red status banner. Click the message and the License Viewer, Subscription Renewal panel opens, where you can start the license renewal process.
OMNM Administrative Tools | Getting Started Subscription Info Use the Subscription Info panel to view upcoming changes to managed resources and Traffic Flow Analyzer (TFA) exporters licensed resource counts. Initially the Subscription Info panel is displayed when you access the License Viewer window. Otherwise, access this panel by clicking the Subscription Info tab from the License Viewer window. The Subscription Info panel provides the following information.
OMNM Administrative Tools | Getting Started Column/Field Description Active License Subscriptions Information related to the current licensed count for: • Traffic Flow Analyzer (TFA): • Licensed TFA Exporter Count shows the current limit amount of managed resources allowed to be registered as TFA exporters. • Currently Registered shows the current number of managed resources registered as TFA exporters.
OMNM Administrative Tools | Getting Started The Product panel provides the following license information. Column/Field Description Subscription Licenses The option to show only subscription licenses related to the Subscription Renewal panel (Managed Resources and TFA). All Licenses The option to show all registered licenses including subscription licenses. Show/Hide Expired The option to show or hide expired licenses(subscription licenses and all licenses).
OMNM Administrative Tools | Getting Started The Subscription Renewal panel includes the following fields and options. Fields/Options Description Name The user requesting to purchase or renew a subscription. Company The company the requestor works for. Phone Number The phone number in which to contact the requestor. Email The email address in which to contact the requestor. Subscription Request The license option you are requisition.
OMNM Administrative Tools | Getting Started Once you upload a license file, one of the following scenarios occur: • • • License is not valid and a message displaying why the license is not valid and the Cancel button displays below license details. License is valid and the Register and Cancel buttons are displayed.
OMNM Administrative Tools | Getting Started Fields/Options Description Next Expiration Date The date and time when your license expires. Valid An indicator showing whether the license is valid (checkmark) or not (X). IP Any IP restrictions (asterisk is unrestricted). User The person authorized to use the application. Version The license version (not the software).
OMNM Administrative Tools | Getting Started Common Setup Tasks Portlet By default, the Common Setup Tasks portlet appears on the Home page as part of the Getting Started portlet and the Settings page. If your package does not display this portlet on these pages and you want it there, click Add > Applications and put it there.
OMNM Administrative Tools | Getting Started The Apply button accepts your edits. The Test button tries your edits. The Cancel button abandons your edits and returns to the OMNM application. The SMTP Configuration window contains the following fields and options. Field/Option Description SMTP Server Host The IP address or hostname of your SMTP server. SMTP Server Port The port for your SMTP server.
OMNM Administrative Tools | Getting Started File Servers The file servers provide FTP connections for retrieving and deploying devices’ configuration files, and for deploying firmware updates to devices on your network. See Configuration Management for a description of the portlet that manages file servers. If you want to configure servers from the Common Setup Tasks portlet, a slightly different screen appears when you click Edit. This displays configured file servers.
General Information | Getting Started General Information The following topics provide some general information you may need to know: • • • • Web Portal/Multitasking Cookies and Sessions Web Clients Network Basics Web Portal/Multitasking You can open multiple tabs to different managers in the OpenManage Network Manager system. In most cases this does not cause any issues for read–only data browsing. However, best practice is not opening multiple tabs when creating, editing or deleting.
General Information | Getting Started NOTE: Apple products are mostly OpenManage Network Manager-friendly. Android is only partly supported. CAUTION: If your application server and client are on different machines, make sure that they have the same time settings. Network Basics The OpenManage Network Manager (OMNM) application communicates with devices over a network. You must be connected to a network for the Application server to start successfully.
General Information | Getting Started Consider Description Fixed IP Address The OMNM application includes a Web server and must be installed on a host with a fixed IP address. For demonstration purposes, you can rely on dynamic IP address assignment (DHCP) with a long lease. However, this is not recommended for production installations.
Starting/Stopping OMNM | Getting Started Starting/Stopping OMNM The OpenManage Network Manager (OMNM) Application server processes network information for Web-based clients. The Application server monitors devices, and produces the output for the Web server and then makes it available for the Web clients. When you install or upgrade the OMNM application, the installer automatically stops the servers before installation and starts them after installation.
Starting/Stopping OMNM | Getting Started Windows Start Menu Program Shortcut Windows Command Line Linux Command Line Synergy Web Service Manager http://[application server host IP]:8080 http://[application server host IP]:8080 Starting Web Client Open the Web client user interface from your browser. Refer to the OpenManage Network Manager Installation Guide for supported browsers and versions.
Setting Up Secure Connections (SSL & HTTPS) | Getting Started Setting Up Secure Connections (SSL & HTTPS) The following describes how to turn on SSL support within OpenManage Network Manager on single-server installations. Configure Clustered installations with a Load Balancer with SSL Offloading. SSL Offloading takes advantage of hardware which has been designed to deal with quick encryption and decryption of SSL.
Setting Up Secure Connections (SSL & HTTPS) | Getting Started This password must be identical to the one entered in the previous steps. 10 When asked the other questions such as Country Code, Organization you can enter any data you wish. When asked for the Common Name (FQN) you must enter the hostname or IP address of the server. 11 OpenSSL generates the tomcat.pem in the directory you were in from the previous steps. 12 Exit OpenSSL by typing exit 13 Two new files appear within the //..
Setting Up Secure Connections (SSL & HTTPS) | Getting Started If you used a different pass phrase than the default (changeit) then you can set it for the SSL_PASSWORD property here. 5 Save the file. 6 Enter the command: "service synergy start" to restart the OMNM service. You are now ready for a secure, SSL connection to OpenManage Network Manager.
Managing Users and Permissions | Getting Started Managing Users and Permissions Manage users and permissions by performing the following tasks: • • • • Adding Users and Connecting them to Roles Adding and Configuring User Roles/Permissions Adding LDAP Users Creating an LDAP Admin User Adding Users and Connecting them to Roles When you add a new user, that user may not appear immediately. You can speed up the user’s appearance by using control panel’s Server > Server Administration Resource panel.
Managing Users and Permissions | Getting Started you impersonate your user, and Go To > Control Panel, without User and Power User roles assigned, the impersonated user can only see My Account and Sites. NOTE: You can Export Users to a comma-separated value (CSV) file. Once you have configured a user, you can click Action and to do the following: Edit—Re-configure the selected user. Select the user’s Role in the editor, too. Roles configure access and action permissions.
Managing Users and Permissions | Getting Started Organizations Create Organizations just as you would create Users. You can create a Regular or Location type of organization. You can do this only if your package includes the MSP option, so this capability is not available to all users. NOTE: You must first create a Regular organization to be the parent for a Location. Also: These organizations are useful to organize users.
Managing Users and Permissions | Getting Started If you have eliminated all permissions from a role by removing the Default User Roles — Power User, an intervening screens lets you copy another Role’s permissions so you do not have to enter all permissions from scratch. NOTE: Defining a base role’s permissions can provide the start for non-base role’s permissions if you use this screen to copy them, then edit them later for the difference between the base role and non-base role.
Managing Users and Permissions | Getting Started The Editing Role window is displayed. NOTE: The Show Assigned/Show All options to filter what displays in the list. 10 Click Advanced to see available permissions organized by Read, Write, Execute, Add or Delete actions. 11 Select the appropriate permissions for each category. 12 Apply your changes. 13 Click the action’s Edit button to modify permissions type. The Editing Permissions window is displayed.
Managing Users and Permissions | Getting Started Adding Individual Permissions The Redcell > Permission Manager options are more convenient to do this in bulk, but to add individual permissions, click Portal > Roles > Actions > Define Permissions for the appropriate role, and then select the specific resource set.
Managing Users and Permissions | Getting Started Adding LDAP Users You can integrate LDAP with your OpenManage Network Manager installation in the Portal Settings > LDAP tabs. LDAP-added users cannot log into OpenManage Network Manager’s Java Client, and can only use the web portal. CAUTION: Before enabling an LDAP server in the Portal, you must create and assign one user from the LDAP server as the Portal administrator. You cannot access the Control Panel without a user with the administrator role.
Managing Users and Permissions | Getting Started Creating an LDAP Admin User All users imported from an LDAP server default to the Poweruser role. The default OpenManage Network Manager (login/password: admin/admin) cannot log into Synergy once you enable authentication through LDAP. Therefore, you must manually assign one of the users from the LDAP server as the Portal administrator.
Implementing DAP | Getting Started Implementing DAP Database Aging Policies (DAP) prevent the OpenManage Network Manager database from filling up by filling up by deleting old records. You can also save designated contents to an archive file on a specified cycle. Database Aging Policies configure which contents to archive, the archive location, and the configuration of that archive file.
Opening an Archive in dapviewer | Getting Started Opening an Archive in dapviewer 1 First, make sure you have an archived file. One way to do this is to edit the Events DAP, make sure the archived events go to a directory you can access later, and retain them for zero days. 2 Manually run the Events DAP 3 Open a command shell. Type oware in Windows, or . ./etc/.dsienv in Linux. 4 Type dapviewer. 5 Select the file with the ellipsis (...).
Backing Up the Database | Getting Started Backing Up the Database To back up your database, open a command shell (Start > Run cmd, in Windows), and then type the following at the prompt replacing USERNAME and owbusdb. By default, the database is owbusdb, user name is root and password is dorado. mysqldump -a -u USERNAME --password=[name] owbusdb > FILENAME.mysql For example: mysqldump -a -u oware --password=dorado owmetadb > owmetadb.
Restoring Databases | Getting Started Restoring Databases Restoring from FILENAME.mysql is a three step process. This occurs, again, in a command shell: 1 Drop the database: mysqladmin -u USERNAME -p drop owbusdb or mysqladmin -u USERNAME --password=[password] drop owbusdb 2 Recreate the database mysqladmin -u USERNAME -p create owbusdb or mysqladmin -u USERNAME --password=[password] create owbusdb 3 Import the backup data mysql -u USERNAME -p owbusdb < FILENAME.
Setting Up Authentication | Getting Started Setting Up Authentication Here are some authentication setup tasks: • • • Integrating LDAP Configuring a CAS Server with RADIUS Setting Up Radius Authentication Integrating LDAP You can integrate LDAP with your OpenManage Network Manager installation in the Control Panel > Portal Settings > Authentication > LDAP CAUTION: Before enabling LDAP server in Portal, you must create and assign one user from LDAP server as Portal administrator.
Setting Up Authentication | Getting Started 8 Remove the default PowerUser role (optional), and add the administrator role for the user, then click Save. Now you can enter LDAP server information. Be patient, your changes may take a moment to take effect. Step2: Add an LDAP server In the LDAP tab of the Authentication screen, check the Enabled checkbox, then click Add under LDAP Servers and fill in that screen as appropriate.
Setting Up Authentication | Getting Started In the Portal Settings > Authentication > LDAP tab Step 3: Turn off default 'admin' user's local authentication. (Optional) By default, user 'admin' able to login with local authentication even when 'LDAP' required was selected. To prevent user 'admin' to use local authentication, edit the file .../oware/synergy/conf/serveroverrides.properties and add the following line: auth.pipeline.enable.liferay.check=false NOTE: user will need to rename server-overrides.
Setting Up Authentication | Getting Started LDAP and Multitenancy FAQs The following are answers to some of the frequently asked questions about LDAP, particularly related to multitenancy (see the User Guide for more about Multitenancy). Disabling logins after a preset number of failed attempts—OpenManage Network Manager supports this for both local and LDAP users. Reporting login attempts— Supported from report: User Login Report/Last 30 Days. All users log in with LDAP—This is supported.
Setting Up Authentication | Getting Started The example we tested uses two devices running Tomcat 7.x and Java 6 on one device (DeviceA) and OpenManage Network Manager on the second device (DeviceB). You must access DeviceA using its fully qualified hostname (example: QA002.test.loc, not QA002). You must create casweb.war for OpenManage Network Manager’s CAS server to support this. Instructions about how to do this are on the CAS open source site at wiki.jasig.
Setting Up Authentication | Getting Started keystorePass="changeit" truststoreFile="C:\Program Files\Java\jdk1.6.0_26\jre\lib\security\cacerts" /> 4 In same file comment out 5 Restart tomcat 6 Copy the casserver.crt file that was created during keytool -export from deviceA to deviceB Do the following configuration on deviceB 7 Import the certificate: /cygdrive/c/[path]/oware3rd/jdk1.6.
Setting Up Authentication | Getting Started 18 Change the server URL to https://deviceB_IPAddress:8443/cas_web 19 Click the Test CAS Configuration button. 20 If the test passes, click Save 21 To use RADIUS with OpenManage Network Manager create users (no password) that already exist on the RADIUS server in the Portal > Users and Organizations portion of the Control Panel. 22 Logout from OpenManage Network Manager. 23 in a web browser go to the URL of your OpenManage Network Manager:8080.
Setting Up Authentication | Getting Started 3 Edit the server-overrides.properties file if you only want to authenticate against the radius server. a. Navigate to the installDir/oware/synergy/conf/server-overrides.properties.sample file. b. Rename the server-overrides.properties.sample file to server-overrides.properties. c. Open the server-overrides.properties file with a text editor. d. Add the following line: auth.pipeline.enable.liferay.
Configuring Pages and User Access | Getting Started Configuring Pages and User Access This section describes adding pages to your OpenManage Network Manager (OMNM) installation, and configuring role-based user views. This is a way to manage user access to the OMNM features in a more complex environment.
Configuring Pages and User Access | Getting Started 7 Optionally remove the default PowerUser role, add the appropriate new role for the user with the +Select link, and then click Save. You can optionally fill out other details later. (You may want to do this step after configuring roles. See Adding and Configuring User Roles/Permissions on page 67.) 8 Select Redcell > Permission Manager. 9 Remove any permissions from the User role you do not want the user to have.
Configuring Pages and User Access | Getting Started 4 Select a page where you want to restrict access. 5 Click the Permissions button. 6 Deselect the View permission for Guest and Community members. 7 Make sure Owner and PowerUser can still view the page. 8 Now select View for any other roles you want to give access. 9 Click Save. 10 Verify that the user cannot see restricted pages by logging out and then logging in as the new user.
Configuring Pages and User Access | Getting Started 4 Make sure Owner and PowerUser still have View permissions. 5 Select View for the relevant roles (for example, Silver Group). 6 Click Save. 7 Verify your configuration by logging out and then log in as Guest or another community member. Setting Resource-Level Permissions The resource-level permissions provide a user/group/role/organization access to a defined resource. Configure resource-level permissions as follows.
Configuring Pages and User Access | Getting Started 3 Set up a page for Device Level View. a. Add a Hierarchical View portlet to the page of interest with portlets for which you want to restrict access. Currently the Hierarchical View is enabled for the Managed Resources, Alarms, Ports, and Audit Trails portlets. b. Log out as admin and then log back in as a user with Gold Customer permissions. c. Confirm your permission configuration is operating on this page.
Registering a License | Getting Started Registering a License When it is time to register a license, you have the option to register the license using the OpenManage Network Manager (OMNM) application or using a command line interface. Using the OMNM Application Register a license from the OMNM application as follows. 1 Select Settings > Application Configuration Settings > License Management. The License Viewer is displayed. 2 Click the Register License tab. A blank license list is displayed.
Registering a License | Getting Started 6 Click one of the following registration types: • Activate the license immediately to increase licensed resource count • Activate the license on dateTime UTC year to extend the subscription duration See Register License on page 51 if you need more details about these options. The license is registered. 7 Verify that the license was activated. a. Click the Products tab. b. Select the Oware product. c. Look at the ACTIVATION DATE.
Registering a License | Getting Started Registering a License from Windows CLI 1 Start the command line tool. 2 Enter oware. 3 Navigate to the licenseFilename.xml file. 4 Enter the following command: licenseimporter licenseFilename.xml If you want to specify an activation date, enter the following command using the activation option (-aYYYY-MM-DD): licenseimporter -aYYYY-MM-DD licenseFilename.xml Registering a License from Linux CLI 1 Start the command line tool. 2 Enter . /etc/.
Creating an IPv6 Discovery Profile | Getting Started Creating an IPv6 Discovery Profile The OpenManage Network Manager (OMNM) system functions independently of the underlying IP protocol communication, so you can expect the OMNM application behavior to be the same regardless of whether resource management is through IPv4 or IPv6.
Creating an IPv6 Discovery Profile | Getting Started Create an IPv6 discovery profile as follows. 1 Create and name a Discovery Profile (see Discovering Your Network on page 97 for a more complete description). 2 Enter the IPv6 address in the second screen of a discovery profile in the editor. Notice that an address like de80::4564:3344:1a10:f37 becomes de80:0:0:04564:3344:1a10:f37, inserting zeros, when you tab off the address field.
Creating an IPv6 Discovery Profile | Getting Started ...and in Details panels ...and in Reports... ...and view topologies ...and Performance Dashboards OMNM 6.5.
Discovering Resources | Getting Started Discovering Resources Discovery profiles configure equipment discovery for OpenManage Network Manager. The summary view displays the Name, Description, Default (the green check indicates the default profile), whether the profile is Scheduled and Next Execution Date for scheduled discovery. The Expanded portlet adds a Reference Tree snap panel that displays a tree of associations between selected profiles and authentication and tasks that they execute.
Discovering Resources | Getting Started Add these to the owareapps/installprops/lib/installed.properties file with the values you want preceded by an equal sign (=). Discovering Your Network The following steps describe how to discover devices on your network. You can also edit any seeded authentications and discovery profiles to see what they look like. 1 Right-click the Discovery Profiles list and select New.
Discovering Resources | Getting Started You can exclude IP addresses, or ranges of IP addresses if you check the Display exclusion input checkbox and input the addresses you want excluded as you did for those you entered in the Address(es) for Discovery field. Such exclusions only apply to the profile where you enter them. To exclude an address or range, use the com.dorado.redcell.discovery.exclude property. Examples of how to enter such exclusions appear in the redcell.properties file under owareapps\redce
Discovering Resources | Getting Started You can change this default by changing the settings in the /owareapps/redcell/lib/ redcell.properties file’s redcell.discovery.taskactivity.order property. See also Refresh Monitor Targets for Newly Discovered Devices on page 420. Inspection 8 Inspect Network using your current settings—This screen lets you preview the discovery profile’s actions and access to devices.
Discovering Resources | Getting Started LLDP Warnings Warning messages sometimes appear in the Discovery Audit Trail about LLDP. This occurs when the device's LLDP information indicates that a component exists with LLDP enabled at a certain IfIndex, but that IfIndex doesn't actually exist in the IfTable. In other words, the information in the two SNMP tables does not match perfectly, OpenManage Network Manager warns about the IfIndexes that are missing.
Discovering Resources | Getting Started If you have selected Manage by Hostname in your discovery profile, then resync will also retrieve any IP address changes, for example in a network with DHCP.
Discovering Resources | Getting Started 9 This discovery profile was created with placeholders for the authentication credentials, as seen in the “Select Authentication” list. You will need to remove these entries from the list and create new entries that match the authentication credentials that the device is configured with. 10 Save the discovery profile.
Resetting a Password | Getting Started Resetting a Password You can reset a user's password two ways. One is to login as admin and change the user's password in Portal Settings > Users and Organizations. For additional information please refer to Portal > Users and Organizations on page 23. For the second method, users themselves can request an email be sent to them with instructions to set a new password. Follow the steps below. 1 Login fails.
Deploying Add-On Capabilities | Getting Started Deploying Add-On Capabilities OpenManage Network Manager (OMNM) add-on capabilities come in the following forms: • • • Deploy Updates Extensions .ocp and .ddp files These add-on capabilities do not require a complete re-installation of the application. If you are upgrading to an entirely new OMNM package, refer to the OpenManage Network Manager Installation Guide for the upgrading from a previous version instructions.
Using Device Drivers | Getting Started Using Device Drivers For complete communication with devices, the OpenManage Network Manager (OMNM) application requires a device driver. For example, to communicate with Dell EMC devices, you must have a Dell EMC driver installed. That does not mean you cannot discover and communicate with other vendors’ devices without a driver installed. See .ocp and .ddp files on page 104 for driver installation instructions.
Using Device Drivers | Getting Started Functionality Description MIBs The OMNM application can import MIBs for use within MIB Browser and performance monitoring so you can query device-specific OID values on discovered device. Hierarchies Depending on the licensing, device and or contained sub-components are selectable and manageable in filters and portlets like Hierarchical View.
Using Device Drivers | Getting Started See License Viewer Window on page 46 for more about licenses. Configuring the Firewall Configure the firewall between your server and the Internet as follows. 1 Deny all incoming traffic from the Internet to your server. 2 Permit incoming traffic from all clients to TCP port 135 (and UDP port 135, if necessary) on your server. 3 Open Port 445 (WMI).
Using Device Drivers | Getting Started WBEM Prerequisites The following are common prerequisites: Credentials— WBEM credentials have a role in discovering the device. Your system must have access to the computer using Administrative only credentials. These are the same credentials as the user installing WBEM on the device. Telnet/SSH credentials are necessary for other supported applications. For full functionality, this WBEM device driver requires administrative (root) access.
