Академический Документы
Профессиональный Документы
Культура Документы
HP ExpertOne
Rev. 14.41
Course #: 00925084
Part #: 00925084S11410
BitSpyder - The Culture of Knowledge
BitSpyder - The Culture of Knowledge
HP ExpertOne
Rev. 14.41
Course #: 00925084
Part #: 00925084S11410
BitSpyder - The Culture of Knowledge
Contents
Module 0 - Introduction..........................................................................................................Intro-1
Objectives...................................................................................................................Intro-1
Course Agenda..........................................................................................................Intro-2
Prerequisites..............................................................................................................Intro-5
Course schedule........................................................................................................Intro-6
Introductions...............................................................................................................Intro-7
Module 1 - Designing Your Network Management Architecture for Success..............................1-1
Objectives........................................................................................................................1-1
Needs for integrated network management....................................................................1-2
Network management design overview...........................................................................1-3
Design.............................................................................................................................1-4
Requirements..................................................................................................................1-6
FlexNetwork Benefits...........................................................................................1-9
FlexFabric..........................................................................................................1-10
FlexCampus.......................................................................................................1-12
FlexBranch.........................................................................................................1-13
FlexManagement...............................................................................................1-15
Stakeholders..................................................................................................................1-17
IT STAFF...........................................................................................................1-17
OPERATIONS STAFF.......................................................................................1-18
EXECUTIVES....................................................................................................1-18
Stakeholder wants.........................................................................................................1-20
Stakeholder needs.........................................................................................................1-21
Stakeholder desires.......................................................................................................1-22
Standards......................................................................................................................1-23
Policies..........................................................................................................................1-24
Security..........................................................................................................................1-25
Single pane-of-glass management................................................................................1-26
IMC features..................................................................................................................1-27
Answer the hard questions............................................................................................1-30
IMC and integration.......................................................................................................1-32
Module 2 - IMC Technical Design...............................................................................................2-1
Objectives........................................................................................................................2-1
Overview..........................................................................................................................2-2
IMCs Service-Oriented Architecture (SOA) ....................................................................2-3
HP IMC: modular and scalable............................................................................2-3
HP IMC: open and extensible APIs.....................................................................2-4
Providing a path to the cloud...............................................................................2-4
BitSpyder - The Culture of Knowledge
Introduction
Module Intro
Objectives
This module introduces the IMC Essentials 7.0 course.
This course will:
Introduce you to the available IMC products and modules
Prepare you to install IMC
Help you navigate the IMC graphical interface
Help you manage and monitor devices in IMC
Course Agenda
Introduction
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Introduction
Prerequisites
d.
Basic CLI usage of HP switches is required for this class, since certain basic
te
configuration and troubleshooting tasks are performed from the CLI in the Lab
i bi
Activities.
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Course schedule
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure Intro-7. Course schedule.
rt
pa
This is a five-day course. The above is a tentative schedule of what modules and
in
labs youll be covering on each day.
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Introduction
Introductions
d.
te
i bi
oh
Figure Intro-8. Introductions.
pr
is
Please introduce yourself to the class when your instructor prompts you.
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Objectives
d.
te
HPs Intelligent Management Center (IMC) is a standards-based SNMP
bii
management platform. A Network Management System (NMS) such as IMC is
oh
most effective when deployed into a planned architecture.
pr
is
In this module you will learn why it is important to plan a Network Management
on
Architecture (NMA) design. An effective design should consider the stakeholders
si
or those with an interest in the services or visibility provided by the NMS. We will
is
m
consider the requirements and expectations of the stakeholders and classify their
er
desires as needs and wants.
tp
ou
The NMA design must account for existing standards and policies and plan for
ith
improvement or extension of these policies. Security considerations are a primary
w
driver for the NMA and modifications of standards and policies.
rt
pa
in
After completing this module, you should be able to:
or
ho
deployment
in
n
solution
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 1
BitSpyder - The Culture of Knowledge
d.
branches
te
ibi
oh
pr
is
on
Remote
Campus Campus
si
Wireless offices
is
LAN LAN Core
and
m
LAN
er
branches
tp
ou
ith
w
Figure 1-2. Why network management integration is needed.
rt
pa
Network Management requires support for protocols that allow insight into your
in
assets. These assets can be network equipment such as switches, routers,
or
wireless and firewalls. But with IMC, management of devices in the network can
le
ho
include servers, desktops, UPSs - anything from which you can gather Simple
w
inform one about the status of the network and are important in maintaining
du
management tools
er
integration
St
&L
needed.
P
H
1 2 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
Figure 1-2. Network management architecture components.
on
Designing the network management architecture requires a variety of inputs from
si
is
several differing and diverse personnel within your organization. Effective network
m
management allows scaling of your operation staff by providing improved insight
er
tp
into the status of operations and a comparison to its operations over time.
ou
The ability to compare and review historical data introduces a level of insight not
ith
typically found when checking real-time information provided by command line
w
tools. A well designed NMS provides quick access to the data that aids resolution.
rt
pa
Alarming to failures or thresholds brings a more pro-active management style to
network operations. Finally, reporting of the data allows for everyone to see the
in
state of the network and operations allowing for actions regarding capacity and
or
The remainder of this module will focus on the five components to a good network
w
management architecture:
in
n
Design
tio
Requirements
du
Standards
ro
Policies
ep
Integration
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 3
BitSpyder - The Culture of Knowledge
Design
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 1-3. Design components.
w
rt
pa
Network Management requires support for protocols that allow insight into your
in
assets. These assets can be network equipment such as switches, routers,
or
wireless and firewalls. With IMC, you can also discover and manage additional
le
devices such as servers, desktops, and UPSs or anything from which you can
ho
Implementation
c
du
Deployment
ro
Operation
ep
R
Maintenance
.
ly
focusing on the items that inform one about the status of the network and are
s
er
since different products have different capabilities and product support. Choosing a
St
product that can scale to thousands of devices of different types (like servers
&L
impossible task. Your network might be static today, but the future can bring all
kinds of networking changes. Your NMS must support an implementation to allow
for these changes and growth.
Once youve decided on a product, how the product is deployed and how to import
devices into the product is important: you dont want to spend hundreds of hours
discovering devices, ensuring devices are policy compliant, and providing
resiliency and redundancy for your NMS and network.
1 4 Rev. 14.41
BitSpyder - The Culture of Knowledge
Once youve initially set up your NMS and have created a baseline, you need to
monitor and manage your network:
How easy is it to make a policy change that will impact networking
components in a specific area, like the access switches in a campus building?
How easy is it to rollback configure changes?
How easy is it to prioritize problems as they occur?
d.
How easy is it to assign and track tasks to administrators responsible for the
te
NMS?
ibi
oh
How easy is it to track security-related events?
pr
Last, you need to maintain your NMS and your networking infrastructure:
is
on
How easy is it to update your NMS without impacting your network?
si
is
How easy is it to backup or restore your NMS?
m
er
How easy is it to scale your NMS based on policy and growth in your network?
tp
How easy is it to backup or restore your networking components?
ou
ith
How easy is it to upgrade networking components using your NMS?
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 5
BitSpyder - The Culture of Knowledge
Requirements
d.
te
bi
i
oh
pr
is
on
Figure 1-4. Requirements.
si
is
Network Management is not just stating things are up or down but why and how
m
important that is to the business. By gathering respective users and administrators
er
tp
across the company to assess expectations for optimal business operations, IT
ou
administrators can identify what must be measured and which areas of an NMS
ith
will have the greatest impact upon business fundamentals. These design decisions
w
are the foundation from which one builds to determine your NMS needs.
rt
Stakeholders can inform IT of what they deem important and that list can be
prioritized. pa
in
Priorities might include:
or
le
Email
ho
w
Accounting
in
Retail Stocking
n
tio
Once it is known what the business wants from IT, IT can produce metrics to
ro
ep
measure these solutions from a performance and availability stand point. Graphs
R
can be created via SNMP and polling tools. Additional steps can be taken to
.
enable alarms for prompt response when things go down or proactive response
ly
on
separated into functional groups such as SAN Fabric, Campus and Branch.
ak
Enterprises that can harness these innovations will have new tools to drive
business advantage and build new opportunities in the global marketplace. When
legacy networks are pushed to the limit, they become fragile, difficult to manage,
vulnerable, and expensive to operate. Businesses whose networks are at this
breaking point risk missing the next wave of opportunity.
1 6 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
connections to support highly mobile virtual workloads.
ibi
As business volumes rise, traffic levels are exploding. Virtualization has taken root
oh
across businesses of all sizes. Today, roughly 20 percent of all workloads are
pr
virtualized, and Gartner expects that this will hit 50 percent by year-end 2012, and
is
continue to grow beyond this level. Traffic within the server rack is expected to
on
grow by 25 times. Steeped in technology at home, business workers have quickly
si
is
acclimated to a rich-media experience and are using video and interactive
m
collaboration tools. By 2013, more than 25 percent of the documents that workers
er
tp
see in a day will be dominated by pictures, video, and audio. New video
ou
applications will push network capacity needs by four to ten times above current
ith
average levels.
w
Legacy networks, with their decade-old architectures, will be crushed by the
rt
pa
onslaught of applications, virtualization, and rich media. Conventional three-tier
in
data center networks cannot meet the security, agility, and performance
or
Mobility has quickly become a right, not a privilege. By 2013, the combined
in
exceed 1.82 billion units. The preferred way to connect will be through wireless
c
du
access applications and content from anywhere to stay productive, and that means
ep
workplace.
.
ly
Yet many enterprises have experienced disappointing results with their existing
on
WLAN deployments because of a poor user experience and a network that doesnt
s
er
scale to meet the demand for mobility. The embrace of smartphones and tablets at
d
work will also break the traditional models for identity management and security
ol
eh
that allow access based on a network port, rather than a users identity.
ak
Todays networks must be designed to meet the unique requirements of the data
St
enterprises will be able to more easily align business initiatives with the underlying
C
network requirements. Enterprises can create functional building blocks that will
P
H
Rev. 14.41 1 7
BitSpyder - The Culture of Knowledge
The HP FlexNetwork Architecture and its functional building blocks (Figure 1) are a
key component of the HP Converged Infrastructure. Enterprises can align their
networks with their business needseven as they changeby segmenting their
networks into four interrelated modular building blocks that comprise the HP
FlexNetwork Architecture: FlexFabric, FlexCampus, FlexBranch, and
FlexManagement.
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
1 8 Rev. 14.41
BitSpyder - The Culture of Knowledge
FlexNetwork Benefits
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 1-5. FlexNetwork benefits.
ou
ith
FlexManagement unifies network management and orchestration. FlexFabric
w
converges and secures the data center network with compute and storage.
rt
pa
FlexCampus unifies wired and wireless networks to deliver media-optimized,
secure, identity-based access and FlexBranch unifies network functionality and
in
services for simplicity in the branch office.
or
le
Intelligent Management Center (IMC). Due to the fact that the FlexNetwork
in
Even with the shift to the cloud, the HP FlexNetwork architecture is ideal for
ro
supporting this move. Enterprises deploying private clouds must implement flatter,
ep
server-to-server virtual machine, and workload traffic flows that are associated with
.
ly
cloud computing. They must also be able to administer and secure virtual
on
enterprises to securely deploy and centrally orchestrate video, cloud, and mobile-
d
optimized architectures that scale from the data center to the network edge.
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 9
BitSpyder - The Culture of Knowledge
FlexFabric
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
Figure 1-6. FlexFabric.
pa
in
HP provides data center networking solutions that improve service levels, ensure
or
business continuity, enable service agility, and reduce capital & operating costs.
le
HP data center networking solutions are built from the ground up to meet the
ho
environments.
in
n
integrated and aligned with servers, storage, software, and power & management
c
du
consolidated, block level data storage. SANs are primarily used to make storage
on
devices, such as disk arrays and tape libraries, accessible to servers so that the
s
devices appear like locally attached devices to the operating system. A SAN
er
typically has its own network of storage devices that are generally not accessible
d
ol
Sharing storage usually simplifies storage administration and adds flexibility since
St
cables and storage devices do not have to be physically moved to shift storage
&L
from one server to another. Other benefits include the ability to allow servers to
C
boot from the SAN itself. This allows for a quick and easy replacement of faulty
P
servers since the SAN can be reconfigured so that a replacement server can use
H
1 10 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
network designs, and tightly integrated management. FlexFabric connects servers
bi
to a virtualized, high-performance, low-latency interconnect that consolidates
i
oh
multiple protocols to dramatically reduce network complexity and cost.
pr
This unique, wire-once approach enables Ethernet and storage networks to be
is
combined into one converged fabric that can easily scale and adapt to changing
on
workloads. Combining intelligence at the server edge with advanced FlexFabric
si
is
management tools, FlexFabric enables virtualization-aware networking,
m
predictable performance, and rapid, secure, business-enabling provisioning of data
er
tp
center resources.
ou
Along with a line of virtualization-optimized HP Blade System-integrated network
ith
connectivity devices (Virtual Connect, Virtual Connect Flex-10, and Virtual Connect
w
FlexFabric), HP offers a complete portfolio of data center networking products,
rt
pa
including Fiber Channel over Ethernet (FCoE)-capable top-of-rack server edge
in
and high-performance, highly scalable aggregation layer and core switch
or
tools to securely and efficiently manage the network, customers can deploy
ho
FlexFabric networks today, while they provide the foundation for future growth.
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 11
BitSpyder - The Culture of Knowledge
FlexCampus
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 1-7. FlexCampus.
w
rt
pa
The HP end-to-end Campus LAN solution is a complete, secure networking
infrastructure that connects users to job-critical services across multi-building
in
campuses. By seamlessly connecting servers, storage, applications and end-users
or
architecture, allows enterprises to converge and secure wired and wireless LANs
c
video applications will push network capacity needs by four to ten times above
ro
ep
improves performance, simplifies the network and cuts costs. Half of the ports in a
ol
eh
architecture, along with the use of Spanning Tree, which impedes performance
St
and network availability. Simplifying the network can reduce the number of discrete
&L
With the HP FlexNetwork Architecture, organizations are free to build their campus
H
networks. They can support user requirements for flexibility and mobility, design
their data center network, and access network to meet those unique requirements.
HP uses industry-standard protocols and protocol implementations at the
boundaries of these network segments, which enables interoperability with the
freedom to customize the network design to specific functional requirements.
1 12 Rev. 14.41
BitSpyder - The Culture of Knowledge
FlexBranch
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Figure 1-7. FlexBranch.
or
le
ho
service, and retain customers and increase revenue. Branch office employees
in
business continuity.
.
ly
on
Despite the critical nature of the branch office, legacy infrastructures often impede
customer service with slow, unreliable access to information and applications. Poor
s
er
WAN performance can prompt employees to store data locally, preventing it from
d
ol
being backed up and putting the business and regulatory compliance at risk if a
eh
local device fails. The high cost of running a branch also prevents most
ak
manage and troubleshoot systems, decreasing productivity, and taking the focus
&L
Many branch offices were built in isolation and may lack the interoperability
P
H
needed to cost-effectively support business activities and growth. They are further
shackled by a complex mixture of legacy network infrastructures that are
expensive to expand and maintain. At a time when competitive requirements
include the implementation of new services such as mobility and unified
communicationsas well as rapid access with enhanced security to applications
and servicesbusinesses struggle to efficiently scale, manage, and secure their
networks. The trend to data center consolidation and remote employee access to
hosted applications is forcing employees to compete for resources across the
Rev. 14.41 1 13
BitSpyder - The Culture of Knowledge
d.
Challenges include inefficient WAN speed is affecting productivity, slowing access
te
to main office file shares, and creating intermittent login problems. Frequent local
bi
i
network issues and a lack of reliable backup are jeopardizing the security of
oh
important customer data. Unreliable printing is forcing frequent reboots to clear the
pr
queue. There is no IT staff on site.
is
on
The HP branch office networking solution converges infrastructure and network
si
applications to dramatically improve performance, simplify deployments, centralize
is
m
management and reduce IT costs. The branch solution is a component in the HP
er
end-to-end enterprise network infrastructure, which optimizes the network for
tp
secure, reliable, high performance application delivery, and a foundation for
ou
converged infrastructure for the extended enterprise.
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
1 14 Rev. 14.41
BitSpyder - The Culture of Knowledge
FlexManagement
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
Figure 1-7. FlexManagement.
in
or
If youre a network or IT administrator, you know the problems: Youre dealing with
le
a growing wave of enterprise video content, and your network is struggling to keep
ho
pace with exponential traffic increases and the shift toward mobile access. Youre
w
in
trying to address the escalating demands of the virtualized and cloud-ready data
n
center. And youve seen how difficultmake that nearly impossibleit is for
tio
network IT to secure and orchestrate services in the virtual cloud and the
c
du
virtualized workplace.
ro
At the same time, your customers expectations are higher. Todays enterprise
ep
users demand constant and immediate connectivity across wired and wireless
R
.
links. They want instant-on access to business applications from their fixed and
ly
on
Keeping pace with these requirements is a tall order for the IT managerone
ol
many organizations find that IT staff time and budget is overwhelmingly devoted to
St
percent of any IT budget is spent just keeping the lights on, leaving less than 30
P
H
Rev. 14.41 1 15
BitSpyder - The Culture of Knowledge
d.
te
Additional node licenses can be purchased to extend the node limit of IMC.
bi
Enterprise platform allows for management of 200 nodes and includes the Network
i
oh
Traffic Analyzer module. It also enables hierarchical management of other IMC
pr
deployments within an organization.
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
1 16 Rev. 14.41
BitSpyder - The Culture of Knowledge
Stakeholders
d.
te
ibi
oh
pr
is
on
si
is
m
er
Figure 1-8. Network stakeholders.
tp
ou
The stakeholders are personnel in the organization who are interested or
ith
concerned with IT operations. By involving them in process, the design for your
w
Network Management Architecture, NMA, will grab a wider audience and enable
rt
more input and feedback into successfully managing IT as a business process.
pa
in
While including all of these different groups is not necessary, each will aid in
or
Others?)
n
tio
IT STAFF
eh
ak
maintaining the NMS.
C
P
Help Desk staff gain insight into issues that usually require relay of
H
information from Network Operations. With their input, the proper classification
of assets and alarms can be defined and allocated to the proper teams.
System Admins can now see how the network interacts with or impacts their
own equipment prior to contacting other groups. Sys Admins gain greater
visibility allowing them to make more educated decisions when addressing
system issues and day-to-day operations of their equipment can be reviewed
empowering them to make capacity planning decisions.
Rev. 14.41 1 17
BitSpyder - The Culture of Knowledge
OPERATIONS STAFF
Operations staff includes the following:
Office Managers are often the first to get alerted to outages at remote/ retail
d.
branches. The value of their assistance in qualifying issues can be magnified
te
bi
by the proper context provided by the NMS.
i
oh
Receptionists, like Office Managers for buildings, will often note outages from
pr
phones, wireless, and wired infrastructure because they are often a
is
on
communications hub.
si
Managers of departments may complain or report perceived IT failings as a
is
m
cause for lost productivity.
er
tp
Being able to provide this personnel with some insight into IT status may help
ou
them better communicate and understand issues and outages in a way that
ith
facilitates effective IT response. For example, if a warehouse pick list was to come
w
to a complete stop, access to information from an NMS may allow operations staff
rt
visibility to the root cause (a print spooler failure). Operations staff could report
pa
specific, actionable information to IT for expedient resolution or may even be able
in
to resolve without direct IT intervention if relevant procedures are documented.
or
le
ho
EXECUTIVES
w
in
efficiency with lower productivity. A NMS can provide the visibility to justify
du
Finance wants to control IT costs and needs asset management and how the
s
The use of a thoughtful NMA can enhance response times and improve
St
workloads.
&L
CxOs (CEO, CIO, CFO, and etcetera) want information in small, targeted
C
outage to the business costs of downtime give a CxO a business case for
investing in solutions to reduce outages.
1 18 Rev. 14.41
BitSpyder - The Culture of Knowledge
NMA can provide this information to these disparate groups by handling real-time
monitoring and alarms with ability to track and make changes for IT. Operations
can see trend charts on utilization of services to understand why some are slow
and others are fast by creating unique home pages for them to review. Finally,
Managers and Executives can have customized reports emailed to them covering
IT items they deem important to review.
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 19
BitSpyder - The Culture of Knowledge
Stakeholder wants
d.
te
bi
i
oh
pr
is
Figure 1-9. Stakeholder wants.
on
si
NMA should meet the needs of the different groups requiring support from IT,
is
including IT. IT wants a solution that makes their mission to provide applications
m
er
services to their users, easier to manage and monitor. Operations wants a solution
tp
from IT that ensures overview and reporting of IT performance as do Executives.
ou
But executives want to tie the IT results to additional factors in the business.
ith
IMC can provide asset management and tracking. It can integrate with a variety of
w
vendor solutions and report on their performance. By bringing together a variety of
rt
pa
data and being able to manipulate in a single database/utility, additional insight can
in
be gained to provide a holistic view of IT operations. Executives ability to map IT
or
performance to business performance can help decide how investments are made.
le
In the end, the ability to measure and manage IT assets to provide information to
ho
the users that can be correlated with other business metrics enables insight into
w
business processes.
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
1 20 Rev. 14.41
BitSpyder - The Culture of Knowledge
Stakeholder needs
d.
te
ibi
oh
pr
is
on
si
Figure 1-10. Stakeholder needs.
is
m
Users needs in regards to IT management are rather simplistic. Users typically
er
tp
only need to know if the assets they are using (i.e. applications) are working
ou
(accessible) and performing well. How often does IT learn of a problem from its
ith
user base versus IT informing its users that there is a problem? The constant
w
reactive response of IT makes users feel that a basic need of Whats going on? is
rt
not met and can lead to frustration and mistrust.
pa
IMC can report on outages and performance degradation by sending scheduled
in
emails to show performance over time and real-time alarms turned into emails for
or
threshold is defining a point where things need a closer look. A low water mark
w
problem or high water mark can be used depending on the metric in question.
n
tio
IMC check the status of IT assets and report uptime and performance using built in
c
monitoring with the ability to add or collect additional monitoring available within
du
the devices. IT can create a solution that generates alarms for users when issues
ro
ep
arise. This proactive solution can change the behavior between IT and its users to
R
Rev. 14.41 1 21
BitSpyder - The Culture of Knowledge
Stakeholder desires
d.
te
bi
i
oh
pr
is
on
Figure 1-11. Stakeholder desires.
si
is
How do we bring a single tool set to enable these various desires from our
m
er
customers into a single cohesive solution? How can we provide the CxO with a
tp
10,000 meter view and still let the Help Desk Tech working on a specific outage
ou
view detailed, per device data?
ith
An NMA solution that brings all the disparate parts of IT under one umbrella for
w
monitoring and majority of configuration is the desired goal. IMC is the answer in a
rt
majority of cases.
pa
in
IMC can be defined by privileges and assets that only grant users the access and
or
views they need to perform their role. The information can be provided in real-time
le
monitoring charts and tied to alarms that automatically generate trouble tickets
ho
cascaded down into configurable code that can be applied and audited.
n
tio
At a large Fortune 100 company, for example, data from network outages was
c
correlated to daily sales figures compared to the previous year at that time to
du
determine how much the outage cost the business in revenue. These outages
ro
site.
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
1 22 Rev. 14.41
BitSpyder - The Culture of Knowledge
Standards
d.
te
ibi
oh
pr
is
on
Figure 1-12. Standards.
si
is
m
Standards help one move a concept from one device to 100 devices. An example
er
is naming. If all 500 devices are names the exactly the same (Comware) or
tp
meaningless (pseudo-random serial numbers), the opportunity to scale a solution
ou
is lost. But what if the name highlighted the closet, model and function of the
ith
switch? So, 1stFlr-5500-ASW1 relays a lot of information about the device and its
w
relative place in a network diagram. This standardization can be pushed into how
rt
pa
access control lists (ACLs) are written, how the passwords are managed on the
in
equipment and how levels of access or views are generated.
or
a NMA:
ho
w
Rev. 14.41 1 23
BitSpyder - The Culture of Knowledge
Policies
d.
te
bi
i
oh
pr
is
on
si
is
Figure 1-13. Policies.
m
er
tp
ITs world is one of balancing the need for accessibility to resources with the
ou
policies defining how resources are to used. Not everyone gets email, but those
ith
that do must login and have the proper application to access it. For the login to
w
work, the user must gain access to the network. There are access policies,
rt
acceptable use policies, auditing, and etcetera.
pa
in
How do we turn written agreements into measureable and manageable code that
or
can be applied repeatedly if needed to the different assets? IMC uses an industry
standard method, known as FCAPS to provide solutions.
le
ho
in
A = Accounting can be both user logins and logouts, but also auditing of
c
du
ACLs, and compliance checks to verify that stated policies are implemented.
ro
S = Security can be handled with IMC for operators accessing IMC, to users
s
IMC can implement these policies and then report on their compliance.
ol
eh
ak
St
&L
C
P
H
1 24 Rev. 14.41
BitSpyder - The Culture of Knowledge
Security
d.
te
ibi
oh
pr
is
on
si
is
Figure 1-14. Security.
m
er
tp
Security is often seen by users as a burden that does not allow them to get their
ou
jobs done easily. Security can be a policy enforced by the business to meet
ith
regulatory or business aims to reduce loss of important data and improper access
w
to or sharing of information. These policies create a situation where all devices
rt
with Doors and Windows should have an appropriate level of security. When
pa
there are 500 switches and each has multiple doors or methods of access, how
in
does one maintain the policy and how does one handle changes? A policy could
or
state All employees may access the network and full access to a specific set of
le
resources, but only finance employees are allowed access to the financial
ho
applications.
w
in
employee? Are the Sales Manager and CEO included in the set of finance
c
du
technologies such as 802.1x (controlling user access to the network) and provide
er
the ability to audit configurations to ensure the proper code versions or ACLs are
d
ol
deployed.
eh
ak
St
&L
C
P
H
Rev. 14.41 1 25
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 1-15. Single pane-of-glass management.
rt
pa
IMC provides a single pane of glass to manage your IT environment. This single
in
or
pane of glass is a web browser based client that can access a database containing
support for devices over 6000 unique devices from over 220 manufacturers. The
le
ho
majority of all HP and Cisco devices are included in this support out of the box.
w
Support for additional devices can be extended through use of APIs (Application
in
Management Interface (WMI). Over 6000 devices come supported for monitoring
ep
with in the device, and a majority of all HP and Cisco devices can be configured.