Using Device Drivers | Getting Started VMWare ESX and KVM Controller Support Basic support for management of VMWare ESX and KVM Controller devices has been added. The controllers are discovered/managed via WBEM protocol and require WBEM and SSH authentication protocol at discovery time. VMs will appear in the controller's reference tree, but can also be discovered standalone.
Using Device Drivers | Getting Started • • Resume Reboot NOTE: In order for some actions to function, the target hosted VM must be configured correctly. For VMWare ESX devices, please see: https://www.vmware.com/support/developer/vcli/ and ensure that the vSphere CLI tools are installed on the target guest VM. For KVM devices, please see: http://virt-tools.org/learning/ start-stop-vm-with-command-line/, and ensure that the target guest VM is configured to respond to ACPI requests. 110 OMNM 6.5.
Optimizing Your System | Getting Started Optimizing Your System To optimize you system, you can perform the following tasks needed: • • • • Overriding Properties Tuning Memory (Heap & Portal) Tuning Application Features’ Performance Impact MySQL Resizing, Starting and Stopping Overriding Properties You can fine-tune various features of the application. Rather than lose those changes if and when you upgrade or patch, best practice is to override changes.
Optimizing Your System | Getting Started Portal Memory Settings To manually change OpenManage Network Manager web portal heap settings, change the setenv.sh (Linux) or setenv.bat (Windows) file: set "PORTAL_PERMGEN=512m" set "PORTAL_MAX_MEM=3072m" set "PORTAL_INIT_MEM=768m" set "PORTAL_32BIT_MAX_MEM=768m" These files are in the Tomcat***/bin directory. After you change their settings, for Linux, restart the portal service to apply new memory settings. In Windows, besides updating setenv.
Optimizing Your System | Getting Started For more about performance settings for monitors, see Understanding Performance Monitoring on page 361. For successful discovery of the resources on your network, OpenManage Network Manager requires authenticated management access to devices.
Optimizing Your System | Getting Started BUFFER POOL AND MEMORY ---------------------Buffer pool hit rate 1000/1000 You may need to modify system settings, increase or decrease application server heap, web server heap, and innodb buffer to fit your needs. This depends on whether you use the webserver heavily. 2. innodb_log_file_size = 256 M to 1024m A larger file improves performance, but setting it too large will increase recovery time in case of a crash or power failure.
Optimizing Your System | Getting Started For example, if you have 16 polled data attributes and 27 calculated attributes, not saving polled data can reduce the table size about 35%. You can further reduce the table size if you only poll/save the relevant calculated attributes in the default SNMP interface monitor.
Optimizing Your System | Getting Started Changing InnoDB Log Files in MySQL To change the Number or Size of InnoDB redo log Files, follow these steps: 1 If innodb_fast_shutdown is 2, set it to 1: mysql> SET GLOBAL innodb_fast_shutdown = 1; 2 After ensuring that innodb_fast_shutdown is not set to 2, stop the MySQL server and make sure that it shuts down without errors (to ensure that there is no information for outstanding transactions in the log).
Maintaining and Repairing Your System | Getting Started Maintaining and Repairing Your System The following describes ongoing tasks that keep your OpenManage Network Manager system functioning without interruptions. Some of these take advantage of pre-seeded features, and others take manual intervention.
Maintaining and Repairing Your System | Getting Started Best practice is to run the getlogs script from a command line. It packages relevant logs in a logs.jar file in the root installation directory, and moves any existing copy of the logs.jar file to oware\temp. The logs.jar file compresses all logs necessary for troubleshooting. Read the jar yourself, or forward this jar to technical support for help in troubleshooting. Searching \oware\jboss-5.1\server\oware\log\server.
Maintaining and Repairing Your System | Getting Started Installation Logs may also accumulate in \logs. Best practice is to review this directory monthly and purge it as needed. Best practice is to retain at least 6 months to a year of log data in this directory. File Cleanup When you turn on CLI trace, this software generates a log file for every CLI transaction and stores them in the oware\temp directory.
Maintaining and Repairing Your System | Getting Started 120 OMNM 6.5.
2 Portal Configuration The following explains how to customize the OpenManage Network Manager (OMNM) portal. Because this portal can be so flexible, and comes from open source features, this is not a comprehensive catalog of all its features. The following discussion covers only those features significant for using the OMNM application. If you already have a good understanding of the portlets and editors, go directly to the tasks you want to perform.
Portal Overview | Portal Configuration Portal Overview This section describes the OpenManage Network Manager (OMNM) portal window, general portlet information, and features that are common for multiple portlets. The portal header has the company logo, OpenManage Network Manager, and its menu options. The userName is an active link to the Manage My Account options, where you can configure your name, job title, image, email and so on.
Portal Overview | Portal Configuration Menu Description Manage Opens the Manage Page window where you alter the page organization or its layout when you select the Page or Page Layout options. From the Manage Page window, you can drag and drop page locations in the tree, and add child pages. See Creating and Rearranging Pages on page 86 for instructions.
Portal Overview | Portal Configuration Status Bar The status bar is at the bottom of the OpenManage Network Manager (OMNM) portal window. It contains the following elements: • • • • • My Alerts Subscription Notification Settings Conferencing Colleagues My Alerts My Alerts opens the MyAlert/Action History window when you click on it.
Portal Overview | Portal Configuration The alarm color reflects the threshold for the number of days remaining before license expiration: • • • 60 days or less: yellow status bar 30 or less days: red status bar 61 or more days status bar does not change colors See License Viewer Window on page 46 form more details.
Portal Overview | Portal Configuration Conferencing also opens a screen that both records text and provides a virtual white board where participants can draw. Hover the cursor over the white board tools at the top to see what they do. Enter text in the lower left corner, and it appears on the left after you click Enter. Conference participants appear with icons and colors keyed to their text in the lowest portion of the screen.
Portal Overview | Portal Configuration Click the upper right corner (-) to close the window. NOTE: You can turn off chat for the application with special branding available through your sales representative, but not for a single user. Chats are stored in the OpenManage Network Manager database, but as blobs, so reading chat history, except the date of chats, is problematic. General Portlet Information Portlets are the elements of any page within the OpenManage Network Manager (OMNM) portal.
Portal Overview | Portal Configuration • Standard tooltips show for most portlet field’s content, which is useful when the field cannot show all its content. Windows and editors have help tooltips when you click the question mark next to a field.or what goes into a field in an editor when you hover over the cell/field. For cells where a question mark appears when you hovering over a listed item, a more detailed tooltip is displayed or a graph (in the Top N portlets) is displayed.
Portal Overview | Portal Configuration Tool Description Displays online help for the selected portlet. Once you access the online help, you also have the option to search the help for other topics. Opens a Settings window, where you filter the results and specify which columns to include and their settings. In some portlets, such as Alarms, this option can configure whether charts or graphs appear. See Modifying Column Settings on page 146 for instructions.
Portal Overview | Portal Configuration Expanded Portlet The expanded portlet lets you display more information, do quick searches, do more advanced filters, or export the list to a PDF document or Excel or CSV formats. You can also see details about a selected row in the Widgets panel. Access the expanded portlet from the summary portlet’s title bar by clicking the expand (+) tool. Return to the summary portlet by clicking Return to previous.
Portal Overview | Portal Configuration Option Description Export Saves the current table to PDF, Excel, or CSV format. Click Export, select the format type, and then click Generate Export. Widgets Displays one or more detail widgets, such as the Reference Tree. You have the option to show or hide the widget details from the title bar. The Reference Tree also expands/collapses tree elements.
Portal Overview | Portal Configuration Field/Option Description Max Items per Page Sets the maximum number of items displayed per page. Valid values are 4 to 100. Current Filter Provides a list of user-defined filters from which to choose. The product ships with a default filter. For performance reasons, this default value is often relatively low. Depending on your permissions, you have the option to create a filter or copy the currently selected filter from which you create a filter.
Portal Overview | Portal Configuration The green icon indicates that you can add the portlet to many pages with each instance displaying different information, such as the Authentication or Hierarchical View Manager portlets. These are referred to as instanceable portlets. Category Application Default Location/Notes Actions Action Group Automation/Actions page Note: Can create only one instance to a community.
Portal Overview | Portal Configuration Category Application Default Location/Notes Hierarchical Views Hierarchical View Alarms/Events > Hierarchical View, Topology > Hierarchical View pages Note: Can create only one instance to a community. Hierarchical View Manager Alarms/Events > Hierarchical View page Map Context Available for use Note: Can create only one instance to a community.
Portal Overview | Portal Configuration Category Application Default Location/Notes Performance Top N Top Bandwidth Received Available for use Top Bandwidth Received (bps) Performance page Top Bandwidth Transmitted Available for use Top Bandwidth Transmitted (bps) Performance page Top CPU Utilization Performance page Top Configuration Backups Available for use Top Disk Utilization Available for use Top Egress Packet Loss Performance page Top Ingress Packet Loss Performance page Top Inp
Portal Overview | Portal Configuration Category Application Portal Applications > Tools Dictionary Reports Resource Management 136 Default Location/Notes Available for use Note: Can create only one instance to a community. Language Available for use Note: Can create only one instance to a community. Network Utilities Available for use Note: Can create only one instance to a community. Password Generator Available for use Note: Can create only one instance to a community.
Portal Overview | Portal Configuration Category Application Default Location/Notes Traffic Flow Analysis Traffic Flow Applications Traffic Flow page Note: Can create only one instance to a community. Traffic Flow Autonomous Traffic Flow page Note: Can create only one instance to a community. Traffic Flow Conversations Traffic Flow page Note: Can create only one instance to a community. Traffic Flow Endpoints Traffic Flow page Note: Can create only one instance to a community.
Portal Overview | Portal Configuration Access this window by selecting the Manage > Page or Manage > Page Layout menu option. Show Versions Use the Show Versions portlet to see which products and versions are installed. This portlet has the following panels: • • • Product Details displays the installed package and modules, as well as their version numbers. Installed Extensions displays any installed presentation layer enhancements.
Portal Overview | Portal Configuration Access this portlet by selecting the Manage > Show Versions menu option. Password Reminder Use the Password Reminder portlet to add another level of security. If set by your administrator, this portlet displays when you sign in to the OpenManage Network Manager portal. You have the option to pick a question from the list or create your own question. OMNM 6.5.
Setting Time Formats | Portal Configuration Setting Time Formats To set the time display in various locations (alarms, schedules, and so on), set the operating system’s time format as you would like. These example steps show how to set the Australian default day, month, year for the Windows 10 operating system. Set Windows time formats as follows. 1 Navigate to the Control Panel. 2 Select Clock, Language and Region. 3 Click Change Date, Time, or number formats.
Defining a Debug File | Portal Configuration Defining a Debug File For more advanced users, any component under owareapps can define a log4j.xml debug file for each component matching the following pattern: owareapps\\server\conf\*log4j.xml Consult these files for categories you want to change, and copy those altered properties to the file you created in the owareapps\installprops directory. The categories altered in this file override any others.
Activating Log4J Email Feature | Portal Configuration Activating Log4J Email Feature The activation steps vary depending on whether you are activating the log4j email feature on the application/mediation server or on the Web server. 142 OMNM 6.5.
Activating Log4J Email Feature | Portal Configuration Defining Log4J on Application or Mediation Servers The application and mediation servers use JBoss, which defines Log4J settings through XML. Define the log4j email feature on Application or Mediation servers as follows. 1 Go to the .../oware/conf/ directory 2 Find the server-log4j.xml file. 3 Add the following alongside the other tags: - oid[::keyValue[:keyvalue]]
Extended Event Definitions You can extend any event definition that defines one or more key bindings.
Event Definitions | Alarms, Events, and Automation The following example variables are for such extended events: bigbandSessionAlarm TRAP-TYPE ENTERPRISE VARIABLES bigbandAlarmTrapPrefix { sessionAlarmAssertedTime, bigbandAlarmOnOrOff, sessionAlarmOutputChannelIndex, sessionAlarmProgramNumber, sessionAlarmPid, sessionAlarmAssertedType, sessionAlarmAssertedInputChannelIndexOrZero, bigbandSessionAlarmSequenceNo, sessionAlarmSessionId, sessionAlarmAuxiliary1, sessionAlarmAuxiliary2 } DESCRIPTION "a session a
Event Definitions | Alarms, Events, and Automation 1 4 1.3.6.1.4.1.6387.400.50.0.0.2::0:12 1.3.6.1.4.1.6387.400.50.0.0.2 0:12 Program #12 alarm OFF 1 0 1.3.6.1.4.1.6387.
Event Definitions | Alarms, Events, and Automation 1.3.6.1.4.1.6387.400.50.0.0.2 1 Program #{1.3.6.1.4.1.6387.100.50.100.40.1.2} 1 6 1.3.6.1.4.1.6387.400.
Variable Binding Definitions | Alarms, Events, and Automation Variable Binding Definitions Events contain data elements called Variable Bindings and also known as varbinds for short. Just as Events are based on Event Definitions, Variable Bindings are based on Variable Binding Definitions. Variable Binding Definitions Portlet You can define how the OpenManage Network Manager application treats variable bindings that are found within events.
Variable Binding Definitions | Alarms, Events, and Automation Variable Binding Definition Editor This editor lets you modify variable binding definitions It has the following fields: Name — A text identifier for the variable binding. Variable Binding OID — Unique identifier for the variable binding. MIB Name — The MIB with which this variable binding is associated. Data Type — The data type, as defined in the MIB.
Variable Binding Definitions | Alarms, Events, and Automation nonetheless be a device that sends data based on this definition as a string. If this is set to true, then this will enable a conversion mechanism so that it will ensure that the data will conform to the data type specified in the MIB. Variable Bindings — This panel contains a list of additional variable bindings to mine after a trap comes in.
Understanding Alarm Propagation to Services and Customers | Alarms, Events, and Automation Understanding Alarm Propagation to Services and Customers The following describes the use cases where Alarm Propagation services and customers occurs. This describes the sequence of events/alarms. See also Variable Binding Definition Editor on page 348 for ways to augment propagation possibilities.
Understanding Alarm Propagation to Services and Customers | Alarms, Events, and Automation What Happens Description Child Resources: The alarm changes the alarm state of parent of the source and the alarm's Resource Propagation value is Impacts Top Level. Dependencies: Parent equipment matches the child entities alarm state. All deployed services and associated customers depending on only this resource’s alarmed component have their alarm state match the resource’s component.
Understanding Alarm Propagation to Services and Customers | Alarms, Events, and Automation What Happens Description Viewing alarms associated with a given customer: • If at least one service associated with the customer has open, service affecting alarms, all open service affecting alarms for all services associated with this customer appear.
Understanding Event Life Cycle | Alarms, Events, and Automation Understanding Event Life Cycle The following diagram shows the OpenManage Network Manager events processing. The following items correspond to the numbered processes in the diagram. Process 1 SNMP trap received OMNM 6.5.2 User Guide Description The server received an SNMP trap.
Understanding Event Life Cycle | Alarms, Events, and Automation Process Description 2 OpenManage Network An internal trap occurred within OpenManage Network Manager. Many Manager internal trap situations are considered internal traps that emit an Event. One example is occurred when a monitor polls a certain target and retrieves data for an attribute making the attribute cross a severity threshold. This emits a monitorAttributeTrend Event.
Understanding Event Life Cycle | Alarms, Events, and Automation Process Description 11 Apply Event Definition By default, the Event Definition determines the data attributes of an Event, override mappings but some Event Processing Rules can override these defaults. Such EPRs can override attributes like severity, service affecting, and behavior. OpenManage Network Manager applies any such enabled EPRs whose filter conditions match the incoming Event here.
Understanding Alarm Life Cycle | Alarms, Events, and Automation Understanding Alarm Life Cycle The following diagram shows the OpenManage Network Manager alarm processing flow. 356 OMNM 6.5.
Understanding Alarm Life Cycle | Alarms, Events, and Automation The following items correspond to the numbered processes in the diagram. Process Description 1 Alarm correlation An Event occurred and was not marked as Reject. 2 Marked as suppress? Is the behavior of the Event Suppress? At this point, this might occur because of the default behavior of the Event Definition or possibly because of an override mapping event processing rules (EPR).
Understanding Alarm Life Cycle | Alarms, Events, and Automation Process Description 13 Open new Alarm and persist to DB Open a new Alarm and persist it to the database so that it can be queried later. 14 Perform automatic parent/child correlation If your configuration designates open Alarms the parent or child of a new Alarm then OpenManage Network Manager automatically creates the parent/ child relationship.
7 Performance Monitoring This section focuses on the following performance monitoring tasks a user performs from the OpenManage Network Manager (OMNM) portal: Performance Monitoring Overview – 360 Understanding Performance Monitoring – 361 Application Server Statistics – 369 Resource Monitors – 371 Monitoring Network Availability – 375 Top N [Assets] – 422 Dashboard Views – 425 Show Performance Templates – 435 Key Metric Editor – 439 OMNM 6.5.
Performance Monitoring Overview | Performance Monitoring Performance Monitoring Overview This section describes Resource Monitors as they appears in the OpenManage Network Manager web portal. The following describes these monitors: • • • Application Server Statistics Resource Monitors Top N [Assets] (pre-configured monitor portlets that come with your installation by default. Finally, this chapter contains a reminder about scheduling refreshes of monitor target groups.
Understanding Performance Monitoring | Performance Monitoring Understanding Performance Monitoring This chapter contains the following step-by-step instructions for these features: • • • • • • • • • Create a Server Status Monitor Dashboard Create an SNMP Interface Monitor Create an ICMP Monitor Create a Key Metrics Monitor Create an Adaptive CLI Monitor Create a Monitor for an External Script Create a Monitor Report Create a Simple Dashboard View Create A Performance Template You can see Performance Opti
Understanding Performance Monitoring | Performance Monitoring Diagram 1 362 OMNM 6.5.
Understanding Performance Monitoring | Performance Monitoring The following items correspond to the numbered processes in diagram 1. Process Description 1 For each enabled Monitor and each target This process executes for each item within the Resource Monitors portlet that is marked as Enabled and for each targeted entity. 2 Polling interval has elapsed This process executes every time the Polling Interval has elapsed.
Understanding Performance Monitoring | Performance Monitoring Process Description 11 What was the result of Was this target available and reachable? If so did data return for this attribute? this polling attempt? Certain error conditions result from an error occurring, including if the connection failed or was refused or dropped or if there were bad credentials or if there was a device fault.
Understanding Performance Monitoring | Performance Monitoring Process Description 17 Emit availability/ reachability Event An Emit Availability checkbox appears on the Editing Monitor popup screen. When you check it, OpenManage Network Manager creates reachability Events. 18 Post result to application server In distributed environments, much of this processing is going on within the mediation server.
Understanding Performance Monitoring | Performance Monitoring Diagram 2 The following items correspond to the numbered processes in diagram 2. Process Description 27 Monitor Target Status This routine is executed to compute whether or not to emit the Monitor Event Routine target status Event (reachabilityEvent or availabilityEvent). There are similar conditions that determine whether these types of Events are emitted. 366 OMNM 6.5.
Understanding Performance Monitoring | Performance Monitoring Process Description 28 Is one of these Are any of these conditions met? conditions met? State • The state changed with the last polling attempt. Either the device was change, always emit, previously available/reachable and now it is notavailable or notreachable or re-emit timeout vice versa. If the state is the same as before (for example, it was unavailable and this is still the case) then it does not meet this condition.
Understanding Performance Monitoring | Performance Monitoring Process Description 35 Deletion of old rows enabled? Most often, the only way old polling data is aged out of the system is by dropping the old tables but there is also a property that controls whether or not to delete old records within the tables without dropping the tables completely. This property is pm.retention.DeleteOldDBRecords and is false by default.
Application Server Statistics | Performance Monitoring Application Server Statistics The Application Server Statistics portlet has no expanded view. It displays the statistics for the OpenManage Network Manager application servers and provides access to set logging levels for a variety of categories on application servers. By default, this portlet is available from the Settings page by selecting the Server Configuration menu option. The bar graph displays Total, Used, and Free memory on the server.
Application Server Statistics | Performance Monitoring Logging Categories The Application Server Statistics portlet also displays a table that catalogs servers’ Partition Name, Server Type and Node Name. This includes a button the upper right corner where you can access Log Categories—log4j.xml items—without having to text edit that file. See Defining a Debug File on page 141 for more about log4j.xml. The log4j.xml items appear listed with their default log levels.
Resource Monitors | Performance Monitoring Resource Monitors This summary screen displays currently, active performance monitors in brief. The Name column displays the identifier for each monitor instance, Enable displays a green check if it is currently enabled, or a red minus if it is disabled. The Monitor Type column typically displays what the monitor covers. Hover your cursor over this column to see a popup with the selected monitor’s properties.