.R
ly
Note
on
Almost All Cisco and HP routers and switches can be monitored and
s
er
With the architecture designed for scalability and additional functions brought in by
ak
modules, IMC can continue to add new features and solutions by plugging in the
St
1 26 Rev. 14.41
BitSpyder - The Culture of Knowledge
IMC features
d.
te
ibi
oh
pr
Figure 1-16. IMC features.
is
on
With its vast array of capabilities, IMC is uniquely capable of simplifying network
si
management, even as it sifts through thousands of network nodes. The
is
m
management platform highlights the areas that need attention and provides insight
er
and health information on the network as a whole. The highlights of the network
tp
management solution include:
ou
Single-pane management: The single-pane management feature of IMC
ith
w
enables you to get the information you need at a glance, including a display of
rt
both physical and virtual assets as well as wired and wireless elements.
pa
Convenient color-coded displays, topology overlays, and focused zooming
in
make it easy for you to view the entire network or to concentrate on an area of
or
interest.
le
ho
Unified control of virtual and physical worlds: IMC unifies physical and
w
administering the new virtual server edge. It maps the topology of the entire
n
tio
network, making it clear which devices are virtual and which are physical.
c
Management focus and policies remain linked to virtual assets, even if those
du
assets move.
ro
ep
er
Rev. 14.41 1 27
BitSpyder - The Culture of Knowledge
d.
te
enforcement for users and their devices. Identity-based access helps ensure
bi
that the appropriate security measures and policies are applied consistently to
i
oh
users, whether each user connects through a wired or wireless LAN.
pr
Comprehensive multivendor support, including support for Cisco: IMC
is
provides comprehensive management of network devices, including those
on
from HP as well as Cisco and other vendors. Management begins with the
si
is
automatic discovery and mapping of all devices on the network, and it is
m
further enhanced by in-depth monitoring of those devices. Unlike a few other
er
tp
solutions, IMC goes beyond monitoring and enables sophisticated
ou
management of multivendor equipment, interoperability, and cross-vendor
ith
communication.
w
rt
Having a consolidated management platform that covers multivendor support
pa
not only reduces the number of required management tools, it also increases
in
the efficiency of troubleshooting and the mean time to repair (MTTR) with
or
correlated information. The efficiency gains with MTTR are due to the fact that
le
the data is stored within a single database rather than across a disparate
ho
management architecture.
w
in
with IMC, you can view the health and state of VMs, provision VM connectivity
ro
intact, and recognize where virtual resources connect to the physical network.
.R
ly
on
After devices are deployed, your job is made easier by unified resource
management. Color-coded displays show at a glance if a device is out of
s
er
service and offer detailed physical topology views that help technicians
d
ol
pinpoint the exact rack, slot, and device where trouble is occurring.
eh
Flexible centralized reporting: IMC receives and logs SNMP traps and
ak
syslog reports, and it can generate online and historical network performance
St
provide the information you need for network trend analysis and capacity
P
H
planning. You can also easily create inventory reports that show network
device details, such as model, firmware, available memory, IP address, and
serial number. The reports can be run with a mouse click or can be scheduled
to run at regular intervals. And you can view reports in a number of formats,
including .pdf and .xls, and send them automatically via email.
Hierarchical management: In forward-thinking organizations, larger and
larger portions of the network are being combined in ways that actually make
the network easier to manage. And even the standard version of IMC offers
1 28 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
deployment.
te
bi
Compliance Center: IMCs Compliance Center offers an event notification
i
oh
system that can take action for remediation, based on user-defined policies.
pr
Policies can be set up to notify administrators of activities such as SNMP and
is
broadcast traffic. Administrators can then take appropriate action for
on
remediation to enable seamless network operations.
si
is
m
With the Compliance Center, administrators can adopt a proactive approach to
er
management with audit capabilities. IT can audit the infrastructure to maintain
tp
network consistency and ensure that device configurations comply with
ou
policies defined in the Compliance Center.
ith
Trouble-free administration that transcends the network: IMC includes
rt
features designed specifically to make life easier for network administrators.
pa
This management solution is scalable from SMBs (small-to-medium
in
businesses) to SPs (service providers), so organizations undergoing dynamic
or
Rev. 14.41 1 29
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
Figure 1-16. IMC can answer the hard questions for administrators.
ou
ith
Ultimately, IMC enables peace of mind for IT administrators as it:
w
Aligns with industry standards: IMC aligns with all areas of the ISO
rt
pa
Telecommunications Management Networks highly regarded Fault,
in
Configuration, Accounting, Performance, and Security (FCAPS) model. It also
or
Scales and expands with the network: An IMC deployment begins with a
in
you needthe platform is highly flexible and a single server can manage
ep
networks up to 10,000 nodes. While the base platform provides a broad set of
R
Functions you can add include sophisticated traffic analysis, secure access
s
and monitoring network performance. The same goes for devices, which you
can remotely deploy and manage in a secure fashion. You can add
&L
multiprotocol label switching (MPLS) and IPSec VPN management too. You
C
can even add service health monitoring and service operations to provide full
P
H
1 30 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
What applications are running in my network?
bi
i
oh
Is my VLAN architecture intact? And how can I gain visibility to determine
pr
if changes are necessary, and where to add or prune?
is
How can I audit all the adds, changes, and deletions to all of my network
on
resources?
si
is
m
How can I deliver important services? And how should I change resource
er
deployment when services change?
tp
ou
What traffic is affecting my network? And who or what is consuming
ith
bandwidth?
w
Where am I over- or undersubscribed?
rt
pa
Which users need to be controlled, and how?
in
or
Rev. 14.41 1 31
BitSpyder - The Culture of Knowledge
1 32 Rev. 14.41
BitSpyder - The Culture of Knowledge
Performance:
Reporting: ability to drill down and review operations from a utilization
stand point
Views: access performance in variety of methods to provide a holistic
view
Trending: use of line charts and tables to show how performance is over
time
Security:
Credentials: identify users by a username and password
Encryption: allow support for secure protocols, SSH, SNMPv3, HTTPS
Integrity: ensure the information provided has not been mishandled
Oversight: summarize actions that have been taken
Rev. 14.41 1 33
BitSpyder - The Culture of Knowledge
1 34 Rev. 14.41
BitSpyder - The Culture of Knowledge
Objectives
IMC is an SNMP-based network management application. This module will give a
brief review of SNMP before providing calculations of the load placed upon an IMC
server by SNMP data collection. Well see that IMC uses a Service-Oriented
Architecture (SOA) allowing for the database to be separated from the application
with the modular architecture enabling multiple deployment methods.
After completing this module, you should be able to:
Demonstrate how SNMP uses MIBs to gather data
Calculate Collection units give the number of performance metrics and polling
times
Describe the SOA based model for IMC
Differentiate between Centralized, Distributed, Hierarchical and Hybrid
Rev. 14.41 2 1
BitSpyder - The Culture of Knowledge
Overview
This slide brings together the processes that allow IMC to implement a scalable,
integrated solution for network management solutions, including third-party support
and integration. The remainder of the pages in this module will expand upon these
topics.
2 2 Rev. 14.41
BitSpyder - The Culture of Knowledge
their programs only once to interface with IMC, instead of many times to integrate
with the operating system of each third-party device on their network. To provision,
monitor, and manage network elements, IMC provides a broad set of features
across the Fault, Configuration, Accounting, Performance, and Security (FCAPS).
IT administrators can use IMC to perform a wide variety of network management
tasks across their heterogeneous networks. IMC supports HP and third-party
devices for:
Discover and topology
Monitoring and performance management
Data center orchestration
Bulk configuration, configuration backup, and restore
2 4 Rev. 14.41
BitSpyder - The Culture of Knowledge
creating a unified platform for the dynamic and rapid deployment of cloud
applications and services.
Virtual Application Networks is enabled by HP IMC VAN Manager Module,
which allows network managers to create consistency, reliability, and
repeatability across the entire network infrastructure.
Virtual Application Networks enables administrators to create programmable
and agile networks that are automatically orchestrated to streamline
operations.
Virtual Application Networks is the next logical step in the path to the cloud.
Customers are able to focus less on managing network infrastructure and
more on connecting users to applications.
The eAPIs enable integration of virtual machine edge profile administration and
control. Cloud orchestration is enabled using IMC with VAN Policy Engine to
deploy HP Virtual Application Networks. Organizations can rapidly and dynamically
connect users to applications and services while eliminating device-level
management. RESTful eAPIs enable external access to HP Virtual Application
Networks functions from cloud and network orchestration frameworks. They allow
network and enterprise IT administrators to programmatically access, configure,
provision, and manage connection resources in conjunction with virtual machine
operations.
Note
REpresentational State Transfer (REST) is a style of software architecture
for distributed systems such as the World Wide Web. REST has emerged over
the past few years as a predominant Web service design model.
Rev. 14.41 2 5
BitSpyder - The Culture of Knowledge
For example, an intrusion prevention system (IPS) captures data about traffic
that travels through the network core, but wont necessarily collect information
about traffic that stays on the edge of the network. The eAPIs can get
information logged in IMC from switches and provide this to the IPS, which
makes the IPS more likely to catch security threats across the enterprise.
Internal IT shop: Organizations with growing enterprise networks often need
to manage a wide variety of equipment. The eAPIs let internal IT shops freely
develop applications to make their enterprise networks more agile without
having to interface directly with myriad networking equipment.
For example, an internal IT shop could use the eAPIs to create an IT help
desk system that lets everyone in IT connect to the network, see network
status information, and configure certain parameters on network devices. This
could be useful for provisioning network connections for new users, or
creating new VLANs anywhere on the enterprise network. Internal IT shops
can use the eAPIs to grab traffic analysis and network performance data from
IMC and visualize it in any way that makes sense for their business needs.
Cloud service provider: The HP Virtual Application Networks-related eAPIs
allow cloud service providers to rapidly deploy cloud services. System
administrators can speed the deployment of new virtual machines and
orchestrate VM migrations without compromising connectivity. Administrators
can deploy the VMs directly from their cloud management systems, which can
now interface with the HP Virtual Application Networks eAPIs.
Service providers and networking hardware manufacturers writing to IMC eAPIs
can be supported by the HP AllianceONE program for improved competitive
advantage, easier collaboration, and greater exposure to HP sales, channel
partners, and customers. AllianceONE gives you the framework, tools and
resources you need to have a successful collaborative relationship with HP.
operations teams. The eAPIs can be used by organizations of all sizes to meet the
fundamental goal of DevOps: to develop applications that perform better and meet
intended business and service-level requirements.
HP IMCs single-pane-of-glass management platform forms the basis of HP
FlexManagement Solutions that converge network management and network
orchestration. Its also at the heart of HP FlexNetwork Architecture, an open and
standards-based way to build a scalable, secure, agile, and consistent enterprise.
Note
The Extended APIs are included with the Enterprise Platform and are an
optional license upgrade for the Standard Platform. Comprehensive coverage
Rev. 14.41 2 7
BitSpyder - The Culture of Knowledge
SNMP overview
Rev. 14.41 2 9
BitSpyder - The Culture of Knowledge
WARNING
Common strings for read are public and write for private. GET
requests need read privileges. SET requests need write privileges. If
forced to use SNMPv1 or v2c, you should change these strings to
something less obvious; however, remember that these two versions of
SNMP send the community strings in clear text and thus are susceptible
to eavesdropping in the network.
2 10 Rev. 14.41
BitSpyder - The Culture of Knowledge
SNMP version 3
Rev. 14.41 2 11
BitSpyder - The Culture of Knowledge
SNMP allows for a Network Management System (NMS) to access variables held
in structures known as Management Information Bases (MIBs). MIBs use a
hierarchical namespace containing Object Identifiers (OID). These OID variables
provide configuration and performance data on the operation of the managed
device. MIB hierarchy defines what variable is being requested (GET) or modified
(SET).
For example, IMC can be used to modify the sysname/ hostname of a device
using SNMP with proper privileges (read and write). For this happen, the SysName
variable would need to be modified using proper credentials and an SNMP SET
command. The MIB identifier number and MIB variable name for SysName are:
1.3.6.1.2.1.1.5
ISO.ORG.DOD.INTERNET.MGMT.SYSTEM.SysName
GET requests are more common and used to poll the equipment to gather data
about the managed device. For a GET or SET request to function, the SNMP
community strings must be configured in the SNMP agent on the managed device.
The SNMP agent is typically a daemon running SNMP in the Network Operating
System (NOS) and configured via Command Line Interface, CLI.
SNMP has gone through versions to improve functionality with version 2c
(SNMPv2c) adding security and GET BULK requests to handle more information
at a time rather than every possible MIB being queried uniquely.
SNMPv3 added to the security model by creating groups of users defining what
could be accessed and enabling integrity and complete encryption of the SNMP
packet.
2 12 Rev. 14.41
BitSpyder - The Culture of Knowledge
Rev. 14.41 2 13
BitSpyder - The Culture of Knowledge
CAUTION:
To improve the I/O performance, follow these guidelines:
If the number of collection units is from 100 K to 200 K, install two or more disks and a RAID card
with a cache of 256 MB or more.
If the number of collection units is from 200 K to 300 K, install two or more disks and a RAID card
with a cache of 512 MB or more.
If the number of collection units is from 300 K to 400 K, install four or more disks and a RAID card
with a cache of 1 GB or more.
HP recommends you to set the RAID level to 5, which needs three or more disks. If you use more than
four disks, HP recommends you to set the RAID level to 0+1.
2 14 Rev. 14.41
BitSpyder - The Culture of Knowledge
CAUTION:
To improve the I/O performance, follow these guidelines:
If the number of collection units is from 100 K to 200 K, install two or more disks and a RAID card
with a cache of 256 MB or more.
If the number of collection units is from 200 K to 300 K, install two or more disks and a RAID card
with a cache of 512 MB or more.
If the number of collection units is from 300 K to 400 K, install four or more disks and a RAID card
with a cache of 1 GB or more.
HP recommends you to set the RAID level to 5, which needs three or more disks. If you use more than
four disks, HP recommends you to set the RAID level to 0+1.
Rev. 14.41 2 15
BitSpyder - The Culture of Knowledge
SNMP has limitations when managing a network, as shown in the table in Figure
2-9. Because of these limitations, other networking protocols are necessary to
complement SNMP.
For example, there is not an SNMP OID for every device event type that you want
to measure or view, and this can vary from vendor to vendor. Because of this
limitation, you need to the ability to capture any event that occurs on a device,
which can easily be done by using syslog. IMC supports syslog server functions
and can perform this role.
Likewise, there is not an SNMP MIB for every configurable option for a managed
device; therefore, scripting capabilities are needed so that the SNMP management
station can remotely log into the device (using telnet or SSH) and perform the
necessary configuration. IMC supports telnet and SSH access for the configuration
of non-SNMP configurable commands and parameters.
When generating SNMP traps, having the correct date and time is crucial in
understanding when an event occurred or if there is a correlation between multiple
events occurring in a network. NTP is required for this purpose on your networking
devices.
Last, there is no SNMP MIB/OID to perform configuration backups and restores or
operating system upgrades and downgrades. This requires the use of two
protocols. First the network management station needs to remotely login into a
device using telnet or SSH. Secondly, the file must be transferred across the
network using a file transfer protocol, like TFTP, FTP, or SFTP. IMC supports these
functions with built-in scripting.
2 16 Rev. 14.41
BitSpyder - The Culture of Knowledge
Technical design
Rev. 14.41 2 17
BitSpyder - The Culture of Knowledge
IMC requirements
The above figure shows the supported operating systems that IMC can be
deployed on (it can even run as a virtual machine [VM]) and the supported
databases. IMC does support an internal database, but in medium-to-large scale
networks, an external database product must be used to support a large number of
managed devices. VM support is on VMWare Workstation 6.5, 9.0, and 10.0 and
VMWare ESX 4.x and 5.x.
Note
The minimum hardware requirements are based on many different factors,
including the IMC software package you choose to install, the number of
managed devices and monitored OIDs, they type of installation (like
centralized and distributed), and etcetera. Please refer to the installation guide
for IMC 7.0 for further details.
2 18 Rev. 14.41
BitSpyder - The Culture of Knowledge
Deployment models
IMC provides different models for deployment to allow for scalability. In general,
the database server is on a remote server. While IMC can be installed in
virtualized environments, recognize that existing design recommendations are
made for physical servers. In virtual environment deployments, ensure the
guidelines for number of CPUs, memory and disk space allocated are followed.
The protocols used are defined in tables in later pages of this section.
Rev. 14.41 2 19
BitSpyder - The Culture of Knowledge
Centralized model
Note
The demo software is for install on Windows Server (preferably Windows 2008
R2) and contains the MS SQL 2008 Express which has a 10GB data limit and
accessibility to only 1 CPU and 1GB of data.
2 20 Rev. 14.41
BitSpyder - The Culture of Knowledge
Distributed model
Rev. 14.41 2 21
BitSpyder - The Culture of Knowledge
Hierarchical model
2 22 Rev. 14.41
BitSpyder - The Culture of Knowledge
Hybrid model
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 2-16. Hybrid deployment model.
ith
w
Hybrid allows for the distribution of load across servers and can be used in either
rt
Central or Hierarchical. Many of the IMC modules are best managed if they are
pa
loaded on separate servers and can even have separate DBs (but that is not best
in
practice). In the example above we show that NTA is deployed separately with a
or
Dig Server to gather traffic flow data and process it. By separating the NTA server
le
from the Base Platform server, the Slave NTA server can fully utilize its servers
ho
processing capabilities.
w
in
A Dig Server is able to see data from a port mirror and consolidate into traffic flow
n
information for NTA to graph the results. Dig Servers are used when the devices
ctio
Master < - - - > NTA Slave NTA Slave < - - > Dig Server
R
.
ly
on
TCP 9099
St
&L
UDP 18802
C
P
UDP 18803
H
Rev. 14.41 2 23
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
Figure 2-17. IMC ports and protocols.
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
The ports and protocols defined in Figure 2-17, 2-18, and 2-19 are used by IMC,
H
based on the deployed model. The importance of these ports and protocols is that
if an intermediate firewall sits between the different components in the network
management architecture (NMA), youll have to notify your firewall administrator to
allow the necessary ports in order for NMA to operate correctly.
2 24 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
Figure 2-20. Databases and high availability.
er
tp
IMCs dbman tool allows for backups to be made of the database and used to
ou
restore the database. In a single install of IMC, the remote database is backing up
ith
the configuration with another DB. This DB runs a scripted or manual process to
w
load the IMC database. Dual installs require purchase of licenses for another IMC
rt
install that has its own database that is using dbman to capture backups of the
primary IMC DB and uploaded. pa
in
or
All configuration changes are made on the Primary until failure. The devices must
le
be configured to send SNMP traps and Syslog to both IMC installs to achieve High
ho
Since both Single and Dual require backups to be restored via automatic or
n
manual processes, data can be lost back to the time of the last backup. Though
tio
not documented, the Dual can be modified to use a SAN with the DB on it and
c
du
accessed by two separate IMC servers. The SAN functionality would allow for
ro
either IMC install to be immediately available upon failure of the other (without
ep
Important
!
on
is preferred over the single design because if there Primary IMC server fails,
er
you dont want to create issues for your networks. For example, if the IMC
d
ol
primary server fails, users wont be able to authentication to the network and
eh
thus wont be able to access the network. A good redundant design, with quick
ak
failover, is criticial.
St
&L
C
P
H
Rev. 14.41 2 25
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
2 26 Rev. 14.41
BitSpyder - The Culture of Knowledge
Objectives
This module introduces the IMC products and modules. This course is based on
d.
version 7.0 of IMC: some items have changed from version 5.x to 7.0. The look-
te
and-feel is similar between the two versions, but there are differences, including
bii
licensing, which are pointed out in this module.
oh
pr
Here are the topics covered in this module:
is
Describe the IMC 7.0 platform portfolio
on
si
Describe the licensing used in IMC 7.0
is
m
Provide an overview of the modules available for IMC 7.0
er
tp
Provide an overview of the new features in IMC 7.0
ou
ith
Understanding how the IMC components provide a cohesive solution
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 1
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 3-1. IMCs comprehensive management capabilities.
w
rt
The IMC platform provides for a variety of functions in FCAPS out of the box.
pa
Using a Service Oriented Architecture (SOA), these functions provide operators
in
with services acting on resources managed by IMC. Operators are users of IMC
or
Compliance Center
c tio
VLAN manager
du
ro
ACL manager
ep
Network assets
R
.
ly
Performance Management
on
Additional add-on modules bring additional services operators can use to manage,
ol
monitor and configure resources. The additional modules tie into the IMC platform
eh
3 2 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 3-2. Main IMC platforms.
w
rt
HP IMC has historically been offered in two platform editions:
pa
Standard and Enterprise. With the release of IMC 5.2, HPs introduced a Basic
in
edition.
or
The new Basic edition is a feature-limited edition, for smaller customers, with
le
ho
option to migrate to the IMC platform with minimal expense. IMC Basic comes in
n
two flavors:
c tio
Table 3-1 summarizes the differences between the three IMC platforms.
ly
on
Managed SNMP Nodes 50 (maximum) 100 (base, expandable) 200 (base, expandable)
eh
Managed wireless APs 50 with Basic WLAN 0 base, need license for 0 base, need license for
ak
Rev. 14.41 3 3
BitSpyder - The Culture of Knowledge
d.
Additional modules None Yes Yes
te
bi
i
oh
IMC Basic
pr
is
HP IMC Basic Software Platform is next-generation network management software
on
with unified resource and device management. IMC Basic software is designed for
si
is
simplicity and ease of use, and offers many capabilities that make it an ideal
m
choice for small- to medium-sized businesses with small network environments
er
tp
that need single pane of glass visibility into their network infrastructures.
ou
IMC Basic software supports the management of HP and third-party devices, and
ith
is compatible with Microsoft Windows and Linux operating systems. The
w
software has a fixed-device limit of 50 nodes.
rt
pa
Centralized deployment for small network environments
in
HP Intelligent Management Software (IMC) cohesively integrates fault
or
on
Layer 2 and 3, and the ability to create custom views like a dashboard
d
ol
network trend analysis and capacity planning, and offer predefined reports or
P
number of formats, including .pdf and .xls, and can be sent automatically via
email, or be scheduled to run at a set timeframe
Integrated sFlow traffic analysis using the integrated sFlow traffic
analysis, the system can collect flow information from sFlow-capable devices;
through traffic analysis, IMC Basic software can help identify network
bottlenecks, recognize anomalous traffic, and pinpoint varying levels of
bandwidth traffic for different services and applications
3 4 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
Traffic topology is based on the network's physical topology and enables
ibi
users to view the traffic conditions of various links
oh
pr
Performance monitoring IMC Basic software provides new ways to view
is
interface performance data; includes four interface performance views: TopN,
on
trend analysis, summary data, and at a glance; the GUI is flexible and allows
si
for instant viewing, switching between multiple views, and quick access to the
is
m
various interface performance summary views
er
Network data collection generates, packages, and sends archived
tp
ou
information about your network, device, or IMC Basic software to the
ith
appropriate HP Networking support or sales organizations in one simple step;
w
this feature gathers the data you selected and then generates reports and
rt
data files containing the relevant information; finally, it delivers the reports to
pa
your selected destination, either by email, FTP, SFTP, or to a file location
in
or
The new Basic edition is a feature-limited edition, for smaller customers, with
limited network management requirements. The main goal of Basic is to provide
le
ho
option to migrate to the IMC platform with minimal expense. IMC Basic comes in
in
two flavors:
n
tio
IMC Standard
on
s
er
oriented architecture (SOA) using a business application flow model as the core to
&L
Rev. 14.41 3 5
BitSpyder - The Culture of Knowledge
d.
including discovery, categorization, baseline configurations, and software
te
images
bi
i
oh
IMC software provides configuration comparison tools, version tracking,
pr
change alerts, and more
is
Modular architecture new modules can be added to enrich network
on
management capabilities; modules for user access management, VPN
si
is
management, and traffic analysis can be quickly added to provide instant
m
benefits; the architecture allows modules to share information and provide
er
collaborative policy creation and reports
tp
ou
Live update enhancements IMC Standard Software now provides
ith
notification and download availability of the latest IMC patches as well as new
w
firmware version releases for HP devices
rt
Virtualization management pa
in
HP IMC software is one of the first management tools to integrate
or
virtual images
tio
virtual machines
ep
R
distributed deployment model; with its modular design, IMC software can be
er
d
resilience
eh
ak
Layer 2 and 3, as well as VLAN topology and the ability to create custom
P
organize and control the network infrastructure. IMC now supports multi-
device context and Intelligent Resilient Framework.