Resource Monitors | Performance Monitoring Details—Opens a Detail panel, with a reference tree, status summary, and general information about the selected monitor. Copy Monitor— Copy the selected monitor and its settings to make a new monitor. You must rename the copy, and can change settings selectively. Enable/Disable Monitor— Enables or disables the monitor. Only one of these options appears. Only enabled monitors report data (and demand resources), while disabled monitors do not.
Resource Monitors | Performance Monitoring Expanded Resource Monitor This screen appears when you click the plus in the upper right corner of the summary screen. As in most expanded views, this one displays a list ordered by the Name of the monitor. Click Settings to configure the column display. Available columns include those on the summary screen (Name, Enabled, Monitor Type) as well as Description, Poling Interval, Target Count and Retention Policy.
Resource Monitors | Performance Monitoring Hover the cursor over the Availability icon, and a popup appears with details about availability. If the device is available, the RTT (round-trip time) for communication appears in Avg (average), Max (maximum), and Min (minimum) amounts, along with the PacketCount. If it is not, an Error Message appears instead of the RTT and PacketCount parameters.
Monitoring Network Availability | Performance Monitoring Monitoring Network Availability In addition to using the standard ICMP monitor, you can create performance monitors that return network availability information displayed on monitor tooltips and reflected in the Network Status column in the Managed Resources portlet. Here are the steps to set that up: 1 Create an Adaptive CLI that monitors some status attribute.
Monitoring Network Availability | Performance Monitoring Retention Policies The basis of all reporting and dashboard presentations is data retained from monitors. In other words, each monitor provides a simple schema from which you can produce a chart, graph or report. All monitors rely on a polling engine which executes device interactions at regular intervals. To reduce resource impacts, you can exclude some of the collected data from what OpenManage Network Manager retains.
Monitoring Network Availability | Performance Monitoring General Retention Policy Options Policy Name—A text identifier for the policy. Description— An optional description for the policy. Detail/Hourly/Daily Data (Days)—How many days to retain the selected data. The amount retained has both a performance and data storage impact. For example, retaining day’s information from an active performance SNMP monitor configured with one target’s worth of data, retrieved on one minute intervals can consume 0.
Monitoring Network Availability | Performance Monitoring Also, for each monitor target, the Equipment Manager that the target is associated with has a Device Management State, and this data is copied over into an attribute of the monitor target itself. Only targets whose Device Management State is Normal will be deployed. For example, if a monitor target is an interface of a device in inventory whose Management State is Decommissioned, then this target will not be deployed.
Monitoring Network Availability | Performance Monitoring Retention Options Retention Policy— This configures how long OpenManage Network Manager retains the monitor’s data. Manage these by right-clicking in the Resource Monitors portal, and selecting Retention Policies. You must make retention policies before you can select them here. See also Retention Policies on page 376. Enabled—Check to enable. Emit Availability Events— Check to activate emitting availability events.
Monitoring Network Availability | Performance Monitoring previous system had HTTP or SNMP heartbeats, you must manually configure monitors to provide equivalent monitoring in this version. # of Unreachable Attempts before update— The number of attempts to reach the device before OpenManage Network Manager updates the displayed network status of the device. (1-100) Click Save to preserve any edits you make, or Cancel to abandon them. Monitor Options Monitor options contains two panels.
Monitoring Network Availability | Performance Monitoring Calculated Metrics The calculated metrics panel lets you create attributes that are calculated from existing monitor attributes. The metric attribute legend assigns a letter value to each monitor attribute. The Reassign button reassigns the letters. This is useful if some attributes have been deleted and their letters are no longer used. The Configured Metrics table lists the calculated metrics.
Monitoring Network Availability | Performance Monitoring Max Value—Maximum value to be used in graphing (0 = no max) Formula—The formula for the calculation using the assigned formula codes from the metric attribute legend. Thresholds The thresholds panel allows the user to set threshold intervals on attributes in the monitor. The table lists the attributes for which attributes have been configured. Each row has an edit action and delete action.
Monitoring Network Availability | Performance Monitoring Attribute Name—Appears when you click Add rather than Editing a selected threshold. Use the pick list that appears in this screen to select the attribute for which you are specifying threshold information. When you Edit, the name of the attribute appears as a title within the editor screen. Calculation Type—Select from the pick list. Specifies whether the range calculation is to be done based on Average or Consecutive values.
Monitoring Network Availability | Performance Monitoring Matching String—A Regex matching string. NOTE: You can configure a response to threshold crossing with an Event Processing Rule. Create your thresholds within the monitor and then create an Event Processing Rule whose filter conditions respond to monitorAttributeTrend and other conditions such as severity, and so on. You can even use specific values of the event varbinds in the filter conditions too.
Monitoring Network Availability | Performance Monitoring You can Add a new mapping with that button, or Remove All listed mappings with that button. You can also edit or delete listed mappings with the Action icons to the right of each row. Adding or editing opens the Inventory Mapping Editor.
Monitoring Network Availability | Performance Monitoring The editor has the following fields and settings to configure: Condition Properties Name— Enter a text identifier for the conditions. Alert— Check this if you want OpenManage Network Manager to emit an alert when the monitor satisfies the conditions. Trendable— Check if the conditions specified are trendable. If this is true, the database retains qualifying conditions (or thresholds) for later reporting/dashboards.
Monitoring Network Availability | Performance Monitoring Self Management/Self Monitoring: Default Server Status Monitor OpenManage Network Manager also includes a Default Server Status Monitor that monitors its own server(s). Even clustered application and mediation servers are automatically added to this monitor. You can edit this monitor to alter polling intervals, and make different calculations for the monitored attributes.
Monitoring Network Availability | Performance Monitoring How To: Create an SNMP Interface Monitor To set up a typical performance monitor, follow these steps: 1 In the Resource Monitors portlet, and create a new monitor by right-clicking and selecting New. 2 Select the type of monitor from the submenu—for this example, an SNMP Interfaces monitor. NOTE: Some devices have ports rather than interfaces. This monitor works for them too, even though it is an “interface” monitor.
Monitoring Network Availability | Performance Monitoring After taking a look at Thresholds no more configuration is required. Notice, however, that you can also configure Calculated Metrics, Inventory Mappings and Conditions on other screens in this editor to calculate additional values based on the monitored attributes, to map them, and to make conditional properties based on monitored behavior.
Monitoring Network Availability | Performance Monitoring 8 Accept the other defaults and click Apply 9 Click Save. 10 Test ICMP Monitor now appears in the portlet. How To: Create a Key Metrics Monitor Follow these steps to create a Key Metrics Monitor (also, see Key Metric Editor on page 439). 1 In the Resource Monitors portlet, and create a new monitor by right-clicking and selecting New. 2 Select the type of monitor from the submenu—for this example, an Key Metrics monitor.
Monitoring Network Availability | Performance Monitoring Show Command For this example, use the Cisco show ip traffic command. Run the command so you can see the data you want to extract. Here, we want to know the number of dropped packets due to adjacency and no route issues. Here is some example output: c1720-1.
Monitoring Network Availability | Performance Monitoring 392 2 Here, there is an attribute for no_adjacency. 3 Create an attribute for no_route, too. 4 Create the script which contains the command you want to run. Notice the the attributes appear listed on the right panel. Do not refer to the attributes in the script as you would in a configuration script. The next step contains attribute references. 5 In the Value Extractions Tab click Add new attribute extraction and then pick the attribute.
Monitoring Network Availability | Performance Monitoring 6 Add the next attribute. For no_adjacency use the RegEx: .*unresolved, (\d+) no adjacency.* 7 Apply and Save the ACLI. 8 Select the ACLI and execute it, selecting the devices you want to monitor. The audit panel catalogs the progress of the job, and the Execution History snap panel in the expanded Actions portlet displays the execution, listing multiple executions by time and date.
Monitoring Network Availability | Performance Monitoring How To: Create a Monitor for an External Script The following steps describe creating a monitor for an external command configured as an Adaptive CLI (ACLI). Create the Adaptive CLI 1 Right-click in the Actions portlet, and create a new External Command ACLI 2 Make a new attribute schema with attribute: Status (integer) 3 In Scripts, enter the following as Script Content: perl "C:\[installation path] \owareapps\performance\scripts\ http_test.
Monitoring Network Availability | Performance Monitoring Create a Monitor for the External Script Adaptive ACLI Now that you have verified the script is working, you can create a monitor to see how this attribute is doing. 1 In the Monitors portlet, create a new ACLI Monitor 2 Uncheck Update Network Status (recommended since the ICMP monitor is already doing this) 3 In Monitor Options select your example monitor configured previously.
Monitoring Network Availability | Performance Monitoring How To: Create a Monitor Report You can create reports based on your monitors. The following example creates a report based on How to: Create an SNMP Interface Monitor above. 1 Create a new Report Template by right-clicking the Report Templates portlet, selecting New > Table Template. 2 Name the report (here: Test SNMP Interface Report). 3 Select a source in the Source tab. Here: Active Monitoring > SNMP Interfaces.
Monitoring Network Availability | Performance Monitoring 4 Notice that the Select your inventory columns panel displays the attributes associated with the monitor targets. These attributes are the same for each monitor target entity type. This is unlike the monitor data entity types, where the list of available attributes is different for each monitor. 5 Select Available columns and click the right arrow to move them to Selected.
Monitoring Network Availability | Performance Monitoring Select Monitor Entities in the top panel, and an Adaptive CLI to monitor at the top of the bottom panel. The Input Parameters for the Adaptive CLI appear in that tab, and you can edit the Monitor Attributes in that tab. The Name and Type, and whether the attribute is Enabled appear in this editor. You can also select whether the attribute is a Counter, Gauge or Boolean.
Monitoring Network Availability | Performance Monitoring IPSLA OIDS The following are the object IDs for IPSLA, all found in CISCO-RTTMON-MIB Monitor Attribute Name Mib Attribute name OID NumOfPositvesDS rttMonEchoAdminNumPackets 1.3.6.1.4.1.9.9.42.1.2.2.1.1 8 NumOfRTT rttMonLatestJitterOperNumOfRTT 1.3.6.1.4.1.9.9.42.1.5.2.1.1 RTTSum rttMonLatestJitterOperRTTSum 1.3.6.1.4.1.9.9.42.1.5.2.1.2 RTTSum2 rttMonLatestJitterOperRTTSum2 1.3.6.1.4.1.9.9.42.1.5.2.1.
Monitoring Network Availability | Performance Monitoring 400 Monitor Attribute Name Mib Attribute name SumOfNegativesDS rttMonLatestJitterOperSumOfNegatives 1.3.6.1.4.1.9.9.42.1.5.2.1.2 DS 4 OID Sum2NegativesDS rttMonLatestJitterOperSum2NegativesD 1.3.6.1.4.1.9.9.42.1.5.2.1.2 S 5 PacketLossSD rttMonLatestJitterOperPacketLossSD 1.3.6.1.4.1.9.9.42.1.5.2.1.2 6 PacketLossDS rttMonLatestJitterOperPacketLossDS 1.3.6.1.4.1.9.9.42.1.5.2.1.
Monitoring Network Availability | Performance Monitoring Monitor Attribute Name Mib Attribute name OID OWAvgSD rttMonLatestJitterOperOWAvgSD 1.3.6.1.4.1.9.9.42.1.5.2.1.4 9 OWAvgDS rttMonLatestJitterOperOWAvgDS 1.3.6.1.4.1.9.9.42.1.5.2.1.5 0 LatestHTTPOperRT rttMonLatestHTTPOperRTT 1.3.6.1.4.1.9.9.42.1.5.1.1.1 LatestHTTPOperDNSRTT rttMonLatestHTTPOperDNSRTT 1.3.6.1.4.1.9.9.42.1.5.1.1.2 LatestHTTPOperTCPConnectRT rttMonLatestHTTPOperTCPConnectR T TT 1.3.6.1.4.1.9.9.42.1.5.1.1.
Monitoring Network Availability | Performance Monitoring can click on the gear icon in the Action column to see a list of the Ethernet Jitter SLA probe IDs configured for that device and select specific probes which then appear in the SLA Key(s) column. Without such a selection, the monitor tracks all Ethernet Jitter SLA probes for the device. The Ethernet SLA Properties panel allows selection of the specific attributes you wish to collect data on.
Monitoring Network Availability | Performance Monitoring Qos Actions—These include: Queueing, Random Detect (WRED), Traffic Shaping, Police, Set (Packet Marking), Compression (IP header), Account (C3pl). See Additional QoS Monitors on page 403 for attributes you can monitor related to these. Monitor Entitles Select the equipment to monitor in this screen.
Monitoring Network Availability | Performance Monitoring DropPkt DropByte NoBufDropPkt FragmentPkt FragmentByte Target Summary Pattern This pattern appears in the expanded Resource Monitors portlet when you select the monitor in the top panel : Qos Match Statement Monitor Qos Match Statement Monitor collects metrics from the cbQosMatchStmtStatsTable. This table specifies Match Statement related statistical information.
Monitoring Network Availability | Performance Monitoring Target Summary Pattern This pattern appears in the expanded Resource Monitors portlet when you select the monitor in the top panel : : Qos Queuing Monitor Qos Queuing Monitor collects metrics from the cbQosQueueingStatsTable. This table specifies Queueing Action-related statistical information.
Monitoring Network Availability | Performance Monitoring TransmitPkt TransmitByte ECNMarkPkt ECNMarkByte MeanQSizeUnits MeanQSize Target Summary Pattern This pattern appears in the expanded Resource Monitors portlet when you select the monitor in the top panel : : < CfgDscpPrec > Qos IPHC Monitor Qos IPHC Monitor collects metrics from the cbQosIPHCStatsTable. This table specifies IP Header Compression statistical information.
Monitoring Network Availability | Performance Monitoring MplsExpTopMostPkt SrpPriorityPkt FrFecnBecnPkt DscpTunnelPkt PrecedenceTunnelPkt Target Summary Pattern This pattern appears in the expanded Resource Monitors portlet when you select the monitor in the top panel : : QoS Police Monitor Qos Police Monitor collects metrics from the cbQosPoliceColorStatsTable.
Monitoring Network Availability | Performance Monitoring QoS C3pl Account Monitor Qos C3pl Account Monitor collects metrics from the cbQosC3plAccountStatsTable. This table specifies C3pl Account Action-related statistics information.
Monitoring Network Availability | Performance Monitoring Juniper CoS This (optional) monitor uses the fields described below and lets you track CoS attributes for Juniper equipment. It appears only on systems with a Juniper device driver installed. Monitor Entities Click Add to configure monitored devices in a subsequent selector screen. This is the typical selector with a filter to help you find discovered devices.
Monitoring Network Availability | Performance Monitoring Juniper RPM This (optional) monitor uses the fields described below and lets you track RPM attributes for Juniper equipment. It appears only on systems with a Juniper device driver installed. Monitor Entities Click Add to configure monitored devices in a subsequent selector screen. This is the typical selector with a filter to help you find discovered devices. At the right you can see the RPMs column. This displays information about RPM probes.
Monitoring Network Availability | Performance Monitoring The default refresh rate is 30 minutes, but you can configure the refresh by overriding the attribute pm.monitor.rpm.refresh_rate. This property determines how often the monitor fetches the list of tests and attributes for the probe. Disable/Enable-ing the monitor also refreshes the list. The monitor can stay up to date with the device without much user intervention. You can also change the attribute names (like Egress) too through the pmmsgs.
Monitoring Network Availability | Performance Monitoring ProScan In this screen, you simply select the Proscan (also known as Compliance Policy) to monitor. In the Thresholds tab, you can set thresholds for both in and out of compliance numbers. The Proscan policy contains the target network assets. Execute the Proscan only after creating the monitor.
Monitoring Network Availability | Performance Monitoring SNMP The SNMP attributes panel lets you specify which SNMP attributes are to be monitored. You can specify the SNMP attributes the following ways: • • With the SNMP browser, or Entering the SNMP attribute properties explicitly. The Browse button launches the SNMP MIB browser.
Monitoring Network Availability | Performance Monitoring The Add and Edit buttons in the SNMP attribute panel launch the SNMP Attribute editor. This panel contains the following properties: Oid— The object identifier for this attribute Name—This attribute’s name Instance—SNMP instance. 0 for scalar or the ifIndex value for an SNMP column. View Type—Scalar or Column. Syntax—Integer, Boolean, DisplayString, and so on. Meta Syntax— Counter, Gauge, and so on.
Monitoring Network Availability | Performance Monitoring SNMP Interfaces The SNMP Interface Monitor Entity editor supports the following entity types: group, equipment manager, port and interface. It also supports port and interface filters on groups and equipment manager objects. If you check the Collect from ifXTable checkbox, then OpenManage Network Manager attempts to fetch attributes from the ifXTable.
Monitoring Network Availability | Performance Monitoring When determining the “not available” status of a device, SNMP AdminStatus and OperationalStatus messages both have to indicate a device is Available before a monitor determines it is available. Certain devices that do not support ifTable availability indicators. For the sake of these devices, a Skip availability check checkbox appears.
Monitoring Network Availability | Performance Monitoring Clicking the Add or the Edit button to the right opens either a MIB Browser where you can retrieve these attributes, or an Add/Edit SNMP Attributes editor at the bottom of the screen, See the following sections for details. MIB Browser This lets you select attributes to monitor as described in MIB Browser Tool on page 43. The SNMP table monitor lets you pick a table column, not the entire table.
Monitoring Network Availability | Performance Monitoring VRF Select the device with the VRF you want to monitor in this screen. The monitor calculates the average interfaces utilization associated with the VRF on the selected target device, based on the current VRF configuration. Click Save to preserve your choice. Bandwidth Calculation Cisco devices running IOS or IOS-XR can calculate bandwidth.
Monitoring Network Availability | Performance Monitoring INTERFACE AGGREGATION—If a port or interface has sub-interfaces, the total bandwidth of the parent is the sum of the bandwidth of its children. For example: If GigabitEthernet0/1 has four subinterfaces GigabitEthernet0/1.1, GigabitEthernet0/1.5, GigabitEthernet0/1.8 and GigabitEthernet0/1.9 and each sub-interface has bandwidth of 1G, the total bandwidth of GigabitEthernet0/1 will be 4G.
Monitoring Network Availability | Performance Monitoring Scheduling Refresh Monitor Targets Because monitors can address targets that are members of dynamic groups, refreshing these ensures that group memberships are up-to-date. To do this, you can create or alter the schedule for Monitor Target Refresh (in most packages, such a scheduled item appears by default). When executed, this updates monitors with groups as targets based on current memberships.
Monitoring Network Availability | Performance Monitoring Any time data goes from one machine to another, temporary connectivity issues can arise, along with potential for data loss, so OpenManage Network Manager accommodates this possibility too. If a server is running for a long time (weeks) and the performance monitors have been frequently enabled and disabled, some targets may not be polled because the appserver/medserver information has become out of sync.
Top N [Assets] | Performance Monitoring Top N [Assets] The OpenManage Network Manager system uses seeded, default Active Performance Monitors (APM) to display performance data in several categories. The Top Asset portlets display device monitoring summary results. For example, the Top Ping Response (Slowest) portlet displays the devices that are the slowest to respond to a ping. Devices listed are ranked by the monitored parameter. Hover over the Ping Rate column to view recent activity in a pop-up graph.
Top N [Assets] | Performance Monitoring The tooltip graph shows the values for the attribute over the last 30 minutes. The Errors and Discards attributes are counter values that show the change in value since the previous polling cycle. The other attributes are gauges which display a rate or percentage. The value displayed for each entry is the average over the last 30 minutes for the gauge attributes and the sum of values over the last 30 minutes for counter attributes.
Top N [Assets] | Performance Monitoring Portlet Description Top MOS Highest MOS (a network performance measurement). Top Packet Loss Greatest packet loss. Located on the Performance Summary page by default.
Dashboard Views | Performance Monitoring Dashboard Views The Dashboard Views portlet lets you assemble several monitors into a single display, or dashboard. You can create and display dashboards by right-clicking items in the Managed Resources portlet, selecting Show Performance, or by selecting New in the Dashboard Views portlet.Dashboard Views.
Dashboard Views | Performance Monitoring Launch a Dashboard View Launching a view lets you view the monitors active for a Dashboard view. Some packages display a Network Dashboard by default. If the Network Dashboard portlet is blank, you can create a new one. Click the select new text in the upper right corner of the portlet to select an alternative, already configured view from those in Dashboard Views portlet.
Dashboard Views | Performance Monitoring The legend of devices and/or attributes that appear in each graph also provides interactive features. Hover your cursor over a device or attribute color in the legend and only that device or attribute appears onscreen. By default all such legend color squares contain checks. Uncheck the ones you do not want to see. The legend can appear consolidated or for each chart, as is appropriate to the distribution of charted devices and attributes.
Dashboard Views | Performance Monitoring Performance Dashboard This portlet lets you install and configure Dashboard Views as permanent displays rather than portlets. When you initially install this portlet, it appears empty. The message “No Dashboard View has been set:” appears with a Select button. Click that button to open the Dashboard View Selection screen.