Flexible, centralized reporting centralized report management simplifies
an organization's report administration; the software's flexible historical reports
provide the information necessary for network trend analysis and capacity
planning, and offer predefined reports or customization options to define
parameters; reports can be viewed in a number of formats, including .pdf and
3 6 Rev. 14.41
BitSpyder - The Culture of Knowledge
.xls, and can be sent automatically via email, or can be set to run on a
particular schedule
Access control list management IMC software simplifies the definition,
deployment, and control of ACLs with effective policy-based control of network
security and quality of service (QoS) across an organization's network
infrastructure; ACL rule optimization helps ensure efficient use of ACL
resources on devices
d.
Identification and access management with the addition of the optional
te
IMC User Access Manager (UAM) module, the system implements unified and
ibi
centralized access management, supporting access through authentications,
oh
including LAN, WAN, WLAN, and VPN; it supports strong authentication using
pr
smart card, certificate, and others, and supports various methods for endpoint
is
access control and identity-based network services that efficiently integrate
on
the management of user resources and services
si
is
Compliance Center the Compliance Center feature associates compliance
er
policies with devices that need to be checked; the compliance check function
tp
can promptly fix configuration and security problems in the network; if
ou
incorrect configurations are found, the data for the specific device and the
ith
configuration error are included in the Compliance Center report; IMC now
w
includes predefined policies for the Compliance Center as well as alarm
rt
pa
generation when devices fail compliance checks
in
Virtual Connect support IMC software supports add/remove connections
or
for Virtual Connect Manager and displays the connect information from the
le
for the iPhone and Android operating systems; the app offers administrators
n
increased mobility by allowing them to monitor the network while away from
ctio
their offices
du
ep
installing a Telnet/SSH tool on the PC client used to access the device; this
.
ly
Unified Task Management and Wizard Center the IMC Wizard Center
er
feature services many of the configuration wizards found within IMC software,
ol
eh
such as quick start and the third-party device configuration wizard; new to this
ak
release is Unified Task Management, a section that hosts all tasks within IMC
St
software
&L
users to view the traffic conditions of various links; utilizes IMC geo-location
P
H
Rev. 14.41 3 7
BitSpyder - The Culture of Knowledge
Performance views
IMC software provides new ways to view performance data: TopN, trend
analysis, summary data, and at-a-glance
The GUI is flexible and allows for instant viewing, switching between
multiple views, and quick access to the various performance summary
views
Security Control Center the Security Control Center (SCC) can be used
d.
te
to define policies and enforce device settings consistently on selected
bi
devices; you can also use policies to manage VLANs and VLAN port settings
i
oh
or automatically apply a configuration template on newly discovered devices;
pr
you can configure policies to send alarms when device configurations become
is
noncompliant
on
Network data collection network data collection generates, packages,
si
is
and sends archived information about your network, device, or IMC software
m
er
to the appropriate HP Networking support or sales organizations in one simple
tp
step; this feature gathers the data you selected and generates reports and
ou
data files containing the relevant information; it delivers the reports to your
ith
selected destination by email, FTP, SFTP, or to a file location
w
Service Monitor use the Service Monitor feature to monitor the availability
rt
pa
and responsiveness of common network services via probes that you
in
configure; the probes reside on local and remote IMC software agents and
or
test services from servers and devices that you select when configuring the
le
probes
ho
w
in
IMC Enterprise
n
c tio
as its core and featuring an on-demand, modularized structure. The allows the
efficient implementation of end-to-end business management, while IMC
s
er
Windows Server and Linux operating systems and supports the management of
St
HP and third-party devices. The base license supports 200 managed devices.
&L
Additional node licenses can be purchased. Two nodes of Network Traffic Analyzer
C
3 8 Rev. 14.41
BitSpyder - The Culture of Knowledge
Intelligent management
cohesively integrates fault management, element configuration, and
network monitoring from a central vantage point
with support for third-party devices, IMC software enables network
administrators to centrally manage all network elements with a variety of
automated tasks: discovery, categorization, baseline configurations and
software images, and others
d.
te
IMC software provides configuration compare tools, version tracking,
ibi
change alerts, and more
oh
pr
Modular architecture optional modules can be added to enrich network
is
management capabilities; modules for user access management, VPN
on
management, and traffic analysis can be quickly added and provide instant
si
benefits; the architecture allows modules to share information and provide
is
m
collaborative policy creation and reports
er
eAPI library to integrate third-party applications The IMC eAPI library
tp
ou
utilizes a RESTful implementation for simplified integration with HP and third-
ith
party applications. Over 200 eAPI calls are available in the library, which is
w
included with IMC Enterprise software
rt
Live update enhancements IMC Enterprise software now provides
pa
notification and download availability of the latest IMC patches as well as new
in
firmware version releases for HP devices
or
le
virtual images
ep
virtual machines
s
Layers 2 and 3, as well as VLAN topology and the ability to create custom
ak
St
Rev. 14.41 3 9
BitSpyder - The Culture of Knowledge
d.
te
authentication using smart card, certificate, and others, and supports various
bi
methods of endpoint access control and identity-based network services that
i
oh
efficiently integrate the management of user resources and services
pr
Compliance Center the Compliance Center feature associates compliance
is
policies with devices that need to be checked; the compliance check function
on
can promptly fix configuration and security problems in the network; if
si
is
incorrect configurations are found, the data for the specific device and the
m
configuration error are included in the Compliance Center report; IMC now
er
tp
includes predefined policies for the Compliance Center as well as alarm
ou
generation when devices fail compliance checks
ith
Virtual Connect support IMC software supports add/remove connections
w
for Virtual Connect Manager and displays the connect information from the
rt
pa
device detail page in
IMC mobile application IMC software provides a new mobile application
or
for the iPhone and Android operating systems; this app offers administrators
le
increased mobility by allowing them to monitor the network while away from
ho
their offices
w
in
APIs
ro
installing a Telnet/SSH tool on the PC client used to access the device; this
on
Unified Task Management and Wizard Center the IMC Wizard Center is
ol
eh
a section that services many of the configuration wizards found within IMC
ak
software, such as quick start and the third-party device configuration wizard;
St
new to this release is Unified Task Management, which is a section that hosts
&L
users to view the traffic conditions of various links; utilizes IMC geo-location
data to automatically derive and place topographic maps
Customized functions and third-party device support IMC Enterprise
software extends device management and configuration functions; users can
either extend an existing function to support third-party devices by compiling
interactive scripts and XML files, or customize a function by compiling
interactive scripts, XML files, and UI configuration files
3 10 Rev. 14.41
BitSpyder - The Culture of Knowledge
Performance enhancement
IMC software provides new ways to view performance data: TopN, trend
analysis, summary data, and at-a-glance
The GUI is flexible and allows for instant viewing, switching between
multiple views, and quick access to the various performance summary
views
Security Control Center the Security Control Center (SCC) can be used
d.
te
to define policies and enforce device settings consistently on selected
bi
devices; you can also use policies to manage VLANs and VLAN port settings
i
oh
or automatically apply a configuration template on newly discovered devices;
pr
you can configure policies to send alarms when device configurations become
is
noncompliant
on
Network data collection network data collection generates, packages,
si
is
and sends archived information about your network, device, or IMC software
m
er
to the appropriate HP Networking support or sales organizations in one simple
tp
step; this feature gathers the data you selected and generates reports and
ou
data files containing the relevant information; it delivers the reports to your
ith
selected destination, either by email, FTP, SFTP, or to a file location
w
Service Monitor use Service Monitor to monitor the availability and
rt
pa
responsiveness of common network services via probes that you configure;
in
the probes reside on local and remote IMC software agents and test services
or
from servers and devices that you select when configuring the probes
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 11
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 3-3. Other IMC platforms.
ith
w
rt
IMC Basic WLAN Manager in
pa
HP Intelligent Management Center (IMC) Basic WLAN Manager Software Platform
or
IMC Basic WLAN Manager software offers wireless LAN (WLAN) device
n
service reports. It facilitates centralized control over your midsize or small wired
c
du
and wireless network to reduce the time needed to deploy configuration changes,
ro
infrastructure.
.R
ly
IMC Basic WLAN Manager software supports the management of HP and third-
on
party devices, and is compatible with Microsoft Windows and Linux operating
s
systems. The software comes with a fixed-device limit of 50 nodes and includes a
er
d
d.
devices
te
bi
Seamless policy enforcement based on user and/or device
i
oh
Unified monitoring of BYOD traffic and user behavior
pr
is
Simplified deployment and configuration
on
The IMC Smart Connect Virtual Appliance makes it easy for customers to deploy
si
is
BYOD. It includes IMC Standard and IMC User Access Management to provide full
m
network management and smart network access capabilities to solve your BYOD
er
tp
initiatives.
ou
Combines IMC Smart Connect and IMC Smart Connect w/WLAN Manager:
ith
Secure user authentication, advanced device profiling and real-time traffic
w
quarantine
rt
pa
Centralized authentication, authorization and accounting support
in
Seamless policy enforcement across wired and wireless infrastructures from
or
HP or other vendors
le
ho
Unified wired and wireless management with IMC Smart Connect w/WLAN
n
Manager
ctio
du
ro
solution with easy onboarding, provisioning, and monitoring of users and clients.
d
ol
With this software, HP moves beyond the basic BYOD requirements of identity-
eh
quarantining
Converged network support with universal policies for all wired and wireless
devices
Seamless policy enforcement based on user and/or device
Unified monitoring of BYOD traffic and user behavior
Simplified deployment and configuration
Rev. 14.41 3 13
BitSpyder - The Culture of Knowledge
IMC Smart Connect w/ WLAN Manager Virtual Appliance builds on top IMC Smart
Connect by unifying the management of wired and wireless networks.
Combine IMC Smart Connect and IMC Smart Connect w/WLAN Manager:
Secure user authentication
Advanced device profiling and real-time traffic quarantine
Centralized authentication, authorization and accounting support
d.
Seamless policy enforcement across wired and wireless infrastructures from
te
HP or other vendors
bi
i
oh
Comprehensive network management with 3rd party network support
pr
Unified wired and wireless management with IMC Smart Connect w/WLAN
is
Manager
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
3 14 Rev. 14.41
BitSpyder - The Culture of Knowledge
Licensing:
IMC 7.0 License Restructuring
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 3-4. IMC 7.0 license restructuring.
ith
w
HP has changed the license allocations and block sizes for IMC. Previously IMC
rt
Standard came with 100 nodes included in the base license, while IMC Enterprise
pa
came with 200 nodes. The smallest additional license block was 100 nodes. That
in
has now changed both Standard and Enterprise ship with 50 nodes, and you can
or
The new IMC version 7.0 will be easier to purchase. This brings two key changes:
in
n
perpetual. The licensing model used for a particular module depends on the
ly
on
modules capabilities.
s
eh
St
Rev. 14.41 3 15
BitSpyder - The Culture of Knowledge
The customer will order the base IMC platformeither a Standard or Enterprise
versionwhich equals 50 nodes, and then purchase additional IMC 50-pack
nodes to meet the required number of managed nodes. All modules with the
exception of NTA will also start with a base license with 50 license pack add-ons
available. With NTA, the base license is for 5 nodes with each add-on providing an
additional 5 nodes.
Figure 3-5 and 3-6 illustrate how much easier it is to order IMC 7.0: fewer SKUs
equates to an easier process for ordering what you need.
d.
te
bi
Over 200 to less than 50
i
oh
pr
is
on
Affected SKUs
si
is
Base platform products Campus/Branch General
m
er
IMC Standard User Access Manager Application Performance Mgr
tp
IMC Enterprise Endpoint Admission Defense IPSec VPN
ou
IMC Smart Connect User Behavior Analyzer MPLS VPN
ith
Wireless Services Manager Network Traffic Analyzer
w
BIMS TACACS+ Authentication Mgr
rt
pa
in
Figure 3-5. IMC 7.0 has fewer SKUs.
or
The ordering process for IMC 5.2 could be cumbersome to identify which SKU or
le
ho
SKUs to order with over 200 SKUs available to enumerate all the module and
w
licensing options. With IMC 7.0, the process has been streamlined with fewer than
in
50 SKUs required to provide all the ordering options for the base IMC product,
n
3 16 Rev. 14.41
BitSpyder - The Culture of Knowledge
With IMC 7.0, the full product can be purchased and licensed using only 2 SKUs.
Select the SKU for your base product (Standard or Enterprise) and add a single
SKU to add-on licensing for the appropriate number of managed devices. Rather
than different SKUs for each quantity, a single 50 device add-on license SKU is
now used with the customer specifying how many 50 packs to order to meet their
full managed device licensing needs.
To these two SKUs, you select and order the additional add-on module SKUs
desired for your installation.
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 17
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
is
m
Figure 3-7. Pricing changes and licensing.
er
tp
Pricing has been updated to reflect changed node counts. This means that starting
ou
points are much lower, particularly for Enterprise. Steps are smaller too, but the
ith
overall costs are the same if you previously needed say 400 nodes, the overall
w
price will be the same but you might be able to get away with buying 350 nodes,
rt
pa
instead of 400. It gives you just a little more flexibility.
in
See Figure 3-8 for an example on volume price breaks for additional nodes. A
or
result in a 33.3% discount off of the per node list price. Volume discounts are
ho
calculated at time of purchase based on the quantity of licenses ordered. Note that
w
3 18 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 3-9. User licensing in IMC 7.0.
ou
ith
UAM licensing has also changed: it is licensed based on concurrent users, not
w
users in the database. This can have a very large impact on your required license
rt
pa
numbers. in
Figure 3-9 illustrates on the user licensing is changing from IMC 5.2 to 7.0. IMC
or
5.2 would require a license for each user in the database whether or not that user
le
was actively connected to the network. In 7.0, licenses are tracked based on
ho
concurrent usage of actual, current device connections to the network. If the same
w
user has three devices authenticated to the network at the same time, this now
in
counts as using three licenses. However, users and devices not connected to the
n
tio
Figure 3-10 illustrates the flexibility of concurrent licensing. With the existing
ro
access the network. However, not all 100 licenses are used at the same time,
R
because employees access the network at different times. With a shared pool of
.
ly
licenses, concurrent licensing enables the organization to serve the same 100-
on
Rev. 14.41 3 19
BitSpyder - The Culture of Knowledge
Simpler
Shared No need for named users
User
licenses license Less cost
pool Flexible for guest access
d.
te
i bi
oh
Affects User Access Manager,
pr
User Behavior Auditor and
is
Endpoint Admission Defense
on
si
is
m
er
Figure 3-10. UAM 7.0 provides greater flexibility with concurrent licensing.
tp
ou
Figure 3-11 explains the process of migrating from user to concurrent licensing.
ith
w
Concurrent licensing
rt
I plan on pa will be automatically
in
purchasing
or
upgraded upon
additional user
le
registration of
ho
licenses
w
additional licenses
in
n
c tio
du
ro
purchasing
R
upgrade to concurrent
.
ly
additional user
on
This new structure will allow greater flexibility around licensing; multiple license
C
packs can be combined and installed on a single server or they can be split across
P
Customers who have purchased licenses prior to the change will be entitled to the
number of licenses they have already purchased.
3 20 Rev. 14.41
BitSpyder - The Culture of Knowledge
Note
d.
Unlimited licensing is no longer being sold in IMC 7.0; however customers that
te
bi
have previously purchased unlimited licensing in IMC 5.2 will still retain their
i
oh
unlimited licensing when upgrading to 7.0. More information on IMC 7.0
pr
licensing can be obtained from the IMC Product Restructuring FAQ:
http://www8.hp.com/h20195/v2/GetPDF.aspx%2Fc03897281.pdf.
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 21
BitSpyder - The Culture of Knowledge
IMC Modules
IMC Modules Overview
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 3-12. IMC modules overview.
w
rt
pa
There are 19 modules that are licensed separately from IMC base platform. The
in
Single licensing can be applied to existing base platform node licensing and
or
provide additional functionality for the nodes managed. Tiered licensing requires
le
separate licenses and can be purchased to cover all the nodes in the base
ho
platform or subset.
w
An example of Tiered licensing is NTA. NTA is licensed per node that will be
in
n
The slide above is a listing of licensing for available IMC modules. Below is a
du
description of the modules by function or where they fall within the FCAPS model.
ro
ep
FAULT
R
Many of the modules add new alarms and thresholds for measurement
.
ly
on
CONFIGURATION
s
er
eh
&L
3 22 Rev. 14.41
BitSpyder - The Culture of Knowledge
ACCOUNTING
Many of the modules add to reporting.
UBA User Behavior Analyzer
IAR Intelligent Analysis Reporter
SOM Service Operation Management
d.
PERFORMANCE
te
bi
NTA Network Traffic Analyzer
i
oh
pr
SHM Service Health Manager
is
APM Application Performance Manager
on
si
SECURITY
is
m
UAM User Access Manager
er
tp
EAD Endpoint Admission Defense
ou
ith
TAM TACACS Authentication Manager
w
The remaining slides in this section provide additional details on the role, function
rt
or application of each IMC module.
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 23
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
Figure 3-13. APM module.
ith
w
Application Performance Manager (APM) is an IMC module that allows
rt
administrators to visualize and measure the health of critical business applications
pa
and their impact on network performance. With the available data, you can easily
in
determine which business process is affected and which application issues to
or
monitoring and management that APM provides includes fault management, and
ho
eh
applications and servers, including the following: Apache/IIS Web servers,
P
H
3 24 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
Resource manager and network topology provides integrated
ibi
application and network management
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 25
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
Figure 3-14. NTA module.
ith
HP IMC Network Traffic Analyzer (NTA) Software Module is a graphical network-
w
monitoring tool that provides network administrators with real-time information
rt
pa
about users and applications consuming network bandwidth. A reliable solution for
in
enterprise and campus network traffic analysis, it defends the network against
or
virus attacks and applies varying levels of bandwidth traffic to different services
le
and applications. The IMC NTA software module's network bandwidth statistics
ho
bottlenecks and apply corrective measures for enhanced throughput. The software
in
d
ol
St
3 26 Rev. 14.41
BitSpyder - The Culture of Knowledge
Advanced application and protocol mapping NTA will break down your
network traffic into applications you can recognize by providing insight into top
application usage and reports for in/out/total bandwidth organized by source,
destination, protocol, application, and application groups.
NEW In-depth visibility Provides both quick-glance reports for a better
understanding of the bandwidth utilization in your network as well as the ability
to drill-into data for more thorough analysis. It can also automatically discover
the interfaces sending traffic.
CAPEX reduction Network Traffic Analyzer enables you to monitor and
enhance network usage without acquiring additional bandwidth at tremendous
cost savings, including understanding under and over-saturated areas of the
network and application usage.
NEW Virtualization Monitor HP IMC Virtualization Monitor Software
(vMon) is an IMC module that supports port running features for any switch or
hub in physical and virtual environments. It allows IT departments to analyze
network traffic and track security information. IMC vMon software is vendor
agnostic it is not dependent on vendor-specific devices.
Rev. 14.41 3 27
BitSpyder - The Culture of Knowledge
Figure 3-15. Unified wired and wireless access control with UAM and EAD.
UAM provides a RADIUS server and integration into Active Directory (AD) or LDAP
allowing for user logins to be handled to access the network via 802.1X. With EAD,
policies can be enforced on end clients with iNode client installed.
Integrated and Collaborative
Unified network and user policy management, from the device to the data
center
Pervasive Security
Heterogeneous device support
Client-based and Clientless device authentication
Greater Visibility and Control
Stricter access control through policy options
Blacklist, resource and bandwidth monitoring, & logging
Scalable services
Native interoperability between modules i.e. ACL Manager, User
Behavior Analysis module, and etcetera.
Works with 3rd party push software
3 28 Rev. 14.41
BitSpyder - The Culture of Knowledge
Rev. 14.41 3 31
BitSpyder - The Culture of Knowledge
3 32 Rev. 14.41
BitSpyder - The Culture of Knowledge
The EAD policies are based on definitions created by the organization. These
health checks can be up to date software and anti-virus. A PC can be isolated
based on failure and allowed to access software and anti-virus updates. There can
devices with exceptions such as printers and phones. Once a device passes, it
can be assigned to the appropriate VLAN as defined by policy.
Rev. 14.41 3 33
BitSpyder - The Culture of Knowledge
EAD features
3 34 Rev. 14.41
BitSpyder - The Culture of Knowledge
Rev. 14.41 3 35
BitSpyder - The Culture of Knowledge
HP IMC Service Operation Management (SOM) Software is a module for the IMC
platform which focuses on operations and management flow to provide full IT
lifecycle management. It allows IT organizations to adhere to ITIL v3.0, including IT
services such as policy design, operation, and improvement.
Through flow management, IMC SOM Software provides controls, measures, and
audit capabilities for configuration changes, fault identification, and recovery.
Based on a unified configuration management database (CMDB), it provides
configurable flows and options for self-service, as well as management of asset
configuration, change, fault events, problem recognition, and auto-generation of a
knowledge base. This capability reduces IT involvement by allowing end users to
recognize known network issues as well as to create and track service requests.
SOM integrates with the HP IMC platform to correlate information about network
performance, traffic flows, and user controls.
Real-time and accurate CMDB
Complete service operation flow management
Integration with alarming
Integration with configuration center
Centralized knowledge base
Features of the SOM module include:
Complete service operation flow management HP IMC Service
Operation Management (SOM) Software provides lifetime management of IT
network operations from ticket creation, status checks, and execution to
resolution, close, and after-audit operations.
Integration with configuration management IMC SOM integrates with
HP IMC configuration management to set control mechanisms and audit
configuration changes. Along with IMC, it supports the automation of process-
driven change management capabilities. By completing the review stage of
the SOM process, in keeping with the trigger operation of IMC configuration
settings, the process can be based on IMC configuration abilities, and
automated or scheduled to fulfill the change after audit.
Integration with alarming IMC SOM integrates with the IMC platform
alarm functions for problem recognition, analysis, and resolution to reduce
maintenance. This provides a closed-loop management of alarms, including
3 36 Rev. 14.41
BitSpyder - The Culture of Knowledge
Rev. 14.41 3 37
BitSpyder - The Culture of Knowledge
Many enterprises are facing security threats from their internal networks. Auditing
the online behavior of internal users is an effective way to find and solve such
security threats. To satisfy this need, HP Intelligent Management Center (IMC)
user behavior auditor (UBA) was introduced. It provides a high-performance,
scalable network log audit and analysis solution. UBA provides comprehensive log
collection and audit functions and supports various log formats such as NAT, flow,
NetStreamV5, and DIG. UBA provides DIG logs for you to audit security-sensitive
operations and digest information from HTTP, FTP, and SMTP packets. UBA
provides good scalability, and the behavior audit is based on the IMC platform and
thus adapted to network environment changes. UBA implements user behavior
tracking with the User Authentication Manager (UAM) module.
Distributed architecture
Audit template customization
Export and audit of log files
Flexible filter strategy configuration
Intelligent data storage space management
Features of UBA include:
Service configuration
Probe management
Device management
Server management
Application management
Application identification management
Parameter configuration
3 38 Rev. 14.41
BitSpyder - The Culture of Knowledge
Rev. 14.41 3 39
BitSpyder - The Culture of Knowledge
WSM module
Unified wired and wireless management
3 40 Rev. 14.41
BitSpyder - The Culture of Knowledge
redeploy APs or adjust radio power or channel parameters to achieve the best
signal coverage with the lowest cost
RF predictor
shows area coverages so you can predict the coverage before buying or
moving APs
antennas shape direct signals so you can play with antenna types and
add in obstacles to plan for best performance
predicts best placement of APs based on scale and obstacles you provide
send and save your RF plan using popular file formats
Client management because connection issues require information about
your client, WSM Software tracks client connection history, and provides top-
down (AP-to-client) and client-to-AP views to ease troubleshooting processes
Performance monitoring IMC WSM Software displays graphs and
performance charts for wireless devices status, wireless alarms statistics,
online client trending, and AP traffic monitoring; users can define tasks to
monitor performance items of interest
WLAN reports provide AP statistics, radio statistics, client statistics, and
traffic statistics
Wireless terminal trace display logs the online and offline records of a
wireless terminal and uses these records to display the movements of the
wireless terminal in the location view
WDS/mesh management WSM Software displays local mesh
neighborhood and local mesh link information
PoE port management to facilitate management, IMC WSM Software can
automatically learn which APs are connected to a switch's PoE ports, enabling
control of those PoE ports; set the fault AP to perform a cold restart, which will
be a fast resume
Google Maps integration with IMC WSM Software support for Google
Maps integration, users can add hotspots to the map, view the number of APs
and clients in the hotspot, and jump to the location topology from the hotspot
to view detailed information
Wireless intrusion detection integration helps manage the intrusion
detection system at the controller level
Support for HP MSM AP radio resource management provides
configuration management of radio resources, including auto power, auto
channel, and scheduling
Location-based services locate MSM APs and connected clients
NEW Real-time Spectrum Guard IMC WSM Software spectrum analysis
scans the 2.4-GHz and 5-GHz frequency bands to detect interferences and
affected channels and to generate real-time spectrum data. Operators can get
the wireless spectrum performance and WLAN security by viewing the current
interference data and real-time spectrum data. Real-time Spectrum Guard
requires a license.