Dashboard Views | Performance Monitoring Dashboard Editor When you Edit a dashboard by right-clicking a resource from the Managed Resources portlet and selecting Show Performance, or create (select New) a dashboard from the Dashboard Views portlet, an editor appears that lets you select and rearrange the monitor components of the dashboard. This screen has the following fields: View Name—The identifier for the dashboard. The default is “Performance dashboard for [IP address],” but you can edit this.
Dashboard Views | Performance Monitoring 1 In the Dashboard Views portlet, select the New Custom Dashboard command. An empty default view with twelve components appears. The Properties panel contains the following controls: View Name—The name of the dashboard view (Required) Time Frame—The period over which to display the data. May be either relative (like last 30 minutes) or absolute (between specific dates and times). The specified frame applies to all charts in the dashboard.
Dashboard Views | Performance Monitoring 2 To select a layout style, click on the ... button next to the current layout. The layout chooser appears. 3 Click on the desired layout or click Close to keep the current layout. The components displayed to reflect the selected new layout. If no dashboard components have been configured yet a default configuration appears with three or four rows depending on the dashboard style.
Dashboard Views | Performance Monitoring Moving Dashboard Components 4 To move a dashboard component to another location, click and drag it over another component. When you release the mouse, the components exchange places. Configuring Dashboard Components 5 To configure a dashboard component, click the Edit button in the upper right corner of the component. The component editor appears. The following properties appear in the General Properties section: Title—Title of this component (required).
Dashboard Views | Performance Monitoring Component Type—Combo Box which specifies what type of component to create. These include the following chart types, Line, Dial, Bar, Top Talkers (a line chart showing the top [or bottom] n components for a specific attribute on a specific monitor) Top Subcomponents (a line chart showing the top [or bottom] n subcomponents belonging to a specific device for a specific attribute. See Other controls appear depending on the component type selected.
Dashboard Views | Performance Monitoring Attribute—The attribute to get data for. NOTE: For aggregate data, each attribute has a minimum (min), maximum (max), and base attribute . If the period is set to Detail, then the aggregate values will always be zero. Max # of Entities—The number of entities to display Order— Select either Ascending (Bottom n), or Descending (Top n). Top Subcomponents Properties Top Subcomponents components have the following properties.
Show Performance Templates | Performance Monitoring Show Performance Templates By default, the Show Performance command displays data for the first twelve attributes it finds. You can control which attributes appear when you select Show Performance by creating a performance template. A performance template lets you set dashboard parameters and associate them to one or more device models.
Show Performance Templates | Performance Monitoring 5 To specify which device model(s) this template will apply to, click on the + button in the Device Models panel. The model selector appears. Select multiple devices by clicking + repeatedly, selecting a single device each time. You can also make several templates for each device. See Multiple Performance Templates on page 437 for the way that works. 6 Click on a vendor to see the device types for that vendor.
Show Performance Templates | Performance Monitoring Now when you click on show performance, OpenManage Network Manager checks whether a template for that device type exists. If one exists, then that template guides what appears in the performance view for the device. Multiple Performance Templates The template name appears in the upper right corner of dashboards that appear when you select Show Performance.
Show Performance Templates | Performance Monitoring After selecting the port or interface types for the template, you can select the Attributes to monitor as you would for other equipment. 438 OMNM 6.5.
Key Metric Editor | Performance Monitoring Key Metric Editor When you select Performance > Show Key Metrics, this editor appears for devices that have such metrics. It displays the available Metrics, and a Chart panel where you can configure their display. Metrics This panel’s display depends on the selected device. Chart Click Chart to first select up to three metrics you want to graph, and the polling interval for the graph. OMNM 6.5.
Key Metric Editor | Performance Monitoring Then click Save, and the graph appears. Click the screwdriver/wrench icon in the upper right corner to return to the chart configuration screen. 440 OMNM 6.5.
Best Practices: Performance and Monitors | Performance Monitoring Best Practices: Performance and Monitors Monitoring can impact system performance. Monitors with many targets, many attributes per target and frequent polling intervals are most likely to slow system performance. CAUTION: Limit monitor targets to 10,000 or less per monitor (distribute them if you have more than 10,000). The following suggests other ways to improve monitor performance, too.
Best Practices: Performance and Monitors | Performance Monitoring system would then only have an insert rate of 254 per second well below the hardware’s limitation. NOTE: Traffic flow analysis can process and retain even larger amounts of information. Flows that correlate 50%, polled every minute for a day require roughly 109G of database, and require 4500 insertions per second. CAUTION: These numbers and sample calculations represent best case scenarios.
Best Practices: Performance and Monitors | Performance Monitoring Table size — Based on your monitor configuration how large will database tables get? Each monitor has a series of dedicated performance tables that store the Detail, Hourly and Daily performance metrics. The number of tables depends on the retention policy associated with the monitor. A single table stores the monitor’s detail data for a 24 hour period.
Best Practices: Performance and Monitors | Performance Monitoring RAM Max Targets (5 minute poll intervals) Heap Memory Settings 64 GB RAM 50000 8 GB Synergy Web Server heap, 16 8+ core, 400 GB+ disk GB Application Server heap, 24 GB space Database buffer 128 GB RAM (recommended) 50000 12 GB Synergy Web Server heap, 24 16+ core, 400 GB+ disk GB Application Server heap, 48 GB space Database buffer Recommended CPU Cores and Disk Space Note: • The VPN tunnel is assumed to be available to cloud servi
8 Configuration Management This section provides tasks and information related to perform configuration management tasks, such as managing your file servers and files. If you already have a good understanding of the portlets and editors, go directly to the tasks you want to perform.
Configuration Management Portlets and Editors | Configuration Management Configuration Management Portlets and Editors This section describes the following configuration management portlets and editors: • • • • • Configuration Alarms Configuration Management Schedule Configuration Files Image Repository File Servers Configuration Alarms Use the Configuration Alarms portlet to view alarms generated by a configuration action, such as backup, restore, or deploy and filter out those alarms not related to con
Configuration Management Portlets and Editors | Configuration Management You can view the value for most of the hidden columns by clicking the Settings tool, selecting the columns tab, clicking Show for the appropriate column, and then applying the change. Column Description Severity The alarm severity indicated by the color and text. The severity only has meaning for alarms and security alarms. Informational alarms have a severity level of Indeterminate. Closed alarms show without color.
Configuration Management Portlets and Editors | Configuration Management Column Description Correlation State The role the alarm plays in any correlation, such as top-level alarm, caused by parent, blocked by parent. Domain The domain emitting the alarm. Entity Name The entity emitting this alarm. Entity Type The type of monitored entity. Has Children An indicator that shows whether the alarm has children (checkmark) or not (X).
Configuration Management Portlets and Editors | Configuration Management Menu Option Description Topology Displays a topology map that includes the selected alarms. See Presentation Capabilities for more about these maps. Acknowledge Alarm Acknowledges the selected alarms. The current date and time appear in the Ack Time field. The checkmark appears in the expanded portlet for acknowledged alarms. This option is available when the selected alarms are not acknowledged.
Configuration Management Portlets and Editors | Configuration Management Configuration Management Schedule Use the Configuration Management Schedule portlet to quickly locate schedules pertaining to managed device configurations and to create and maintain schedules for the following action types: • Config File Backup • Config File Restore • OS Image Deploy The seeded Default Change Determination process backups a device if a configuration file change is detected.
Configuration Management Portlets and Editors | Configuration Management You can view the value for most of the hidden columns by clicking the Settings tool, selecting the columns tab, clicking Show for the appropriate column, and then applying the change. Column Enabled Description An indicator that shows whether the schedule is enabled (checkmark) or not (X). This field displays on the summary and expanded views by default. Description The schedule description.
Configuration Management Portlets and Editors | Configuration Management Pop-Up Menu The Configuration Management Schedule pop-up menu provides access to the following options. Right-click a row to access these options.
Configuration Management Portlets and Editors | Configuration Management Config File Backup Use the New Schedule (Config File Backup) window to specify the backup options, targets for backup, device options, and then schedule the backup. Access this window by right-clicking a configuration and then selecting New > Config File Backup. The Config File Backup Parameters window has the following fields and options. See Schedules Portlet on page 158 for scheduling fields and options descriptions.
Configuration Management Portlets and Editors | Configuration Management Field/Option Description Device Options Lists the tabs for each device based on your target backup list. Click a device tab to view its options, such as Config Name, VRF Type, Config File, Configuration Type, on so on. Config File Restore Use the Config File Restore window to specify the targets for restore, device options for the selected targets, and schedule the restore.
Configuration Management Portlets and Editors | Configuration Management Field/Option Description Device Options Lists the tabs for each device based on the restore target selected. Click a device tab to view its options, such as Replace or Merge Config, Reload Device If Necessary, Load Action, on so on. Select the appropriate action for each option.
Configuration Management Portlets and Editors | Configuration Management Field/Option Description Targets for Deployment Provides the following information for each target: • Name • Software Version • Firmware Version • Status • Action deletes the entry Device Options Lists the tabs for each device based on the deploy target selected. Click a device tab to view its options. Select the appropriate action for each option.
Configuration Management Portlets and Editors | Configuration Management You can view the value for most of the hidden columns by clicking the Settings tool, selecting the columns tab, clicking Show for the appropriate column, and then applying the change. Column Description Equipment The equipment impacted by the configuration. This field displays on the summary and expanded views by default. File Name A descriptive name given to the configuration.
Configuration Management Portlets and Editors | Configuration Management Menu Option Description Assign Labels Labels a single selected configuration file. A label selector appears that lets you select an existing label and create a new one. If you assign one file the Current label, others from the same device cannot have it. OpenManage Network Manager automates moving Current from one file to the other, if another has it.
Configuration Management Portlets and Editors | Configuration Management Configuration File Compare Window In addition to letting you back up and restore configuration files, and deploy firmware updates to devices, the Configuration File Compare window manages viewing and comparing configuration files backed up from the selected devices.
Configuration Management Portlets and Editors | Configuration Management The following configuration file options are available. Option Description View/Edit Opens a window displaying the configuration file’s contents. Use the browser’s Find function to locate specific text within the configuration file. You can also select and copy text within this window. The Selected Config and Live Config (current) version and storage dates are displayed.
Configuration Management Portlets and Editors | Configuration Management Option Description Deploy Select this option to deploy an OS Image (firmware). See Deploying Firmware on page 476 for more. Some devices, including the Dell EMC Networking FTOS C-Series and E-Series, first permit then drop telnet connections during deployment or file restoration when you select restart as part of the process.
Configuration Management Portlets and Editors | Configuration Management Image Repository Use the Image Repository portlet to manage firmware updates to deploy to devices in your network, or manage configurations that you want to deploy to several devices. Add these files to your OpenManage Network Manager system before deploying them. This portlet is intended for users who are interested in managing firmware updates deployed to devices or manage configurations deployed to several devices.
Configuration Management Portlets and Editors | Configuration Management Column Description Device Family The device family for the selected image. This field displays on the summary and expanded views by default. Description More details about the firmware or configuration. This field displays on the expanded view by default. File Names The files related to the selected image. These files are also listed in the Widgets field. Installed Date The date and time in which the firmware was installed.
Configuration Management Portlets and Editors | Configuration Management Firmware Image Editor Use the Firmware Image editor to create or maintain OS images.
Configuration Management Portlets and Editors | Configuration Management The Firmware Image editor has the following fields or options. Field/Option Description Name Specifies a user-defined name for the image. Description Provides more details about the image. Version Provides a descriptive version number. Device Class Lists the available device firmware classes from which to choose. Based on the device class selected, the Device Family list is populated.
Configuration Management Portlets and Editors | Configuration Management Fields/Options Description Version Automatically tracks changes to the original. Target Filter Defines which devices to target. When targets fail, restoration skips them. Add filters by creating a filter or copying and existing filter. Configuration Use the Configuration panel to configure what is restored, and what is variable in mass deployments.
Configuration Management Portlets and Editors | Configuration Management Deploy Firmware Use the Deploy Firmware window to configure a deployment, whether triggered from resource groups, individual resources, or the Image Repository portlet. Deployment validates that the selected image is appropriate for the selected devices, or appropriate devices within a group.
Configuration Management Portlets and Editors | Configuration Management File Servers Use the File Servers portlet to define and maintain a list of internal and external file servers. This portlet has only the summary view. This portlet is intended for anyone that want to define and maintain file servers and they have the permission to do so. Access this portlet from the Configuration Management page. This portlet has only a summary view with all columns showing and pop-up menu options available.
Configuration Management Portlets and Editors | Configuration Management Menu Option Description Enable Disables the selected file servers from the list. A successful/failed message is displayed. This option shows only if the selected file servers are not enabled. Test Verifies your settings for the selected file server. Shows the test progress and the results in the Job Status window. Delete Removes the selected file servers from the list. A confirmation message is displayed.
Configuration Management Portlets and Editors | Configuration Management Field/Option Description TFTP Support Indicates whether you want TFTP support. The default is to have TFTP support (selected). IP Address Specifies the IP address used by the application. This address is required. External IP Address Specifies the IP address used by the devices. Login Specifies the login defined for this server. This is required. Net Mask Determines which file server to use. The default is 255.255.255.0.
Understanding FTP/TFTP Servers | Configuration Management Understanding FTP/TFTP Servers Before you can push and pull configuration files to and from devices or deploy firmware updates, you need to configure FTP, TFTP, or both file servers. CAUTION: The internal FTP/TFTP server is for testing only, not for production use. Service discovery may not function correctly with the internal FTP/TFTP server. No internal server is available on Linux installations.
Understanding FTP/TFTP Servers | Configuration Management Recommended Windows File Servers The open source Filezilla server works as a service on Windows servers. Any login/password access to these servers goes in the File Server editor login/password fields. To support TFTP, try the Tftpd32 or Tftpd64 (for 32-bit or 64-bit machines) open source. These servers must read/write from/to the same directory.
Backing Up Configurations | Configuration Management Backing Up Configurations The OpenManage Network Manager (OMNM) application simplifies backing up devices so you can always have their configuration, even if the device file becomes corrupted or out-of-date. You can back up several devices at once. Use the standard Ctrl+click option in the expanded Managed Resources portlet to select several devices. Or, look for the appropriate group in the Managed Resource Groups portlet.
Restoring Configurations | Configuration Management Restoring Configurations Restore a configuration file to a device as follows. 1 Make sure that an FTP or TFTP server is configured to handle the restore. See File Servers on page 468. 2 Navigate to the Managed Resources portlet. 3 Right-click the devices and then select File Management > Restore. The Restore Device window is displayed. If you selected multiple devices, select a target from the list before continuing with the next step.
Restoring Configurations | Configuration Management 10 Schedule the restore for a later time. 11 Click Save to preserve this scheduled configuration. OMNM 6.5.
Deploying Firmware | Configuration Management Deploying Firmware Deploy a device firmware image as follows. 1 Complete these steps if your image is larger than 500MB. Otherwise, go to step 2. a. Copy the large firmware image file to file server file directory. b. Ceate a file less that 10 bytes with the same name as firmware image file. c. Use OMNM to create a firmware image where the file created in step b is uploaded. 2 Make sure that an FTP or TFTP server is configured. See File Servers on page 468.
Restoring a Configuration to Many Devices | Configuration Management Restoring a Configuration to Many Devices You can restore a single configuration to many discovered devices without overwriting those devices’ essential information. Restore a single configuration to many discovered devices as follows. 1 Back up a single device’s configuration that is closest to the configuration you want to see. 2 Navigate to the File Management Menu portlet.
Creating/Comparing Promoted Configuration Templates | Configuration Management Creating/Comparing Promoted Configuration Templates If you want to store “template” configurations you have promoted, and compare them to previous templates, here are the steps to do that. 1 Select a configuration file and promote it to be a template. Suggestions: Settle on a naming convention for these, perhaps one that includes a date so you can easily find and compare templates from different dates.
Troubleshooting Backup, Restore or Deploy Issues | Configuration Management Troubleshooting Backup, Restore or Deploy Issues Here are some steps to troubleshoot issues you man encounter during a backup, restore, or deploy action. The following example steps are for troubleshooting a backup, but the steps apply to a restore or deploy action too. 1 Make sure the FTP/TFTP server you are using is correctly set up, and still active. Use the External File Server test button to confirm the servers work.
Troubleshooting Backup, Restore or Deploy Issues | Configuration Management 480 OMNM 6.5.
9 Change Management and Compliance The OpenManage Network Manager Change Management and Compliance (also known as ProScan) utility lets you scan stored configurations or Adaptive CLI show command output to verify that managed devices comply with company, department, or industry standards. The ProScan utility also automatically tracks all changes to managed devices. You can report on userspecified values found in persisted backup configuration files for a group of devices.
Change Management Portlets and Editors | Change Management and Compliance Change Management Portlets and Editors This sections describes the portlets and editors related to change management and compliance tasks: • • • • • Compliance Policies/ProScan Compliance Remediation Actions Compliance Schedules Compliance Alarms Compliance Policy Summary By default, access these portlets by selecting Compliance from the navigation bar.
Change Management Portlets and Editors | Change Management and Compliance Columns Other than the general navigation and configuration options, the Compliance Policies/ProScan portlets (summary and expanded views) include the following columns. The columns displayed by default are noted. You can view the value for most of the hidden columns by clicking the Settings tool, selecting the columns tab, clicking Show for the appropriate column, and then applying the change.
Change Management Portlets and Editors | Change Management and Compliance Column Description Next Execution Date The frequency in which to execute the scheduled action, such as each weekday, every three months, only at startup, only once, and so on. This field displays on the expanded view by default. Icon A graphical representation of the selected policy/rule. Widgets Additional information about the selected alarm, such as: • Reference Tree shows the connection between the alarm and its resource.
Change Management Portlets and Editors | Change Management and Compliance Menu Option Description Import/Export Provides the following actions when available for the selected image: • Import retrieves a file containing XML compliance descriptions. Some imports can come from a URL. • Export Selection exports the selected description to an XML file. • Export All exports all descriptions to an XML file. Click Download Export File to specify where to save the file.
Change Management Portlets and Editors | Change Management and Compliance By default, access this portlet by selecting Compliance from the navigation bar. This portlet has both a summary view and an expanded view. Each view could display different columns and has the same pop-up menu options available. Summary View Expanded View Columns Other than the general navigation and configuration options, the Compliance Remediation Actions portlets (summary and expanded views) include the following columns.
Change Management Portlets and Editors | Change Management and Compliance Column Description Web Service Deployment The Web service state (Deployed/Undeployed). Supports Groups An indicator that shows whether the action supports groups (checkmark) or not (X). This field displays on the expanded view by default. This field displays on the expanded view by default.
Change Management Portlets and Editors | Change Management and Compliance Menu Option Description Web Services Allows you to deploy/undeploy the selected action. You also have the option to export the selected actions to a WSDL (Web Services Description Language) XML-based file. Audit Opens the Audit Trail Viewer. Show Last Results Shows the results for the last time you executed the selected action. Schedule Configures a policy to run on a schedule.
Change Management Portlets and Editors | Change Management and Compliance By default, access this portlet by selecting Compliance from the navigation bar. This portlet has both a summary view and an expanded view. Each view could display different columns and has the same pop-up menu options available. Summary View Expanded View Columns Other than the general navigation and configuration options, the Compliance Schedule portlets (summary and expanded views) include the following columns.
Change Management Portlets and Editors | Change Management and Compliance Column Description Recurrence The frequency in which to execute the scheduled action, such as each weekday, every three months, only at startup, only once, and so on. This field displays on the summary and expanded views by default. Submission Date The date and time that this schedule was submitted. This field displays on the expanded view by default. Start Date The date and time to start the scheduled action execution.
Change Management Portlets and Editors | Change Management and Compliance Menu Option Description Execute Runs the actions for the selected schedule. The audit viewer displays execution progress for activity-based or discovery-profilebase schedules. For all other types of scheduled actions, a message is displayed stating that the item was sent to the application server for immediate execution. Monitor it progress from the Audit Trail portlet (see Audit Trail Portlet on page 154 for more details).
Change Management Portlets and Editors | Change Management and Compliance You can view the value for most of the hidden columns by clicking the Settings tool, selecting the columns tab, clicking Show for the appropriate column, and then applying the change. Column Description Severity The alarm severity indicated by the color and text. The severity only has meaning for alarms and security alarms. Informational alarms have a severity level of Indeterminate. Closed alarms show without color.
Change Management Portlets and Editors | Change Management and Compliance Column Description Correlated By The date and time when the alarm correlation to a parent alarm (caused by or blocked by). Correlated Time The role the alarm plays in any correlation, such as top-level alarm, caused by parent, blocked by parent. Correlation State The domain emitting the alarm. Domain ID The identifier for the resource domain. Entity Description The alarmed entity’s description.
Change Management Portlets and Editors | Change Management and Compliance Menu Option Description Assign User Assigns this alarm to one of the users displayed in the sub-menu by selecting that user. An icon also appears in the expanded portlet indicating the alarm is assigned to someone. Clear Alarm Removes the alarm from the default alarm view and marks it as a candidate for the database archiving process (DAP). Clearing an alarm is an indication to the system that the alarm was resolved/addressed.