3 42 Rev. 14.41
BitSpyder - The Culture of Knowledge
across the SDN domain is monitored and represented visually in VAN SDN
Manager Software, enabling fast troubleshooting. IMC Software provides lifecycle
management and monitoring of the HP VAN SDN Controller and provides details
of network service status and OpenFlow related information.
Consistent management experience across traditional and software-defined
networks
Configuration, monitoring and policy management for a software-defined
network
OpenFlow switch management for quick troubleshooting and deployment
Performance management of the control point of your network
Features of VAN SDN include:
OpenFlow network management
Manage OpenFlow resources, flow policies, traffic monitoring, reporting,
troubleshooting, and application management.
Visualize network traffic flows, service quality and SDN application status.
Single click to detailed service management interface from dashboard.
Inventory and monitor network resources. Information reliant on IMC
platform information and other module information.
OpenFlow controller management
Supports single, teamed and redundant controllers.
Displays information such as network service status, OpenFlow device
types, host numbers, flow entry numbers, and VLAN.
OpenFlow device management
Displays all the flow entries, counters, DPIDs, and other OpenFlow
statistics per device.
Locate an OpenFlow device within the network topology.
Service flow management
Enables end-to-end flow deployment from the physical topology
OpenFlow topology
Displays device links, utilization, and nodes accessing the network.
Visualize service over physical and logical links allowing for real-time
monitoring of flow status.
Filter view by controller, application, or flow.
Fault troubleshooting
Monitor topology based faults through faulty link and device positioning.
Display affected hosts and corresponding flow entries.
Analyze flow paths for root-cause detection.
3 44 Rev. 14.41
BitSpyder - The Culture of Knowledge
Determine the root cause of problems with automatic analysis per node
including matching fields, input/output and more.
Service reporting
Provides real time and historical statistics in detailed reports that can be
exported in a variety of reporting formats.
Reports OpenFlow network assets, utilization, flow statistics, fault
statistics and terminal statistic.
Supports reports by tenant allowing for auditing and capacity analysis.
Note
For more information on Virtual Application Networks, visit:
http://h17007.www1.hp.com/docs/interopny/4AA4-3872ENW.pdf.
The set of VLANs needed on a trunk link between the hypervisor host and access
switch is thus unpredictable.
Solution #1 (painful): Configure all possible VLANs on the trunk link.
Stretched VLANs spanning the whole data center are an ideal ingredient of a
major meltdown.
Solution #2 (proprietary): Buy access switches that can download VLAN
information from vCenter
Solution #3 (proprietary/future standard): Use Cisco UCS system with VN-
Tag (precursor to 802.1Qbh). UCS manager downloads VLAN information
from vCenter and applies it to dynamic virtual ports connected to vNICs.
Solution #4 (future): Use Edge Virtual Bridging. The emerging Edge Virtual
Bridging (EVB; 802.1Qbg) standard addresses numerous networking-related
challenges introduced by server virtualization. Today well focus on EVBs
easiest component: VM provisioning and Virtual Station Interface (VSI)
Discovery and Configuration Protocol (VDP).
3 46 Rev. 14.41
BitSpyder - The Culture of Knowledge
Rev. 14.41 3 47
BitSpyder - The Culture of Knowledge
3 48 Rev. 14.41
BitSpyder - The Culture of Knowledge
Rev. 14.41 3 49
BitSpyder - The Culture of Knowledge
3 50 Rev. 14.41
BitSpyder - The Culture of Knowledge
Rev. 14.41 3 51
BitSpyder - The Culture of Knowledge
3 52 Rev. 14.41
BitSpyder - The Culture of Knowledge
provides features for all aspects of IPSec VPN management. This includes real-
time and historic status, performance monitors, problem recognition, and
resolution. In addition, IVM expedites IPSec VPN deployments and displays a
graphical VPN topology, VPN channel status, and other configurable monitors. It is
scalable and can configure and monitor multiple devices at once.
Here are some features of IVM:
Reduced VPN setup and management time provides auto-discovery,
d.
automatic performance to monitor thresholds, and a creation wizard to reduce
te
IPSec VPN creation and management; wizards help administrators quickly
ibi
deploy IPSec VPN networks; the wizard is useful for simplifying the creation of
oh
even complicated VPN networks, reducing configuration load and decreasing
pr
maintenance costs
is
on
VPN performance monitoring delivers both historic and real-time status
si
monitoring and alerting; this facilitates the identification of equipment faults or
is
m
areas where data package loss occurs; the software displays information in
er
easy-to-read charts, such as bar charts, pie charts, and Gantt charts, that
tp
display useful information for administrators; uses a virtual spoke to monitor
ou
devices, even when they run behind NAT
ith
VPN topology chart automatically discovers and displays VPN
rt
deployments using a topology view; administrators can view the VPN
pa
deployment, see performance metrics of the device or tunnels, and quickly
in
access configurations from the topology
or
ho
Visual DVPN domain plan allows you to plan and edit your DVPN
ro
to IPSec/VPN Manager
s
er
St
Rev. 14.41 3 53
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 3-29. SHM module.
tp
ou
HP Intelligent Management Center (IMC) is a modular, comprehensive resource
ith
management platform. With its extensive device support, IMC provides true end-
w
to-end management for the entire network, as well as the entire operation cycle.
rt
pa
IMC Service Health Manager (SHM) is an IMC module that provides end-to-end
in
service monitoring and service assurance through the visualization of
or
leverages data derived from other IMC components to yield critical performance
ho
metrics. SHM then aggregates key performance indicators (KPIs) to generate key
w
administrators can visually determine the level of quality for defined services and
c tio
ak
monitoring, interface monitoring, NQA voice, NQA link, and NTA traffic) by
&L
extracting the KPI indexes from all IMC modules (including platform traps,
C
performance
Predefine abundant KQIs allows you to predefine different KQIs,
including device status, interface performance, NQA voice and link quality,
and NTA host traffic
Visual service modeling provides visual SLA modeling tools; allows you
to define the service-related resources, set up a KQI/compound KQI, and then
create evaluation policies to obtain a holistic view of the service
3 54 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
Real-time monitoring, audit, and alarm of NQA instances
te
bi
i
Instant management is the core function of NQA and allows you to
oh
configure test period, alarm mode, service level, service class, and device
pr
parameter through instant management
is
on
The real-time audit function helps solve problems when the configured
si
instance cannot collect data normally
is
m
er
The threshold values for alarms
tp
Comprehensive SHM reports includes daily, weekly, monthly, and annual
ou
service health monitoring reports
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 55
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
Figure 3-30. RSM module.
ou
ith
The IMC Remote Site Manager (RSM) securely extends the IMC core platform
w
capability to remote sites by deploying remote agents. These remote agents
rt
pa
manage and monitor the remote network, and apply policies and configurations to
the remote network devices on behalf of the central IMC server. The use of agents
in
allows IMC to securely manage remote networks, even in a firewalled
or
allowing you to monitor your network with higher granularity, which provides more
w
devices or branch networks with NAT through HTTPS security tunnels
&L
3 56 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
devices to be grouped and managed by multiple RSM agent nodes
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 57
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
Figure 3-31. IAR module.
ou
ith
HP IMC Intelligent Analysis Reporter (IAR) extends the reporting capabilities within
w
IMC to include customized reporting. These extended reporting capabilities enable
rt
pa
network administrators to perform proper analysis and make informed decisions.
IAR makes customized reporting easy by including a report designer, which can
in
save designs into report templates. Report outputs include a variety of formats,
or
ro
eh
Supported chart types includes bar, pie, Gantt, curve, bubble, ring, and
St
radar charts
&L
C
allow users to select and set format, database link, record, and group
H
3 58 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 59
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 3-32. MVM module.
tp
ou
Providing reliable, private connections is a good way to improve the value of your
ith
network. Virtual private networks (VPNs) enable you to use the Internet as a
w
medium for secure data exchanges. But VPNs must also maintain minimum
rt
service levels and improve network resource utility to allow the delivery of
pa
bandwidth-intensive applications such as streaming multimedia. Established MPLS
in
VPN standards enable flexible support for proprietary and standards-based
or
Manager (MVM) was created to help administer these private connections. IMC
ho
which enable IT managers to best allocate resources. IMC MVM also contains a
tio
traffic engineering component that helps operators monitor an entire network and
c
du
Software provides an easy way to add VPN resources such as provider edges
St
(PEs), customer edges (CEs), and VPNs. PEs and CEs can be imported from
&L
the basic network resources, while VPNs can be either manually added or
C
automatically discovered.
P
H
MPLS VPN monitoring, with MVM displaying both fault and configuration
status of the network in real time, including
VPN access topology displays the link status of CEs and the core (that is,
the connection and link status between PEs, CEs, and the core in real
time).
3 60 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
a per-day, per-month, or per-year basis in HTML, PDF, or other formats to
bi
meet different needs.
i
oh
MPLS VPN deployment MVM provides the BGP MPLS VPN deployment
pr
is
function, which can be used to deploy a VPN through easy operations. This
on
reduces the configuration workload remarkably. It also supports VPN link
si
deployment and batch removal.
is
m
MPLS management VPN By establishing a management VPN,
er
administrators can add CEs to the management VPN, which can then manage
tp
the CE topology, alarms, and performances. To prevent building management
ou
VPNs that interrupt service VPN discovery and management, MVM allows you
ith
to set and filter the management VPN to separate it from service VPNs.
w
rt
MPLS VPN report MVM supplies an integrated VPN report, VPN connect
pa
report, VPN details report, and VPN access flow report. It also allows users to
in
easily obtain VPN network information.
or
MPLS VPN traffic analysis Integrated with IMC NTA Software, MVM can
le
ho
analyze the VPN traffic flow based on different applications. It displays a chart
w
Layer 2 MPLS VPN This provides support for LDP mode VPLS VPN, BGP
n
tio
mode VPLS VPN, VLL, and PBB. It can also assign different VPN priority
c
du
Rev. 14.41 3 61
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
Figure 3-33. BIMS module.
is
on
The HP Intelligent Management Center (IMC) Branch Intelligent Management
si
is
System (BIMS) uses an intelligent component-based architecture to provide
m
powerful support for service operations, delivering high reliability, scalability,
er
flexibility, and IP investment returns. Based on the TR-069 protocol, IMC BIMS
tp
offers resource, configuration, service, alarm, group, and privilege management. It
ou
allows the remote management of customer premise equipment (CPE) in WANs.
ith
w
Unified resource management
rt
Single-pane visibility pa
in
Integrated access and user management
or
le
interface (DHCP, PPPoE) of the router before shipping it to the remote site. The
c
du
BIMS server pushes the remaining device configuration to the device once the
ro
In this case BIMS is pushing the DVPN related configuration and any other
.
The VAM server (Hub) and spoke negotiate the tunnel security, once
eh
At this point the spoke establishes a permanent tunnel to each hub router. The hub
routers have already established a permanent tunnel between them each other as
part of their VAM registration process
3 62 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
so the IMC Branch Intelligent Management Software (BIMS) can pass
te
through NAT to manage the device
ibi
oh
Zero-touch configuration provides easy management; records the
pr
upgrade history of devices
is
Large-scale device management supports distributed architecture;
on
the auto-configuration server (ACS) of BIMS can be distributed to multiple
si
is
servers, with each ACS managing part of the devices
m
er
Support of load balancing and failover between ACSs provides
tp
high availability
ou
Security
ith
w
Outstanding security can use HTTPS to communicate with or to
rt
pa
transfer files to the device; HTTPS is more secure than TFTP, FTP, or
in
Telnet
or
Configuration
le
ho
software.
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 63
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 3-34. IMC module solution map: one platform for multiple solution requirements.
w
rt
pa
IMC modules can be tied together to bring solutions to different technologies that
in
are maintained in IT, as shown in the Figure 3-34 and with the descriptions below:
or
Bring Your Own Device BYOD has become more common with mobile
le
devices and users expectations that their personal devices can be used at
ho
standards and policies for equipment access. By using IMC with UAM, EAD,
in
n
UBA, NTA and WSM, IT can enforce policies across a variety of end user
tio
Network Access IMC with UAM and EAD can ensure devices are with
ep
policy guidelines to reduce worm outbreaks and maintain end user equipment.
.R
on
locally to reduce WAN traffic and handle equipment behind firewalls. BIMs
s
DVPN IVM and BIMS work on getting the proper Dynamic VPN
C
configuration applied to the equipment so that it can easily speak with other
P
H
3 64 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 3-35. BYOD and beyond: building blocks for BYOD and unified wired/wireless management.
ou
ith
HP leverages the UAM, EAD, UBA, NTA, and WSM modules to provide a holistic
w
solution to BYOD environments: a solution that is easy to scale, configure,
rt
manage, and monitor.
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 65
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
Figure 3-36. NAC.
ou
ith
Network Access Control ensures devices that are connected to the network are not
w
malicious and have been verified. NAC can be implemented with the UAM and
rt
pa
EAD modules. in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
3 66 Rev. 14.41
BitSpyder - The Culture of Knowledge
Multi-site management
d.
te
ibi
oh
pr
is
on
si
is
m
er
Figure 3-37. Simplify multi-site management.
tp
ou
IMC modules like BIMS and RSM easily allow you to manage large numbers of
ith
branch offices in an enterprise network.
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 67
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 3-38. Network orchestration for cloud-bases services.
w
rt
pa
To understand HPs vision for virtual application networks, lets explore how it all
in
comes together. We start with the blueprint FlexNetwork architecture, with the
or
solutions for the data center FlexFabric, FlexCampus and FlexBranch to connect
le
the users. We are going to virtualize that entire infrastructure symbolized by these
ho
three blue ribbons that come into the center discs. And here, once we virtualize the
w
network, we can use tools built on top of IMC to characterize applications using
in
preconfigured templates.
n
tio
deliver applications from a cloud data center to a user in a way where the network
ro
Lync, real time business applications or messaging applications. You can have
.
ly
Most importantly, as these applications move from the private cloud into the public
d
cloud, the policy for virtual application network can follow it as the users move and
ol
eh
we will follow them as well providing for a dynamic environment, one where the
ak
You can have speed without compromise and it is built on open standards,
&L
providing the choice, the flexibility as well as the confidence to have a proven path
C
to the cloud.
P
H
3 68 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 3-39. DMVPN automates secure connectivity.
ith
w
IMCs IVM and BIMS modules helps scale DVPN solutions to thousands of
rt
devices.
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 69
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
Figure 3-40. Data center simplicity.
ou
ith
Virtual Connect (VC) was designed to be a simple network connection alternative
w
to traditional edge networking products for HPs blade server solutions. For any
rt
pa
provisioning or management function, VC provides an embedded, out-of-the-box
in
console, Virtual Connect Manager, for small environments. However, for most data
or
recommended solution.
w
functions without requiring extensive training for any team. Role based security
n
tio
allows server, network and storage teams to perform their respective provisioning,
c
du
efficiently and with full accounting from a single console. And VC also integrates
ep
with many other HP, 3rd party and even custom management tools to monitor and
R
Note
s
http://h17007.www1.hp.com/us/en/enterprise/servers/bladesystem/virtual-
d
ol
connect/index.aspx#.Uzyt9PldXh4
eh
ak
St
&L
C
P
H
3 70 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
Figure 3-46. Single pane-of-glass management with IMC.
in
IMC uses an SOA-based solution brings together disparate functions into single
or
be managed.
tio
du
It has additional support for 2 node license NTA and eAPI licensing.
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 71
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 3-47. IMC module portfolio.
tp
ou
The above slide summarized the FCAP architecture that IMC supports and how
ith
the IMC modules fit into that architecture.
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
3 72 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 3-38. Network management tools: HP vs. Cisco.
w
rt
pa
The above slide illustrates how HP compares to other vendors, like Cisco.
Whereas HP has a cohesive, integrated, and scalable NMS solution for today
in
networks, other vendors have to tape together a lot of dissimilar products that lack
or
Rev. 14.41 3 73
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
3 74 Rev. 14.41
BitSpyder - The Culture of Knowledge
Objectives
This module introduces new features and enhancements to IMC 7.0. IMC 7.0 is a
d.
major upgrade from version 5.2. One of the first differences youll see is the
te
modernization of the user interface. Most workflow processes are the same as the
bii
tasks performed in version 5.2, but as youll see, the look and feel of the new
oh
version of code is very different. This module will provide a brief introduction to
pr
some of the new features as well as the enhancements from IMC 5.2
is
on
Here are the topics covered in this module:
si
is
User interface enhancements
m
er
Usability enhancements
tp
ou
Resource management features
ith
Topology management features
w
rt
Alarm management features
Configuration Center features pa
in
or
Rev. 14.41 4 1
BitSpyder - The Culture of Knowledge
System features
d.
te
i bi
oh
pr
is
on
si
is
m
Figure 4-1. New interface and usability enhancements in IMC 7.0
er
tp
The following pages will cover the interface and usability features of IMC 7.0.
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 2 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 4-2. New interface style in IMC 7.0.
w
rt
IMC 7.0 has moved towards a HTML 5 based interface. This has increased
pa
performance as well as compatibility with modern operating systems and devices.
in
You have four interface styles you can choose from:
or
Classic
le
ho
Midnight
w
in
Gun Metal
n
tio
Ocean
c
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 3
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 4-3. IMC 7.0 supports a user interface for mobile platforms.
tp
ou
IMC 7.0 now has an HTML interface which enables the web server to display a
ith
device appropriate interface when a mobile device, like a tablet or smartphone,
w
connects. This eliminates the requirement for a separate mobile application as was
rt
pa
the case in previous versions of IMC. in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 4 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 4-4. Enhanced general search capabilities.
ou
ith
HP IMC 7.0 has greatly enhanced the search capabilities of the base platform. The
w
search bar can now be used to:
rt
Query devices (like names or IP addresses)
pa
in
Query users
or
le
The search capabilities can perform both specific and fuzzy searches. IMC 7.0
w
also allows the user to distribute the general search service from the IMC main
in
platform to a separate logical host to reduce the performance load on the master
n
tio
Figure 4-5. The Search Service supports centralized and distributed deployments.
Rev. 14.41 4 5
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-6. Exporting MIB walk results.
ith
HP IMC 7.0 has enhanced the native MIB browser. In addition to using the
w
rt
included MIB browser for querying their SNMP capable network devices, users are
pa
now able to export the MIB results into a TXT file for further analysis (see Figure 4-
in
6).
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 6 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 4-7. Centrally managed operator group privileges.
ou
ith
In IMC 5.x the operator groups could be used as a privilege assignment object, but
w
the assignment was spread out all over the interface. IMC 7.0 has consolidated
rt
pa
many of these functions under the operator group settings, providing IMC
operators a centralized location to view or modify the privileges for a specific
in
operator group (see Figure 4-7).
or
le
ho
w
in
n
c tio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 7
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
is
Figure 4-8. Creating real-time statistics charts.
m
er
tp
IMC 7.0 allows users to create semi-custom visualizations. Custom visualizations
ou
are supported for the following:
ith
List objects: device view, port group, operation log
w
Chart types: Count Statistics Bar Chart and Count Statistics Pie Chart
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 8 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 4-9. A summary of the resource management features in IMC 7.0.
rt
pa
Figure 4-9 has a summary of the resource management features that have been
in
enhanced and added to IMC 7.0. The following pages will discuss these briefly.
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 9
BitSpyder - The Culture of Knowledge
Enhanced Auto-Discover
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-10. Enhancements to IMCs auto-discovery process.
ith
w
In the IMC 7.0 advanced discovery, a new filter option is now available that will
rt
pa
allow administrators to perform the discovery while filtering the specified device
in
models. The filter can be used to include or exclude the specific models, as
or
needed. Though most discoveries are intended to pull in all devices within an
le
environment, this enhancement will be of great value for some users seeking to
ho
exclude specific families or device models at the core or edge of a network from
w
IMC discovery.
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 10 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-11. You can now apply polling time for service monitoring.
ith
In IMC 7.0, the Service monitoring on the resource page will now poll the
w
rt
monitored service on the resource page equal to the poll interval of the
pa
configuration management setting (see Figure 4-11). The default is 2 hours. In
in
previous versions of IMC, this was polled at six(6) times the value of the
or
Rev. 14.41 4 11
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-12. Unmanaged devices pauses polling functions.
ith
w
In previous versions of IMC, unmanaged devices could still raise faults from other
rt
performance tasks. In IMC 7.0, IMC will remove the device from synchronization
pa
with service modules, such as the VLAN Manager. IMC 7.0 will also pause all
in
device polling tasks such as the following, for unmanaged devices:
or
ho
Service monitoring
n
tio
Syslog
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 12 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 4-13. Supports scheduling of operations.
w
rt
pa
IMC 7.0 now allows users to configure batch operation interface tasks to run on a
daily schedule. Supported schedule options include:
in
or
Immediately
le
ho
Once
w
Daily
in
n
IMC 5.x and previous only allowed scheduling options of Immediately or Once
tio
Rev. 14.41 4 13
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-14. VM support by IMC.
ith
w
HP IMC software is one of the first management tools to integrate management
rt
and monitoring of both virtual and physical networks. It provides insight and
pa
management of virtual networks and reduces migration complexity by aligning and
in
automating network policies with virtual images IMC 7.0 supports VMware, Hyper-
or
V, and KVM; IMC Virtual Network Management software also supports automatic
le
tracking of the network access port of virtual machines. Figure 4-14 illustrates the
ho
4 14 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-15. Multi-tenant device context support is new in IMC 7.0.
ith
w
A device can be virtualized into multiple logical devices called multi-tenant device
rt
contexts (MDCs). Each MDC uses its own resources and runs independently.
pa
From the user's perspective, an MDC is a standalone device. Using MDC
in
technology, you can improve network resource utilization while integrating network
or
Rev. 14.41 4 15
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-16. Supporting MDC on devices.
ith
w
Supporting MDC on devices is new, including identifying MDC device, create
rt
MDC, allocate resource to MDC, and check some performance of MDC. The MDC
pa
Management, accessible from the resource page of the MDC capable device, is
in
currently available only for the HP 12500 and 12900 which support MDC with
or
Comware 7.
le
ho
Note
w
uses one license. If it is not a resource in IMC, it doesnt use a license, and
n
tio
only can be seen in MDC management. For example, if 3 MDCs are all added
c
to IMC resource, the whole device uses 5 IMC platform licenses (1 for the
du
4 16 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
Figure 4-17. IMC 7.0 supports custom view names during setup.
tp
ou
IMC 7.0 now allows users to input the custom view name within the import file
ith
used to populate the IMC database (see Figure 4-17). This will help to speed the
w
installation process.
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 17
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-18. Topology management features in IMC 7.0.
ith
w
Figure 4-18 lists some of the topology management features that were enhanced
rt
pa
or added in IMC 7.0. The following sections will briefly introduce these features.
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 18 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
Figure 4-19. HTML 5 topologies.
er
tp
IMC 7.0 has introduced HTML5 based topologies. Topologies accessed through
ou
the native IMC browser window will show as HTML topologies when using a
ith
modern HTML5 capable browser. Legacy browsers may continue to use java to
w
access the topology functions. Some topologies, like the Network Topology map,
rt
pa
are still Java-based; however, the push in IMC 7.0 is to eventually convert
in
everything to HTML 5. For the Java applets still in use, they are now digitally
or
Rev. 14.41 4 19
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-20. Customized icons are supported in Topology maps.
ith
w
IMC 7.0 now allows users to customize icons for specific devices in the java applet
rt
pa
topology maps. in
Note
or
This function is NOT available in the HTML5 topology maps yet, but will be
le
4 20 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 4-21. Can add room notes in the Data Center topology map.
ou
ith
IMC 7.0 now allows users to add in notes which can be displayed in a room in the
w
Data Center Topology function.
rt
Note pa
in
The Data Center topology is only available in the Java Applet based
or
topologies. The Data Center topology is NOT yet available in the HTML5
le
Rev. 14.41 4 21
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 4-22. You can show interface abbreviations for topology links in the topology maps.
rt
pa
IMC 7 now allows users to choose to display the interface description of a specific
in
link on the topology map (see Figure 4-22). This function is currently available in
or
the Java Applet topologies and will be added to HTML5 topologies in a future
le
update.
ho
w
Figure 4-23 shows support for cloud color consistency with a related topology
in
view: the color of the cloud is linked to the highest level of alarm in the linked view.
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
4 22 Rev. 14.41
BitSpyder - The Culture of Knowledge
GEO topology
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 4-24. Support for GEO location data for map auto-placement.
ou
ith
The new GEO topology map auto-placement features uses TWaver map. It must
w
be enabled through a configuration file on the IMC server. The Geo Topology only
rt
pa
applies to the Java applet Topologies and does not currently support HTML5
(Support within HTML5 will be added in a future update.)
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 23
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
Figure 4-25. Alarm management features enhanced and added in IMC 7.0.
ou
ith
Figure 4-25 lists some of the enhancements and additions to the alarm
w
management features in IMC 7.0. The following pages will briefly cover these
rt
features.
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 24 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 4-26. Adding interface descriptions to interface traps.
ou
ith
In IMC 7.0, a new enhancement is the capability of adding interface descriptions to
w
interface traps, as shown in Figure 4-26.
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 25
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 4-27. Allows for Alarm Recovery in both Upper and Lower IMC panes.
w
rt
When a customer recovers a trap in a hierarchical IMC window pane, the related
pa
trap in the upper or lower IMC window pane will also be recovered. This is a new
in
enhancement in IMC 7.0.
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 26 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-28. Add Interface Alarms display.
ith
w
In IMC 7.0, you can now add Interface Alarms in the Interface Details view. All
rt
alarms are then displayed on one page.
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 27
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-29. Delete, acknowledge, or recover all alarms.
ith
w
IMC 7.0 now allows you to delete, acknowledge, or recover all alarms, as shown in
rt
pa
Figure 4-29. in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 28 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
Figure 4-30. New Configuration Center enhancements and features in IMC 7.0.
m
er
tp
Figure 4-30 lists some of the enhancements and new features in IMC 7.0. The
ou
following pages will briefly cover these.
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 29
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
Figure 4-31. You can copy system-defined compliance policies for new tasks.
ou
Compliance has had some minor workflow improvements. Previously, if you only
ith
wanted to run a single Compliance Policy check, you had to go through and
w
rt
individually disable all the other policies. Now you can disable them all in a single
pa
step. IMC 7.0 allows users to copy the pre-defined Compliance tasks. This
in
significantly speeds up the creation of new compliance tasks, as illustrated in
or
Figure 4-31. You can also select or delete multiple policies when creating a new
le
Check Task.
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 30 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
Figure 4-32. SCP support for ProVision upgrades.
m
er
tp
IMC 7.0 Configuration Center now supports SCP the (secure copy) protocol
ou
transfer mode for legacy ProVision devices, as shown in Figure 4-32. Currently,
ith
SCP is not supported for HP Comware devices.
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 31
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-33. Undeployed devices in Auto Deployment Plan.
ith
w
The Undeployed Devices in the Auto Deployment Plan (ADP) supports a new
rt
pa
filtering option in IMC 7.0. In Figure 4-33, the Undeployed Devices Only option
in
only shows the devices whose running status is not Successfully Deployed. This
or
4 32 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
Figure 4-34. Configuration backup support through OOBM for Provision devices.
pa
in
IMC 7.0 now supports configuration management tasks through the OOBM (Out of
or
Band Management) ports. The OOBM is a dedicated management port (or ports)
le
separate from the data (user and resource) ports available on selected hardware
ho
Rev. 14.41 4 33
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-35. Support added for ISSU updates of Comware version 7 devices.
ith
w
IMC 7.0 adds support for in-service updates (ISSU) for Comware 7 devices. In
rt
IMC 5.2, only Comware 5 was supported for ISSU.
pa
in
Note
or
le
Software upgradability checks are performed by the device, not IMC. The
ho
device will then judge the software upgrade compatibility and choose the right
w
upgrade method.
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 34 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
du
ep
on
AIR-LAP1142N-K9
s
er
AIR-CAP3502i-A-K9
d
ol
eh
Although it is expected that Cisco Wireless products that conform to the same
ak
general management (MIB and CLI) characteristics as the 2106 controller will
St
function with WSM as well, no other Cisco wireless devices have been tested yet.
&L
and add an additional tab in the configuration. And if you add a device to WSM,
P
you will also find there is a configuration tab for Cisco device. The HP IMC WSM
H
module now supports the RF spectrum view for Cisco devices. Note that currently,
there are no Cisco Access Points or Cisco wireless antennas modeled in the IMC
database.
Rev. 14.41 4 35
BitSpyder - The Culture of Knowledge
RF network plan
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 4-37. AP number calculation in the RF network plan.
rt
pa
The RF Network Plan feature has been optimized to support:
in
AP deploy number calculation automatically
or
le
Note
in
Currently no support for Cisco wireless products, but this will be added in the
n
future.
c tio
du
Before using this feature, draw the coverage area in the map, then click the
ep
calculator (see Figure 4-38) to calculate the number of AP which can be deployed
R
in the area
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
In the calculator, you can modify the value of the parameters to make the result
more accurate.
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 4-39. AP auto-deploy in multi-area networks.
w
rt
You can draw multiple areas, and use AP auto deploy function to deploy the AP
pa
before the real deployment (see Figure 4-39). It gives the engineer a suggestion
in
on the deployment.
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 37
BitSpyder - The Culture of Knowledge
Spectrum Analysis
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 4-40. Spectrum analysis.
rt
pa
The WSM spectrum analysis feature only works with hardware which is capable of
in
supporting this function. Currently only the following Access Points are supported
or
HP MSM 425
in
n
HP MSM 430
c tio
HP MSM 460
du
ro
HP MSM 466
ep
HP MSM 466-R
R
.
ly
After configuring spectrum analysis, go to the radio configure page, click the
on
operation button of a radio. There are two operations: one is SS monitor, the other
s
is SS monitor history.
er
d
ol
Note
SNMP also needs to be configured correctly on the controller.
4 38 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
Figure 4-41. Spectrum Analysis provides information to pinpoint wireless problems.
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 39
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
Figure 4-42. Spectrum Analysis topology maps.
tp
ou
WSM can display the RF interference sources on the WSM topology maps. This
ith
function is only available in the java applet based topology map.
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 40 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-43. Location change for UAM in IMC 7.0.
ith
w
New features in UAM 7.0:
rt
Location changed pa
in
or
In previous versions of HP IMC, the UAM, EAD, and DAM service modules were
d
ol
all found under the Services main section. In IMC 7.0, the UAM, EAD, and DAM
eh
service modules have been moved under the User main heading (see above).
ak
This is a more logical placement for these modules as they are focused on user
St
management.
&L
C
In UAM V5 BYOD deployment required the IMC server HTTP port to be set to port
P
during the install. UAM 7.0 removes this requirement. (EIP will continue to work
with the default IMC HTTP server settings of port 8080/8443.
In UAM 5.2, The DNS redirect was seen to cause many issues in live
environments. Certain Browsers and Operating Systems would cache the DNS
information beyond the intended time interval, resulting in Users getting redirected
to the IMC server after the onboarding process had completed successfully.
Because of the unreliability of the DNS redirection, UAM 7.0 has changed to an
HTTP redirect method for gathering the HTTP User Agent information and User
Rev. 14.41 4 41
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 42 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
Figure 4-44. Endpoint configuration templates for BYOD.
er
tp
Endpoint Configuration Templates help to easy the administrative burden of
ou
deploying different configuration elements to BYOD endpoints.
ith
w
Currently UAM supports four different endpoint configuration templates
rt
SCEP Template: This is supported on iOS, Android, as well as Windows PCs.
pa
in
iOS General Cfg Template: This is supported only on Apple iOS devices.
or
WiFi template: There are two versions of this template. One for Apple iOS
le
ho
Table 4.1 describes the support for the different Endpoint templates for specific
tio
operating systems:
c
du
Config Policy
.
Systems Template
ly
Template Template
on
iOS Y Y Y Y
s
er
Android Y N Y N
d
Windows Y N N N
ol
eh
process. The SCEP template in UAM could be used to configure SCEP server to
C
deploy certificate to iOS, Android and WM devices. For SCEP functionality, a full
P
H
Rev. 14.41 4 43
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
is
m
er
Figure 4-45. Endpoint configuration distribution policy.
tp
ou
The Endpoint Configuration distribution policy allows administrators to combine a
ith
set of endpoint templates and bind them to a user group. Once a user onboards,
w
UAM will look at their user group and apply the appropriate iOS configuration,
rt
pa
password policy, Wi-Fi, and SCEP templates as defined in the Endpoint
configuration distribution policy assigned to that users user group.
in
or
Using this feature, administrators can fully automate the onboarding of users and
le
assign them the appropriate network and security without having to handle the
ho
users device.
w
in
1. Create Endpoint Templates: In this step, the UAM administrator will create all
c
administrator will create the ECDP and bind all of the appropriate Endpoint
R
3. Assign to User Group: The UAM administrator will also be required to bind the
s
ECDP to a one or many IMC User Groups. The user group setting will be used
er
4. Deploy to Devices: This step will automatically occur as users onboard new
St
4 44 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Figure 4-46 Endpoint Configuration Flow.
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 45
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 4-47. Customizable BYOD portal pages.
tp
ou
There are 5 types of templates for portal page style, customer could add a default
ith
template into Portal page, includes Login Page, authentication success page,
w
heartbeat page and password change page.
rt
pa
BYOD portal includes authentication registration and register successful pages.
in
Customize PC BYOD page is similar with Portal Page, customer could define
or
parameters by themselves.
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 46 Rev. 14.41
BitSpyder - The Culture of Knowledge
EAD overview
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 4-48. EAD has moved to a new location in IMC 7.0
ou
ith
Similar to UAM 7.0, EAD has moved to a new home in the User main tab.
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 47
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
iNode will generate a update package for iNode client automatically, find it, then
in
upload it to UAM, after that when you setup iNode next time, it will request the
n
tio
4 48 Rev. 14.41
BitSpyder - The Culture of Knowledge
Using the iNode Management Center, you can perform various client
customizations. iNode 7.0 now allows add a domain suffix automatically. In older
versions of iNode., after you create a new connection in iNode, you could choose
to input the domain suffix in Username, such as: Ethan@h3c.com, or choose the
domain in Domain column, but in V7, you could only choose from domain column,
this is to reduce the name errors.
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 4-51. iNode support for PEAP.
w
rt
pa
EAD also supports unified authentication connection with PEAP authentication
type
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 49
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 50 Rev. 14.41
BitSpyder - The Culture of Knowledge
Objectives
This module introduces the installation and access to IMC. Here you will learn how
d.
to install IMC in a single-server environment. After the installation process, youll
te
become familiar with the Deployment Monitoring Agent (DMA), which can be used
bii
to verify the installation, backup the IMC databases, and troubleshoot operation
oh
issues with IMC. Youll then learn how to log into IMC and become familiar with the
pr
GUI interface displayed in IMC 7.0. This module focuses on you learning where
is
on
the main sections of IMC are: youll learn more information about these sections
si
throughout the rest of the course. Last, youll learn how to set up management
is
accounts in IMC that your administrators can use to manage your network. Youll
m
then configure these topics in the Lab Activity.
er
tp
Here are the topics covered in this module:
ou
ith
Install IMC on a single server
w
Use the Deployment Monitoring Agent to validate the installation and backup
rt
pa
IMC in
Log into IMC and become familiar with the look-and-feel of the GUI interface
or
ho
w
in
n
ctio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 5 1
BitSpyder - The Culture of Knowledge
Pre-installation
Supported Systems
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 5-1. IMC 7.0s supported operating systems, hypervisors, and database products.
ith
w
HP IMC is supported on the following operating systems
rt
Microsoft Windows Versions pa
in
or
ho
tio
du
ep
Red Hat Enterprise Linux 5 X64 (Enterprise and Standard versions only)
St
&L
Red Hat Enterprise Linux 5.5 (Enterprise and Standard versions only)
C
Red Hat Enterprise Linux 5.5 X64 (Enterprise and Standard versions
P
H
only)
Red Hat Enterprise Linux 5.9 (Enterprise and Standard versions only)
Red Hat Enterprise Linux 5.9 X64 (Enterprise and Standard versions
only)
Red Hat Enterprise Linux 6.1 X64 (Enterprise and Standard versions
only)
5 2 Rev. 14.41
BitSpyder - The Culture of Knowledge
Red Hat Enterprise Linux 6.4 X64 (Enterprise and Standard versions
only)
d.
te
Windows Server 2012 Hyper-V
bi
i
oh
VMware
pr
VMware Workstation 6.5.x
is
on
VMware Workstation 9.0.x
si
is
VMware ESX Server 4.x
m
er
VMware ESX Server 5.x
tp
ou
ith
HP IMC is supported on the following database products:
w
rt
Microsoft SQL Server
pa
in
Microsoft SQL Server 2005 Service Pack 4 (Windows only)
or
MySQL
c
du
MySQL Enterprise Server 5.1 (Linux and Windows) (Up to 1000 devices
ro
ep
are supported)
R
MySQL Enterprise Server 5.5 (Linux and Windows) (Up to 1000 devices
.
ly
are supported)
on
MySQL Enterprise Server 5.6 (Linux and Windows) (Up to 1000 devices
er
d
are supported)
ol
eh
Oracle
ak
Note
Please refer to the current IMC release notes for updated system
requirements.
Rev. 14.41 5 3
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 5-2. IMC 7.0 browser requirements.
rt
pa
IMC 7.0 has raised the browser requirements to align with the HTML5
in
enhancements available in the IMC 7.0 platform and modules. See Figure 5-2 for a
or
list of recommended browsers. Older browsers may continue to work with a subset
le
5 4 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
Figure 5.3. Installation enhancements and upgrading.
er
tp
During the installation, if the installation path has different OS information from the
ou
current OS, the installation process cannot continue: for example, in Windows OS,
ith
w
if the installation path has linux word, the OK button is greyed out (see Figure 5-
rt
3). This proactively avoids inadvertent selection of Linux component folders during
an IMC install on a Windows OS system, for example. pa
in
or
WARNING
Before performing any installation or upgrade, perform these steps:
le
ho
1. Read the release notes. With IMC, there are A LOT of factors that can
w
installation guides for your IMC product, the database you plan to use,
and the deployment model youll implement
ro
ep
Note
ak
You can download a trial version of IMC (Basic, Standard, and Enterprise) that
St
you can use to demo the product. The trial is good for 60 days and this is a
&L
great way of testing IMC in a lab environment. Visit HPs site to start your
C
download today:
P
http://h17007.www1.hp.com/us/en/networking/products/network-
H
management/IMC_ES_Platform/index.aspx#.UzmjifldXh4.
Rev. 14.41 5 5
BitSpyder - The Culture of Knowledge
Installation process
Locale information
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
Find the install.bat file and run it (for Windows deployment). You will be presented
w
with the above window. From this window, you to select a country/region,
in
ep
eh
install and deploy on the master server and specify a remote database server.
ak
This installation method is available for both local and remote databases.
St
&L
C
P
H
5 6 Rev. 14.41
BitSpyder - The Culture of Knowledge
Database information
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
Select the database type and instance name. Use the default instance or
ro
Enter the database superuser name (sa by default), password, and listening
R
port number (1433 by default). You can also use another port number that is
.
ly
not used by another service. The parameters appear only when you install
on
IMC on Windows.
s
er
Select other server, specify the server IP address and enter the superuser
d
ol
Other information may be required based on the type of database used. Figure 5-5
St
Rev. 14.41 5 7
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 5-6. Installation and deployment.
ith
w
If you chose the custom installation option, youll be prompted for many additional
rt
pa
items; however, with the typical installation option, you are not prompted for
anything. The right hand window shown in Figure 5-6 shows the deployment of
in
various modulesyoull see this window appear and disappear based on the
or
5 8 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
Monitor tabStart and stop IMC and install additional IMC modules or
c
du
components
ro
IMC.
on
Environment tabView the database use and set up database backup and
s
er
restore policies.
d
ol
Figure 5-8 shows the Monitor tab. By default, IMC doesnt start automatically when
eh
the OS bootsyou can enable from this screen. You can also manually stop or
ak
start IMC by clicking the appropriate button. Clicking the Install button allows you
St
to install additional IMC modules. Below this you can view the disk space, CPU,
&L
Rev. 14.41 5 9
BitSpyder - The Culture of Knowledge
Process tab
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
The Process tab window in DMA allows you to see the currently running
w
processes used by IMC. From this screen you can manually start or stop a
in
Important
c
!
du
When you are having problems with the operation of IMC (like logging into it),
ro
this should be one of the first screens you look at to verify that all the
ep
necessary IMC processes are running. One process that sometimes has to be
R
restarted is the jserver process when first booting the server: this happens if
.
ly
you dont have enough processing or memory and its taking too long for IMC
on
to start up.
s
er
d
ol
eh
ak
St
&L
C
P
H
5 10 Rev. 14.41
BitSpyder - The Culture of Knowledge
Deploy tab
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
The DMA Deploy tab allows you to see the IMC components and modules that
w
have been installed. The Status column should say Deployed if the component
in
has been successfully installed, deployed, and operational. As you can see in
n
tio
Figure 5-10, the NTA module (the one selected) has been installed along with the
c
du
Note
ep
R
typical; however IMC Standard requires this to be installed after the IMC
ly
on
ak
Undeploy a component
&L
Upgrade a component
P
H
Rev. 14.41 5 11
BitSpyder - The Culture of Knowledge
Environment tab
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
The DMA Environment tab allows you to see the Running Environment
ho
w
information of the local server (left-hand side), the database space usage (right-
in
hand side), and to control database backup and restore policies (bottom).
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
5 12 Rev. 14.41
BitSpyder - The Culture of Knowledge
Database backup/restore
Click the Configure button to set up automatic backup and recovery settings. This
is shown in Figure 5-12. Backups can be automated on a daily basis. For proper
backups, IMC backup file should be send to a separate server via SMB file share
or FTP.
Note
All operations by users can be audited and reviewed using the Operation Log
d.
te
under the IMC System menu option.
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Figure 5-12. Configure backup and restore database policies for IMC.
Rev. 14.41 5 13
BitSpyder - The Culture of Knowledge
The Backup and Restore buttons under the DMA Environment tab (Figure 5-11)
are used to backup and restore the local IMC databasetheyll be greyed-out if
you are using an external database product.
Figure 5-13 displays the pop-up window that is displayed when defining your
backup/restore policies when using an external database server. You have to
install the Dbman application on the external database server and then run it on
the external server.
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 5-13. Backup instructions for an external database.
ith
w
When IMC uses a remote database, you must use the following methods to back
rt
up the IMC installation directory and database files separately:
pa
To back up the IMC installation directory, execute the backup.bat script that is
in
located in the IMC installation package.
or
le
When IMC uses remote databases, execute the backup.bat script to back up the
n
IMC installation directory on the IMC server and use Dbman to back up the
tio
Installing Dbman on Windows Server and Linux are similar. This example uses the
ro
ep
Windows Server.
R
directory of the IMC installation package to install Microsoft Visual C++ 2008
on
2. Copy the dbman folder in the IMC installation path on the master server to the
d
ol
In this example, the INSTDIR directory is the directory in which Dbman is installed
St
on the remote database server. You should replace the INSTDIR with the actual
&L
directory name.
C
When Dbman is running on the database server, you can perform database
P
backup and restoration operations by following the aids on the screen, including:
H
5 14 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 5-14. Running automatic backups with dbman on a Windows server.
w
rt
! Important pa
in
Do not close the Command Prompt window or Terminal window when
or
terminates.
ho
w
IMC backup/restore
in
n
3. Check the size of the backup files and make sure the disk for saving the files
on
Click Browse to customize the location for saving the backup files.
er
4.
d
ol
Rev. 14.41 5 15
BitSpyder - The Culture of Knowledge
After the backup is complete, the backup file directory generates a package
IMC.zip, which contains the complete backup files under the IMC installation path.
In the backup directory also is a folder named db\, which contains the database
backup data of all components. Because a remote database is used, the db folder
is empty.
d.
te
i bi
oh
pr
is
on
si
Figure 5-15. Backing up local IMC files and installation.
is
m
er
Caution
tp
To back up IMC in Windows Server 2003 or Windows Server 2003 R2,
ou
you must log in as an administrator and then back up IMC.
ith
To back up IMC in Windows Server 2008 or Windows Server 2008 R2,
w
you must first right-click the backup.bat script and select Run as
rt
pa
Administrator from the shortcut menu, or modify the User Account
in
Control Settings and restart the server. After backing up IMC, you can
or
Panel > System and Security, click Change User Account Control
ho
Settings in the Action Center, and set the Choose when to be notified
w
5 16 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 5-16. Accessing IMC.
w
rt
pa
To access IMC, use a supported web browser and connect to one of the following
in
URLs:
or
http://IMC-server-IP-address:8080/imc
le
ho
https://IMC-server-IP-address:8433/imc
w
Username: admin
tio
Password: admin
du
ro
IMC 7.0 uses HTML5 to provide webpages as its display interface (IMC 5.x used
ep
AJAX). With this functionality, access to different sections is typically a click away.
R
There is more than one way to access the information and different pages may
.
ly
show the same information in different manners. The goal in IMC is to use the
on
mouse to click on links that allow user access to data by drilling down into the
s
er
interface.
d
ol
Note
eh
ak
It is often best utilize IMC in a full screen browser. This encourages the user to
St
Rev. 14.41 5 17
BitSpyder - The Culture of Knowledge
Installing licenses
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
Figure 5-17. Installing licenses.
ou
ith
From the screen in Figure 5-16, click the Activate hyperlink to install the initial or
w
additional licenses. Youre presented with the window at the top of Figure 5-15.
rt
pa
Youll need to copy the serial number, since this is necessary to request the
appropriate license file from HP. Once you have the license file, click the Activate
in
Now button in the top window and in the bottom window, click Browse to find the
or
5 18 Rev. 14.41
BitSpyder - The Culture of Knowledge
Home screen
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 5-18. Home screen.
ou
The IMC home page displays information in a hierarchical way. It comprises two
ith
w
layers, space and widget. If you log in to the IMC for the first time, you can see the
rt
default space (Welcome), which comprises six widgets displaying the alarm,
pa
resource, and performance summary information of the IMC, as shown in Figure 5-
in
18.
or
IMC modules also offer a variety of widgets in order to meet your viewing and
le
ho
monitoring needs. You can customize a space and add system-defined alarm,
w
resource, performance, and other modules widgets to your space. In addition, you
in
can customize RSS widgets, which provide you with the ability to subscribe to the
n
RSS feeds.
ctio
For the default space displayed on your first login to the IMC home page, no data
du
is available for any widgets. After you add devices to IMC, the system generates
ro
ep
statistics immediately and displays them in the default space. The next slide
R
At the top of the window you can see the account you used to log into IMC, Help
on
(discussed in a later section), About (displays the license information for IMC,
s
On the IMC home page, you can perform basic operations on the spaces and
eh
1. Click the Maximize icon ( ) on the top left corner of the default space to hide
&L
the tabular navigation system on the top and maximize the home page (see
C
2. Click the Restore ( ) icon on the top left corner of the default space to
display the tabular navigation system on the top.
Rev. 14.41 5 19
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 5-19. Maximizing the home page.
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
5 20 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
Figure 5-20. Adding spaces with widgets and RSS feeds on the IMC home page.
ou
ith
By default, IMC provides 17 types of resource, alarm, and performance statistics
w
widgets defined by the system. Some of these are displayed under the Welcome
rt
tab.
pa
in
or
In addition to the default Welcome space defined by the system, you can
w
1. Log in to the IMC, move the pointer over the icon on the top left corner of
du
ro
2. Click to freeze the space tab. A tab bar appears on the top of the space.
R.
ly
on
3. Click of the space tab and a new space tab named New Space (
s
er
) appears.
d
ol
4. Type the name for the new space and click any blank part of the page to
eh
5. Launch the dialog box for adding widgets by clicking the Edit icon on the
upper right corner of the space or the Add button in the middle of the screen.
&L
C
Rev. 14.41 5 21
BitSpyder - The Culture of Knowledge
6. Select the layout for widgets. On the top middle of the widget adding dialog
box, select a layout
means two widgets are displayed per row. The left widget occupies
2/3 and the right occupies 1/3 of the row.
means two widgets are displayed per row. The left widget occupies
1/3 and the right occupies 2/3 of the row.
d.
te
means two widgets are displayed per row, each occupying 1/2 of the
bi
row.
i
oh
pr
means three widgets are displayed per row, each occupying 1/3 of
is
the row.
on
si
means one widget is displayed per row.
is
m
7. Locate a system-defined widget by using one of the following methods:
er
tp
Query a widget
ou
ith
Select the Widget tab in the dialog box.
w
On the top right corner of the dialog box, type the keyword of a
rt
pa
widget name and click Query. All widgets matching the query criteria
in
are displayed in the dialog box. The query supports fuzzy matching
or
and is case-sensitive.
le
Sort widgets
ho
w
On the top left corner of the dialog box, select the All, Alarm,
tio
widgets.
ep
Use either method to display the desired widgets in the dialog box.
s
er
8. Click the Add icon ( ) button of a widget to add it to the space. Then the Add
d
ol
5 22 Rev. 14.41
BitSpyder - The Culture of Knowledge
10. Click the Setting icon ( ) on the top right corner of a widget and select
Setting to launch the Setting dialog box.
Time RangeSpecifies the time range for statistics collection. The
available options include Last Hour, Today, Yesterday, This Week, Last
Week, This Month, Last Month, This Year, and Last Year.
TopSpecifies the number of devices for the widget. The available
d.
options include 5, 10, 20, and 30.
te
ColumnsSpecifies the quantities of IP segments and custom views to
ibi
oh
be displayed per row for the widget. The available options include 2, 4, 6,
pr
8, and 10. This parameter is available only for the Network widget.
is
NetworkSpecifies the content to be displayed for the widget. Select
on
si
Both to display both IP view and custom view; select IP View to display
is
only IP view; select Custom View to display only custom view. This
m
er
parameter is available only for the Network widget.
tp
SubnetSpecifies the subnet for which the topology is to be displayed.
ou
The available options include the existing subnets of the system. This
ith
parameter is available only for the IP Topology widget.
w
rt
ViewSpecifies the custom view for which the topology is to be
pa
displayed. The available options include the existing custom views of the
in
system. This parameter is available only for the Custom Topology widget.
or
le
available options include CPU Usage (%), Memory Usage (%), Response
w
displayed. The available options include Critical, Major and Higher, Minor
ak
and Higher, Warning and Higher. This parameter is available only for the
St
Alarm widget.
&L
the Alarm view. The available options include 5, 10. This parameter is
P
H
available only for the Alarm widget. The available options include 5, 10.
This parameter is available only for the Alarm widget.
11. Click OK to confirm your changes.
12. Click the Save icon on the top right corner of the space to save your
configurations.