Change Management Portlets and Editors | Change Management and Compliance Compliance Policy Summary This snap panel appears at the bottom of the expanded portlet described in Compliance Policy Summary on page 495. It catalogs the compliance policy’s history and lists the Equipment scanned, a status icon indicating whether the run discovered equipment in (green) or out (red) of compliance. If you added equipment to a policy before it has run, you may also see a Not Executed (blue) status.
Using Change Management and Compliance | Change Management and Compliance Using Change Management and Compliance The following outlines common use cases for this software, and the steps to achieve the goals of each case: Goal: Regularly verify configurations are compliant 1 Create compliance policy(ies) based on what indicates compliance. Right-click New > Policy in the Compliance Policies/ProScan portlet.
Configuring Compliance Policy Groups | Change Management and Compliance Configuring Compliance Policy Groups If you have different compliance policies for different device type, then you can run a Compliance Policy Group and automatically scan even different types of devices. For more about this, see Creating or Modifying Compliance Policy Groups on page 513. 1 Right-click and select New > Group. 2 Specify the Compliance Policy Group Parameters. 3 Add Compliance Policies.
Change Management (Example) | Change Management and Compliance Change Management (Example) The following describes an example use of Change Manager. This backs up a configuration file, modifies it, then scans the file for the modified text, and acts according to the result. The following steps describe how to do this: 1 Back up a device configuration. Select a device and click the File Management > Backup right-click menu in Managed Resources portlet.
Change Management (Example) | Change Management and Compliance Some Limitations in this Example Note that this example does not change authentication, either for telnet or SNMP. If it did alter the SNMP authentication, you would have to create an SNMP authentication alternative before scanning could occur. Creating or Modifying a Compliance Policy This series of screens lets you configure ProScan policies.
Change Management (Example) | Change Management and Compliance Description—A text description of the policy. This also appears when the policy is listed in the manager. Input Source Use the radio buttons to select a source. Select from among the following options: Device Backup—Retrieve the configuration from the device and scan it for compliance. Current Config—The scan the current configuration backed up from the device. Configuration Label—Select the configuration to run against based on a label.
Change Management (Example) | Change Management and Compliance To provide information for individual policies that are part of groups, this screen displays inherited group targets grayed out. See Creating or Modifying Compliance Policy Groups on page 513 for more about groups. Criteria This screen lets you filter configuration files based on text, or Regular Expressions. Click Add to open an editor line.
Change Management (Example) | Change Management and Compliance Editing Compliance Policy Criteria After clicking Add Criteria, use the pick list on the upper right to select an operation to select a criteria match type (Contains, Doesn’t contain, [does not] match Regex (see Regular Expressions on page 508), [does not] Match Regex for each line, Count number of occurrences, Perl or Java (Groovy)). Specify the match string or regular expression (Regex) in the text editor below the pick list.
Change Management (Example) | Change Management and Compliance Count number of occurrences This operator lets you specify a less than, greater than, or equal mathematical operator (<, >, =) and a number of lines after you provide regex or string criteria with the operator and count value. This returns true if the criteria (as a whole) match the input source count and operator combination.
Change Management (Example) | Change Management and Compliance Enter the starting and ending regular expressions (Start at/End at), and elect whether the beginning or end of the source group includes or excludes what that expression matches. Click Apply to accept your edits, or Cancel to abandon them. You can create multiple group criteria. OpenManage Network Manager applies the group criteria in order, from top to bottom.
Create Source Group Criteria | Change Management and Compliance Create Source Group Criteria Here is an example of how you can use source group criteria. Suppose you want to scan for the following text: neighbor 2.3.4.5 activate neighbor 2.3.4.5 route-map allanRM01 This is within the following configuration: router ospf 888 log-adjacency-changes redistribute bgp 88 metric 10010 metric-type 1 subnets tag 334 route-map allanRM02 network 2.3.4.0 0.0.0.255 area 123 network 2.3.5.0 0.0.0.
Create Source Group Criteria | Change Management and Compliance neighbor 4.5.6.7 route-map allanRM02 in default-information originate no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf VPN_PE_A redistribute ospf 10 vrf VPN_PE_A match internal external 1 external 2 no auto-summary no synchronization exit-address-family ! In addition, within this configuration, you want to check if the target lines are present under each address-family in the router bgp section.
Create Source Group Criteria | Change Management and Compliance neighbor 4.5.6.7 activate neighbor 4.5.6.
Create Source Group Criteria | Change Management and Compliance Regular Expressions Regular expressions include metacharacters to instruct the program how to treat characters it encounters. These include the following: ^, $, . , | , { , } , [ , ] , ( , ), *, +, ? , \. If you want to match one of these metacharacters, you must prepend a backslash (\). So to match a literal question mark, rather than instructing regular expression matching to match 0 or 1 of a previous expression, you must enter \?.
Create Source Group Criteria | Change Management and Compliance Label Pattern URL (?:^|")(http|ftp|mailto):(?://)?(\w+(?:[\.:@]\w+)*?)(?:/ |@)([^"\?]*?)(?:\?([^\?"]*?))?(?:$|") HTML Tag <(\w+)[^>]*?>(.*?) Here are some examples of such expressions: Label Pattern Email address (U.S.) ^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Zaz]{2,4}$ MAC Address ([0-9a-fA-F]{1,2}:){5}[0-9a-fA-F]{1,2} Time hh:mm:ss (0[0-9]|1[0-2]):[0-5][0-9]:[0-5][0-9] IP Address (\d{1,3}.){3}\d{1,3} Validated IP Address (
Create Source Group Criteria | Change Management and Compliance bgp/s+{/n/s+group/s+internal/s+{/n/s+type/s+internal;/n/s+export/s+nhs NOTE: Make sure you check Multi-line Support. Another example: lab@MyServer# show policy-options policy-statement nhs { term set-nhs { then { next-hop self; } } } The following regex statement matches this example: policy-statement\s+ns\s+{\n\s+term\s+set-nhs\s+{\n\s+then\s+{\n\s+nexthop\s+self Perl/Java (Groovy) Language Policies In addition to regular expressions, you
Create Source Group Criteria | Change Management and Compliance As the screen says $input_source is what the code scans.
Create Source Group Criteria | Change Management and Compliance else { return "Failure - no description found"; } NOTE: Notice that you can also combine these scans with the Edit Source Group Criteria regular expressions to streamline them. Click Save to preserve the policy you have configured in these screens, or click Close (in the tool bar) to abandon your edits. Compliance Policy Job Status This screen displays the progress of compliance scanning you have configured.
Create Source Group Criteria | Change Management and Compliance Creating or Modifying Compliance Policy Groups When you create or modify a Compliance Policy Group after right-clicking New > Group or Open when you have selected a group, the Compliance Policy Group editor appears. This has the following to configure: Name— A text identifier for the group. Enabled—Check to enable this grouping. Grouped Policies —Click Add Policy to select compliance policies in a selector screen.
Standard Policies | Change Management and Compliance Standard Policies Change Management comes with several policies and actions by default. These include compliance policies and policy groups, as well as the corresponding Actions for correcting any violations, and Event Processing Rules that automate remedy actions. The following sections briefly describe a representative set of these (you may have more or less, depending on your package).
Standard Policies | Change Management and Compliance COMPLIANCE Cisco TCP Small-Servers (11.3+)—Disables unneeded TCP services such as echo, discard, chargen, etc; PCI 2.2.2 COMPLIANCE Cisco UDP Small-Servers (11.2-)— Disables unneeded UDP services such as echo, discard, chargen, etc.; PCI 2.2.2. COMPLIANCE Cisco UDP Small-Servers (11.3+)— Disables unneeded UDP services such as echo, discard, chargen, etc; PCI 2.2.2 COMPLIANCE Cisco VTY Exec Timeout—Set Exec Timeout on VTY ports; PCI 8.5.
Standard Policies | Change Management and Compliance Compliance Policy Groups The following combine the Compliance Policies described above into groups to scan for compliance. PCI Compliance for Cisco—This includes the following COMPLIANCE policies: Cisco VTY Transport Input Limit, Cisco VTY Login, Cisco VTY Exec Timeout, Cisco VTY Access Class Inbound, Cisco SNMP RW Communities, Cisco Password Encryption, Cisco Finger Service (12.1+), Cisco Finger Service (11.3-12.
Standard Policies | Change Management and Compliance Compliance Cisco Timestamps Logging—Enables PCI Cisco Timestamps Logging. Compliance Cisco SNMP RW Communities—Removes RW community string with user input. Compliance Cisco Password Encryption— Enables PCI Cisco Password Encryption. Compliance Cisco CDP Service— Disables CDP Cisco Discovery Protocol.
Standard Policies | Change Management and Compliance Juniper Policer DNS—Protect from source address spoofing Juniper Policer NTP—Protect from source address spoofing Juniper Policer RADIUS— Protect from source address spoofing Juniper Policer SNMP—Protect from source address spoofing Juniper Policer SSH—Protect from source address spoofing Juniper Policer Small BW—Protect from source address spoofing Juniper Policer TCP—Protect from source address spoofing Juniper Recommended Logging—Confirms recommended l
Change Determination Process | Change Management and Compliance Change Determination Process If you run the Change Determination Process, it collects all the configuration changes that occurred on the target resources since the last time this process ran. It also associates these changes with the date and time when the Change Determination process runs.
Change Determination Process | Change Management and Compliance Change Determination Process Workflow Change Manager seeds Change Determination Process and compliance group operations. You can configure this to run on groups of your choosing if you create a new Change Determination Process group operation.
Change Determination Process | Change Management and Compliance After running the Change Determination Process, you can run the Configuration Change report to display what changed for a defined period. The contents of that report depends on the report filter, and the specified period. This report lists changed attributes in the configurations.
Change Determination Process | Change Management and Compliance Event/Trap-Based Change Determination The following steps to trigger Change Determination based on events received by OpenManage Network Manager. Your devices must transmit traps to the OpenManage Network Manager installation, and must emit traps when changes occur, or this does not work. 1 Back up the configuration file for a device you have discovered.
Change Determination Process | Change Management and Compliance 9 10 Click Add Action, and click the Custom action alternative, then click Keyword Search and select Change Determination. That action appears in the drop-down combo box. Notice you can also select a target in the action selector. By not selecting one, we run change determination against all Managed Equipment. Click Apply and view the Change Determination action listed in the Actions screen.
Compliance and Change Reporting | Change Management and Compliance Compliance and Change Reporting The Compliance Policy Violation report is seeded when you have ProScan/Change Management in OpenManage Network Manager. Inventory Compliance Attributes for reporting can also appear in report templates when you install ProScan.
Compliance and Change Reporting | Change Management and Compliance How To: Report on Change Determination Follow these steps to produce regular change determination reports: 1 First, insure the devices you want to scan are discovered, and send change notifications to the application server. Juniper JUNOS-based routers, for one example, provide configuration change information with an SNMP trap. The following configuration determines that configuration change traps are being sent to a host 192.168.1.
Compliance and Change Reporting | Change Management and Compliance 5 Once this occurs, the Change Determination label moves to point to the same configuration which is reflected by the Current label. 6 The report which can run to display these changes is OpenManage Network Manager’s Configuration Change Report. It displays the name of the device in question, the IP address, date/time of change, who made the change, what was removed and what was added.
10 Traffic Flow Analyzer This section provides information about the Traffic Flow Analyzer (TFA) component, which allows you to view and report on detailed traffic flow data within your network. TFA listens on UDP ports for packets in the NetFlow and sFlow family of protocols (this includes NetFlow implementations such as JFlow, NetStream, etc). Using this data, Traffic Flow Analyzer can help you visualize network traffic, troubleshoot and anticipate bottlenecks.
How does Traffic Flow work? | Traffic Flow Analyzer How does Traffic Flow work? Here is a diagram on how it works followed by some bullet points. • • • • • • The NetFlow/IPFIX/sFlow exporting device monitors the traffic that traverses ing it The device becomes an Exporter of NetFlow/IPFIX/sFlow data. It exports the information to the NetFlow/IPFIX/sFlow Collector The collector stores, correlates and presents the information about Traffic bottlenecks in networks.
How does Traffic Flow work? | Traffic Flow Analyzer IPFIX—Another traffic flow monitoring technology that is similar to NetFlow but is even more open-ended and allows for more flexibility in how it can be implemented by hardware vendors. Sampling is also optional for this technology. jFlow—Juniper's implementation of NetFlow. sFlow—Another traffic flow monitoring technology that has a clearly defined standard and thus there is very little leeway for how hardware vendors can implement it.
Setup Tasks | Traffic Flow Analyzer Setup Tasks To set up TFA, you will need to configure one or more devices to send traffic flow data to OpenManage Network Manager and you will also need to register these devices as exporters. Each of these tasks begins from the Managed Resources portlet and the Traffic Flow Analyzer sub-menu that appears when you right-click on a device.
Setup Tasks | Traffic Flow Analyzer 5 If this operation was successful then the port or interface should be configured to send traffic flows to OpenManage Network Manager using one of the supported protocols (sFlow, NetFlow, IPFIX).
Setup Tasks | Traffic Flow Analyzer Showing TFA Configuration for Managed Resource, Port, or Interface 1 From either the Managed Resources, Ports, or Interfaces portlet, right-click on the appropriate device. 2 Select Traffic Flow Analyzer >Show Configuration. 3 A popup box will appear indicating that no parameters are necessary to perform this action. Click Execute. 4 The TFA configuration for the device will be shown.
Showing Traffic | Traffic Flow Analyzer Showing Traffic . Showing Traffic for a Managed Resource (Top-Level Device) You can view the traffic flow data for any device in the Managed Resources portlet if you select a device and right-click and then expand the Traffic Flow Analyzer sub-menu. The re are two Show Traffic menu options available from this sub-menu, both of which will navigate to full-screen views of the expanded Traffic Flow Portlet and will show the traffic flow data for the selected device.
Showing Traffic | Traffic Flow Analyzer Showing Traffic for a Port or Interface (Subcomponent) You can view traffic flow data for a port or interface by using the Show Traffic menu item that is available in either portlet. Within either portlet, select an entity and right-click and then select Traffic Flow Analyzer>Show Traffic. This will navigate to the expanded Traffic Flow portlet and the context will be set to show the data associated with the selected entity (if any data is available).
Traffic Flow Portlet | Traffic Flow Analyzer Traffic Flow Portlet Traffic Flow Analyzer uses several types of portlets, one for each of the types of objects on which it reports. These are Applications, Autonomous Systems, Conversations, Endpoints, Exporters by Equipment Manager, Exporters by Subcomponent, Protocols, Receivers and Senders. Note that Endpoints, Conversations, Receivers, and Senders all have similar data.
Traffic Flow Portlet | Traffic Flow Analyzer Expanded Traffic Flow Portlet When you expand the portlet, a more complex interactive view appears. Initially, it displays a line graph for the selected time frame. The graph on the upper portion of the portlet shows the data points for every time-slice and the chart below this graph shows the aggregate for all data points covering the selected time frame. The following controls appear in the title bar: Select Chart Type— Lets you change the chart type.
Traffic Flow Portlet | Traffic Flow Analyzer example, Last 8 Hours, Last 120 Minutes, Last 45 Days, etc. If Absolute is selected, you must enter an absolute start and end time. Click Apply for these settings to take effect. Data for Last 15 Minutes shows minute-by-minute data and this type of data typically appears after about 2-5 minutes of collection (after the exporter is first registered and flow packets are received from this device).
Traffic Flow Portlet | Traffic Flow Analyzer - NetFlow V9 and IPFIX with a single sampling rate for the entire device. In these cases an options datagram contains the sampling rate for the device. - NetFlow V9 and IPFIX with a sampling rate specific to an interface. In these cases an options datagram contains a sampling rate and a sampler ID. Flows then contain a sampler ID to associate to this. When flows say the sampler ID is 0 then this feature is disabled for this interface.
Traffic Flow Portlet | Traffic Flow Analyzer which case there is no time-slice data and the file will instead contain the same aggregate data as shown in the chart that appears on the screen below the graph. You can retrieve the generated file in the My Alerts area at the lower left corner of the portal. NOTE: When you export a line graph to CSV, the resulting file will have the times (minute-by-minute, hourly, etc.) in the header row, but the spreadsheet program you are using (i.e.
Traffic Flow Portlet | Traffic Flow Analyzer Drill Down you can “drill down” into a report by clicking on one of the links in the table. This displays a detail view of the selected entity and the name of the entity appears in the navigation bar. When a detail view appears, the entity type appears as in the title bar. You can change to a “Top/ Bottom n” report of a different type, then click refresh to display a report of the top entities that apply to the current detailed entity.
Traffic Flow Portlet | Traffic Flow Analyzer Search Search by clicking on the Search (magnifying glass) icon in the title bar. Type any string in the next screen to search through the traffic data. A list of all entities found matching the string appears below it. Entity found in the search support the following actions: View Top Conversations— Displays the top n conversations for the selected entity. Show Detail View— Displays a top level detail view of the selected entity.
Traffic Flow Portlet | Traffic Flow Analyzer name or has the wrong name and you would like to change it, you can do so through this screen. Also you can enter keywords that will help with future searches. Click Apply to save the changes and return to the search screen. NOTE: The Settings button (the gear in the upper right corner) lets you confine the search by types (All, Applications, Protocols, Autonomous Systems, Endpoints)). Note that you cannot search by exporters through this screen.
Traffic Flow Portlet | Traffic Flow Analyzer which aggregate to weekly data. It is important to consider how long you need to keep each granularity of data and to set the values accordingly. If you are saving data for longer than you need it, then this can fill up your database. On this screen there are also fields that help you optimize queries. You can set the maximum number of rows per rollup table, which can be helpful for improving query performance.
Traffic Flow Portlet | Traffic Flow Analyzer the values 3, 15, 44, 89, and 248 would be added together into the "Other" category, but their protocol, application, and exporter data would be preserved. So these smaller flows would only actually be aggregated if they were all for the same exporter, protocol and application. To enable this feature, enter a value for Max Conversational Flows Per Minute.
Traffic Flow Analyzer - Example | Traffic Flow Analyzer Traffic Flow Analyzer - Example The following describes typical situations where flow is useful. When ports are over-utilized because of intermittent performance problems diagnosis of the problem sometimes difficult. Turn on flow traffic data collection to evaluate who, what applications, and so on, are responsible for the traffic on the affected ports. This avoids getting overwhelmed with collection of traffic going in all directions.
Traffic Flow Analyzer - Example | Traffic Flow Analyzer 1 Create a new Report Template by right-clicking the Report Templates portlet, selecting New > Table Template. 2 Name the report (here: Test Traffic Flow Applications Report). 3 Select a source in the Source tab. Here: Traffic Flow Analyzer > Traffic Flow Exporter. 4 Notice that the Select your inventory columns panel displays the attributes available based on your traffic flow entity type selection.
Traffic Flow Analyzer - Example | Traffic Flow Analyzer • Time defaults to Within Last 24 Hours. Note that the only comparison operators that work for this filter conditions are Within Last, Is, Between, and After. • Exporter Equipment Manager is not specified by default (meaning that data for all exporters should be included), but this attribute can be used to filter by a specific exporter by equipment manager (which includes all subcomponents).
Traffic Flow Analysis Life Cycle | Traffic Flow Analyzer Traffic Flow Analysis Life Cycle The following diagrams OpenManage Network Manager’s Traffic Flow Analysis life cycle Traffic Flow Analysis Life cycle Legend 1 548 NetFlow/IPFIX packet received— OpenManage Network Manager received a NetFlow or IPFIX packet from a registered exporter. OpenManage Network Manager ignores NetFlow packets from devices not registered as exporters. OMNM 6.5.
Traffic Flow Analysis Life Cycle | Traffic Flow Analyzer 2 Random sampler—OpenManage Network Manager applies random sampling to incoming packets. This currently applies only to NetFlow or IPFIX packets and not sFlow packets. The NetFlowListenerMBean attribute SamplingRate (1 by default) determines this behavior. This value represents the average number of packets received before one is processed (the others are discarded).
Traffic Flow Analysis Life Cycle | Traffic Flow Analyzer 550 14 Post batch of flows to the application server—Most of this processing occurs in the mediation server (process or host). Once OpenManage Network Manager produces the normalized, protocol-independent flows, it adds them to a queue the mediation server posts to the application server. Once the application server receives these results, it inserts them into the database for later querying.
Best Practices: Performance Tuning Traffic Flow Analysis | Traffic Flow Analyzer Best Practices: Performance Tuning Traffic Flow Analysis Most OpenManage Network Manager packages limit Traffic Flow exporters through licensing, however be aware that even small numbers of traffic flow exporters may overwhelm hardware resources.
Best Practices: Performance Tuning Traffic Flow Analysis | Traffic Flow Analyzer true lookup--> 1 oware:service=NotificationProcessingMBean oware:service=HAServiceController oware:service=ClusterPrimaryDesignator jboss.