Rev. 14.41 5 23
BitSpyder - The Culture of Knowledge
1. Log in to the IMC, move the pointer over the icon on the top left corner of
the space, and the icon changes to .
d.
2. Click to freeze the space tab. A tab bar appears on the top of the space.
te
bi
3. Click the tab you want to add the RSS widget to.
i
oh
4. Launch the dialog box for adding widgets by clicking the Edit icon ( ) on the
pr
upper right corner of the space.
is
on
5. Click the RSS tab in the dialog box to customize the RSS widget.
si
is
6. Enter the following RSS information:
m
er
RSS SiteEnter the URL of the RSS feed you want to subscribe.
tp
ou
RSS TitleEnter the name of the RSS widget.
ith
w
7. Click the Check button ( ) to test the validity of the RSS feed URL.
rt
8. Click the Add button ( pa
) to add another RSS widget.
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
5 24 Rev. 14.41
BitSpyder - The Culture of Knowledge
Help
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 5-21. IMCs system-wide help.
rt
IMC offers two levels of online help: pa
in
or
System-wide help
le
Context-sensitive help
ho
w
in
System-wide help
n
ctio
System-wide help can be accessed by clicking the Help link, shown in Figure 5-21,
du
The main pain of the system-wide help includes useful resources for managing
R
and using IMC. These resources include an overview of the IMC platform, a quick
.
ly
On the navigation tree located on the left of the Help page, help is organized by
er
functional groups within IMC. Operators can query the online help system using
d
ol
the Search field located at the upper left corner of the Help page by entering
eh
search criteria in the field provided. Results of the search query are displayed in
ak
Rev. 14.41 5 25
BitSpyder - The Culture of Knowledge
Context-sensitive help
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
Figure 5-22. Context-sensitive help.
ou
ith
To access context-sensitive help, click the Help link located in the upper right
w
corner of one of the main pane of the IMC functional pages (Resource, User,
rt
pa
Service, Alarm, Report, or System), shown in Figure 5-22.
in
The help system displays online help relevant to the operators current page.
or
The context sensitive help link is located below the system wide help link.
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
5 26 Rev. 14.41
BitSpyder - The Culture of Knowledge
Search
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 5-23. IMC search capabilities.
tp
ou
Global search includes basic query and advanced query. Basic query helps you
ith
search devices and users. It also helps you search the data, help, and navigation
w
information that matches the search criteria. Advanced query helps you query
rt
devices, interfaces, and users.
pa
in
or
icon located to the left of the search field. IMC supports fuzzy matching for
.
5. Click Export Excel or Export CSV on the right of Device List to launch the
St
Download Exported Data window, and click the Download Exported Data link
&L
Rev. 14.41 5 27
BitSpyder - The Culture of Knowledge
2. Select the Query Users option from the list by clicking the Search
d.
icon located to the left of the search field. IMC supports fuzzy matching for
te
most search and filtering features.
bi
i
oh
3. Enter a full or partial user name in the field provided.
pr
is
4. Click the Go icon .
on
si
is
Performing a general search
m
er
tp
To perform a general search:
ou
1. Navigate to general search. The general search field (
ith
w
) can be found in the upper right corner of most
rt
pa
IMC pages. in
2. Select the General Search option from the list by clicking the Search icon
or
3. Enter what you want to search for in the general search field. This function
w
only supports exact match. For example, if you enter performance, all the
in
displayed. If you enter perf, only the data, help, and navigation information
c
that exactly matches perf is displayed, and the data, help, and navigation
du
information that does not exactly match perf, for example, information that
ro
contains performance, will not be displayed. Also, you can perform a search
ep
space) between two terms, the items that contain either of the two terms
s
er
are searched. For example, when you input device OR interface, the
d
ANDWhen you include the AND operator between two terms, the items
ak
that contain both terms are searched. For example, when you input
St
device AND interface, the items that contain both device and interface are
&L
searched.
C
P
NOTWhen you include the NOT operator between two terms, the items
H
that contain the term before NOT and do not contain the term after NOT
are searched. When the NOT operator is used before the only one term
input, no results will be searched. For example, when you input device
NOT interface, the items that contain device but do not contain interface
are searched.
5 28 Rev. 14.41
BitSpyder - The Culture of Knowledge
Plus sign (+)When you input +XX, the items to be searched must
contain the term after +. For example, when you input +device, the items
that contain device are searched.
Minus sign (-)When you input -XX, the items to be searched cannot
contain the term after -. For example, when you input -device interface,
the items that do not contain device and that contain interface are
searched.
d.
Question mark (?)The single-character wildcard indicates any single
te
bi
character in the search. For example, when you input devi?e, the items
i
oh
that contain device, devide, and so on are searched.
pr
Asterisk sign (*)The multiple-character wildcard indicates 0 or more
is
on
characters. For example, when you input devi*, the items that contain
si
the word devi or any word prefixed with devi are searched.
is
m
4. Click the Go icon ( ). The Extension dialog box appears. All the data, help,
er
tp
and navigation information that matches the search criteria is displayed in the
ou
dialog box.
ith
w
Note
rt
pa
Advanced search capabilities are also supported but are beyond the scope of
in
this course. For more information, refer to one of the HP IMC Administration
or
Guide books.
le
ho
w
in
n
c tio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 5 29
BitSpyder - The Culture of Knowledge
Breadcrumb trails
d.
te
ibi
oh
pr
is
on
si
is
m
er
Figure 5-24. Breadcrumb trails.
tp
ou
A breadcrumb trail, shown in Figure 5-24, is a secondary navigation method that
ith
supports you in accessing more easily features and functions of the IMC system.
w
They are also an effective visual aid that displays the operators location within the
rt
pa
context of IMC Web interface. in
The first value for the breadcrumb trail in the IMC interface is most often one of the
or
functional areas of IMC that are denoted by the tabs in the tabular navigation
le
system. Thus the starting points for any navigation in IMC are these tabs and their
ho
breadcrumb counterpart:
w
in
Resource >>
n
tio
User >>
c
du
Service >>
ro
ep
Report >>
R
System >>
.
ly
on
Note
s
IMC online help system also uses breadcrumb trails to support you in
er
d
5 30 Rev. 14.41
BitSpyder - The Culture of Knowledge
Interface themes
d.
te
i bi
oh
pr
is
on
si
is
m
Figure 5-25. Interface themes.
er
tp
You can choose an IMC Web page theme, which is Classic by default. To set the
ou
IMC Web page theme:
ith
w
1. Point to the theme icon ( ) located at the top of the left navigation tree. A list
rt
pa
of predefined and user-defined favorites appears.
in
2. Point to Theme option.
or
le
3. On the menu that appears, select Classic, Midnight, Gun Metal, or Ocean.
ho
Rev. 14.41 5 31
BitSpyder - The Culture of Knowledge
IMC tabs
Tab overview
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
Figure 5-26. Tabs at top of the IMC page.
in
The tabular navigation system includes the six functional areas of IMC:
or
ho
User management
w
in
Service management
n
tio
Report
ro
ep
All IMC features and functions can be found under these tabs.
ly
on
After you log in to IMC, move the pointer over a tab on top of the page, and a list
s
appears, as shown in Figure 5-26. Select the desired function to enter the relevant
er
d
page.
ol
eh
ak
St
&L
C
P
H
5 32 Rev. 14.41
BitSpyder - The Culture of Knowledge
Tab details
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 5-27. Clicking a tab to pull up the navigation window pane on the left.
ith
w
After you log in to IMC, click a tab on top of the page. After the page is refreshed,
rt
pa
select the desired function from the left navigation tree to enter the relevant page,
in
as shown in Figure 5-27.
or
The navigation tree located on the left of every IMC page contains context
le
sensitive options that change as you navigate using the tabular navigation system.
ho
For example, if you click Resource from the tabular navigation system, the
w
navigation tree on the left displays various features and functions under resource
in
management including:
n
tio
View Management
c
du
ro
Resource Management
ep
Terminal Access
R.
ly
Network Assets
on
Performance Management
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 5 33
BitSpyder - The Culture of Knowledge
Resource tab
d.
te
bi
i
oh
pr
is
on
si
is
m
Figure 5-28. Resource tab.
er
tp
The Resource tab on the tabular navigation system displays the Resource
ou
Management page, shown in Figure 5-28.
ith
w
The main Resource page contains real time status views including:
rt
pa
Custom View SnapshotReal time status view for custom views.
in
Snapshot of Lower-Level NMS ViewReal time status view for lower-Level
or
NMS views.
le
ho
Faulty Device ListReal time status view of all devices reporting errors. In
in
addition, the lower portion of the Resource page provides tabs for viewing real
tio
time performance statistics for a subset of devices for the last hour.
c
du
The navigation tree on the left includes the ability to navigate to various real time
ro
ol
organized by IP address.
P
H
5 34 Rev. 14.41
BitSpyder - The Culture of Knowledge
You can also manage perform configuration tasks using the navigation tree
including:
Resource ManagementManages resources within IMC including adding
devices, device auto discovery, batch operations, and device/topology import
and export.
Terminal AccessManages IP addresses including address allocation,
binding, IP address location, discovery and device access.
d.
Network AssetsImplements network asset functions including asset audits
te
bi
and reporting.
i
oh
Virtual Resource ManagementManages the virtual network including
pr
servers, virtual switches, and virtual machines.
is
on
Performance ManagementConfigures real time reports on device
si
performance, including configuration of real time performance status reporting
is
m
on the main Resource page.
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 5 35
BitSpyder - The Culture of Knowledge
User tab
d.
te
bi
i
oh
Figure 5-29. User tab.
pr
is
Users are resources on the network that both use and impact network
on
infrastructure resources. To view and manage network user and their activity, click
si
the User tab, shown in Figure 5-29, located in the upper portion of the IMC
is
m
interface. The views available under the User tab depend on the installation of
er
user management modules (for example, Guest Access Manager and User Access
tp
Manager).
ou
ith
The main User page contains real time status views of user activity including:
w
24-Hour Online HistoryShows the number of secure, insecure, and
rt
unknown users on the network.
pa
in
Realtime Statistical Chart for Online UsersShows a statistical view of the
or
Top10 User Groups by Online CountDisplays the top 10 groups with the
ep
most online users. The groups have been configured by the IMC administrator
R
or operator.
.
ly
on
s
er
users and change their group assignments, search for users, add
ak
Access UserAllows you to manage the access account associated with the
C
platform user.
H
5 36 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 5 37
BitSpyder - The Culture of Knowledge
Service tab
d.
te
bi
i
oh
pr
is
on
si
Figure 5-30. Service tab.
is
m
er
Management of network infrastructure services can be accessed by clicking the
tp
Service tab. The Service page serves as a portal for you to access all of the
ou
service modules that together constitute the IMC system.
ith
w
Security Control Center
rt
pa
Configuration Center in
ACL Management
or
VLAN Management
le
ho
For more information on using the services listed above, refer to the sections of
w
IMC Administration Guide for IMC 7.0 that correspond with these modules.
in
n
MPLS TE
.
ly
VPLS
s
er
d
Traffic Analysis
ol
eh
Icons for the aforementioned service modules appear under the Service tab after a
St
Note
P
UAM and EAD have moved to the User tab starting in IMC 7.0 (once installed).
H
5 38 Rev. 14.41
BitSpyder - The Culture of Knowledge
Alarm tab
d.
te
ibi
oh
pr
is
on
si
Figure 5-31. Alarm tab.
is
m
er
The real time event or fault management features of IMC can be accessed by
tp
clicking the Alarm tab, shown in Figure 5-31, of the tabular navigation system. The
ou
Alarm tab is IMC portal into the reporting of faults on the network infrastructure.
ith
IMC lists real time alarms or faults, sorted by most recent in the main portion of the
w
Alarm page. From this page, you can drill down into individual alarm details by
rt
clicking the Description field of an individual alarm. You can also quickly access
pa
the device in alarm mode by clicking the Alarm Source of an individual alarm. This
in
navigates the operator to Device Details for the device in alarm mode.
or
le
The navigation tree has the following configuration and viewing options:
ho
in
Root AlarmsView, delete, and recover the most recent important alarms
tio
ep
reporting a fault or error.
.
ly
on
The navigation tree also has the following configuration and viewing options:
eh
ak
within IMC.
Syslog ManagementBrowse, filter and configure Syslog events.
Rev. 14.41 5 39
BitSpyder - The Culture of Knowledge
Report tab
d.
te
bi
i
oh
pr
is
on
Figure 5-32. Report tab.
si
Real time and historical reports in IMC can be accessed by clicking the Report
is
m
tab, shown in Figure 5-32, of the tabular navigation system. From the Report tab,
er
tp
you can access real time and historical reports. The main pane in the Report tab
ou
provides a listing of all configured Real Time reports.
ith
From this pane, you can also add quick reports and schedule reports as well
w
as delete reports.
rt
pa
From the navigation tree on the left, you can customize reports, add report
in
templates, and schedule reports.
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
5 40 Rev. 14.41
BitSpyder - The Culture of Knowledge
System tab
Rev. 14.41 5 41
BitSpyder - The Culture of Knowledge
Favorites tab
IMC allows you to customize the IMC Web page theme and add the often-used
functions to My Favorites.
To add a favorite:
1. Click the Add to My Favorites link ( ) located in the upper right corner of
the main pane of most IMC pages.
2. Enter the new name of the favorite link in the Name field.
3. Click OK to confirm adding the link to my favorites.
4. Refresh or reload the page in your Web browser to access the newly created
favorite.
You can also modify, delete, or re-sort your favorites from this tab.
5 42 Rev. 14.41
BitSpyder - The Culture of Knowledge
Display tiling
IMC displays multiple types of data on separate views. For example, it displays
network structures in the network topology and displays device performance data
in performance views. Large projects and conferences usually require an
integrated view to show multiple types of network data together, including
concerned devices, views, alarms, and performance data.
To do that, you can use the display tiling feature of IMC. This feature allows
operators to customize concerned devices, views, alarms, performance data, and
other data in different areas known as "widgets" for a large-screen display.
Note
To obtain the best display effect, install your screen and tune its settings
before you use the display tiling feature.
Rev. 14.41 5 43
BitSpyder - The Culture of Knowledge
The follow sections show you how to configure views and customize widgets for a
view, and describe widgets in details,
Note
Widgets were introduced earlier in the Spaces and widgets section.
5 44 Rev. 14.41
BitSpyder - The Culture of Knowledge
1. Point to the My Shortcut icon located at the top of the left navigation tree.
A list of predefined and user-defined favorites appears.
2. Point to the Display Tiling folder option. The popup list appears.
3. Click the Configuration icon in the popup list.
The view configuration window appears. The window contains the following parts:
PanelThe panel uses a grid layout consisting of cells.
Cells in the first row and first column display the row number and the
column number of the current view, respectively.
The panel is fixed in size, and the cell size changes along with the grid
settings of the view.
A wider and higher view contains more cells and they look smaller on the
panel.
To properly display the view in a big screen, make sure the row and
column numbers of each view do not exceed the maximum solution of the
big screen.
You can drag and drop widgets down to the panel, and then adjust their
positions in the view.
Widget areaThe widget area is located at the top of the window and
displays all widgets loaded for view configuration. By default, the area
contains 17 widgets loaded from the IMC Platform. When other service
components are deployed, more widgets appear in the area.
Rev. 14.41 5 45
BitSpyder - The Culture of Knowledge
5 46 Rev. 14.41
BitSpyder - The Culture of Knowledge
Click Next View to move forward to the next view. If the view is
the last view, the icon is grayed out.
Adding a view
To add a view:
Deleting a view
To delete the current view:
Rev. 14.41 5 47
BitSpyder - The Culture of Knowledge
Managing widgets
You can select the widgets to be loaded for view configuration. By default, the view
configuration view can load 17 widgets from the IMC Platform, 13 of which are for
resource management, 3 of which are for performance management, and 1 of
which is for alarm management.
To manage widgets:
Caution
Save any modifications to the views before you refresh them. Otherwise, you
lose all modifications.
5 48 Rev. 14.41
BitSpyder - The Culture of Knowledge
Displaying a view
The My Shortcut Display Tiling menu provides shortcuts to existing views. After
you select a shortcut from the menu, the view appears in a separate window. In
the view display window, you can modify only the display style, but cannot edit the
view and the widgets it contains. The view display window does not provide any
link to the view configuration window. To enter the view configuration window, you
must use the My Shortcut menu. After that, the view display window is
automatically switched into the view configuration window.
Rev. 14.41 5 49
BitSpyder - The Culture of Knowledge
To display a view:
1. Navigate to the view display window.
a. Point to the icon located at the top of the left navigation tree. A list of
predefined and user-defined favorites appears.
b. Point to the Display Tiling folder option. The popup list appears.
c. Click the view you want to display in the popup list. The popup list
appears.
2. Select a theme for the view display from the drop down list. The default setting
is Black (Default). The theme setting is stored in the cache of the browser and
applies to all views you display on the current server. If you clear the
browser's cache, the theme setting restores to the default next time you enter
a view display window.
3. In addition to the pre-loaded themes, IMC also supports user-defined themes.
To customize a theme:
b. Click Color to the right of the parameter you want to modify, and
then select an RGB color or enter the 6-digit hexadecimal color code in
the window that appears.
4. Click OK.
5 50 Rev. 14.41
BitSpyder - The Culture of Knowledge
IMC administration
IMC management overview
Operator Management offers you powerful control over resources in the network
infrastructure. Sound network infrastructure security policy and practice should
include securing IMC through effective use of the IMC security features and
functions found in Operator Management under the System tab.
Access and management rights to network resources granted to or rescinded from
IMC operators through the use of three features:
Operator Groups
Device Groups
Device Views
It is through the configuration of the operator account itself that these three
features converge to define the specific set of access and management rights and
restrictions for each operator.
Operator groups allow you to grant or restrict access and rights to IMC features
and functions. You can create custom operator groups and grant or restrict
operator access to the following IMC functions:
Resource Manager
Alarm Management
Intelligent Configuration Center
Report Management
Performance Management
Network Asset Management
Security Control Center
Guest Access Management
Rev. 14.41 5 51
BitSpyder - The Culture of Knowledge
ACL Management
VLAN Management
Syslog Management
NE Management
VRM Management
Once groups are created, you can add operators to an operator group to grant or
restrict their access to these IMC features.
Custom views allow you to grant or restrict access to devices by creating custom
views. Custom Views serve two purposes:
To grant or restrict access and management rights to a set of devices.
To provide operators with a logical view of devices for quick and efficient
access to managed devices.
You create custom views that group devices logically. These views become
available through the Resource tab to operators when they have been granted
rights to them. You then grant or restrict operator access to one or more custom
views when configuring individual operator accounts.
Device groups give you a layer of refinement for granting or restricting operator
access and rights to devices managed by IMC. While Device Views allow you to
group devices logically, device groups enable you to group devices by device type
or by any other logical grouping. You can create custom groups and add one or
more devices to a group. Once device groups are created, you can assign
operators to a device group, thus granting them access and rights to manage the
devices in that group. Operators have access only to those devices that are
included in the device groups that they have been granted rights to. In other
words, operators do not have access and cannot even view devices that are not
included in the groups that they have been granted access to. Device Groups
serve to grant access to devices only; they are not visible as device groups in IMC
features and functions.
You are then ready to assign or restrict access and management rights to network
resources through the configuration of operator accounts, once you have created:
Operator groups
Custom views
Device groups
Populated device views and groups with devices
In operator accounts, you assign to each operator membership in an operator
group and access and management rights to device views and groups. Adding an
operator to the Administrator Group grants that operator rights to all devices, all
device groups and all views, without exception. Thus, to use views and device
groups to manage rights and restrictions to IMC, you must add operators to either
the maintainer or the viewer group.
The sum of operator privileges and restrictions configured in add or modify
operator account pages determines ultimately what devices become visible to
each operator in IMC through custom views or IMC system defined views.
5 52 Rev. 14.41
BitSpyder - The Culture of Knowledge
The rights and restrictions in operator accounts also determine which performance
reports, alarms, and other IMC management and reporting views and features
operators see as operators only view information and features for devices over
which they have rights.
In addition to access and rights management features discussed above, IMC
offers other features to secure access to IMC and the resources managed by it.
You have three options for operator authentication to IMC:
Local IMC password management
RADIUS
LDAP authentication
You can configure authentication services through RADIUS or LDAP using the
Authentication Server feature found under Operator Management. You can control
login access to IMC through IP address access control lists in the Login Control
Template function under Operator Management. You can also set password
strategies that apply to all operators in the Password Strategy function under
Operator Management.
Finally, IMC you apply these configurations individually when creating operator
accounts.
Rev. 14.41 5 53
BitSpyder - The Culture of Knowledge
Operator groups
In IMC, you can create custom defined operator groups that assign or restrict IMC
service and component level privileges to members of the operator groups. Once
created, custom groups then appear as configuration options when adding
operators to IMC.
Once groups are created, you can add operators to an operator group to grant or
restrict their access to these IMC features. You can create custom operator groups
and grant or restrict operator access to the following IMC functions:
Resource Management
Alarm Management
Intelligent Configuration Center
Report Management
Performance Management
Network Asset Management
Security Control Center
Guest Access Management
ACL Management
VLAN Management
Syslog Management
In IMC, administrators are granted the access to all data by default, and the
maintainers and viewers can view only the data that they have access to. Through
the data access right configuration, you can view all data that the administrators
have access to, and you can view the data access rights of maintainers and
viewers.
Securing IMC begins with defining and implementing operator groups that map the
roles and responsibilities of individuals and groups within the organization to the
services and components within IMC.
5 54 Rev. 14.41
BitSpyder - The Culture of Knowledge
Once you have identified the various groups within your support organization and
their roles and responsibilities and how they map to IMC services and
components, you are ready to begin creating operator groups.
Rev. 14.41 5 55
BitSpyder - The Culture of Knowledge
IMC features and functions and devices, users, and services managed by
IMC to all operators that are members of this group.
ViewerOperators who are assigned to the Viewer group and have a
Viewer privilege level have read-only access devices, users, and services
within the groups and views assigned to its Viewer Group. Select this
option to grant read-only access to IMC features and managed resources
to all operators of this group.
5. Enter a description for the operator group in the Description field.
6. Click the Expand ALL icon to view all Operator Privileges. This step grants or
restricts access to IMC features for the Operator Group.
7. Deselect any privileges you want to revoke for this operator group by clicking
the checked box to remove the check mark.
8. Click OK to create the Operator Group.
You cannot modify the name of an operator group once it has been created.
5 56 Rev. 14.41
BitSpyder - The Culture of Knowledge
Rev. 14.41 5 57
BitSpyder - The Culture of Knowledge
The individual operator account is where all of the features you have used to grant
or restrict access to operator accounts converge. These features include the
creation of operator groups, custom views, and device groups. Once these are
created, you can grant or restrict access and management rights to network
resources using them when they configure individual operator accounts.
With operator accounts, you assign to each operator membership in an operator
group and access and management rights to device views and groups.
Adding an operator to the administrator group grants that operator rights to all
devices, all device groups and all views, without exception.
To use views and device groups to manage rights and restrictions to IMC, you
must add operators to either the maintainer or the viewer group.
The sum of operator privileges and restrictions configured in add or modify
operator account pages determines what devices become visible to each operator
in IMC through custom device views or IMC system defined views.
Operators only view information and features for devices over which they have
rights. The rights and restrictions in operator accounts determine which
performance reports, alarms, and other IMC management and reporting views and
features operators see.
You are ready to begin creating individual operator accounts, once you:
Have created the operator groups that grant or restrict access to IMC features
that match the IMC access requirements of your support organization;
Know which operators need rights to manage which network resources, users
and services;
Have created the device groups and Level 1 custom views as needed.
5 58 Rev. 14.41
BitSpyder - The Culture of Knowledge
Rev. 14.41 5 59
BitSpyder - The Culture of Knowledge
Note
When assigning an operator to the Administrator Group only, you are assigning
that operator all IMC privileges to all services within IMC and to all devices
groups and views. This does not apply when creating operators that belong to
the Maintainer or Viewer group as rights to views and groups can be assigned
in the individual operator account.
13. Enter a brief description for this operator in the Description field.
14. Select the Default Access Control Strategy you want to apply to this operator
by clicking the appropriate radio button.
15. If you want to apply a login control template or rule to this operator, click Add.
16. If you have already created a login control template, click the radio button to
the left of Select from Existing Templates.
17. Select the login control template you wish to apply to this operator by clicking
the radio button to the left of the Login Control Name you want to select.
18. Click OK.
19. If you have not already created a login control template, click the radio button
to the left of Manually Add to add an access control rule.
20. Enter the following information in the Add Access Control Rule dialog box:
a. Start IPEnter the first IP address in address range you want to permit
or deny access to in the field. If you are entering a single IP address,
enter the same address in the Start IP and the End IP address fields.
b. End IPEnter the last IP address in address range you want to permit or
deny access to in the field. If you are entering a single IP address, enter
the same address in the Start IP and the End IP address fields.
c. ActionSelect the action you want to implement for this IP address or IP
address range, Permit or Deny from the list.
d. DescriptionEnter a description for this login control template in the
field provided.
21. Click OK to complete the Login Control List configuration. If you enter more
than one login control into the Login Control List for an operator, the Web
page updates to include a Change Priority field. This field allows you to define
the order or priority for execution of login control list entries. Entries at the top
of the list are treated with a higher priority than those below it.
22. To move a login control entry up or down in priority, do one of the following:
To move it down, click the down arrow associated with that entry.
23. Click OK to accept the operator configuration.
24. You cannot change the logging name once you create the operator account.
5 60 Rev. 14.41
BitSpyder - The Culture of Knowledge
Rev. 14.41 5 61
BitSpyder - The Culture of Knowledge
During this lab your group will apply the concepts learned in this module.
Consult your Lab Activity Guide for instructions for performing this activity.
5 62 Rev. 14.41
BitSpyder - The Culture of Knowledge
Lab Activity 5 will focus on installing and preparing IMC on a local server with a
remote database (Microsoft SQL Server). This lab is required in order to perform
the following labs in this course.
Important
! With some Learning Partners, the IMC base and add-on module might have
been pre-installed for you. Likewise, the switches might be pre-configured for
you. Ask your instructor if any of these are true, and if so, which Tasks you can
skip in the IMC Essentials lab book.
Rev. 14.41 5 63
BitSpyder - The Culture of Knowledge
5 64 Rev. 14.41
BitSpyder - The Culture of Knowledge
Objectives
This module introduces adding devices to your IMC installation. Once youve
installed and initially set up your management access for IMC, you are ready to
automatically have IMC discover (or manually add) the devices in your network.
Youll learn how you can greatly simplify this process by using SMMP, telnet,
and/or SSH device management templates. Once youve added your devices,
youll learn how device groups can make it easier to managing large groups of
devices. Lastly, youll learn how to verify the device import process. Youll then
configure these topics in the Lab Activity.
Here are the topics covered in this module:
Prepare HP ProVision, HP Comware, and Cisco IOS switches for IMC
management
Create SNMP, telnet, and SSH device management templates
Discover networking devices
Using device groups to manage devices
Verify your initial device discovery
Rev. 14.41 6 1
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 6-1. Basic device configuration requirements.
rt
pa
IMC is primarily an SNMP-based management product, with support for remote
in
CLI access via telnet and/or SSH for items that cannot be performed via SNMP.
or
Therefore, for IMC to initially access the devices for remote management, youll
le
Define the authentication mode and privilege level for the VTYs
c
du
On a ProVision switch, you only need to define the SNMP settings: remember that
ro
necessary.
.R
ly
Note
on
In most cases, to quickly discover and import the devices into IMC, youll use
s
er
is simple on any networking device, but not secure. Obviously you will change
ol
eh
this after youve imported the device into IMC by using IMC itself to make the
ak
changes: like disabling telnet and enabling SSH, or changing from SNMPv2c
St
to SNMPv3. Youll have IMC push these kinds of changes to the networking
devices.
&L
C
Each vendor beyond that will have its own requirements for SSH/telnet/SNMP
P
H
access. The third bullet point in Figure 6-1 gives an example of the requirements
for a Cisco IOS switch. The following pages will discuss the actual configuration
commands performed on each device.
6 2 Rev. 14.41
BitSpyder - The Culture of Knowledge
SNMPv3 uses an authentication and privacy security model. On the NMS, the user
needs to specify the username and security level, and based on that level,
configure the authentication mode, authentication password, privacy mode, and
privacy password. In addition, the timeout time and number of retries should also
be configured. The user can inquire and configure the device through the NMS.
The steps for configuring SNMPv3 on Comware are:
1) Setup an SNMPv3 Group
d.
te
2) Setup an SNMPv3 User
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 3
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
Figure 6-2. Basic HP switch configurations.
is
m
er
Minimally, Comware switches require that you enable telnet or SSH as well as
tp
setting up the VTYs. ProVision switches are simpler: telnet is already enabled and
ou
no passwords are required. Notice how simple the configuration is. Obviously this
ith
configuration is not secure; however, the goal in using a network management tool
w
like IMC is make the device import process as simple and quick as possible. You
rt
pa
would then use IMC to change the security settings, like converting the SNMP
configuration from SNMPv2c to SNMPv3 and telnet to SSH.
in
or
Community strings are passwords that are applied to a Comware device to restrict
le
access (both read-only and read-write access) to the SNMP data on the device.
ho
ensure they are not trivial. Community strings should be changed at regular
in
intervals and in accordance with network security policies. For example, the strings
n
tio
company.
du
ro
#
ly
on
Note that the preceding community string examples have been chosen to clearly
eh
explain the use of these strings. For production environments, community strings
ak
The following sections will discuss how to set up SSH and SNMPv3 on Comware
switches.
6 4 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
[Comware-ui-aux0] authentication-mode scheme
te
bi
[Comware-ui-aux0] quit
i
oh
[Comware] local-user <user-name>
pr
[Comware-luser-<user>] password cipher <password>
is
on
[Comware-luser-<user>] service-type {terminal | telnet | ssh}
si
is
[Comware-luser-<user>] authorization-attribute level {0-3}
m
er
[Comware-luser-testuser] quit
tp
The cipher parameter in the password command encrypts the administrators
ou
password. The service-type command can be used to restrict the access
ith
services allowed. terminal refers to console or auxiliary port access. The
w
rt
authorization-attribute command assigns the privilege level to the user,
from visitor (0) to manager (3). pa
in
Heres an example of defining a user called testuser with a password of 12345678
or
[Comware-ui-aux0] quit
c
du
[Comware-luser-testuser] quit
R.
ly
[authentication | privacy ]
d
ol
eh
[notify-view <notify-view>]
St
[acl <acl-list>]
&L
C
Rev. 14.41 6 5
BitSpyder - The Culture of Knowledge
d.
te
authentication only (without privacy): HMAC without encryption.
bi
i
oh
privacy: Specifies the security model of the SNMP group to be
pr
authentication and privacy: HMAC and encryption.
is
read-view: Read view, a string of 1 to 32 characters. The default read view
on
is ViewDefault. Read View controls what MIB objects a group can view. By
si
is
default the group can view all MIB objects. Configuring Read View is beyond
m
the scope of this course.
er
tp
write-view: Write view, a string of 1 to 32 characters. By default, no Write
ou
View is configured. The NMS cannot perform write operations to any MIB
ith
objects on the device. Configuring Write View is beyond the scope of this
w
course.
rt
pa
notify-view: Notify View, for sending traps, a string of 1 to 32 characters.
in
By default, no notify view is configured. The device does not send traps to the
or
acl: Associates a basic ACL with the group. <acl-number> is in the range
w
2000 to 2999. By using a basic ACL, you can restrict the source IP address of
in
SNMP packets, that is, you can configure to allow or prohibit SNMP packets
n
The user name configured by using this command is applicable to the SNMPv3
eh
networking environments, if the agent and the NMS use SNMPv3 packets to
ak
6 6 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
which is a string of 1 to 64 visible characters. If the cipher keyword is
te
specified, auth-password indicates a cipher text password of 32 or 40
ibi
oh
hexadecimal characters.
pr
If the md5 keyword is specified, auth-password is a string of 32
is
hexadecimal characters.
on
si
If the sha keyword is specified, auth-password is a string of 40
is
hexadecimal characters.
m
er
See additional notes below to determine the cipher text password.
tp
ou
privacy-mode: Specifies the security model to be privacy. The three
ith
encryption algorithms AES, 3DES, and DES are in descending order in terms
w
of security. Higher security means more complex implementation mechanism
rt
pa
and lower speed. DES is enough to meet general requirements.
in
3des: Specifies the privacy protocol as 3DES.
or
le
characters.
R
ly
on
hexadecimal characters;
s
hexadecimal characters;
ol
eh
hexadecimal characters.
St
acl: Associates a basic ACL with the user. acl-number is in the range 2000 to
P
2999. By using a basic ACL, you can restrict the source IP address of SNMP
H
packets, that is, you can configure to allow or prohibit SNMP packets with a
specific source IP address, so as to allow or prohibit the specified NMS to
access the agent by using this user name.
Rev. 14.41 6 7
BitSpyder - The Culture of Knowledge
d.
password. If the SNMP engine IDs of two devices are the same, you can
te
bi
copy and paste the SNMPv3 configuration commands from the configuration
i
oh
file on device A to device B. The cipher text password and plain text password
pr
on the two devices will be the same.
is
If you do not specify the cipher keyword, the system considers the
on
arguments auth-password and priv-password as plain text passwords. In this
si
is
case, the passwords will be transmitted in clear text.
m
er
To Determine the Cipher Text Password - When using the SNMPv3 User
tp
Configuration Command with the cipher keyword you can get the cipher of
ou
the plain text password using the command:
ith
w
snmp-agent calculate-password <passphrase> mode
rt
<privacy-mode> <engine id>
pa
When running this command make sure to use the same:
in
or
command
ho
w
A plain text password is required when the NMS accesses the device;
n
tio
therefore, please remember the user name and the plain text password used
c
# Add a user testUser to the SNMPv3 group testGroup. Configure the security model as
d
ol
Here is an example SNMPv3 configuration for Comware that uses both encryption
and HMAC protection:
# Add a user testUser to the SNMPv3 group testGroup. Configure the security model as
authentication and privacy, the authentication protocol as MD5, the privacy
protocol as DES56, the plain-text authentication password as authkey, and
the plain-text privacy password as prikey.
Step 1 Setup an SNMPv3 Group
d.
[Sysname] snmp-agent group v3 testGroup privacy
te
bi
Step 2 Setup an SNMPv3 User
i
oh
[Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey
pr
privacy-mode des56 prikey
is
on
Here is an explanation to this configuration:
si
Sets the SNMP version on the NMS to SNMPv3
is
m
er
Defines the user name as testUser
tp
Sets the authentication protocol to MD5
ou
ith
Sets the authentication password to authkey
w
Sets the privacy (encryption) protocol to DES
rt
pa
Sets the privacy password (encryption key) to prikey
in
or
le
The following sections will discuss how to set up SSH and SNMPv3 on ProVision
in
switches.
n
c tio
du
paths between the switch and management station clients capable of SSH
on
operation.
s
er
SSH provides Telnet-like functions but, unlike Telnet, SSH provides encrypted,
d
ol
This option uses one or more public keys (from clients) that must be stored on the
C
switch. Only a client with a private key that matches a stored public key can gain
P
H
access to the switch. (The same private key can be stored on one or more clients.)
Important
! At a minimum, HP recommends that you always assign at least a Manager
password to the switch. Otherwise, under some circumstances, anyone with
Telnet, web, or serial port access could modify the switchs configuration.
Rev. 14.41 6 9
BitSpyder - The Culture of Knowledge
d.
te
to the switch. The key sizes supported are 512, 768, and 1,024 bits in length.
bi
i
oh
The host key pair is stored in the switchs flash memory, and only the public key in
pr
this pair is readable. When you generate a host key pair on the switch, the switch
places the key pair in flash memory (and not in the running-config file). Also, the
is
on
switch maintains the key pair across reboots, including power cycles. You should
si
consider this key pair to be "permanent"; that is, avoid re-generating the key pair
is
without a compelling reason. Otherwise, you will have to re-introduce the switchs
m
er
public key on all management stations you have set up for SSH access to the
tp
switch using the earlier pair.
ou
Removing (zeroing) the switchs public/private key pair renders the switch unable
ith
to engage in SSH operation and automatically disables IP SSH on the switch. (To
w
verify whether SSH is enabled, execute show ip ssh.) However, any active SSH
rt
pa
sessions will continue to run, unless explicitly terminated with the CLI kill
in
<session-number> command (the session number is displayed in the output of
or
The ip ssh command enables or disables SSH on the switch and modifies
w
parameters the switch uses for transactions with clients. After you enable SSH, the
in
ProVision(config)# no telnet-server
er
d
The default authentication on ProVision switches allow you to set a password for
ol
eh
the operator and manager user types. Here are the commands to configure the
ak
passwords:
St
6 10 Rev. 14.41
BitSpyder - The Culture of Knowledge
Once you have set the passwords, you can test them by logging into the switch,
like this:
Password: <password>
ProVision> enable
Password: <password>
ProVision#
d.
You can also set up SSH authentication using AAA, where IMC can perform the
te
AAA server function (the configuration of this is beyond the scope of this course).
ibi
oh
pr
Enabling SNMPv3 on ProVision switches
is
on
To enable SMNPv3 operation on the switch, use the following command:
si
is
ProVision(config)# snmpv3 enable
m
er
You may (optionally) restrict access to only SNMPv3 agents by using this
tp
command:
ou
ProVision(config)# snmpv3 only
ith
w
To restrict write-access to only SNMPv3 agents, use this command:
rt
ProVision(config)# snmpv3 restricted-access
pa
in
Note
or
le
The show snmpv3 enable command displays the operating status of SNMPv3
c
du
and the show snmpv3 only displays the status of message reception of non-
ro
SNMPv3 usernames and passwords define the type of protection used for a
d
ol
Authorization and privacy (encryption) are optional, but to use privacy, you must
H
use authorization. When you delete a user, only the <username> is required. With
authorization, you can set either MD5 or SHA authentication. The authentication
password <auth-pass> must be 632 characters in length and is mandatory when
you configure authentication.
Rev. 14.41 6 11
BitSpyder - The Culture of Knowledge
With privacy, the switch supports DES (56-bit) and AES (128-bit) encryption. The
privacy password <priv-pwd> must be 632 characters in length and is mandatory
when you configure privacy. If you dont configure privacy, it defaults to DES.
Heres a configuration example:
ProVision(config)# snmpv3 user Miriam auth sha securepassword
priv aes securepassword
d.
To display the management stations configured to access the switch with SNMPv3
te
and view the authentication and privacy protocols that each station uses, enter the
bi
show snmpv3 user command.
i
oh
pr
is
Configure an SNMPv3 group on ProVision
on
si
An SNMPv3 group associates an SNMPv3 user to the SNMPv3 implementation it
is
m
uses and the restrictions applied to the user account. The syntax command is as
er
follows:
tp
ProVision(config)# snmpv3 group <group-name> user <username>
ou
ith
secmodel {ver1 | ver2c | ver3}
w
Group names for SNMPv3 users include:
rt
managerpriv pa
in
or
managerauth
le
operatorauth
ho
w
operatornoauth
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 12 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
Figure 6-4. Basic Cisco IOS switch configuration.
pr
is
The above demonstrates a minimal configuration for a Cisco IOS device (switch or
on
router). The discussion of syntax commands is beyond the scope of this book.
si
is
Please note that other vendors syntax for a basic SNMP and telnet setup will
m
differ.
er
tp
ou
Secure SSH access for Cisco IOS
ith
w
Heres a basic configuration for SSH Access on a Cisco IOS device:
rt
Router(config)# username <username> privilege 15 pa
in
secret 0 <password>
or
le
Router(config-line)# exit
ro
SSH to secure CLI access to a router. SSHv1 was supported in 12.1(3)T and
s
er
SSHv2 in 12.3(4)T. You need an IPSec image to support SSH since SSH requires
d
encryption keys to perform encryption. However, before you can create your
ol
eh
encryption keys, you must first assign a host and domain name to your router
ak
otherwise, youll get an error message. The crypto key generate rsa
St
command creates your keys. If you omit the modulus, youll be prompted for it.
&L
C
P
H
Rev. 14.41 6 13
BitSpyder - The Culture of Knowledge
d.
te
[write write_view] [notify notify_view]
bi
i
oh
[access-list ACL_ID]
pr
Router(config)# snmp-server user user_name group_name
is
{v1 | v2c | v3}
on
si
[auth {md5 | sha} auth_password] [priv {des |
is
m
3des | aes {128 | 192 | 256}} encr_password]
er
tp
[access ACL_ID]
ou
Router(config)# snmp-server host host_name_or_IP [traps | informs]
ith
[version {1 | 2c | 3} [auth user_name]
w
rt
Router(config)# snmp-server traps enable
pa
An explanation of the syntax is beyond the scope of this course.
in
or
The above shows an example for setting up SNMPv3. In this example, an SNMP
s
view was created that includes the "interfaces" MIB/OID.An SNMP group for v3
er
d
was created, limiting the view to read-access. The group references the view and
ol
the ACL to restrict SNMPv3 access. The SNMP user specifies the access
eh
credentials (protection) and references the group to use. The SNMP server is
ak
defined with traps being sent to the server and the SNMP user configuration is
St
referenced so the router knows the access method to enforce. Last, SNMP traps
&L
are enabled so the router can send events to the SNMP management station.
C
P
H
6 14 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
Figure 6-5. SNMP management templates.
in
Device resource templates enable you to save SNMP, Telnet, SSH, SOAP/HTTP,
or
PowerShell, and WMI configuration settings that IMC uses to access network
le
ho
devices. You can apply these templates when adding devices to IMC, performing
w
IMC uses SNMP to query and manage remote network devices. The SNMP
c
template feature allows you to save SNMP configuration settings in IMC, which
du
can then be applied when adding new devices to IMC. SNMP templates store IMC
ro
SNMP configurations for devices to support IMC communication with the device.
ep
SNMP Templates do not configure the SNMP settings on the device itself.
R .
ly
This feature is particularly useful for organizations that use a variety of SNMP
on
To view the SNMP template list, navigate to System > SNMP Template:
&L
1. Click the System tab from the tabular navigation system on the top.
C
2.
H
3. Click the SNMP Template icon ( ) under Resource Management from the
navigation system on the left.
IMC displays all SNMP templates in the SNMP Template List displayed in the main
pane of the System SNMP Template window.
Rev. 14.41 6 15
BitSpyder - The Culture of Knowledge
d.
c.
te
navigation system on the left. IMC displays all SNMP template entries in
bi
the SNMP Template List displayed in the main pane of the System SNMP
i
oh
Template window.
pr
Click Add.
is
2.
on
3. Enter the following information in the Add SNMP Template page.
si
is
4. Enter a unique name for the SNMP template name in the Name field. You
m
er
cannot modify the name of a template once the template has been created. To
tp
modify the name, you must first delete the template and then recreate it with
ou
the new name.
ith
5. Select the version of SNMP that is configured for use on the managed devices
w
from the Parameter Type list.
rt
6. Select SNMPv1, SNMPv2c, SNMPv3 and so on. pa
in
or
configuration settings for each managed device must match the SNMP
tio
9. Enter the SNMP timeout value (160 seconds) in the Timeout field. This
ep
parameter determines how long IMC waits for an SNMP reply from the
R
managed device before declaring that the request has timed out.
.
ly
on
10. Enter the number of SNMP retries (120) in the Retries field. The retries
s
parameter defines how many times the management system (IMC) sends
er
d
6 16 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
c.
te
navigation system on the left. IMC displays all SNMP template entries in
bi
the SNMP Template List displayed in the main pane of the System SNMP
i
oh
Template window.
pr
Click Add.
is
2.
on
3. Enter the following information in the Add SNMP Template page.
si
is
4. Enter a unique name for the SNMP template name in the Name field.
m
er
5. Select the SNMPv3 type that matches the version of SNMP configured on the
tp
devices to be managed by this template from the Parameter Type list, shown
ou
in Figure 6-5.
ith
w
6. Enter the username that is configured on the managed devices in the
rt
Username field.
pa
in
7. If prompted, enter the authentication password that is configured on the
or
9. Enter the SNMP timeout value in the Timeout field. Valid range is 160
n
tio
seconds. The timeout parameter defines how long the system waits for the
c
device to respond to SNMP requests before reporting that the request has
du
timed out.
ro
ep
10. Enter the SNMP retries value in the Retries field. Valid range is 120. The
R
retries parameter defines how many times the management system (IMC)
.
ly
The default is 3.
s
er
Rev. 14.41 6 17
BitSpyder - The Culture of Knowledge
The SNMP templates you have created now appear as configuration options when
adding devices to IMC by auto discovery, by batch mode or by adding devices
individually.
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Figure 6-5. SNMPv3 parameters for templates.
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 18 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 6-6. Telnet management templates.
ou
ith
IMC uses Telnet to provide you with remote access to managed devices. IMC also
w
uses Telnet for certain network resource management functions.
rt
pa
The Telnet template feature allows you to save Telnet configuration settings in
in
IMC, which can then be applied when adding new devices to IMC, performing an
or
store IMC Telnet configurations for devices to support IMC communication with the
ho
device. Telnet templates do not configure the Telnet settings on the device itself.
w
in
To view the Telnet template list, navigate to System > Telnet Template.
du
ro
1. Click the System tab from the tabular navigation system on the top.
ep
2.
.
ly
IMC displays all Telnet templates in the Telnet Template List displayed in the main
ol
2. Click Add.
3. Enter the following information in the Add Telnet Template page.
4. Enter a unique name for the Telnet template in the Name field. You cannot
modify the name of a template once the template has been created. To modify
the name, you must first delete the template and then recreate it with a new
name.
5. Select the mode to match the telnet authentication mode configured on the
d.
te
managed devices from the Authentication Mode list. Options include:
bi
Password
i
oh
pr
Username + Password
is
on
Super Password
si
Password + Super Password
is
m
er
Username + Password + Super Password
tp
ou
No Username + No Password
ith
Username + No Password
w
rt
pa
6. If prompted, enter the username that is configured on managed devices in the
Username field.
in
or
9. Enter the Telnet timeout value in the Timeout field. Valid range is 160
c
seconds. The timeout parameter defines how long the system waits for the
du
The Telnet templates you have added now appear as configuration options when
ly
on
The Telnet configuration settings in IMC must match the Telnet settings configured
er
d
managed devices, refer your vendors documentation. The Telnet templates also
eh
6 20 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 6-7. SSH management template.
ith
IMC uses SSH to enable secure remote access to managed devices. IMC also
w
uses SSH for certain network resource management functions. The SSH template
rt
pa
feature allows you to save SSH configuration settings in IMC, which can then be
in
applied when adding new devices to IMC, performing an auto discovery, or
or
configuring devices in individual or batch mode. SSH templates store IMC SSH
le
configurations for devices to support IMC communication with the device. SSH
ho
To view the SSH template list, navigate to System > SSH Template.
ro
Click the System tab from the tabular navigation system on the top.
ep
1.
R
3. Click the SSH Template icon ( ) under Resource Management from the
s
IMC displays all SSH templates in the SSH Template List displayed in the main
eh
Rev. 14.41 6 21
BitSpyder - The Culture of Knowledge
d.
c.
te
navigation system on the left. IMC displays all SSH templates in the SSH
bi
Template List displayed in the main pane of the System >SSH Template
i
oh
window.
pr
Click Add.
is
2.
on
3. Enter the following information in the Add SSH Template page.
si
is
4. Enter a unique name for the SSH template name in the Name field. You
m
er
cannot modify the name of a template once the template has been created. To
tp
modify the name, you must first delete the template and then recreate it with a
ou
new name.
ith
5. Select the mode that matches the SSH configuration mode configured on the
w
managed devices from the Authentication Mode list. Authentication mode
rt
options include:
pa
in
Password
or
le
Private Key
ho
6. Enter the username that is configured on managed devices in the User Name
.
field.
ly
on
Password field. If prompted, enter the path and filename of the private key file
d
that contains the key that enables login in the Private Key File field. If
ol
eh
prompted, enter the private key password for the private key file in the Private
ak
Key Password field. If prompted, enter the super password that is configured
St
8. Enter the TCP port for SSH configured on managed devices in the Port field.
C
9. Enter the SSH timeout value in the Timeout field. Valid range is 1120
seconds. The timeout parameter defines how long the system waits for the
device to respond in seconds before declaring that the response has timed
out. The default setting is 10 seconds.
6 22 Rev. 14.41
BitSpyder - The Culture of Knowledge
10. Enter the number of SSH retries in the Retries field. Valid range is 15. The
retries parameter defines how many times the management system (IMC)
sends SSH retries in an attempt to communicate with the managed device
before reporting a failure. The default setting is 3.
11. Click OK.
The SSH templates you have added now appear as options when configuring
devices individually or in batch mode. The SSH configuration settings in IMC must
d.
match the SSH settings configured on the managed devices. For information on
te
configuring SSH settings on the managed devices, refer your vendors
ibi
documentation. The SSH templates also appear as configuration options when
oh
adding devices to IMC by auto discovery, by batch mode or by adding devices
pr
individually.
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 23
BitSpyder - The Culture of Knowledge
Adding devices
The Resource tab provides you with a portal for the device monitoring and
management features of IMC. From this portal, you can view and manage network
resources including devices and IP addresses.
IMC offers you a variety of options for viewing and managing devices through
views that organize by:
d.
Device type (Device View)
te
bi
IP address (IP View)
oh
pr
Topology (Network Topology)
is
The operators own organization of devices using Custom Views.
on
si
Each of these views offers the ability to manage multiple devices from the device
is
lists on these pages. In addition, each view offers drill down capabilities to the
m
er
Device Details page, which includes a multitude of monitoring and management
tp
features for the selected device. From the Device Details page, you can
ou
synchronize, refresh, manage or unmanage, or delete a device.
ith
From this view, devices can be accessed remotely through Telnet, SSH, the
w
Device Panel, or Web Manager. You can also ping or traceroute to a device from
rt
the Device Details page that is accessed from all views.
pa
in
In addition, you can configure devices. Configuration options include modifying a
or
device label, system group attributes, SSH and Telnet settings, polling intervals,
le
ping and Web Manager parameters. You can add or cancel performance
ho
w
From IMC, you can also manage devices including resetting or rebooting a device
n
tio
address binding, view hardware, OSPF, and IPv6 information and view and
du
In addition, you can view protocol information for routers and switches, view and
R
modify VLAN, RMON, and Spanning tree information on switches and IGMP
.
ly
You can also view and manage interfaces on devices from IMC. Interface
s
er
ak
Synchronizing
St
Loopback testing and adding ports to and removing ports from VLANs
P
H
IMC also offers you the ability to manage multiple devices from views and in batch
mode. From views, you can add, remove, delete, manage, unmanage,
synchronize, and refresh devices. You can configure SNMP, SSH, and Telnet
settings as well as check these settings on multiple devices.