Best Practices: Performance Tuning Traffic Flow Analysis | Traffic Flow Analyzer See Understanding Performance Monitoring on page 361 for more about calculating database space and hardware and tuning monitored data. Traffic Flow Limitations • • If you receive no endpoint flow data, the Traffic Flow Analysis form appears empty when you select endpoints. Make sure you are receiving flow data before concluding the device or OpenManage Network Manager is defective.
Best Practices: Performance Tuning Traffic Flow Analysis | Traffic Flow Analyzer 554 OMNM 6.5.
11 Actions and Adaptive CLI The actions and adaptive CLI topics discussed in this section include: Actions and Adaptive CLI Overview – 556 Actions Portlet – 558 External Executable – 582 Adaptive CLI Script Language Syntax – 588 Perl Scripts – 590 Active Performance Monitor Support – 609 Action Groups – 615 Troubleshooting Adaptive CLI – 618 Adaptive CLI Records Aging Policy – 619 RESTful Web Service – 621 DNS Resolution Monitoring – 632 Basic URL Monitoring – 636 TCP Port Monitoring – 639 OMNM 6.5.
Actions and Adaptive CLI Overview | Actions and Adaptive CLI Actions and Adaptive CLI Overview The Actions Manager lets you manage actions like enabling monitors, file backups, resyncs and so on. These actions are typically limited in scope, and not that complex. On the other hand, it also manages Adaptive CLI (command-line interface) commands to run against devices which can be complex. These commands amount to “mini-scripts” to query and configure those devices.
Actions and Adaptive CLI Overview | Actions and Adaptive CLI Using Perl in Adaptive CLI If you need conditional logic that goes beyond simple scripting, you can use Perl in Adaptive CLI. The example below checks to see if a String Attribute is empty (null) or not. If the String attribute (ShowCmdString) has content, the show command with ShowCmdString as a parameter goes to the device. Otherwise, the Perl script skips or excludes this statement.
Actions Portlet | Actions and Adaptive CLI Actions Portlet The Actions Portlet lets you manage actions like Adaptive CLI, backups, change management actions, and so on. The list of actions available to your system depends on the exact configuration you have installed. This portlet is the primary access point for Adaptive CLI editing. The summary portlet displays columns with the Name, Family, and Target Entity Type for the listed Action. The Family column describes the type of Action.
Actions Portlet | Actions and Adaptive CLI Expanded Actions Portlet The expanded portlet has the same right-click menu as the summary portlet, and adds columns for Description, Last Web Service ID, Access Level, Web Service Deployment, and Supports Groups.
Actions Portlet | Actions and Adaptive CLI The Execution Details panel displays tabs showing the Results of running an Adaptive CLI, and the Sent Commands. You can also View Job to see a screen like the Audit Trail Portlet on page 154, or Delete to remove a listed Action record from the list.
Actions Portlet | Actions and Adaptive CLI History—Displays the history of the selected action. In the Results (top of screen panel) click to select the device for which you want additional information, and the Execution Details panel displays the Results of execution in one tab and the Sent Commands in another. Notice that you can Find text within a result (click Go to repeat the find).
Actions Portlet | Actions and Adaptive CLI If you select two executions in the top panel (or in the Execution History snap panel and right-click), a comparison appears. This has the same color coding as you would see comparing configuration files. Lines that differ between the two Adaptive CLI results appear highlighted green. Lines that are missing in one, but that appear in another appear highlighted red. Added lines appear highlighted in yellow.
Actions Portlet | Actions and Adaptive CLI Adaptive CLI Editor This editor creates new Adaptive CLIs When you click New, or Edit after, selecting an existing command, the command editor screen opens. You can create Configure Commands, External Commands, and Show Commands. The editor screen has the following tabs (the ones that appear depend on the type of command you are editing): • • • General Attributes Scripts The Adaptive CLI Manager logs into devices in enable mode by default.
Actions Portlet | Actions and Adaptive CLI Type—Select a type from the pick list (CLI Configure Command, External Executable, Config File Generation or CLI Show Command). The External Executable command refers to a script. Making this an ACLI means OpenManage Network Manager can schedule such scripts or include them in a workflow. See External Executable on page 582 for more about these.
Actions Portlet | Actions and Adaptive CLI Attributes Adaptive CLI commands let you configure modifiable Attributes as part of the command you send to the selected equipment. Entity Type Settings Use the radio buttons to select from the following options: • • • Do not use Parameter Schema Create a new Parameter Schema Use an existing Parameter Schema for this Adaptive CLI Sharing a schema rather than creating a new one with each Adaptive CLI lets you use the same attributes in complementary scripts.
Actions Portlet | Actions and Adaptive CLI Create a new Parameter Schema Click the New button and the schema screens appear. Entity Type Settings The Entity Type Settings tab has the following fields: Entity Type Name—An identifier for the schema. Description—A text description for the schema. Category—A category for the schema. Version— An automatically-created version number. 566 OMNM 6.5.
Actions Portlet | Actions and Adaptive CLI Attribute Settings Click the New Attribute button and select the attribute type and open editor panel and configure the attribute. Configured attributes appear in a tree to the left of the editor panel. Click a listed attribute to edit it after it has been created. The editor panel has the following fields: Label— An identifier for the attribute. These can have spaces, but not underscores, unless your package is 7.2.3 or later, which supports both.
Actions Portlet | Actions and Adaptive CLI Case Insensitive— Validation ignores case. Multi Line Text—Check to enable multiline text. One Way Encrypt—Check to encrypt. Truncate—Truncate the attribute. Attribute Settings You can create new attribute schemas. See Attribute Editor Panels below for information about different datatypes’ fields. Once you create a set of attributes, they remain available for re-use as a schema, or collection of attributes.
Actions Portlet | Actions and Adaptive CLI Valid Values—Enter valid date values above the list, and click the green plus to add them to the list. Decimal Default Value—Enter a single or range of default decimal values. Constraints—Enter a range of acceptable numbers separated by a colon. For example, Constraints = 2:4096. At runtime, a field where you can enter numbers. validates that entered numbers are between 2 and 4096 when running the Adaptive CLI.
Actions Portlet | Actions and Adaptive CLI Constraint—Enter the regular expression constraints, if any, on the string attribute. Constraint Description—Enter the message to appear if the regular expression constraints are not met. Min/Max Length— Enter the minimum/maximum number of characters in a valid string. Click Apply to accept your edits for the attribute, or Cancel to abandon them. Use an existing Parameter Schema for this Adaptive CLI Select this, and a Select Existing button appears.
Actions Portlet | Actions and Adaptive CLI Attribute Presentation This panel lets you reorder attributes by selecting an attribute, then clicking the up/down arrows. Exporting or importing a reordered Action preserves the configured order of attributes. If you change the attribute order after scheduling the Action, it does not affect the execution of the scheduled Action. If you use the same Entity Type (schema) for another Action attributes appear in the same order.
Actions Portlet | Actions and Adaptive CLI Script Settings Click Add New Script to create a new item in those listed at the top of this screen, or select and item and click the Edit icon to its right to alter it. When you create a new script, you must select either Embedded CLI or Perl. Embedded CLI scripts are command-line interface (CLI) interactions. See Perl Scripts on page 590 for more about using Perl. Clicking the Delete icon removes a selected item.
Actions Portlet | Actions and Adaptive CLI Optional Attribute Delimiter—The delimiter(s) you select from the pick list here surround the attributes you designate as optional. See Adaptive CLI Script Language Syntax on page 588 for more about these.
Actions Portlet | Actions and Adaptive CLI Error Conditions The error condition lets you configure errors for your script. Check Continue on Error under the Global Condition Options, if you want the script to not stop when it encounters an error. Click Add new error conditions to configure a condition at the bottom of this screen with the following fields: Error Pattern—Enter a regular expression for the error. You can also click the icon in the upper right corner to test the expression.
Actions Portlet | Actions and Adaptive CLI Send New Line—For some devices, a single key response without a new line would be sufficient; in such cases, you may need to uncheck the Send New Line option. Max Occurrences—Indicates the maximum number of times respond to a prompt. The default value zero (0) indicates no limit. Prerequisite Validation Some devices (JUNOS and Cisco XR) allow you to preview the result of an Adaptive CLI before actually executing it on devices that support such an advanced preview.
Actions Portlet | Actions and Adaptive CLI For non-supported devices, if you provide a Prerequisite Validation Pattern, on execution you are advised to edit the Adaptive CLI and remove the pattern before execution. Prerequisite Validation does not appear for types other than CLI Show Command and CLI Configure Command. Value Extraction To support Adaptive Service and Active Monitor functions, Adaptive CLI provides a way for the user to define output schema attributes.
Actions Portlet | Actions and Adaptive CLI Parse Expression—Enter a regular expression for Parse Expression and the Parse Algorithm (Extract or Match) used when evaluating the device output on a given script execution. OpenManage Network Manager matches the regular expression for sub-strings, so no need to provide a leading and trailing “match all” regular expression. (.*). See Regular Expressions on page 508 for more information about what is these expressions can do.
Actions Portlet | Actions and Adaptive CLI After generating the configuration, if you right-click that selected device, its Details panel’s History tab displays the generated configuration file, and lets you right-click to view, edit or compare it as you would other configuration files. You can also right-click the Execution Details rows to view any parameters you have entered in viewer’s the Scripts and Parameters tab.
Actions Portlet | Actions and Adaptive CLI 4 Add the configuration template to Scripts. 5 Edit it, adding attributes, if necessary, and Apply and Save. NOTE: This editor validates entries. You cannot save the script unless you choose the correct Optional Attribute Delimiter. To test this, create a new device in OpenManage Network Manager Inventory. 1 In Resources portlet, right-click and select New. 2 Select the Vendor and Model, Click Create.
Actions Portlet | Actions and Adaptive CLI To do this, right-click the newly created device in the Managed Resources portlet, select Actions, select the appropriate Generate Config File action and Load Selected. 580 5 Once you have selected the action, you must enter values in the attribute fields provided. 6 Click on preview to see any changes this produces. 7 When you Execute this action, the audit trail screen also displays a Results panel that shows the configuration. OMNM 6.5.
Actions Portlet | Actions and Adaptive CLI 8 Once created, the configuration file appears in the device’s Details panel’s Execution History. You can right-click two selected configuration files generated this way to compare them. 9 Right-click the Execution History row, and select Execution Details. The attribute values appear. NOTE: Anywhere you can see the generated configuration file in the Configuration Files portlet or in a device’s Details screen, you can right-click and export it.
External Executable | Actions and Adaptive CLI External Executable External executable Adaptive CLIs essentially run external scripts from the OpenManage Network Manager environment. For example, you could run the DOS dir command (and schedule its execution). Make sure you select External Command as the Type of Adaptive CLI in the editor when you create an Adaptive CLI that refers to an external command. Also, make sure the Net::Telnet package is installed with Perl.
External Executable | Actions and Adaptive CLI Results OpenManage Network Manager stores the results of running a script as lines the Execution Details snap panel. Right-click the particular command run in the snap panel at the bottom of the Expanded Actions Portlet. Tabs show the Results, Sent Command, and Script and Parameters. When viewing a script run the results of running it appear target device-by-device. OMNM 6.5.
External Executable | Actions and Adaptive CLI Results can also appear in the audit screen messages and in the Results panel of the Action job viewer screen. You can also extract parameters for these external commands as is described in Value Extraction on page 576. Seeded External Scripts Several external perl scripts come with OpenManage Network Manager as examples of the kind of commands you can execute (and Monitor, see Adaptive CLI on page 397 in Performance Monitoring). These are in \owareapps\perfo
External Executable | Actions and Adaptive CLI perl ../../../owareapps/performance/scripts/http_test.pl Notice that these also include a parameter (Result) that contains values extracted. Set up attribute extraction in the Values Extraction tab of the script editor. Script Names and Functions Linux installations must have the Net::Telnet package installed with Perl. common.pl— Common functions defined for scripts in this directory. dns_test.pl— Check if DNS can resolve the specified host name.
External Executable | Actions and Adaptive CLI peping_test.pl— Check if a target is pingable from the specified remote host. pop3_test.pl—Check if the POP3 service is running on a specified host. smtp_test.pl— Check if the SMTP service is running on a specified host. telnet_test.pl— Check if the TELNET service is running on a specified host. See Create a Monitor for an External Script on page 394 for more specifics about monitoring these.
External Executable | Actions and Adaptive CLI 10 Click the Execute button. 11 The Job Viewer screen appears displaying the command line you have specified (c:\HelloWorld.bat XXX YYY) in informational messages. You typically have to configure the Job Viewer so these appear. They are concealed by default. 12 Finally, the Results screen appears with the device you specified on the left, and the result of the batch file run on the right.
Adaptive CLI Script Language Syntax | Actions and Adaptive CLI Adaptive CLI Script Language Syntax The following is the Adaptive CLI scripting language syntax: • • CLI script is a line-based syntax. In other words, each line’s syntax has to be completed. CLI script supports primarily two features: Attributes and Conditional Blocks. Attributes Each attribute in the script is marked by a delimiter.
Adaptive CLI Script Language Syntax | Actions and Adaptive CLI [ENDIF set] If the Attribute set has a value then the block is evaluated; otherwise, it is ignored. The text after ENDIF., that is set or whatever is not required and it is ignored. Nested conditional blocks are allowed. OMNM 6.5.
Perl Scripts | Actions and Adaptive CLI Perl Scripts This section describes the details of using Perl scripts within Adaptive CLI. See Using Perl in Adaptive CLI on page 557 for more about why to use Perl. The Perl output goes to the selected target device. Typically, this means creating lines like the following: println(“show $param”); or print(“show $param\n”); You must specify parameters within the script (like $param) in the screen described in Attributes on page 565.
Perl Scripts | Actions and Adaptive CLI Perl Example The following is an example Perl script for Adaptive CLI: # # A script example for testing against a Cisco-XR machine. # # The following variables (attributes) are defined in the schema, # and their values are assigned when the script # is invoked from the Adaptive CLI (or Resources) manager. # These variables will be declared with values and prepended # to each script automatically.
Perl Scripts | Actions and Adaptive CLI Example 3 - Adaptive CLI with Reboot shows you how to make an Adaptive CLI that requires rebooting the target device(s). Example 4 - Adaptive CLI To Extract Upload/Download Speeds demonstrates Adaptive CLI that extracts information from the target device, then displays the results on a dashboard. Example 5: Monitor Text Values demonstrates using and Adaptive CLI configured to monitor attributes with strings that indicate their status.
Perl Scripts | Actions and Adaptive CLI 5 An Audit trail screen tracks the execution progress 6 Select the Adaptive CLI you ran in the Expanded Portal, and right-click the execution run that appears in the Execution History snap panel at the bottom of the screen. 7 Right-click and select Execution Details. 8 View latest results classified by the device you select on the left. OMNM 6.5.
Perl Scripts | Actions and Adaptive CLI 9 View latest results by right-clicking in the Execution History snap-in of the expanded Action portlet. You can use the Find search box to find matches to strings within the results. Click Go to see the next match. 10 You can also look in the Sent Commands tab to see what actually went to the device. Example 2 - New Adaptive CLI 1 Create a new Adaptive CLI. Right-click and select New.
Perl Scripts | Actions and Adaptive CLI Notice that the created attributes appear in the panel on the right of this screen. 5 Select the attribute “required,” then click the Required icon (the green circle) in the lower right corner to of this screen to associate this icon with the Required attribute. Similarly, associate the Optional icon with the attribute “optional.” Notice that you can double-click the attributes listed in the panel on the right, and they appear in the script editor at the cursor.
Perl Scripts | Actions and Adaptive CLI Example 3 - Adaptive CLI with Reboot The following describes how to set up multi-line ACLI with error/success tracking for a command sequence that requires reboot. 1 Create an example configure Adaptive CLI command (here quickThenReboot). 2 Separate commands into parts. First issue the command (here show run), then issue the reboot command with a parameter that allows a prompt return before actual reboot (a delay, for instance).
Perl Scripts | Actions and Adaptive CLI 3 OpenManage Network Manager assumes commands are successful if a prompt appears without an error return. Default error tracking for most drivers provides all the error pattern matching you might need (testing the Adaptive CLI lets you know whether the device is addressed by a driver in “most”). Use specific error pattern matching for cases where the driver does not detect the typical errors by default.
Perl Scripts | Actions and Adaptive CLI 598 4 When reboot is successful with a proper command sequence, the job screen displays the successful execution. See Cisco Adaptive CLI Caveat on page 599 for more about continuation prompts. 5 Continue Patterns—The following Continue Patterns section is an addition to the above example. It looks for the Proceed prompt so the Adaptive CLI can issue a new line to force the reboot. But the shutdown command follows the next prompt, so the shutdown command OMNM 6.
Perl Scripts | Actions and Adaptive CLI must be in another continue pattern to force the last line before a pause in output to be the router's prompt. The patterns are .*Proceed.* and .*SHUTDOWN in.* allowing any characters before and after the keywords to match. Alternatively, this example could have a third command after reboot to force a new router prompt, but managing this problem with the continuation set seemed more straightforward.
Perl Scripts | Actions and Adaptive CLI 3 Create attributes to extract. In this case, we configure Upload Speed, and Download Speed as integer attributes, with a name, description, and nothing else. Notice, however, that you could configure validation for extracted attributes if you liked in this screen. 4 Create a new schema for these attributes. Schemas are helpful if you are creating several Adaptive CLIs (create, destroy, update, and so on) with the same set of attributes.
Perl Scripts | Actions and Adaptive CLI The attributes configured previously appear beside the script panel, but are not part of the script, even though that possibility might be useful for another Adaptive CLI. The current attributes are for extraction from the script results. NOTE: The filter at the top of this panel can limit the devices scanned by the Adaptive CLI to extract data.
Perl Scripts | Actions and Adaptive CLI • Download Speed (the first integer in the output) [Speed (kbps):\s+]([0-9]+). • Upload Speed (the third integer in the output) [Speed (kbps):\s+][0-9]+\s+[0-9]+\s+([0-9]+). NOTE: You can use free regular expression testers to debug these expressions. See Testing Regular Expressions on page 605. 8 Apply the edits you have made to script and extractive regular expressions, then Save the Adaptive CLI. 9 Right-click the Adaptive CLI and Execute it.
Perl Scripts | Actions and Adaptive CLI • Attribute Extraction Pattern: layer1status/Match/(Layer 1 Status:\n\s+ACTIVE) • For layer2status, the regular expression is like (Layer 2 Status:\n\s+TEI = \d, Ces = \d, SAPI = \d, State = MULTIPLE_FRAME_ESTABLISHED) Create a monitor to display the result of regularly running this Adaptive CLI on selected targets, and display its result in a dashboard.
Perl Scripts | Actions and Adaptive CLI 5 Click Save. 6 Right-click the saved monitor to View Monitor Data. You may have to click the wrench icon to configure the columns that appear so this screen displays the extracted attribute information. You should see the extracted values displayed in a table.
Perl Scripts | Actions and Adaptive CLI 4 Right-click the dashboard in the Dashboard Views portlet and view it in one of the options available (Full Screen/Popup). Notice that you can hover your cursor over a node in the graph and see all reported values for that node. Testing Regular Expressions You can test regular expressions in OpenManage Network Manager by clicking the icon in the upper right corner of screens like the one for Attribute Value Extractions in the Adaptive CLI editor.
Perl Scripts | Actions and Adaptive CLI Several applications, some free, are helpful to validate regular expressions too. These include websites (regexr.com, for one). These may also be helpful when trying to match a particular number and phrase in the Adaptive CLI and other output. In this example, we used Kodos to test various iterations of our regular expressions.
Perl Scripts | Actions and Adaptive CLI General This screen lets you identify the scheduled item and its targets. This has the following fields: General Settings Action—Identifies the action being scheduled. Schedule Description—Identifies the schedule. Associated Targets Click the Add button to select target equipment. You can remove listed equipment with the icon to the right of listed items or with the Remove All button.
Perl Scripts | Actions and Adaptive CLI Comparison Selecting (ctrl+clicking) two Adaptive CLI runs within the Execution History portlet lets you compare the two execution results. Right-click and select Compare. Lines that differ between the two configurations appear highlighted green. Lines that are missing in one, but that appear in another appear highlighted red. Added lines appear highlighted in yellow. Use the right/left arrows at the bottom of this screen to page through the side-by-side comparison.
Active Performance Monitor Support | Actions and Adaptive CLI Active Performance Monitor Support You can monitor Adaptive CLI execution results with Active Performance Monitor. To do this, you must select Adaptive CLI as the monitored type when creating a new performance monitor (see Resource Monitors on page 371), then select a target entities (with the Add button in the top panel) and a particular Adaptive CLI (with the green plus [+] in the Adaptive CLI Properties panel at the bottom of this screen.
Active Performance Monitor Support | Actions and Adaptive CLI These attributes default to the metric type Gauge. Adaptive CLI is where you define these attributes, but you must select their metric type settings on this screen if it is something other than the default. Click Save to preserve your configuration, or Cancel to abandon it and close the editor screen.