You can also configure polling intervals, save configurations, reboot devices,
backup configurations, and deploy software for multiple devices.
6 24 Rev. 14.41
BitSpyder - The Culture of Knowledge
Using batch mode, you can configure SNMP, Telnet, and SSH settings, polling
intervals and modify login types. You can also check settings in batch mode for
SNMP, Telnet, and SSH. You can save device configurations, reboot devices,
check and configure management status on interfaces, implement PoE, configure
trap destinations, Spanning Tree on switches and interfaces and configure LACP
on switches.
You can also track the usage of and allocate IP addresses in IMC, bind IP
addresses to MAC address, and bind MAC addresses to interfaces. You can
d.
te
search IMC in real time and historically for locations of IP addresses to pinpoint the
bi
location of a user/device. You can track network assets, and perform and configure
i
oh
asset auditing.
pr
The most basic network resource management task is to add a device. IMC offers
is
you several methods for adding devices in IMC:
on
si
Add devices manually.
is
m
One or more devices can be added through auto discovery.
er
tp
Devices can be added by importing the device data directly into IMC.
ou
ith
When you add a device, either manually, by import, or through auto discovery, IMC
w
by default sets their status as managed. Managed devices consume node licenses
rt
in IMC and a warning dialog box appears. For a current license count, click the
About link in the upper right corner of IMC. pa
in
or
le
Auto-discovery: basic
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
Auto discovering in IMC allows you to search the network and add all found
devices to IMC using two methods: basic and advanced. With the basic auto
discovery method, you provide a start and end IP address that directs the
discovery process. In addition, you provide SNMP and Telnet settings that support
the addition of devices for these protocols. You have the option to run basic and
advanced discoveries immediately or at a scheduled date and time. You can save
simple auto discoveries as plans and manage the plans in a plan list, including
viewing plan details and auto discovery results and modifying or deleting plans.
Rev. 14.41 6 25
BitSpyder - The Culture of Knowledge
The device to be added must be configured to support the access or login type
selected here. HP recommends configuring default monitor indexes before
performing an auto discovery. Monitor indexes gather the metrics that IMC uses to
measure performance of managed devices. Monitor indexes are also used to
generate alarms when they exceed configured thresholds. By configuring the
default monitor indexes first, IMC applies them to devices found in the discovery
process.
To add devices to IMC using the basic auto discovery method:
d.
te
1. Navigate to Resource > Auto Discovery:
bi
i
oh
a. Click the Resource tab from the tabular navigation system on the top.
pr
b. Click Resource Management on the navigation tree on the left.
is
on
c. Click Auto Discovery under Resource Management from the navigation
si
system on the left.
is
m
2. Confirm that you are in Basic mode. The main section of the page title should
er
tp
read Auto Discovery (Basic).
ou
3. If the dialog box does not have this title and your breadcrumb trail is Resource
ith
> Auto Discovery (Advanced), then click the Go to Basic icon to navigate to
w
the Auto Discovery (Basic) page. Go to Basic can be found in the far right
rt
pa
corner of the Auto Discovery page. in
4. Enter the first IP address of the IP address range you want to search devices
or
5. Enter the last IP address of the IP address range you want to search devices
w
b. Click Browse to browse your local directories for the file. Text files no
R
greater than 5M are supported. Separate the start and end IP addresses
.
ly
8. If you want to receive SNMP traps from the discovered devices that support
St
SNMP trap generation, verify that the checkbox to the left of Automatically
&L
Important
P
!
H
9. Enter the SNMP v1 read community string in the SNMP Read Community
string field.
6 26 Rev. 14.41
BitSpyder - The Culture of Knowledge
10. Enter the SNMP v1 write community string in the SNMP Write Community
string field. The SNMP read and write community string configuration you
enter here must match the SNMP configuration settings on the devices to be
discovered and managed. Refer to each vendors manual for information on
setting the SNMP configuration parameters for each device type. In the basic
auto discovery mode, only SNMP v1 is supported.
11. Select the Telnet authentication mode that corresponds with the Telnet
authentication mode configured on the managed devices from the Telnet
d.
te
Authentication Mode list.
ibi
12. Do the following:
oh
pr
a. Telnet UsernameEnter the username configured on managed devices
is
in the Telnet Username field, if prompted.
on
b. Telnet PasswordEnter the password configured on the managed
si
is
devices in the Telnet Password field, if prompted.
m
er
c. Telnet Super PasswordEnter the super password configured on the
tp
managed devices for the Telnet Super Password, if prompted.
ou
ith
13. If you want IMC to perform scheduled auto discoveries, select the frequency
w
with which you want IMC to perform scheduled auto discoveries from the
rt
Schedule list. Options include Never, Hour, Day, Week, and Month.
pa
14. Select Never if you want IMC to perform the auto discovery immediately rather
in
than on a scheduled basis. IMC runs the auto discovery when you have
or
15. If you choose to schedule an auto discovery for hour, you only need to enter
w
16. If you choose to schedule an auto discovery for day, week, or month, enter the
tio
start date you want to begin the scheduled auto discovery in the Start Date
c
du
field. You can also click the Start Date field to select and auto-populate the
ro
field.
ep
R
17. Select the hour and minute from the lists located to the right of the Discover
.
ly
Time field.
on
18. The Save as Plan button is available if you select Hour, Day, Week, or Month
s
er
from the Schedullist. Click this button to save an auto discovery as a plan and
d
c. Click OK.
C
P
Then IMC runs the auto discovery at the specified period and adds the
H
20. Click Auto Discovery if you want to begin the auto discovery immediately.
If you clicked Auto Discovery, the Auto Discovery Running window is displayed
along with details of the auto discovery process. While the auto discovery is
running, IMC displays a rotating icon . Click the Stop ( ) icon ONLY if you
want to cancel the auto discovery process. Once IMC has completed the auto
discovery, IMC displays a status and summary of the auto discovery process at the
top of the Auto Discovery Running window.
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 28 Rev. 14.41
BitSpyder - The Culture of Knowledge
Auto-discovery: advanced
d.
te
ibi
oh
pr
is
on
si
is
m
Figure 6-9. Auto-discovery: advanced.
er
tp
Advanced auto discovery allows you to discovery networking devices using the
ou
following methods:
ith
w
Routing-based
rt
ARP-based
pa
in
IPSec VPN-based
or
le
Network segment-based
ho
PPP-based
w
in
With advanced auto discoveries, you can search the network using routing tables.
n
tio
With this option, you configure hop counts to determine how far IMC searches the
c
infrastructure for new devices. In routing based discoveries, you also provide a
du
devices. As with routing based discoveries, you also configure hop counts to
on
determine how far IMC searches the infrastructure for new devices. In ARP-based
s
discoveries, you also provide a Seed IP to direct the starting point for the auto
er
d
discovery.
ol
eh
A third option is the IPsec VPN-based auto discovery method. With this option,
ak
IMC queries IPsec devices for new devices, again using hop counts to limit how far
St
IMC searches the infrastructure. Seed IP addresses are also required for this
&L
method.
C
You can use the network segment-based advanced method for auto discovering
P
H
new devices. With this method, you configure IMC with IP address segments,
which IMC then searches for new devices. With this method, hop count and Seed
IP addresses are not required.
Rev. 14.41 6 29
BitSpyder - The Culture of Knowledge
You can use the network segment-based advanced method for auto discovering
new devices. With this method, you configure IMC with IP address segments,
which IMC then searches for new devices. With this method, hop count and Seed
IP addresses are not required.
You can use the PPP-based advanced method for auto discovering new devices.
With this method, hop count and Seed IP addresses are not required.
This course only covers the configuration of advanced auto discovery using the
d.
te
network segment-based approach. With this method, you configure IMC with one
bi
or more IP address segments, which IMC then searches for new devices. With this
i
oh
method, hop count and Seed IP addresses are not required.
pr
HP recommends configuring default monitor indexes before performing an auto
is
discovery. Monitor indexes gather the metrics that IMC uses to measure
on
performance of managed devices. Monitor indexes are also used to generate
si
is
alarms when they exceed configured thresholds. By configuring the default monitor
m
indexes first, IMC applies them to devices found in the discovery process.
er
tp
To add devices to IMC using Advanced Auto Discovery method:
ou
Navigate to Resource > Auto Discovery:
ith
1.
w
a. Click the Resource tab from the tabular navigation system on the top.
rt
b. pa
Click Resource Management on the navigation tree on the left.
in
c. Click Auto Discovery under Resource Management from the navigation
or
2. Confirm that you are in advanced mode. The dialog box title should be Select
w
Auto Discovery Mode and the breadcrumb trail should be Resource > Auto
in
the far right of the Auto Discovery page (see Figure 6-9)
c
du
Click Next.
ep
4.
R
5. Enter the first IP address of the IP address range you want to search for new
.
ly
devices in this auto discovery in the Start IP field (see Figure 6-10).
on
s
6. Enter the last IP address of the IP address range you want to search for new
er
Click Add to add the IP address range to the Configured Segment Address
eh
7.
ak
list. You can add more than one IP Segment to the list by repeating Steps 3-4
St
6 30 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
Figure 6-10. Auto-discovery: advanced (cont).
tp
ou
ith
Editing SNMP settings manually
w
rt
pa
1. To edit the SNMP parameters, verify that the radio button to the left of Edit
SNMP Parameters is selected.
in
or
2. Do the following:
le
ho
configured on the device to be added from the Parameter Type list. You
in
can only add devices that are configured with SNMPv3 using SNMP
n
this device in the Read-Only Community String field. This value must
R
match the read only community string that is configured on the device to
.
ly
be added.
on
this device in the Read-Write Community String field. This value must
d
match the read only community string that is configured on the device to
ol
eh
be added.
ak
field. This parameter determines how long IMC waits for an SNMP reply
&L
from the managed device before declaring that the request has timed out.
C
The default is 4.
P
H
Rev. 14.41 6 31
BitSpyder - The Culture of Knowledge
d.
Parameters section. The SNMP Parameters dialog box appears.
te
bi
5. 5. Do one of the following:
i
oh
pr
Enter the SNMP settings in this dialog box.
is
Create a SNMP template that contains the Telnet settings for this device.
on
si
is
m
Editing Telnet setting manually
er
tp
1. To edit the Telnet parameters manually, verify that the radio button to the left
ou
of Edit Telnet Parameters is selected.
ith
w
1. Do the following:
rt
a.
pa
Authentication ModeSelect the mode that corresponds with the Telnet
in
authentication mode configured on the managed devices from the
or
1. To configure the Telnet settings for this device using Telnet templates, click the
ak
2. Click the radio button to the left of the Telnet template you want to use.
&L
3. Click OK.
C
P
4. To configure the Telnet settings, click the Configure icon located at the Telnet
H
Parameters section.
5. The Telnet Parameters dialog box appears.
6. Do one of the following:
Enter the Telnet settings in this dialog box.
Create a Telnet template that contains the Telnet settings for this device.
6 32 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
with the SSH configuration mode on the managed devices from the list.
te
bi
b. User NameEnter the username that is configured on managed devices.
i
oh
pr
c. PasswordIf prompted, enter the password that is configured on the
is
managed devices.
on
d. Private Key FileEnter the path and filename of the private key file that
si
is
contains the key that enables login, if prompted.
m
er
e. Private Key PasswordEnter the private key password for the private
tp
key file, if prompted.
ou
f. Super PasswordEnter the super password that is configured on the
ith
managed devices.
w
rt
g. PortEnter the TCP port for SSH configured on managed devices. The
default TCP port is 22. pa
in
or
parameter defines how long the system waits for the device to respond in
ho
seconds before declaring that the response has timed out. The default
w
setting is 10 seconds.
in
n
defines how many times the management system (IMC) sends SSH
c
du
1. To configure the SSH settings for this device using SSH templates, click the
er
2. Click the radio button to the left of the SSH template you want to use.
ak
4. The filter settings offer you flexibility in determining which subnets and devices
to either include in or exclude from the auto discovery process.
C
P
5. Enter the IP address subnet range and the subnet mask you want to filter by
H
in the Subnet IP field. Masks can be entered using either CIDR or dotted
decimal notation. For example, a valid network/subnet mask entry using CIDR
notation would be 192.168.1.0/24 where /24 represents the bits allocated to
the network portion of the address and implying the remaining bits allocated to
the host portion. Alternatively, a valid network/subnet mask using dotted
decimal notation would be 192.168.1.0/255.255.255.0
Rev. 14.41 6 33
BitSpyder - The Culture of Knowledge
d.
the IP address range in the Subnet IP field.
te
bi
i
oh
The rest of the configuration on Figure 6-10 is basically the same as the basic auto
pr
discovery.
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 34 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 6-10. manually adding a device.
w
rt
You can add devices manually, one at a time. IMC automatically manages a device
pa
once a device has been added to IMC, whether it has been manually or
in
automatically added. To add a device manually:
or
a. Click the Resource tab from the tabular navigation system on the top.
w
b.
n
c.
c
2. Enter the node name or IP address of the network device you want to add in
ep
3. Enter the name that is displayed on the IMC platform in the Device Label field.
.
ly
on
4. Enter a valid IP subnet mask for the device to be added in the Mask field.
s
er
5. Select the device group to which you want to add this device from the Device
d
ol
Group list. If you do not want to add the device to a device group, leave this
eh
option blank. All devices that have not been added to a device group are
ak
displayed in the Ungrouped Devices List. You can add devices to groups from
St
the Ungrouped Devices List after they have been added to IMC. You must
&L
create device groups before you can add devices to them. Once you have
C
created the device groups, they appear in the Device Group list.
P
H
6. Select the access method for this device from the Login Type list. Options
include Telnet, SSH, and None. The device to be added must be configured to
support the access or login type selected here.
Rev. 14.41 6 35
BitSpyder - The Culture of Knowledge
7. If you want IMC to process traps sent by this device for alarming and
notification purposes, verify that the checkbox to the left of Automatically
register to receive SNMP traps from supported devices is checked .
Important
! If the Automatically register to receive SNMP traps from supported devices
d.
checkbox is not checked, IMC does not process, display, or alarm on traps
te
bi
sent by this device. If the Automatically register to receive SNMP traps from
i
oh
supported devices checkbox is checked, IMC automatically sets the IP
address of the IMC master server as the destination host on each newly added
pr
device to receive traps generated by the device.
is
on
8. Do one of the following:
si
is
m
If you select the checkbox next to Support Ping Operation, IMC will use
er
ping packets to probe devices. Devices that respond to IMC ping packets
tp
are added. The devices (for example, firewalls) that filter or do not
ou
respond to IMC ping packets are not added.
ith
w
If you clear the checkbox next to Support Ping Operation, IMC will use
rt
SNMP packets to probe devices and add devices (for example, firewalls)
that support SNMP. pa
in
or
9. If you want to add the device even if it does not respond to ping requests, click
le
the checkbox to the left of Add the device regardless of the ping result.
ho
10. If you want IMC to use the Loopback address for the management of the
w
in
discovered device, check the box to the left of Use the loopback address as
n
11. To view and configure SNMP settings for this device, click the SNMP Settings
c
du
12. To view and configure Telnet settings for this device, click the Telnet Settings
R
13. To view and configure SSH settings for this device, click the SSH Settings
on
6 36 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
XML files, define device interaction through standard TCL\Expect scripts, and
bi
parse or process returned information through standard Perl scripts. Before
i
oh
customizing a function, you must compile UI configuration files so that IMC can
pr
automatically add the operation entrance and display pages as required.
is
The function extension feature makes investment in IMC rewarding in a long term,
on
and provides powerful regular expression processing capability by using the
si
is
Expect and Perl language scripts. You can extend IMC components to support
m
third-party device management by customizing scripts. For example, by default,
er
tp
the IMC Configuration Center component supports configuration file management
ou
and software upgrade for devices of HP, Cisco, and many other vendors.
ith
You can enable the component to support configuration file backup and
w
deployment and software upgrade for other third-party devices by customizing the
rt
pa
script. By default, IMC VLAN Manager supports VLAN management for devices of
HP, Cisco, and many other vendors. You can also enable the component to
in
support VLAN management for other third-party devices by customizing the script.
or
le
du
ep
Rev. 14.41 6 37
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 6-11. Verification of adding a device via auto discovery.
w
rt
If you clicked Auto Discovery, the Auto Discovery Running window is displayed
pa
along with details of the auto discovery process. While the auto discovery is
in
or
running, IMC displays a rotating icon . Click the Stop ( ) icon ONLY if you
le
want to cancel the auto discovery process. Once IMC has completed the auto
ho
discovery, IMC displays a status and summary of the auto discovery process at the
w
You can return to the auto discovery page and view the results from the last time it
tio
was run by clicking the Latest Result icon ( ) in the upper right-hand corner of
c
du
the page.
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 38 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 6-12. Classification of devices: Device Groups.
ou
ith
Group Management enables you to more simply and effectively organize and
w
secure access and management rights over network resources managed by IMC.
rt
It also enables you to grant or restrict access to and management of network
pa
resources more easily by assigning operators rights by device, user, or service
in
groups. A device can belong to one or more device groups. Note also that more
or
Device groups allow you to organize network devices by logical groups that you
w
define. Groups can consist of devices of the same type, in the same location, or
in
Device groups are one of the three features that IMC offers you for granting or
c
groups and then add devices to the groups. Then assign operators rights to the
ro
ep
device groups. This gives operators access and rights to manage only the devices
R
Rev. 14.41 6 39
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
Figure 6-13. Device groups.
is
on
To view the list of all device groups in IMC, navigate to System > Device Group:
si
is
1. Click the System tab from the tabular navigation system on the top.
m
er
2. Click Group Management on the navigation tree on the left.
tp
Click the Device Group icon under Group Management from the navigation
ou
3.
ith
system on the left.
w
IMC displays all device groups in the Device Group List displayed in the main pane
rt
pa
of the System > Device Group window. (see Figure 6-13).
in
There are no pre-defined device groups besides the generic classifications
or
To view all devices in IMC click the All Devices link located in the far right
w
corner of the Device Group List window.
in
n
To view all devices in IMC that are not in a device group, click the Ungrouped
tio
Devices link
du
.
ro
To add a device group from the System > Device Group window.
ep
R
2. Enter the name for this device group in the Group Name field.
s
3. Select an option from the Automatically Add New Devices list. The options
er
d
include None, All, and From Network Segment. If you select None, newly
ol
added devices are not automatically added to the device group; if you select
eh
All, newly added devices are automatically added to the device group; if you
ak
select From Network Segment, newly added devices whose IP address fall
St
into the specified address range are automatically added to the device group.
&L
If you select From Network Segment, go to Step 4; if you select None or All,
C
go to Step 7.
P
H
4. Enter the first IP address of the IP address range in the Start IP field.
5. Enter the last IP address of the IP address range in the End IP field.
6. Click Add to add the IP address range to the Network Segment list.
7. Select an IP address range on the Network Segment list, and click Delete to
delete the IP address range.
6 40 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 6-14. Adding a device group.
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 6-15. Placing a device in a group.
ith
w
To add devices to a device group:
rt
Navigate to System > Device Group:
pa
1. in
a. Click the System tab from the tabular navigation system on the top.
or
b.
ho
c. Click the Device Group icon under Group Management from the
w
navigation system on the left. IMC displays all device groups in the
in
Device Group List displayed in the main pane of the System > Device
n
tio
Group window.
c
du
2. Click the Device List icon ( ) displayed in the Device List column
ro
ep
associated with the device group you want to add devices to. The Device List
R
window appears.
.
ly
3. Click Add.
on
s
4. Select the devices you want to add to the device group. You can add devices
er
6 42 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 6-16. Home screen.
rt
pa
When you access the home screen of IMC, the upper left-hand corner summarizes
in
the devices in your network based on device type, like routers, switches, servers
or
etcetera. To the right of this you can directly access the topology views. The
le
Network topology is introduced later in this section, and other topologies are
ho
Rev. 14.41 6 43
BitSpyder - The Culture of Knowledge
Device view
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 6-17. Device view.
w
rt
pa
IMC offers you a variety of options for viewing network resources and for drilling
down into the features used to manage them. IMC provides you with a graphical
in
representation of the physical network in the Topology view. Table views of the
or
network are provided in the Device View, IP View and Custom View. Each of these
le
ho
three view types offer you a real time snapshot of the status of devices in the
w
network infrastructure. Also, all views offer drilldown capabilities to devices within
in
the groups and ultimately to the device details for an individual device. The Device
n
Details page provides you with access to IMCs network device management
tio
features.
c
du
In the Device View, IP View, and Custom View, you can add interested
ro
ep
performance indexes to the device list and sort them in ascending order. In
R
addition, you can add the Interface List and Device List in Port Group and Custom
.
ly
This view, like all IMC views, offers you a real time snapshot of the status of
s
er
devices in the network infrastructure through color-coded icons that match the
d
highest severity or alarm level for devices in the view. Also, all views offer you
ol
eh
From the Device Details page, you can access IMC powerful management
&L
features that enable quick and easy access to network resources as well as the
C
ability to manage them. You can add interested performance indexes to the device
P
H
Note
The Device Details screen will be discussed in much more depth in the View
Management module (Module 7).
6 44 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
on the left.
ibi
oh
By default, devices in all states are displayed. Click View in the upper part
pr
of the list, select View Device Status from the menu that appears, and
is
select a state from the upper part of the page to display all devices in this
on
state. Device states include:
si
is
ALL
er
Critical
tp
Major
ou
ith
Minor
rt
Warning
Normal pa
in
or
Unknown
le
ho
Unmanaged
w
Click View in the upper part of the list, and select Include Desktops or
tio
Exclude Desktops from the menu that appears to display or exclude the
c
du
desktops on the device list At the same time, the device list title changes
ro
when the device state changes and displayed as Device List <Status>
ep
<Include/Exclude Desktops>
R
.
2. Move the pointer over the icon on the navigation tree on the left. Device type
ly
on
icons are displayed in the popup menu. By default, the following device types
are displayed:
s
er
d
ol
Click Routers under Devices View from the navigation tree on the left
eh
Click Switches under Devices View from the navigation tree on the
&L
Click Servers under Devices View from the navigation tree on the left
for a summary view of all servers.
Click Security under Devices View from the navigation tree on the
left for a summary view of all security devices.
Click Desktops under Devices View from the navigation tree on the
left for a summary view of all desktop devices.
Rev. 14.41 6 45
BitSpyder - The Culture of Knowledge
Click Others under Devices View from the navigation tree on the left
for a summary view of all devices that were not classified by the
categories listed above.
If a device of any other type exists, the floating menu displays the icon of
the corresponding device type. To enter the device list page for this type
of device, click the icon.
Each category of device in the Device View is followed by a number that
d.
is enclosed with square brackets []. This number represents the number
te
bi
of devices in that category.
i
oh
The status of a Device View depends on the status of the devices in it.
pr
The color of the group icon represents the highest severity or alarm
is
setting of all devices in the category.
on
si
The icon of a device view is grayed out if there is no device in the view.
is
m
er
tp
Device view management options
ou
ith
The right-hand window pane in Device View allows you to perform basic
w
management actions, like delete the device, telnet to the device, SSH to the
rt
device (go to System > System Configuration > System Settings to define the
pa
SSH client to use), view the MIB tree of the device, view the devices front panel,
in
and ping/traceroute the device.
or
le
At the bottom of the window you can see the performance information for the
ho
selected device, like the average CPU and memory utilization, the unreachability
w
6 46 Rev. 14.41
BitSpyder - The Culture of Knowledge
Network topology
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 6-18. Network topology overview.
ou
ith
Network Topology and Network Topology (Applet) provides you with a graphical
w
view of the health and status of network connectivity and devices, allowing you to
rt
pa
quickly and easily locate, monitor, modify, and manage network devices directly
in
from this graphical representation of the network.
or
In addition to the standard drilldown capabilities of all views, the Network Topology
le
(Applet) offers special navigation capabilities accessed through left and right
ho
mouse clicks, allowing you to monitor network devices and gain quick access to
w
in
Click the Resource tab from the tabular navigation system on the top.
du
1.
ro
Note
er
The Network Topology screen will be discussed in much more depth in the
d
ol
Rev. 14.41 6 47
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 6-19. Network asset information.
tp
ou
Reports are access from the Reports tab. Access the Report Template List and
ith
choose Device Asset Report to see the actual asset information of your devices
w
(see Figure 6-20).
rt
pa
in
or
le
ho
w
in
n
c tio
du
Note
R
The Reports tab will be discussed in much more depth in the Reports module
.
ly
(Module 15).
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 48 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
During this lab your group will apply the concepts learned in this module.
rt
Completing the previous lab is necessary to perform this lab.
pa
in
or
Consult your Lab Activity Guide for instructions for performing this activity.
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 49
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Lab Activity 6 will focus on adding devices to IMC. Finishing Lab 5 is necessary to
rt
perform this lab. You will be configuring all three switches in this lab for
pa
SNMP/telnet access as well as adding the three switches, the SQL Server, and
in
IMC itself to its managed topology.
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 50 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
Debrief for Lab Activity 6
te
bi
Challenges Key Insights
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 51
BitSpyder - The Culture of Knowledge
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 52 Rev. 14.41
BitSpyder - The Culture of Knowledge
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R.
ly
on
s
d er
ol
eh
ak
St
&L
C
P
H