Active Performance Monitor Support | Actions and Adaptive CLI The process folder is attached to this document with proper structure. Put it in C:\strawberry\perl\vendor\lib\Win32 and you are ready to go. NOTE: Here are the URLs where you can download these libraries: http://search.cpan.org/~wyant/Win32-Process-Info-1.018/lib/Win32/Process/Info.pm http://search.cpan.org/~wyant/Win32-Process-Info-1.019/lib/Win32/Process/Info/WMI.pm 2 Put process_check.pl in the proper directory.
Active Performance Monitor Support | Actions and Adaptive CLI { print "Process " . $processname . " is not running! 0"; } TEST_ACTION This action’s name is TestExternalScript. It has two attributes, Process Name, a string, and Status, an integer. It stores the retrieved process’ status in the Status integer, and takes Process Name as a required input. It refers to the process_check.pl script as an external command in its Scripts tab. Here is the syntax: perl [installation root]\owareapps\performance\scrip
Active Performance Monitor Support | Actions and Adaptive CLI 7 Look in Job Viewer for the results. Click Set attribute extraction results, click here to see the results appear in the bottom panel. Notice also that you must check informational messages for all these to appear, and that several additional sets of messages besides the extraction results appear.
Active Performance Monitor Support | Actions and Adaptive CLI 13 614 Right-click to select View Monitor Data, and you can see the results of your efforts. OMNM 6.5.
Action Groups | Actions and Adaptive CLI Action Groups The Action Groups Portlet lets you configure several actions with different targets, order their execution, and execute actions against these groups of targets all at once. Right-click within this portlet to create a New Action Group, Edit an existing, selected one, Execute the selected Action Group, view the Audit trails for the selected group, or Schedule the selected Action Group. You can also share action groups with others users on your system.
Action Groups | Actions and Adaptive CLI Add Action—This opens an Action Editor where you can select the Action that is to be a member of the group, its Target devices and any Parameters associated with the Action. Use the Add button to add Associated Targets, and the Delete this entry icon to delete any added by mistake. Click Apply to accept an added (or edited) Action. When you do this the list on the Actions panel of the Action Group Editor changes to reflect the changes you have made.
Action Groups | Actions and Adaptive CLI How To: Configure an Action Group Follow these steps to configure an Action Group 1 Right-click in the Action Groups portlet, and select New. 2 Name the Action Group, and optionally type a Description. 3 Click Add Action. 4 Select an action (with the green plus at the top of the screen), and optionally add a Description in the field to the right of the selection.
Troubleshooting Adaptive CLI | Actions and Adaptive CLI Troubleshooting Adaptive CLI The following issues can prevent the correct completion of Adaptive CLI execution. Connectivity—The device can be offline. To detect whether this is true, right-click the device in the Managed Resources portlet and Direct Access > Ping it. Incomplete Discovery—If the device is online and still does not respond to Adaptive CLI, you may have only partially discovered it.
Adaptive CLI Records Aging Policy | Actions and Adaptive CLI Adaptive CLI Records Aging Policy You can use OpenManage Network Manager’s aging feature to preserve Adaptive CLI information. Click the Redcell > Database Aging Policy (DAP) node of the Control panel, and click the default Adaptive CLI DAP and click the edit button on its right.
Adaptive CLI Records Aging Policy | Actions and Adaptive CLI Undeploy Web Service—Select one or more activities to undeploy from web service. When successful, the Web Service IDs of the undeployed activities are cleared from the manager. Undeployed activities are also no longer accessible for web service requests. Export WSDL—After deploying and undeploying activities, you may want to export the WSDL file for client code generation. The WSDL file contains all the data class types for web service execution.
RESTful Web Service | Actions and Adaptive CLI RESTful Web Service This section provides an additional Adaptive CLI type that executes a REST Web Service. Like other Adaptive CLI behaviors, the OpenManage Network Manager (OMNM) application accepts user data and includes that in the REST API payload as JSON scripts. With this type of Adaptive CLI, JSON scripts (which include parameters, not just JSON) can support REST operations : GET, PUT, POST, and so on. You can specify a target URL and authentication.
RESTful Web Service | Actions and Adaptive CLI The result: NOTE: Sometimes it is useful to specify a target even if none is required so that you can see the Results window. Otherwise, the Job Viewer panel displays the same results. You can also copy and paste output into an online formatter at http://jsonformatter.curiousconcept.com/ to rearrange it so its appearance is more user-friendly.
RESTful Web Service | Actions and Adaptive CLI TOKEN_END URL:http://10.101.53.2:5000/v2.0/tenants Method:GET CAUTION: Do not put lines between TOKEN_END and URL. Execution Result: NOTE: The Job Viewer does not display credentials. If you have already generated a token and saved it in cache, a Token Generation Action that refers to that particular token by name uses the saved token. If any error exists in the Token Generation Action, you may not notice that error in this execution.
RESTful Web Service | Actions and Adaptive CLI "payment_method":"credit_card", "funding_instruments":[ { "credit_card":{ "number":"555555555550331", "type":"visa", "expire_month":11, "expire_year":2018, "cvv2":"555", "first_name":"Betsy", "last_name":"Buyer", "billing_address":{ "line1":"111 First Street", "city":"Saratoga", "state":"CA", "postal_code":"95070", "country_code":"US" } } } ] }, "transactions":[ { "amount":{ "total":"7.47", "currency":"USD", "details":{ "subtotal":"7.41", "tax":"0.
RESTful Web Service | Actions and Adaptive CLI Result: The following format is for the Token portion of the Script. The API used for Token Generation in the REST executions depends on the source queried. Sample1 uses the Paypal API. OpenStack API appears in Sample 2.
RESTful Web Service | Actions and Adaptive CLI The standard Request Properties form-urlencoded are part of the execution code and do not need to be specified: Accept: application/json Content-Type:application/json;charset=UTF-8 Base64 encoding Content-Type:application/x-www- Calling an Adaptive CLI The following returns a list of services from the REST call with this JSON script: URL: http://192.168.54.43:8089/rest/application.
RESTful Web Service | Actions and Adaptive CLI 5 GET http://localhost:8089/rest/actiondefs/{oid-from-4}/sample-json This returns a JSON structure that you can populate, such as: TokenActionName: dp_getToken URL: http://192.168.54.43:8089/rest/actiondefs/ com.dorado.redcell.inventory.task.TaskDefinition::ZvfczDh-e60G03-sQ1.313/sample-json Method: GET The result after execution: {"name":"dp_getDate","description":null,"oid":null,"target":null,"definit ionOid":"com.dorado.redcell.inventory.task.
RESTful Web Service | Actions and Adaptive CLI Calling an Independent Token Generation Action If a cached token has expired or is invalid, OpenManage Network Manager generates a new token by calling an independent action and saves it in cache. This executes an action requiring authentication. The format of token generation script (mg_os_generateTokenOnly) is as follows: TOKEN_BEGIN TokenProperty: X_Auth_Token TokenAccessParams: access.token.id URL:http://10.101.53.2:5000/v2.
RESTful Web Service | Actions and Adaptive CLI Sample scripts of a token generation action TOKEN_BEGIN TokenProperty: X-Auth-Token TokenAccessParams: tokenId TokenExpiryTime: 86400 URL:http://192.168.53.50:8089/rest/auth/ Method:POST { "username" : "admin", "password" : "admin" } TOKEN_END The following script contains all available fields for demonstration purposes. TOKEN_BEGIN TokenProperty: X-Auth-Token TokenPrefix:Bearer TokenPostfix: TokenAccessParams: access.token.
RESTful Web Service | Actions and Adaptive CLI Sample scripts that combine token generation and execution in one action TOKEN_BEGIN TokenProperty: X-Auth-Token TokenAccessParams: tokenId TokenExpiryTime: 86400 URL:http://192.168.53.
RESTful Web Service | Actions and Adaptive CLI ] }, "transactions":[ { "amount":{ "total":"7.47", "currency":"USD", "details":{ "subtotal":"7.41", "tax":"0.03", "shipping":"0.03" } }, "description":"This is the payment transaction description." } ] } OMNM 6.5.
DNS Resolution Monitoring | Actions and Adaptive CLI DNS Resolution Monitoring Perform DNS resolution monitoring actions against WBEM-enabled devices by using the following action scripts: • • • • WBEM DNS Record Check executes a dig command from the target WBEM device to query for a DNS record against a specified host name. Inputs include a target host name, the DNS record type, and a match string to test against the dig command results.
DNS Resolution Monitoring | Actions and Adaptive CLI 3 Enter a monitor name and then click the Monitor Option tab. 4 Select any monitor targets. 5 Select the needed WBEM DNS adaptive CLI. a. Click add (+). b. Search for WBEM. c. Select the appropriate action. d. Click Select. OMNM 6.5.
DNS Resolution Monitoring | Actions and Adaptive CLI 6 Set the input parameters. a. Click the input parameters edit icon. b. Enter the host name, record type, and match string. Ignore the Success attribute. It is defined in the action and contains the success value. Success is the attribute that is monitored. c. Click Save. 7 Enable the monitor attribute. a. Click the Monitor Attributes tab. b. Click the attribute’s edit actions icon. c. Select Enabled. d. Click Save. 634 OMNM 6.5.
DNS Resolution Monitoring | Actions and Adaptive CLI 8 Save your monitor. The Resource Monitors portlet displays your monitor. 9 Right-click your monitor and then select Enable. Data appears after a few polling cycles. Now you can create a dashboard to display the polling data over time. You can also copy this monitor to create multiple instances with different parameters. OMNM 6.5.
Basic URL Monitoring | Actions and Adaptive CLI Basic URL Monitoring Monitor the HTTP status of a URL using the Get URL Status of Device action. This action allows you to input a target device, a port, a URL suffix for a sub-site, and select the Https option. This action returns an HTTP status, such as 200 or 501 that can be monitored. NOTE: There is a second action called Get URL Status, which allows you to test the HTTP status of the URL provided as an input. The Get URL Status action is target-less.
Basic URL Monitoring | Actions and Adaptive CLI 4 Select any monitor targets. 5 Select the Get URL Status of Device adaptive CLI. a. Click add (+). b. Search for get URL. c. Select Get URL Status of Device. d. Click Select. 6 Set the input parameters. a. Click the input parameters edit icon. b. Select the Https option. OMNM 6.5.
Basic URL Monitoring | Actions and Adaptive CLI c. Enter the port and URL suffix. Ignore the HTTP Status Code parameter. It is defined in the action containing the resulting status. The HTTP Status Code is the attribute that is monitored. d. Click Save. 7 Enable the monitor attribute. a. Click the Monitor Attributes tab. b. Click the attribute’s edit actions icon. c. Select Enabled. d. Click Save. 8 Save your monitor. The Resource Monitors portlet displays your monitor.
TCP Port Monitoring | Actions and Adaptive CLI TCP Port Monitoring Monitor the TCP port status using the following action scripts, which allow you to input a target and a target port: • • TCP Port Status by Managed Device allows you to set a specific TCP port after choosing one or more managed device targets. TCP Port Status by Host Name or IP allows you to set a specific port number and a target IP address or host name. Each action returns a success or failure value that can be monitored.
TCP Port Monitoring | Actions and Adaptive CLI 3 Enter a monitor name and then click the Monitor Option tab. 4 Select any monitor targets. 5 Select the TCP Port Status by Managed Device adaptive CLI. a. Click add (+). b. Search for TCP. c. Select TCP Port Status by Managed Device. d. Click Select. 640 OMNM 6.5.
TCP Port Monitoring | Actions and Adaptive CLI 6 Set the input parameters. a. Click the input parameters edit icon. b. Enter the TCP port parameter. Ignore the Success parameter. Success is the value defined in the action and indicates success or failure. This is the attribute being monitored. c. Click Save. 7 Enable the monitor attribute. a. Click the Monitor Attributes tab. b. Click the attribute’s edit actions icon. c. Select Enabled. d. Click Save. OMNM 6.5.
TCP Port Monitoring | Actions and Adaptive CLI 8 Save your monitor. The Resource Monitors portlet displays your monitor. 9 Right-click your monitor and then select Enable. Data appears after a few polling cycles. Now you can create a dashboard to display the polling data over time. You can also copy this monitor to create multiple instances with different parameters.
TCP Port Monitoring | Actions and Adaptive CLI 3 Enter a monitor name and then click the Monitor Option tab. 4 Do not set monitor targets. This single host name or IP is set in the following steps. 5 Select the TCP Port Status by Host Name or IP adaptive CLI. a. Click add (+). b. Search for TCP. c. Select TCP Port Status by Host Name or IP. d. Click Select. 6 Set the input parameters. a. Click the input parameters edit icon. b. Enter the host name or IP and TCP port parameters.
TCP Port Monitoring | Actions and Adaptive CLI 7 Enable the monitor attribute. a. Click the Monitor Attributes tab. b. Click the attribute’s edit actions icon. c. Select Enabled. d. Click Save. 8 Save your monitor. The Resource Monitors portlet displays your monitor. 9 Right-click your monitor and then select Enable. Data appears after a few polling cycles. Now you can create a dashboard to display the polling data over time.
12 Serving Multiple Customer Accounts Multitenancy lets you manage your customers’ tenant networks from a central OpenManage Network Manager system while at the same time providing them with secure access to their specific resources. OpenManage Network Manager does this with a two-tiered customer multitenant service provider (MSP) model, assigning each customer a specific security domain for their specific resources.
Configuring Chat for Multitenancy | Serving Multiple Customer Accounts Configuring Chat for Multitenancy Sometimes you may see Colleagues not members of a tenant site in the tenant site’s status bar. This is not necessary. To change this so only tenant site personnel appear in the Colleagues panel, do the following: 646 1 In Control Panel, under Portal > Users and Organizations, click the link under Name to the tenant site. 2 With the Actions button in the relevant User's field, select Edit.
Configuring Multitenancy, Site Management and Access Profiles | Serving Multiple Customer Accounts Configuring Multitenancy, Site Management and Access Profiles OpenManage Network Manager can support multiple client organizations from a single instance. It can also constrain data access for logged on users depending on the client organization to which they belong. To implement multitenancy, follow the How to: Create a Multitenancy Environment on page 648 below.
Configuring Multitenancy, Site Management and Access Profiles | Serving Multiple Customer Accounts Provisioning Site-Creating User Permissions The user(s) allowed to create tenant sites with Site Templates and the other features documented here are typically Administrators.
Configuring Multitenancy, Site Management and Access Profiles | Serving Multiple Customer Accounts Access this portlet by selecting the Settings > Site Map menu option. Creating an Access Profile Template 6 Access Profile Templates configure tenant site access to various capabilities. These templates provide an easy way to grant levels of access to resources (for example: bronze, silver, gold) to your customer base too.
Configuring Multitenancy, Site Management and Access Profiles | Serving Multiple Customer Accounts 8 If you want to confine discovered devices to a particular tenant site, right-click them in the master site’s Managed Resources. Right-click a device and select Manage > Domain Access Control to see the menu of available tenant sites. By default, only devices either discovered for an assigned site, or those explicitly assigned with this procedure appear in tenant sites.
Configuring Multitenancy, Site Management and Access Profiles | Serving Multiple Customer Accounts Supported Portlets The following portlets are Multitenancy-supported.
Site Management | Serving Multiple Customer Accounts Site Management This portlet configures customer sites and organizations, including an administrative user for customer sites who can configure additional user accounts within the site. Optionally an organization can have its own website customize-able with non-standard graphics.
Site Management | Serving Multiple Customer Accounts Login Restrictions The site management portlet lets you restrict access to configured network domains. Select the configuration icon (the wrench) which opens the Global Site Settings dialog. Here the administrator can add networks that the primary site’s central domain users can login from, or exclusions of things like a proxy server within one of the permitted networks which allows external access to the web server.
Site Management | Serving Multiple Customer Accounts You can also Deactivate or Delete a site listed there. These functions supplement the Site Management portlet and Site Management Editor described in this document. Portal > Site Templates Multitenancy uses Site Templates configured in Control Panel to configure new tenant sites. You can select a Site Template or Page Template when you create a new tenant site. The following describes how to create a new Site Template.
Site Management | Serving Multiple Customer Accounts 6 Click Manage Pages to see the tenant site’s page setup in tree form on the left, and more editor options on the right and center (for example, alter the look and feel, Logo and so on)[ 7 Click Add Page to create a new page. By default, new pages appear below the root node on the tree at the left, but you can drag and drop them to any new location.
Site Management | Serving Multiple Customer Accounts 2 Click add (+) to add a page Page is added at the bottom of the displayed Private Pages hierarchy tree. 3 Drag the menu item to a desired location if necessary. 4 Click save in the details panel on left. The page is now added in the vertical menu. Portal > Page Templates This lets you edit a single page template as you would several pages in Portal > Site Templates.
Site Management | Serving Multiple Customer Accounts Site Management Editor This editor lets you configure customers, site administrators and their organizations. It has the following fields and labels: Organization Settings Name— A unique name for the customer’s organization. Foreign ID—An optional identifier for the customer’s organization. Screen Name Prefix— Enter a screen prefix for the customer. The prefix must be unique within the system.
Site Management | Serving Multiple Customer Accounts Authoritative User These fields configure the tenant site’s administrator. The user information entered here automatically configures a user in OpenManage Network Manager. First/Last Name—The name of the administrator. Screen Name—The screen name of the administrator. Email Address— The e-mail address of the administrator. Password— The administrator’s password. Site Administrator— This grants the user site administration privileges.
Access Profile Templates | Serving Multiple Customer Accounts Access Profile Templates Configure data access for Multitenant Service Providers (MSPs) through an Access Profile (AP), configured in these portlets as described in AP Editor/AP Template Editor on page 660, or more accurately, in that AP Template plus whatever customization you configure for Site Management when you assign it an AP. An AP describes which entities within the system a site can access.
Access Profile Templates | Serving Multiple Customer Accounts AP Editor/AP Template Editor These editors let you create and modify Access Profiles for single sites and Templates that may apply to several sites. To standardize access profiles across multiple customers, create a template. Right-click a site in the Site Management portlet to see the Access Profile Editor, where you can select templates. Right-click in the Access Profile Templates portlet and select New to create a template.
Access Profile Templates | Serving Multiple Customer Accounts This AP applies to users created in the base domain as well as those created within an organization. Those capabilities include assigning permissions directly to an individual user or to a user group. Any user within the group inherits group-assigned permissions. OMNM 6.5.
User Site Access | Serving Multiple Customer Accounts User Site Access By default, users can access only one Multitenant site. If your network has users who need to see more than one site, you can configure such User Site Access in this portlet. Right-clicking in this portlet offers the following menu items: New —Create a new mapping of a user to a set of sites. When you click this, a screen appears where you can select a user already configured in the system.
User Site Access | Serving Multiple Customer Accounts How To: Configure User Site Access Follow these steps to configure User Site Access: 1 If you have not previously configured Multitenant sites, you must do so before configuring User Site Access. See How to:Create a Multitenancy Environment on page 648 for step-bystep instructions about how to do that. 2 Create any user(s) for whom you want to configure access. 3 Configure those user(s) permissions.
Constraining Data Access | Serving Multiple Customer Accounts Constraining Data Access Constraining data access for a site involves two primary mechanisms: Site ID Filtering, also referred to as Domain Id filtering, and the kind of filtering provided by Access Profile Templates. The following diagrams how multitenancy can work.
Constraining Data Access | Serving Multiple Customer Accounts The one exception to this rule of filtering is that, from the MSP's perspective, no Site ID limits the visible data set, regardless of the organizational site. Inventory entities only exist within a single site since they hold a single site ID.
Constraining Data Access | Serving Multiple Customer Accounts 666 OMNM 6.5.
13 VLAN Visualization VLAN Visualization provides you the ability to collect, display, and report on VLAN related data throughout all the managed devices in your network. The collected data can be consumed in various ways, including table, topographical, and report based formats. Collecting the Data – 668 VLAN Visualization Portlets – 670 Working with VLAN Domains – 673 Consuming VLAN Data – 679 OMNM 6.5.
Collecting the Data | VLAN Visualization Collecting the Data The first step in utilizing the VLAN Visualization feature is to collect the data that is needed. This can be done in one of two ways. Get VLAN Data Executed as an Action In the first method, the "Get VLAN Data" action can be run from the Actions portlet (which is found, by default, under the "Resources" page: When executing the "Get VLAN Data" action in this method, you will be presented with a list of managed devices.
Collecting the Data | VLAN Visualization Adding Get VLAN Data Action to a Discovery Profile The second way you can have the "Get VLAN Data" action executed against a device, is by including it in the list of actions that are to be executed in your Discovery Profile, when discovering a device. NOTE: VLAN Data is collected and stored in the database at the time collection is run.
VLAN Visualization Portlets | VLAN Visualization VLAN Visualization Portlets After having executed VLAN data collection, you are now ready to work with the data that has been collected. Adding VLAN-Related Portlets to Your Views VLAN Visualization consists of four portlets (VLAN Domains, VLAN Domain Assignment, VlANs, and VLAN Memberships) that can be added to your view(s) in any manner that you see fit. You may create a new page or add these to an existing page from Add> Applications in the menu.
VLAN Visualization Portlets | VLAN Visualization VLANs Portlet The VLANs portlet displays the current list of all VLANs that known on your network. Each entry in the table will have data for: • • • • • "VLAN Domain - The VLAN Domain that this VLAN is considered to be a part of (Please see the "Working with VLAN Domains" section for more information regarding the notion of "VLAN Domains".) "VLAN ID - The ID of the VLAN. "Name - The name of the VLAN that was captured from the device during data collection.
VLAN Visualization Portlets | VLAN Visualization VLAN Domains Portlet The VLAN Domains portlet displays all data for the "VLAN Domains" that have been created. A VLAN Domain is a concept that we have included in order to allow the user to specify that equipment being managed may be from different labs, different customer sites, etc. that are not in the same network.
Working with VLAN Domains | VLAN Visualization Working with VLAN Domains As previously mentioned, due to the fact that when collecting VLAN data from a particular device, it is impossible to tell one "VLAN30" apart from a "VLAN30" that might be on a different device one that is not networked to the first device in any way - the concept of a "VLAN Domain" has been introduced. By making use of these VLAN Domain Assignments, you can inform the software when one "VLAN30" is separate from another "VLAN30".
Working with VLAN Domains | VLAN Visualization Default VLAN Domain A Default VLAN Domain is seeded automatically. It cannot be deleted, and any piece of equipment that is not specifically assigned to a different VLAN Domain will be assumed to be on this Default Domain. Assigning to a VLAN Domain Now that you have a created a VLAN Domain, you are able to assign equipment to it. Assignment can be performed at any level.
Working with VLAN Domains | VLAN Visualization Once you have finished adding selections, and clicked "Done", you will then be presented with a dialog that will allow you to select which VLAN Domain you wish to assign your selected equipment to. Clicking the "Click to Select" button will present you with a list of all existing VLAN Domains to choose from.
Working with VLAN Domains | VLAN Visualization To illustrate this, let us consider the following example. Assume you have two devices, "Device1", and "Device2". On both of them, VLANS 10, 20, and 30 exist. If you had run the "Get VLAN Data" action against Device1 and Device2, and ports/interfaces on Device1 and Device2 were tagged/untagged in those VLANs, you would find the following: • • • VLANs 10, 20, and 30 would exist , and entries for them would be visible in the "VLANs" portlet.
Working with VLAN Domains | VLAN Visualization Cascade VLAN Domain Assignment In order to simpify assignment of equipment to VLAN Domains, is the concept of "Cascade" assignment. The "Cascade" option can be selected when executing the "Assign to VLAN Domain" action. When this option is selected, the VLAN Domain Assignment will cascade throughout all other VLAN ports on a given device, and all devices linked to that one.
Working with VLAN Domains | VLAN Visualization • • The cascade will then check to see if there are any other devices that are linked to the initially selected device. If there are, it will check to see if those devices have VLAN traffic - from the VLANS that are considered to be in play - passing over them (VLAN data is assumed to be going over a link if both endpoints have at least one shared VLAN - from the VLANs that are in play - on them).
Consuming VLAN Data | VLAN Visualization Consuming VLAN Data After having assigned equipment to VLAN Domains, and having executed the "Get VLAN Data" for the desired devices, you are then able to view/work with the data that has been collected. There are several places in which the data is available, and they will be discussed here. VLAN Portlets The previously covered VLAN Portlets (VLAN Domains, VLAN Domain Assignments, VLANs, and VLAN Memberships) will be populated with all known/collected data.
Consuming VLAN Data | VLAN Visualization You will also find context sensitive VLAN Membership data available in the Details for port/ interfaces. 680 OMNM 6.5.
Consuming VLAN Data | VLAN Visualization In addition to this, the Details pages for VLAN Domains, and VLANs also contain contextsensitive listings. OMNM 6.5.
Consuming VLAN Data | VLAN Visualization Visualization In addition to viewing the data it table based representations, VLANs can be visualized in a topographical representation. To do this, select the VLAN that you wish to Visualize from the VLANs portlet, and select the "Visualize" option. Upon doing this, you will be presented with a topographical view of all devices, ports, and interfaces that are members of the selected VLAN.
Consuming VLAN Data | VLAN Visualization OMNM 6.5.
Consuming VLAN Data | VLAN Visualization Saving a View Layout of the nodes/edges is handled on a best-effort basis. It is possible, however, for a user to manually arrange the nodes in manner they desire, and to then save this view for future use. To do this, drag the nodes to their desired location, and then select the "Save this view to the associated context" option from the toolbar at the top of the Visualizer.
Consuming VLAN Data | VLAN Visualization Visualization of multiple VLANs is exactly the same as visualization of a single VLAN, with the exception that all memberships for both VLANs are displayed. Reporting VLAN, VLAN Membership, VLAN Domain, and VLAN Domain Assignment data is available for use within the standard Reporting features. To make use of it, Report Templates containing the desired VLAN data can be created, Reports using those templates can be constructed, and those Reports can then be executed.
Consuming VLAN Data | VLAN Visualization For more information on working with Reports, please see the associated section in User Guide. 686 OMNM 6.5.
14 Troubleshooting This section covers the following troubleshooting topics: Troubleshooting Your Application – 688 WMI Troubleshooting Procedures – 715 Additional WMI Troubleshooting – 723 jstack Debugging in Windows 7 – 724 FAQs about Monitoring Mediation Servers – 725 Linux Issues – 727 Device Prerequisites – 731 Adaptive CLI FAQs – 737 Server Information – 738 Environment/Operating System Issues – 739 Upgrade Installations – 741 OMNM 6.5.
Troubleshooting Your Application | Troubleshooting Troubleshooting Your Application The following describes troubleshooting steps from installation to execution of this application. Installation logs are in the directory $OWARE_INSTALL_ROOT. Log files are setup.log, app_setup.log, and db_setup.log (this last log does not appear if you install an Oracle database).
Troubleshooting Your Application | Troubleshooting Mini Troubleshooting Suggested mini-troubleshooting steps for a balky application that is already installed and running: 1 Refresh the browser. If that does not work... 2 Clear the browser’s cache (Firefox in particular loves persistent old pages), then refresh. When you see a difference between direct access behavior between browsers on two different machines, delete temporary internet files. In Windows, open control panel, and open Java.
Troubleshooting Your Application | Troubleshooting Troubleshooting Adobe Flash Installing the latest Flash version is a part of OpenManage Network Manager’s requested prerequisites. When Flash is not installed on the browser, things like System Topology, selecting a license file, importing a file, selecting an OS image to import, and so on, do not work. Selection dialogs require installed Flash to select files from the local system.
Troubleshooting Your Application | Troubleshooting Installer Failure • The installer fails, and you are installing on Windows 2012 (this error appears: Installer User Interface Mode Not Supported. Workaround: Right-click the win_install.exe file, and, in Properties, select compatibility mode for Windows 7 or Vista before (re)initiating installation. • If you created an installation CD from unzipped package: -CD formatting limitations can truncate file names to eight characters -Setup.
Troubleshooting Your Application | Troubleshooting 3. Modify oware.appserver.ip property in file [installation root]\oware\synergytomcat-x.x.x/webapps/ROOT/WEB-INF/classes/ portal-ext.properties. 4. Verify the file does not specify the old IP anywhere else. If it does, replace with new IP address and save. 5. Next, modify the IP address in any shortcut URL properties and click OK. [installation root]\oware\synergy\tomcat-x.x.xx\bin\portal.url (Web Document tab) 6.
Troubleshooting Your Application | Troubleshooting Application Server Does Not Start To find application server issues, search the server log (\oware\jbossx.x\server\oware\log\server.log) file for the word error. Review the log for the first error or exception. This is typically the item that needs to be resolved and the most relevant for troubleshooting information.
Troubleshooting Your Application | Troubleshooting 1 Re-apply vmlicense.xml located in the /home/synergy directory 2 Apply the Dell EMC generated SKU license if you received one. For Non Virtual Appliance: 1 Re-apply the license.xml file located in the ..\OpenManage\Network Manager directory 2 Apply the Dell EMC generated SKU license if you received one.
Troubleshooting Your Application | Troubleshooting 3 Select the Security tab. 4 Click Edit Site List 5 Click Add 6 Type the OpenManage Network Manager URL (example: http://192.168.0.51:8080/ . Best practice is to use the IP address of the application server, not localhost or 127.0.0.1) 7 Click OK and Continue. 8 Apply this change, and/or click OK. Logon Fails with Invalid Logon Message When you enter your User Id and Password in logon dialog and click Logon, an Invalid Logon message appears.
Troubleshooting Your Application | Troubleshooting More Failures on Startup • Failure to connect with a database can occur when... –The Oracle instance not running –Oracle or separate MySQL lacks connectivity. Use pingdb -u -p to check. Default user/password for MySQL: root/dorado –Oracle database is not built, or you have not completed its installation –MySQL not running (it should start automatically) –Your firewall blocks ports the database needs. –You see ERROR...java.lang.
Troubleshooting Your Application | Troubleshooting Multi-NIC Host Fails to return to the portal—When you click the Return to ... link from Control panel, some unexpected URL appears in the browser. To see the root of this problem, go to Portal > Portal Settings and compare the Virtual Host entry to the application server’s IP address. If they are different, then DNS has two different IP addresses associated with the same hostname.
Troubleshooting Your Application | Troubleshooting Backup/Restore/Deploy See Backup/Restore/Deploy on page 703 • • • • • • Is your FTP server installed, up and running? Is that FTP server on the same side of the firewall as the devices it addresses? Does the device support the type of backup (FTP, SFTP, TFTP) you are attempting? Do your authentications grant privileged access? The prompt is typically #, not > at this level of access.
Troubleshooting Your Application | Troubleshooting • • To isolate the source of performance difficulties, does un-registering Traffic Flow exporters, or turning off monitors have an impact? Not receiving flows in Traffic Flow Analyzer? Make sure that router/switch is configured to send sFlows using port 6343 and NetFlow/jFlows using port 9996. Hardware See Environment/Operating System Issues on page 739.
Troubleshooting Your Application | Troubleshooting Upgrade/Data Migration Fails I. Unexpected Database Behavior after Upgrade: If you observe unexpected behavior after an application upgrade, review installation logs. Confirm evidence appears that the upgrade executed dbevolve. If not... Solution: Execute the following steps 1 Shut down the application. 2 Open a shell/command prompt on (the primary) application server. 3 Execute command dbpostinstall.
Troubleshooting Your Application | Troubleshooting Communication Problems Firewalls may interfere with necessary communication between elements within or monitored by your system. Best practice when installing is to bring the firewall down, install, then once you have confirmed the installation runs, bring the firewall up with the appropriate ports open. (See Resolving Port Conflicts on page 712, also see Ports Used on page 1021 and Ports and Application To Exclude from Firewall on page 1034.
Troubleshooting Your Application | Troubleshooting WMI If you are discovering WMI systems on your network, the following may be helpful. 1 Launch the wmiutil.exe command line tool from \owareapps\wmi\bin\" 2 You need to supply a user and a password along with an IP or hostname Typing wmiutil.exe with no arguments returns launch the WMIUtil User Interface. c:\Dorado\owareapps\wmi\bin\wmiutil.exe -user -password host Typing wmiutil.
Troubleshooting Your Application | Troubleshooting branch. Navigate to ENTITY-MIB entPhysicalTable details and export/save this branch. Attach the exported files to e-mail to support, or to a trouble ticket. The following describe additional discovery issues. HTTP Authentication Often, an HTTP session with devices that support it exchanges data with the device after discovery. This process fails if the HTTP Authentication information is incorrect.
Troubleshooting Your Application | Troubleshooting When you use the file backup (NetConfig) option, the internal FTP/TFTP server is provided for testing, not production; do not use it. External FTP servers are essential for performance reasons, and, if necessary, the network equipment using FTP to send/receive configuration files must have FTP enabled. NOTE: If you have separate FTP and TFTP servers, they must read/write to the same directory.
Troubleshooting Your Application | Troubleshooting Alarm/Performance/Retention If you install your system to monitor alarms, and experience sluggish performance or a rapidly filling database, several remedies are available. • • • Configure “chatty” devices emitting many alarms to stop doing so.
Troubleshooting Your Application | Troubleshooting Using this software’s features, you can create alarms and reports for each. Best practice is to use both polling and event-based protocols. Tune the polling frequency and event granularity for the specific environment, topology, bandwidth, and notification needs. See the specific Monitor performance recommendations.
Troubleshooting Your Application | Troubleshooting Reports • I created a report and didn't specify a location. Where's my report? Solution: The default location for reports is /oware/temp/reportfw under the installation root. Report Missing Data This software limits reports to 5000 rows by default when saving reports to the database (Save checkbox checked). This limit does not apply when not saving and only exporting the report.
Troubleshooting Your Application | Troubleshooting Solution: Verify the Portal Oracle database password has not expired. By default, netview is the default user to connect to database. This appears in /opt/dorado/oware/synergy/tomcat[version]/webapps/ROOT/WEB-INF/classes/portal-ext.properties jdbc.default.username=netview jdbc.default.password=dorado Connect using SQL*Plus to set new password, you can even use the same password you had earlier. $ sqlplus SQL*Plus: Release 11.2.0.1.
Troubleshooting Your Application | Troubleshooting 3 Edit the [installation root]\oware3rd\mysql\[version number]\my.cnf file. Review database size configuration and add another data file to extend size as needed. Save file. For example: Change: innodb_data_file_path = /ibdata/ibdata1:1024M:autoextend:max:10500M To: innodb_data_file_path = /ibdata/ibdata1:1024M;/disk2/ ibdata2:1024M:autoextend 4 Restart MySQL. You can also refer to the following link additional detail: dev.mysql.com/doc/ refman/5.
Troubleshooting Your Application | Troubleshooting • • • • • Execute pingdb to test database connectivity. Check network interfaces and connectivity between application server and database. Try connecting with MySQL Workbench or other tool. Verify database is up and healthy. Verify database login/password has not changed or expired (default user/password: root/ dorado) IV “Too Many Connections” Error. Ironically, this error may indicate the max_connections parameter in your my.cnf files is too small.
Troubleshooting Your Application | Troubleshooting Debug When an error appears in logs (see Logs on page 713) it indicates for which Java class you need to increase the level of logging if you want debugging information. You can change logging levels to get additional (debug) information. NOTE: Best practice is to now alter Log Categories in the Application Server Statistics portlet by clicking that button. This alteration simplifies editing log4j.
Troubleshooting Your Application | Troubleshooting To see what categories are available, look in \oware\jboss-x.x.x\server\ oware\conf\log4j.xml. This file concatenates all logging categories, but is generated, and should not be changed. When application server starts, it detects logging levels in these categories and concatenates them into the server's log4j.xml from *log4j.xml files in the server\conf directories of installed components under owareapps.
Troubleshooting Your Application | Troubleshooting Logs You can execute the getlogs script to package relevant logs if you need technical support. Run this script in a command shell where you have sourced the Oware environment (in Windows Start > Run cmd, then run oware, or in Linux . /etc/.dsienv, and then invoke the getlogs script). This script creates a logs.jar file in the root installation directory, and moves any existing copy of logs.jar to oware\temp.
Troubleshooting Your Application | Troubleshooting # This property defines how many days to retain the client's # log files. Files older than the specified age are purged. # Setting the property to a negative value disables log file deletion. # The default is 7. redcell.log.files.retention.
WMI Troubleshooting Procedures | Troubleshooting WMI Troubleshooting Procedures The following sections describe troubleshooting common WMI problems. To monitor with WMI, the following must be true: • • WMI must be enabled on the remote, monitored server and functioning properly. The remote server must be accessible through a Remote Procedure Call (RPC) connection to run WMI queries. If your system does not meet these conditions WMI displays an Unknown status.
WMI Troubleshooting Procedures | Troubleshooting 716 3 Enter \root\cimv2 in the field at the top of the dialog box next to the Connect button. 4 Click Connect. 5 Click the Enum Classes button. 6 Select the Recursive radio button. Leave the superclass name blank, and then click OK. OMNM 6.5.
WMI Troubleshooting Procedures | Troubleshooting 7 If the WMI classes you are querying appear in this list, local WMI services are functioning correctly. 8 If the list does not appear or does not contain the desired WMI class, WMI is not functioning correctly. Continue reading this section for guidance on repairing WMI services on the target server. 9 Click Exit. 10 If you did not see the desired classes, Reset the WMI Counters, and re-test until those classes appear.
WMI Troubleshooting Procedures | Troubleshooting 4 Enter the appropriate administrator user name in the User field, the password in the Password field, and NTLMDOMAIN:NameOfDomain in the Authority field. Replace NameOfDomain with the domain of the user account specified in the User field. 5 Click Connect. 6 Click Enum Classes. 7 Select the Recursive radio button without entering a superclass name, and then click OK. 8 If the WMI class list appears, remote WMI is functioning correctly.
WMI Troubleshooting Procedures | Troubleshooting WMI Namespaces— Modify the CIMV2 security to enable and remote enable the account used to access the server or workstation through WMI. You must ensure the security change applies to the current namespace and subnamespaces. For more information, see Enabling Account Privileges in WMI on page 720. User Account Control—Remote UAC access token filtering must be disabled when monitoring within a workgroup environment.
WMI Troubleshooting Procedures | Troubleshooting 7 Click Edit Default, and then confirm the user account collecting WMI statistics has Local Access and Remote Access, then click OK. 8 Click Edit Limits in the Launch and Activation Permissions grouping. 9 Ensure the user account collecting WMI statistics has Local Launch, Remote Launch, Local Activation, and Remote Activation enabled, and then click OK.
WMI Troubleshooting Procedures | Troubleshooting –Remote Enable 6 Click Advanced, and then select the user account that accesses this computer. 7 Click Edit, select This namespace and subnamespaces in the Apply to field, and then click OK. 8 Click OK on the Advanced Security Settings for CIMV2 window. 9 Click OK on the Security for Root\CIMV2 window. 10 Click Services in the left navigation pane of Computer Management.
WMI Troubleshooting Procedures | Troubleshooting WMI Authentication If the above troubleshooting has been done correctly, ensure the authentication credentials for the WMI device in Resources match those for an administrator. Select the device in the Resources screen, and click action > Open (or right-click and select Open). Go to the Authentication node of the tree, and confirm that the correct authentication objects appear there. 722 OMNM 6.5.
Additional WMI Troubleshooting | Troubleshooting Additional WMI Troubleshooting The above discusses the most common errors behind WMI failures. After trying these, if you are unable to get WMI services working, consult the following articles about this subject on Microsoft’s Technet and Developer Networks: • • • WMI Isn’t Working!: Troubleshooting Problems with WMI Scripts and the WMI Service. (See www.microsoft.com/technet/scriptcenter/topics/help/wmi.
jstack Debugging in Windows 7 | Troubleshooting jstack Debugging in Windows 7 Technical assistance sometimes uses the jstack stack trace tool to debug problems in this software. When you install application server to run as a service (autostart), the user SYSTEM owns the application server process. You also cannot log into Windows 7 as user SYSTEM. For security’s sake, no other user can access a service running as the SYSTEM user in later Windows 7 kernels.
FAQs about Monitoring Mediation Servers | Troubleshooting FAQs about Monitoring Mediation Servers After making a UDP-based JGroups discovery request and receiving a response from an application server in the cluster, each mediation server makes an RMI (TCP) call to an application server every 30 seconds.
FAQs about Monitoring Mediation Servers | Troubleshooting located in $OWARE_USER_ROOT/oware/jboss-x.x.x/owareconf/clusterservice.xml. Shunning can be disabled by replacing all shun=’true’ instances with shun="false". A flow control option also exists which regulates the rate of cluster communication to compensate for one server being slower in processing cluster requests than another.
Linux Issues | Troubleshooting Linux Issues The following are issues with Linux installations: • • Install in /opt/dorado, unzip package in, for example, /opt/installs, not /opt/ dorado. Linux (executed as the root user) uses this command: /etc/init.d/owaredb start You should see the following response in the shell where you execute this command: Starting MySQL[ • OK ] If you experience problems with discovery, and see errors on startup similar to the following: [com.dorado.core.mediation.snmp.
Linux Issues | Troubleshooting 2 If TOP reveals an excessive and abnormally high memory usage for the application java process, you may need to restart your application server and evaluate installed/available memory with regard to your sizing and application usage requirements. Install more server memory as needed. II. Genuine memory issues appear if logs contain an error like java.lang.
Linux Issues | Troubleshooting Refer to the OpenManage Network Manager Installation Guide for Linux installation and upgrade instructions and best practices. Linux syslog not displaying Application does not display syslog messages. On Linux based platforms, under certain circumstances, a race condition at application startup may impact syslog event/messaging functionality. If syslog messages are not displaying as expected, please apply the following workaround to restore functionality.
Linux Issues | Troubleshooting 4 And Uncomment CAUTION: Make sure you modify stack "tcp" section, not "tcp-sync" section Example:
