SG1 English 00925084

BitSpyder - The Culture of Knowledge
iMC Essentials for Network

Administrators
Learner guide book 1 of 3
HP ExpertOne
Rev. 14.41
Course #: 00925084
Part #: 00925084S11410
iMC Essentials for Network

Administrators
Learner guide book 1 of 3
HP ExpertOne
Rev. 14.41
Course #: 00925084
Part #: 00925084S11410
Copyright 2014 Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice. The only warranties for HP
products and services are set forth in the express warranty statements accompanying such products
and services. Nothing herein should be construed as constituting an additional warranty. HP shall not
be liable for technical or editorial errors or omissions contained herein.
This is an HP copyrighted work that may not be reproduced without the written permission of HP. You
may not use these materials to deliver training to any person outside of your organization without the
written permission of HP.
iMC Essentials for Network Administrators

Learner Guide
Volume 1
Rev. 14.41
This course is an HP ExpertOne authorized course designed to prepare you for

the associated certification exam. All material to be used and studied in
preparation to pass the certification exam is included in this training.
HP ExpertOne provides training and certification for the most sought-after IT

disciplines, including convergence, cloud computing, software-defined
networking, and security. You get the hands-on experience you need to hit the
ground running. And you learn how to design solutions that deliver business
value.
HP ExpertOne gives you:

A full range of skill levels, from foundational to master
Personalized learning plans and resources through My ExpertOne
Certifications that command some of the highest pay premiums in the
industry
A focus on end-to-end integration, open standards, and emerging
technologies
Maximum credit for certifications you already hold
A supportive global community of IT professionals
A curriculum of unprecedented breadth from HP, the worlds most
complete technology company
Visit hp.com/go/ExpertOne to learn more about HP certifications and find the

training you need to adopt new technologies that will further enhance your IT
expertise and career.
Contents
Module 0 - Introduction..........................................................................................................Intro-1
Objectives...................................................................................................................Intro-1
Course Agenda..........................................................................................................Intro-2
Prerequisites..............................................................................................................Intro-5
Course schedule........................................................................................................Intro-6
Introductions...............................................................................................................Intro-7
Module 1 - Designing Your Network Management Architecture for Success..............................1-1
Objectives........................................................................................................................1-1
Needs for integrated network management....................................................................1-2
Network management design overview...........................................................................1-3
Design.............................................................................................................................1-4
Requirements..................................................................................................................1-6
FlexNetwork Benefits...........................................................................................1-9
FlexFabric..........................................................................................................1-10
FlexCampus.......................................................................................................1-12
FlexBranch.........................................................................................................1-13
FlexManagement...............................................................................................1-15
Stakeholders..................................................................................................................1-17
IT STAFF...........................................................................................................1-17
OPERATIONS STAFF.......................................................................................1-18
EXECUTIVES....................................................................................................1-18
Stakeholder wants.........................................................................................................1-20
Stakeholder needs.........................................................................................................1-21
Stakeholder desires.......................................................................................................1-22
Standards......................................................................................................................1-23
Policies..........................................................................................................................1-24
Security..........................................................................................................................1-25
Single pane-of-glass management................................................................................1-26
IMC features..................................................................................................................1-27
Answer the hard questions............................................................................................1-30
IMC and integration.......................................................................................................1-32
Module 2 - IMC Technical Design...............................................................................................2-1
Objectives........................................................................................................................2-1
Overview..........................................................................................................................2-2
IMCs Service-Oriented Architecture (SOA) ....................................................................2-3
HP IMC: modular and scalable............................................................................2-3
HP IMC: open and extensible APIs.....................................................................2-4
Providing a path to the cloud...............................................................................2-4
Extending HP IMC with RESTful eAPIs...............................................................2-5

Integration scenarios: how IMC and eAPI can benefit you..................................2-6
HP IMC & eAPIs: efficient, fast, simple................................................................2-6
SNMP overview...............................................................................................................2-8
SNMP versions 1 and 2c...................................................................................2-10
SNMP version 3.................................................................................................2-11
Management information base..........................................................................2-12
Collection units and managed devices..............................................................2-13
Limitations of SNMP and needs for other protocols..........................................2-16
Technical design............................................................................................................2-17
IMC requirements..........................................................................................................2-18
Deployment models.......................................................................................................2-19
Centralized model..............................................................................................2-20
Distributed model...............................................................................................2-21
Hierarchical model.............................................................................................2-22
Hybrid model......................................................................................................2-23
IMC protocols and ports................................................................................................2-24
Databases and high availability.....................................................................................2-25
Module 3 - IMC Product Overview..............................................................................................3-1
Objectives........................................................................................................................3-1
IMC product portfolio: comprehensive management capabilities....................................3-2
Main IMC platforms.........................................................................................................3-3
IMC Basic............................................................................................................3-4
IMC Standard.......................................................................................................3-5
IMC Enterprise.....................................................................................................3-8
Other IMC Platforms......................................................................................................3-12
IMC Basic WLAN Manager................................................................................3-12
IMC Smart Connect Virtual Appliance Software................................................3-12
HP IMC Smart Connect with Wireless Service Manager Virtual
Appliance Software............................................................................................3-13
Licensing:......................................................................................................................3-15
IMC 7.0 License Restructuring..........................................................................3-15
Pricing changes and licensing...........................................................................3-18
UAM licensing: concurrent users.......................................................................3-19
IMC Modules.................................................................................................................3-22
IMC Modules Overview......................................................................................3-22
Application Performance Management (APM)..................................................3-24
Network Traffic Analyzer (NTA).........................................................................3-26
Unified wired and wireless access control.........................................................3-28
User Access Manager (UAM)............................................................................3-29
Endpoint Admission Defense (EAD)..................................................................3-32

Service Operations Management (SOM)...........................................................3-36
User Behavior Auditor (UBA).............................................................................3-38
WSM module.....................................................................................................3-40
Virtual Application Networks (VAN) Software-Defined Networks (
SDN) Manager...................................................................................................3-43
TACACS+ Authentication Manager (TAM)........................................................3-48
Qos Manager (QoSM).......................................................................................3-50
IPSec/VPN Manager (IVM)................................................................................3-52
Service Health Manager (SHM).........................................................................3-54
Remote Site Manager (RSM)............................................................................3-56
Intelligent Analysis Reporter (IAR).....................................................................3-58
MPLS VPN Manager (MVM)..............................................................................3-60
Branch Intelligent Management System (BIMS)................................................3-62
IMC and its modules......................................................................................................3-64
IMC module solution map..................................................................................3-64
BYOD and beyond.............................................................................................3-65
Network Access Control (NAC).........................................................................3-66
Multi-site management......................................................................................3-67
Network orchestration for cloud-bases services................................................3-68
Dynamic VPN automates secure connectivity...................................................3-69
Data center simplicity.........................................................................................3-70
Pulling the pieces together............................................................................................3-71
Single pane-of-glass management with IMC.....................................................3-71
IMC module portfolio..........................................................................................3-72
Network management tools: HP vs. Cisco........................................................3-73
Module 4 - IMC 7 Enhancements and Features..........................................................................4-1
Objectives........................................................................................................................4-1
System features...............................................................................................................4-2
Interface and usability enhancements.................................................................4-3
HTML interface for mobile platforms....................................................................4-4
Usability enhancements: general search.............................................................4-5
Usability enhancements: Export MIB walk results...............................................4-6
Usability enhancement: Operator Group privileges.............................................4-7
Enhanced visualizations: real-time statistics charts.............................................4-8
Resource management features.....................................................................................4-9
Enhanced Auto-Discover...................................................................................4-10
Enhanced performance monitoring....................................................................4-11
Enhanced maintenance functions......................................................................4-12
Virtual Machine (VM) support............................................................................4-14
Supporting MDC on devices..............................................................................4-15

Supporting MDC on devices (cont.)...................................................................4-16
IMC setup: Supports custom view name for importing......................................4-17
Topology management features....................................................................................4-18
IMC 7.0 web-based interface.............................................................................4-19
Customize icons in topology maps....................................................................4-20
Data center topology enhancements.................................................................4-21
Enhanced visualizations in topology maps........................................................4-22
GEO topology....................................................................................................4-23
Alarm management features.........................................................................................4-24
Adding Interface Descriptions to Interface Traps...............................................4-25
Alarm Recovery in upper/lower IMC panes.......................................................4-26
Viewing Interface Alarms in Interface View.......................................................4-27
Process all alarms.............................................................................................4-28
Configuration Center features.......................................................................................4-29
Copying system-defined Compliance Policies...................................................4-30
ICC upgrade for ProVision.................................................................................4-31
Auto Deployment Plan (ADP) and Undeployed Devices...................................4-32
Configuration Backup Through OOBM for ProVision........................................4-33
Supports ISSU for Comware V7 devices...........................................................4-34
WSM module features...................................................................................................4-35
RF network plan.................................................................................................4-36
Spectrum Analysis.............................................................................................4-38
Spectrum Analysis topology maps.....................................................................4-40
UAM and EAD Module Features...................................................................................4-41
Endpoint configuration templates for BYOD......................................................4-43
Endpoint configuration distribution policy..........................................................4-44
Customizable portal pages................................................................................4-46
EAD overview....................................................................................................4-47
New Features of iNode......................................................................................4-48
Module 5 - IMC Initial Access......................................................................................................5-1
Objectives........................................................................................................................5-1
Pre-installation.................................................................................................................5-2
Supported Systems.............................................................................................5-2
Web browser requirements..................................................................................5-4
Pre-installation and upgrades..............................................................................5-5
Installation process..........................................................................................................5-6
Locale information...............................................................................................5-6
Database information...........................................................................................5-7
Installation and deployment.................................................................................5-8
Deployment Monitoring Agent (DMA)..............................................................................5-9

Monitor tab...........................................................................................................5-9
Process tab........................................................................................................5-10
Deploy tab..........................................................................................................5-11
Environment tab.................................................................................................5-12
IMC GUI Overview.........................................................................................................5-17
Accessing IMC...................................................................................................5-17
Installing licenses...............................................................................................5-18
Home screen.....................................................................................................5-19
Spaces and widgets/RSS feeds........................................................................5-21
Help...................................................................................................................5-25
Search...............................................................................................................5-27
Breadcrumb trails...............................................................................................5-30
Interface themes................................................................................................5-31
IMC tabs........................................................................................................................5-32
Tab overview.....................................................................................................5-32
Tab details.........................................................................................................5-33
Resource tab.....................................................................................................5-34
User tab.............................................................................................................5-36
Service tab.........................................................................................................5-38
Alarm tab...........................................................................................................5-39
Report tab..........................................................................................................5-40
System tab.........................................................................................................5-41
Favorites tab......................................................................................................5-42
Display tiling..................................................................................................................5-43
Accessing the view configuration window..........................................................5-45
Basic operations in the view configuration window............................................5-46
Displaying a view...............................................................................................5-49
IMC administration.........................................................................................................5-51
IMC management overview...............................................................................5-51
Operator groups.................................................................................................5-54
Adding and managing IMC operators................................................................5-58
Lab Activity 5: Lab Topology.........................................................................................5-62
Lab Activity Preview: IMC Initial Access........................................................................5-63
Lab Activity 5 Debrief.....................................................................................................5-64
Module 6 - Adding Devices to IMC..............................................................................................6-1
Objectives........................................................................................................................6-1
Device setup requirements..............................................................................................6-2
Basic device configuration requirements.............................................................6-2
Basic HP switch configurations............................................................................6-4
Basic Cisco IOS switch configuration................................................................6-13

Resource management templates.................................................................................6-15
SNMP management template............................................................................6-15
Telnet management template............................................................................6-19
SSH management template...............................................................................6-21
Adding devices..............................................................................................................6-24
Auto-discovery: basic.........................................................................................6-25
Auto-discovery: advanced.................................................................................6-29
Manually adding a device..................................................................................6-35
IMC support for third-party devices....................................................................6-37
Verification of adding a device...........................................................................6-38
Other tasks for adding new devices..............................................................................6-39
Classification of devices....................................................................................6-39
Creating device groups......................................................................................6-40
Placing a device in a group................................................................................6-42
Basic new device verification.........................................................................................6-43
Home screen.....................................................................................................6-43
Device view........................................................................................................6-44
Network topology...............................................................................................6-47
Network asset report..........................................................................................6-48
Lab Activity 6: Lab Topology.........................................................................................6-49
Lab Activity Preview: Adding Devices to IMC................................................................6-50
Lab Activity 6 Debrief.....................................................................................................6-51
Introduction
Module Intro
Objectives
This module introduces the IMC Essentials 7.0 course.
This course will:
Introduce you to the available IMC products and modules
Prepare you to install IMC
Help you navigate the IMC graphical interface
Help you manage and monitor devices in IMC
Rev. 14.41 Intro 1

Course Agenda
Figure Intro-1. Course agenda.
Figure Intro-2. Course agenda (cont.).
Intro 2 Rev. 14.41

Introduction
Rev. 14.41 Intro 3

The above 15 modules, excluding this introduction, provide an introduction to the

use and operation of IMC. Starting with Module 5, every module from there to the
end of the course has a corresponding lab activity where youll configure and use
IMC to practice what you learned.
This course is structured so that about half of the course is dedicated lecture and
half is dedicated to Lab Activitiesyoull get a lot of hands-on experience with
the IMC product.
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Intro 4 Rev. 14.41

Introduction
Prerequisites
Figure Intro-6. Prerequisites.
d.
Basic CLI usage of HP switches is required for this class, since certain basic
te
configuration and troubleshooting tasks are performed from the CLI in the Lab
i bi
Activities.
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 Intro 5

Course schedule
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure Intro-7. Course schedule.
rt
pa
This is a five-day course. The above is a tentative schedule of what modules and
in
labs youll be covering on each day.
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Intro 6 Rev. 14.41

Introduction
Introductions
d.
te
i bi
oh
Figure Intro-8. Introductions.
pr
is
Please introduce yourself to the class when your instructor prompts you.
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 Intro 7

d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Intro 8 Rev. 14.41

Designing Your Network Management

Architecture for Success
Module 1
Objectives
d.
te
HPs Intelligent Management Center (IMC) is a standards-based SNMP
bii
management platform. A Network Management System (NMS) such as IMC is
oh
most effective when deployed into a planned architecture.
pr
is
In this module you will learn why it is important to plan a Network Management
on
Architecture (NMA) design. An effective design should consider the stakeholders
si
or those with an interest in the services or visibility provided by the NMS. We will
is
m
consider the requirements and expectations of the stakeholders and classify their
er
desires as needs and wants.
tp
ou
The NMA design must account for existing standards and policies and plan for
ith
improvement or extension of these policies. Security considerations are a primary
w
driver for the NMA and modifications of standards and policies.
rt
pa
in
After completing this module, you should be able to:
or
Identify the value in planning a NMA design

le

ho
Describe the people and expectations to consider when designing an IMC

w
deployment
in
n
List 3 major drivers of an IMC design

tio
Distinguish the 5 functions delivered by IMC as an FCAPS management

du

solution
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 1
Needs for integrated network management

Too many tools Lack of visibility Disparate security Inconsistent policies
Data Data Remote

center center offices
and
d.
branches
te
ibi
oh
pr
is
on
Remote
Campus Campus
si
Wireless offices
is
LAN LAN Core
and
m
LAN
er
branches
tp
ou
ith
w
Figure 1-2. Why network management integration is needed.
rt
pa
Network Management requires support for protocols that allow insight into your
in
assets. These assets can be network equipment such as switches, routers,
or
wireless and firewalls. But with IMC, management of devices in the network can
le
ho
include servers, desktops, UPSs - anything from which you can gather Simple
w
Network Management Protocol (SNMP) and/or management data.

in
Decisions must be made on what is to be monitored and actively managed. The

n
tio
key to designing a Network Management Architecture is focusing on the items that

c
inform one about the status of the network and are important in maintaining
du
operations. These pieces of information have to be defined by the organization.

ro
ep
Historically, problems with network management have included the following:

R
Too many network management tools that lacked integration

ly
on
Lack of visibility of the network because of the disparage of networking

s
management tools
er
Disparate security management tools with no centralized coordination or

d
ol
correlation of security events

eh
Inconsistent application of policies because network management tools lacked

ak
integration
St
&L
Based on these historical problems, a better approach to network management is

C
needed.
P
H
1 2 Rev. 14.41
Designing Your Network Management Architecture
Network management design overview
d.
te
ibi
oh
pr
is
Figure 1-2. Network management architecture components.
on
Designing the network management architecture requires a variety of inputs from
si
is
several differing and diverse personnel within your organization. Effective network
m
management allows scaling of your operation staff by providing improved insight
er
tp
into the status of operations and a comparison to its operations over time.
ou
The ability to compare and review historical data introduces a level of insight not
ith
typically found when checking real-time information provided by command line
w
tools. A well designed NMS provides quick access to the data that aids resolution.
rt
pa
Alarming to failures or thresholds brings a more pro-active management style to
network operations. Finally, reporting of the data allows for everyone to see the
in
state of the network and operations allowing for actions regarding capacity and
or
future design to be better thought out.

le
ho
The remainder of this module will focus on the five components to a good network
w
management architecture:
in
n
Design
tio
Requirements
du
Standards
ro
Policies
ep
Integration
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 3
Design
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 1-3. Design components.
w
rt
pa
Network Management requires support for protocols that allow insight into your
in
assets. These assets can be network equipment such as switches, routers,
or
wireless and firewalls. With IMC, you can also discover and manage additional
le
devices such as servers, desktops, and UPSs or anything from which you can
ho
receive SNMP data or management information.

w
A good design incorporates these attributes:

in
n
tio
Implementation
c
du
Deployment
ro
Operation
ep
R
Maintenance
.
ly
A decision has to be made on what is to be watched? The key to design is

on
focusing on the items that inform one about the status of the network and are
s
er
important in maintaining operations. These blocks of information have to be

d
defined by the organization.

ol
eh
Choosing the best networking management solution or solutions can be difficult,

ak
since different products have different capabilities and product support. Choosing a
St
product that can scale to thousands of devices of different types (like servers
&L
[physical or virtual machines], switches, firewalls, IPSs, routers, wireless access

C
points and controllers, desktops, and etcetera) can be a difficult, if not an

P
H
impossible task. Your network might be static today, but the future can bring all
kinds of networking changes. Your NMS must support an implementation to allow
for these changes and growth.
Once youve decided on a product, how the product is deployed and how to import
devices into the product is important: you dont want to spend hundreds of hours
discovering devices, ensuring devices are policy compliant, and providing
resiliency and redundancy for your NMS and network.
1 4 Rev. 14.41
Once youve initially set up your NMS and have created a baseline, you need to
monitor and manage your network:
How easy is it to make a policy change that will impact networking
components in a specific area, like the access switches in a campus building?
How easy is it to rollback configure changes?
How easy is it to prioritize problems as they occur?
d.
How easy is it to assign and track tasks to administrators responsible for the
te
NMS?
ibi
oh
How easy is it to track security-related events?
pr
Last, you need to maintain your NMS and your networking infrastructure:
is
on
How easy is it to update your NMS without impacting your network?
si
is
How easy is it to backup or restore your NMS?
m
er
How easy is it to scale your NMS based on policy and growth in your network?
tp
How easy is it to backup or restore your networking components?
ou

ith
How easy is it to upgrade networking components using your NMS?
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 5
Requirements
d.
te
bi
i
oh
pr
is
on
Figure 1-4. Requirements.
si
is
Network Management is not just stating things are up or down but why and how
m
important that is to the business. By gathering respective users and administrators
er
tp
across the company to assess expectations for optimal business operations, IT
ou
administrators can identify what must be measured and which areas of an NMS
ith
will have the greatest impact upon business fundamentals. These design decisions
w
are the foundation from which one builds to determine your NMS needs.
rt
Stakeholders can inform IT of what they deem important and that list can be
prioritized. pa
in
Priorities might include:
or
le
Email
ho
w
Accounting
in
Retail Stocking
n
tio
Access to information from anywhere

c
du
Once it is known what the business wants from IT, IT can produce metrics to
ro
ep
measure these solutions from a performance and availability stand point. Graphs
R
can be created via SNMP and polling tools. Additional steps can be taken to
.
enable alarms for prompt response when things go down or proactive response
ly
on
when prioritized systems are degraded.

s
er
By using the HP FlexNetwork Architecture built on Open, Scalable, Secure, Agile

d
and Consistent principles, equipment management can be enhanced and

ol
eh
separated into functional groups such as SAN Fabric, Campus and Branch.
ak
The FlexNetwork Architecture is the basis for HP Networkings enterprise strategy.

St
The following is an overview of the FlexNetwork Architecture. A new dawn of

&L
technology innovation is driving unprecedented change. Mobility, virtualization,

C
high-definition video, rich-media collaboration tools, and cloud computing are

P
reinventing how businessesand peoplework.

H
Enterprises that can harness these innovations will have new tools to drive
business advantage and build new opportunities in the global marketplace. When
legacy networks are pushed to the limit, they become fragile, difficult to manage,
vulnerable, and expensive to operate. Businesses whose networks are at this
breaking point risk missing the next wave of opportunity.
1 6 Rev. 14.41
Application-driven, service-oriented architectures (SOA), and virtualization have

banished the client-server model from the data center. Cloud computing also
makes heavy use of server virtualization, which reshapes data center traffic flows
and increases bandwidth demands at the server edge. By 2014, network planners
should expect more than 80 percent of traffic in the data centers local area
network (LAN) to be between servers.
These efforts at flexibility can be hampered by legacy data center networks. They
cannot provide high enough bandwidth and low enough latency between server
d.
te
connections to support highly mobile virtual workloads.
ibi
As business volumes rise, traffic levels are exploding. Virtualization has taken root
oh
across businesses of all sizes. Today, roughly 20 percent of all workloads are
pr
virtualized, and Gartner expects that this will hit 50 percent by year-end 2012, and
is
continue to grow beyond this level. Traffic within the server rack is expected to
on
grow by 25 times. Steeped in technology at home, business workers have quickly
si
is
acclimated to a rich-media experience and are using video and interactive
m
collaboration tools. By 2013, more than 25 percent of the documents that workers
er
tp
see in a day will be dominated by pictures, video, and audio. New video
ou
applications will push network capacity needs by four to ten times above current
ith
average levels.
w
Legacy networks, with their decade-old architectures, will be crushed by the
rt
pa
onslaught of applications, virtualization, and rich media. Conventional three-tier
in
data center networks cannot meet the security, agility, and performance
or
requirements of virtualized cloud computing environments. The legacy three-tier

le
network architecture is constrained by oversubscribed, low bandwidth and high

ho
latencythe exact opposite of what video collaboration requires.

w
Mobility has quickly become a right, not a privilege. By 2013, the combined
in
installed base of smartphones and browser-equipped enhanced phones will

n
tio
exceed 1.82 billion units. The preferred way to connect will be through wireless
c
du
LAN (WLAN), rather than lower speed 3G or 4G networks. Workers need to

ro
access applications and content from anywhere to stay productive, and that means
ep
applications must be delivered flawlessly from a virtual data center to a virtual

R
workplace.
.
ly
Yet many enterprises have experienced disappointing results with their existing
on
WLAN deployments because of a poor user experience and a network that doesnt
s
er
scale to meet the demand for mobility. The embrace of smartphones and tablets at
d
work will also break the traditional models for identity management and security
ol
eh
that allow access based on a network port, rather than a users identity.
ak
Todays networks must be designed to meet the unique requirements of the data
St
center, corporate campus, and branch office. By segmenting their networks,

&L
enterprises will be able to more easily align business initiatives with the underlying
C
network requirements. Enterprises can create functional building blocks that will
P
H
meet the requirements of the specific application or business service.

With this segmentation of functional building blocks, businesses can choose best-
in-class solutions that fit their needs, rather than being locked into a one-size-fits-
all solution. By using standard protocols at the boundaries, businesses can enable
interoperability among the network segments and gain both agility and scale.
Rev. 14.41 1 7
The HP FlexNetwork Architecture and its functional building blocks (Figure 1) are a
key component of the HP Converged Infrastructure. Enterprises can align their
networks with their business needseven as they changeby segmenting their
networks into four interrelated modular building blocks that comprise the HP
FlexNetwork Architecture: FlexFabric, FlexCampus, FlexBranch, and
FlexManagement.
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
1 8 Rev. 14.41
FlexNetwork Benefits
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 1-5. FlexNetwork benefits.
ou
ith
FlexManagement unifies network management and orchestration. FlexFabric
w
converges and secures the data center network with compute and storage.
rt
pa
FlexCampus unifies wired and wireless networks to deliver media-optimized,
secure, identity-based access and FlexBranch unifies network functionality and
in
services for simplicity in the branch office.
or
le
The HP FlexNetwork architecture is designed to allow IT to manage these different

ho
network segments through a single pane-of-glass management application, HP

w
Intelligent Management Center (IMC). Due to the fact that the FlexNetwork
in
architecture is based on open standards, enterprises have the freedom to choose

n
tio
the best-in-class solution for their businesses.

c
du
Even with the shift to the cloud, the HP FlexNetwork architecture is ideal for
ro
supporting this move. Enterprises deploying private clouds must implement flatter,
ep
simpler data center networks to support the bandwidth-intensive, delay-sensitive

R
server-to-server virtual machine, and workload traffic flows that are associated with
.
ly
cloud computing. They must also be able to administer and secure virtual
on
resources, and orchestrate on-demand services. HP FlexNetwork helps

s
er
enterprises to securely deploy and centrally orchestrate video, cloud, and mobile-
d
optimized architectures that scale from the data center to the network edge.
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 9
FlexFabric
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
Figure 1-6. FlexFabric.
pa
in
HP provides data center networking solutions that improve service levels, ensure
or
business continuity, enable service agility, and reduce capital & operating costs.
le
HP data center networking solutions are built from the ground up to meet the
ho
demanding needs of today's highly-virtualized, large-scale application

w
environments.
in
n
With the FlexFabric Network architecture as a blueprint for an interconnect

tio
integrated and aligned with servers, storage, software, and power & management
c
du
in an end-to-end Converged Infrastructure, HP data center networking solutions

ro
are built to empower IT to deliver better business outcomes.

ep
R
A storage area network (SAN) is a dedicated network that provides access to

.
ly
consolidated, block level data storage. SANs are primarily used to make storage
on
devices, such as disk arrays and tape libraries, accessible to servers so that the
s
devices appear like locally attached devices to the operating system. A SAN
er
typically has its own network of storage devices that are generally not accessible
d
ol
through the local area network by other devices.

eh
ak
Sharing storage usually simplifies storage administration and adds flexibility since
St
cables and storage devices do not have to be physically moved to shift storage
&L
from one server to another. Other benefits include the ability to allow servers to
C
boot from the SAN itself. This allows for a quick and easy replacement of faulty
P
servers since the SAN can be reconfigured so that a replacement server can use
H
the identity of the faulty server.

The HP FlexFabric Network architecture combines advanced, standards-based
platforms and advanced networking technologies to optimize performance and
latency in virtualized server environments. This approach reduces complexity,
enables rapid businesses-aligned network provisioning, and lowers total cost of
ownership.
1 10 Rev. 14.41
HP FlexFabric connects servers to a virtualized, high performance, low-latency

network that consolidates multiple protocols into a single fabric to dramatically
lower network complexity and cost. This unique, wire-once approach will enable
businesses to combine Ethernet and storage networks onto one converged fabric
that can easily flex with changing workloads.
FlexFabric is the vision HP has for a next-generation, highly scalable data center
network. This architecture radically streamlines deployment and management, and
drives end-to-end data center agility through advanced technology, simplified
d.
te
network designs, and tightly integrated management. FlexFabric connects servers
bi
to a virtualized, high-performance, low-latency interconnect that consolidates
i
oh
multiple protocols to dramatically reduce network complexity and cost.
pr
This unique, wire-once approach enables Ethernet and storage networks to be
is
combined into one converged fabric that can easily scale and adapt to changing
on
workloads. Combining intelligence at the server edge with advanced FlexFabric
si
is
management tools, FlexFabric enables virtualization-aware networking,
m
predictable performance, and rapid, secure, business-enabling provisioning of data
er
tp
center resources.
ou
Along with a line of virtualization-optimized HP Blade System-integrated network
ith
connectivity devices (Virtual Connect, Virtual Connect Flex-10, and Virtual Connect
w
FlexFabric), HP offers a complete portfolio of data center networking products,
rt
pa
including Fiber Channel over Ethernet (FCoE)-capable top-of-rack server edge
in
and high-performance, highly scalable aggregation layer and core switch
or
platforms. With high-performance security and advanced network provisioning

le
tools to securely and efficiently manage the network, customers can deploy
ho
FlexFabric networks today, while they provide the foundation for future growth.
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 11
FlexCampus
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 1-7. FlexCampus.
w
rt
pa
The HP end-to-end Campus LAN solution is a complete, secure networking
infrastructure that connects users to job-critical services across multi-building
in
campuses. By seamlessly connecting servers, storage, applications and end-users
or
across a high-performance network with a single-pane-of-glass management

le
ho
platform, this solution provides simplified architecture, improved security, agile

w
service delivery and reduced IT costs.

in
The FlexCampus network is a modular building block of the FlexNetwork

n
tio
architecture, allows enterprises to converge and secure wired and wireless LANs
c
to deliver consistent, video-optimized, and identity-based network access. New

du
video applications will push network capacity needs by four to ten times above
ro
ep
current average levels.

R
FlexCampus is based on an advanced two-tier architecture that improves the

.
ly
performance of media-rich collaboration applications by reducing latency and

on
accelerating network throughput as a whole. As with the data center network

s
er
segment, simplifying the campus network by eliminating the distribution layer

d
improves performance, simplifies the network and cuts costs. Half of the ports in a
ol
eh
legacy three-tier architecture are used to interconnect switches, and the

ak
architecture, along with the use of Spanning Tree, which impedes performance
St
and network availability. Simplifying the network can reduce the number of discrete
&L
network elements to purchase, deploy, power, cool, and manage by up to 85

percent.
C
P
With the HP FlexNetwork Architecture, organizations are free to build their campus
H
networks. They can support user requirements for flexibility and mobility, design
their data center network, and access network to meet those unique requirements.
HP uses industry-standard protocols and protocol implementations at the
boundaries of these network segments, which enables interoperability with the
freedom to customize the network design to specific functional requirements.
1 12 Rev. 14.41
FlexBranch
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Figure 1-7. FlexBranch.
or
le
ho
The branch office plays an important role in an organization's ability to attract,

w
service, and retain customers and increase revenue. Branch office employees
in
the face of the corporationcan significantly impact customer satisfaction and

n
loyalty; particularly if supported by safe, dependable, and fast access to the

tio
corporate knowledge base (people, resources, and information); and to the

c
du
productivity-enhancing tools in which the organization has invested. In addition,

ro
with today's increasing security vulnerabilities, branch office networks must be

ep
protected by comprehensive security policies and enforcement to help ensure

R
business continuity.
.
ly
on
Despite the critical nature of the branch office, legacy infrastructures often impede
customer service with slow, unreliable access to information and applications. Poor
s
er
WAN performance can prompt employees to store data locally, preventing it from
d
ol
being backed up and putting the business and regulatory compliance at risk if a
eh
local device fails. The high cost of running a branch also prevents most
ak
organizations from maintaining a local IT staff; so branch office employees must

St
manage and troubleshoot systems, decreasing productivity, and taking the focus
&L
off the customer.

C
Many branch offices were built in isolation and may lack the interoperability
P
H
needed to cost-effectively support business activities and growth. They are further
shackled by a complex mixture of legacy network infrastructures that are
expensive to expand and maintain. At a time when competitive requirements
include the implementation of new services such as mobility and unified
communicationsas well as rapid access with enhanced security to applications
and servicesbusinesses struggle to efficiently scale, manage, and secure their
networks. The trend to data center consolidation and remote employee access to
hosted applications is forcing employees to compete for resources across the
Rev. 14.41 1 13
WAN and compelling organizations to rethink their strategic approach to the

branch office.
Employees in a small branch office require email, file sharing, local printing, and
Internet access, in addition to secure access to the corporate network. The branch
has a firewall and a site-to-site virtual private network (VPN) over a broadband
connection for encrypted access to the headquarters' network. Email is usually
hosted in the corporate data center (DC).
d.
Challenges include inefficient WAN speed is affecting productivity, slowing access
te
to main office file shares, and creating intermittent login problems. Frequent local
bi
i
network issues and a lack of reliable backup are jeopardizing the security of
oh
important customer data. Unreliable printing is forcing frequent reboots to clear the
pr
queue. There is no IT staff on site.
is
on
The HP branch office networking solution converges infrastructure and network
si
applications to dramatically improve performance, simplify deployments, centralize
is
m
management and reduce IT costs. The branch solution is a component in the HP
er
end-to-end enterprise network infrastructure, which optimizes the network for
tp
secure, reliable, high performance application delivery, and a foundation for
ou
converged infrastructure for the extended enterprise.
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
1 14 Rev. 14.41
FlexManagement
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
Figure 1-7. FlexManagement.
in
or
If youre a network or IT administrator, you know the problems: Youre dealing with
le
a growing wave of enterprise video content, and your network is struggling to keep
ho
pace with exponential traffic increases and the shift toward mobile access. Youre
w
in
trying to address the escalating demands of the virtualized and cloud-ready data
n
center. And youve seen how difficultmake that nearly impossibleit is for
tio
network IT to secure and orchestrate services in the virtual cloud and the
c
du
virtualized workplace.
ro
At the same time, your customers expectations are higher. Todays enterprise
ep
users demand constant and immediate connectivity across wired and wireless
R
.
links. They want instant-on access to business applications from their fixed and
ly
on
mobile workstations. Users expect to switch seamlessly and transparently from

traditional IT to private and public clouds and back.
s
er
d
Keeping pace with these requirements is a tall order for the IT managerone
ol
made no easier by swivel chair management, which results from dependence on

eh
the mismatched management tools provided by network vendors. As a result,

ak
many organizations find that IT staff time and budget is overwhelmingly devoted to
St
ongoing operations and maintenance instead of developing new initiatives and

&L
projects or expanding capacity to support business growth. In fact, more than 70

C
percent of any IT budget is spent just keeping the lights on, leaving less than 30
P
H
percent to deliver business-critical innovation.

Solving such seemingly intractable problems calls for a new type of network
management, one that combines a capability for single-pane-of-glass multivendor
management with automated virtual machine orchestration and automatic
synchronization of network connectivity information. HP calls this
FlexManagement. And its available today in the HP Intelligent Management
Center (IMC).
Rev. 14.41 1 15
IMC is a unified, single-point network management solution that provides visibility

across entire networks, enabling complete management of resources, services
and users. Unifying wired, wireless and user management leads to increased
performance, enhanced security and reduced infrastructure complexity and costs.
IMC is a scalable solution that comes in two versions Enterprise and Standard;
managing up to 10,000 nodes and has a modular design which enables
comprehensive monitoring and management capabilities. Standard Edition is the
next-generation management software and supports up to 100 managed devices.
d.
te
Additional node licenses can be purchased to extend the node limit of IMC.
bi
Enterprise platform allows for management of 200 nodes and includes the Network
i
oh
Traffic Analyzer module. It also enables hierarchical management of other IMC
pr
deployments within an organization.
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
1 16 Rev. 14.41
Stakeholders
d.
te
ibi
oh
pr
is
on
si
is
m
er
Figure 1-8. Network stakeholders.
tp
ou
The stakeholders are personnel in the organization who are interested or
ith
concerned with IT operations. By involving them in process, the design for your
w
Network Management Architecture, NMA, will grab a wider audience and enable
rt
more input and feedback into successfully managing IT as a business process.
pa
in
While including all of these different groups is not necessary, each will aid in
or
building a consensus of what is required to be managed.

le
Who gets access to what? (Devices? Views? Management levels?)

ho
w
How should assets be grouped? (By location? By functional role in network?

in
Others?)
n
tio
Which naming standards should be defined to ensure everyone is on the

c
du
same page? (Forethought in naming can lead to more elegant implementation

ro
of policies during a NMS deployment.)

ep
What equipment is where? (Awareness of physical deployment and

R
interconnectivity that may not have been previously available.)

.
ly
on
How are some of the stakeholders affected by implementation of a NMS?

s
er
d
ol
IT STAFF
eh
ak
IT staff includes the following:

St
Network Operations is the group that will be implementing, deploying and

&L

maintaining the NMS.
C
P
Help Desk staff gain insight into issues that usually require relay of
H

information from Network Operations. With their input, the proper classification
of assets and alarms can be defined and allocated to the proper teams.
System Admins can now see how the network interacts with or impacts their
own equipment prior to contacting other groups. Sys Admins gain greater
visibility allowing them to make more educated decisions when addressing
system issues and day-to-day operations of their equipment can be reviewed
empowering them to make capacity planning decisions.
Rev. 14.41 1 17
Application/Developers can use information gained about the asset status

and identify assets for which they need access permissions.
OPERATIONS STAFF
Operations staff includes the following:
Office Managers are often the first to get alerted to outages at remote/ retail
d.
branches. The value of their assistance in qualifying issues can be magnified
te
bi
by the proper context provided by the NMS.
i
oh
Receptionists, like Office Managers for buildings, will often note outages from
pr

phones, wireless, and wired infrastructure because they are often a
is
on
communications hub.
si
Managers of departments may complain or report perceived IT failings as a
is
m
cause for lost productivity.
er
tp
Being able to provide this personnel with some insight into IT status may help
ou
them better communicate and understand issues and outages in a way that
ith
facilitates effective IT response. For example, if a warehouse pick list was to come
w
to a complete stop, access to information from an NMS may allow operations staff
rt
visibility to the root cause (a print spooler failure). Operations staff could report
pa
specific, actionable information to IT for expedient resolution or may even be able
in
to resolve without direct IT intervention if relevant procedures are documented.
or
le
ho
EXECUTIVES
w
in
Productivity is the driving measure for most executives. If IT resources are

n
tio
unavailable or degraded, their staff and business segments suffer decreased

c
efficiency with lower productivity. A NMS can provide the visibility to justify
du
investment in or prioritization of IT resources.

ro
ep
Sales may be willing to spend more on monitoring communications to ensure

R
they are up and available.

.
ly
on
Finance wants to control IT costs and needs asset management and how the
s
assets are preforming.

er
d
Operations wants everything running at 110% efficiency and needs to

ol
eh
understand a 24 X 7 operation requires additional equipment and manpower.

ak
The use of a thoughtful NMA can enhance response times and improve
St
workloads.
&L
CxOs (CEO, CIO, CFO, and etcetera) want information in small, targeted
C
segments they can use in making successful business decisions. Tying an

P
H
outage to the business costs of downtime give a CxO a business case for
investing in solutions to reduce outages.
1 18 Rev. 14.41
NMA can provide this information to these disparate groups by handling real-time
monitoring and alarms with ability to track and make changes for IT. Operations
can see trend charts on utilization of services to understand why some are slow
and others are fast by creating unique home pages for them to review. Finally,
Managers and Executives can have customized reports emailed to them covering
IT items they deem important to review.
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 19
Stakeholder wants
d.
te
bi
i
oh
pr
is
Figure 1-9. Stakeholder wants.
on
si
NMA should meet the needs of the different groups requiring support from IT,
is
including IT. IT wants a solution that makes their mission to provide applications
m
er
services to their users, easier to manage and monitor. Operations wants a solution
tp
from IT that ensures overview and reporting of IT performance as do Executives.
ou
But executives want to tie the IT results to additional factors in the business.
ith
IMC can provide asset management and tracking. It can integrate with a variety of
w
vendor solutions and report on their performance. By bringing together a variety of
rt
pa
data and being able to manipulate in a single database/utility, additional insight can
in
be gained to provide a holistic view of IT operations. Executives ability to map IT
or
performance to business performance can help decide how investments are made.
le
In the end, the ability to measure and manage IT assets to provide information to
ho
the users that can be correlated with other business metrics enables insight into
w
business processes.
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
1 20 Rev. 14.41
Stakeholder needs
d.
te
ibi
oh
pr
is
on
si
Figure 1-10. Stakeholder needs.
is
m
Users needs in regards to IT management are rather simplistic. Users typically
er
tp
only need to know if the assets they are using (i.e. applications) are working
ou
(accessible) and performing well. How often does IT learn of a problem from its
ith
user base versus IT informing its users that there is a problem? The constant
w
reactive response of IT makes users feel that a basic need of Whats going on? is
rt
not met and can lead to frustration and mistrust.
pa
IMC can report on outages and performance degradation by sending scheduled
in
emails to show performance over time and real-time alarms turned into emails for
or
specific outages or possible outages based on thresholds. The concept of a

le
ho
threshold is defining a point where things need a closer look. A low water mark
w
may be established to have an issue watched over time before it becomes a

in
problem or high water mark can be used depending on the metric in question.
n
tio
IMC check the status of IT assets and report uptime and performance using built in
c
monitoring with the ability to add or collect additional monitoring available within
du
the devices. IT can create a solution that generates alarms for users when issues
ro
ep
arise. This proactive solution can change the behavior between IT and its users to
R
a player that is a peer and not a subordinate.

.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 21
Stakeholder desires
d.
te
bi
i
oh
pr
is
on
Figure 1-11. Stakeholder desires.
si
is
How do we bring a single tool set to enable these various desires from our
m
er
customers into a single cohesive solution? How can we provide the CxO with a
tp
10,000 meter view and still let the Help Desk Tech working on a specific outage
ou
view detailed, per device data?
ith
An NMA solution that brings all the disparate parts of IT under one umbrella for
w
monitoring and majority of configuration is the desired goal. IMC is the answer in a
rt
majority of cases.
pa
in
IMC can be defined by privileges and assets that only grant users the access and
or
views they need to perform their role. The information can be provided in real-time
le
monitoring charts and tied to alarms that automatically generate trouble tickets
ho
making IT proactive. Policies defined by higher levels of management can be

w
in
cascaded down into configurable code that can be applied and audited.
n
tio
At a large Fortune 100 company, for example, data from network outages was
c
correlated to daily sales figures compared to the previous year at that time to
du
determine how much the outage cost the business in revenue. These outages
ro
costs became the deciding factor in determining whether to add redundancy to a

ep
site.
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
1 22 Rev. 14.41
Standards
d.
te
ibi
oh
pr
is
on
Figure 1-12. Standards.
si
is
m
Standards help one move a concept from one device to 100 devices. An example
er
is naming. If all 500 devices are names the exactly the same (Comware) or
tp
meaningless (pseudo-random serial numbers), the opportunity to scale a solution
ou
is lost. But what if the name highlighted the closet, model and function of the
ith
switch? So, 1stFlr-5500-ASW1 relays a lot of information about the device and its
w
relative place in a network diagram. This standardization can be pushed into how
rt
pa
access control lists (ACLs) are written, how the passwords are managed on the
in
equipment and how levels of access or views are generated.
or
Some samples of standards that should be considered while planning or designing

le
a NMA:
ho
w
What is the companys password policy? Do they require all passwords to

in
change every 90 days?

n
tio
Are SNMP community strings considered passwords?

c
du
Do they need to be changed?

ro
ep
How do we change them in mass?

R
Are all passwords the same? Or do passwords vary across devices?

.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 23
Policies
d.
te
bi
i
oh
pr
is
on
si
is
Figure 1-13. Policies.
m
er
tp
ITs world is one of balancing the need for accessibility to resources with the
ou
policies defining how resources are to used. Not everyone gets email, but those
ith
that do must login and have the proper application to access it. For the login to
w
work, the user must gain access to the network. There are access policies,
rt
acceptable use policies, auditing, and etcetera.
pa
in
How do we turn written agreements into measureable and manageable code that
or
can be applied repeatedly if needed to the different assets? IMC uses an industry
standard method, known as FCAPS to provide solutions.
le
ho
F = Fault Tolerance is handled by alarms

w

in
C = Configuration Management is enabled under Resources

n
tio
A = Accounting can be both user logins and logouts, but also auditing of
c
du
ACLs, and compliance checks to verify that stated policies are implemented.
ro
Reports can be generated to show failures/ faults.

ep
P = Performance Management is enabled under Resources and can use

R
thresholds to generate alarms tying it in with Fault Tolerance

.
ly
on
S = Security can be handled with IMC for operators accessing IMC, to users
s
accessing applications or devices.

er
d
IMC can implement these policies and then report on their compliance.
ol
eh
ak
St
&L
C
P
H
1 24 Rev. 14.41
Security
d.
te
ibi
oh
pr
is
on
si
is
Figure 1-14. Security.
m
er
tp
Security is often seen by users as a burden that does not allow them to get their
ou
jobs done easily. Security can be a policy enforced by the business to meet
ith
regulatory or business aims to reduce loss of important data and improper access
w
to or sharing of information. These policies create a situation where all devices
rt
with Doors and Windows should have an appropriate level of security. When
pa
there are 500 switches and each has multiple doors or methods of access, how
in
does one maintain the policy and how does one handle changes? A policy could
or
state All employees may access the network and full access to a specific set of
le
resources, but only finance employees are allowed access to the financial
ho
applications.
w
in
To enforce security, we must identify the users. Do we identify employees as

n
anyone that gets a badge or a paycheck? What makes an employee a finance

tio
employee? Are the Sales Manager and CEO included in the set of finance
c
du
employees? How does this apply to network access? Do we define different

ro
VLANs separate and restrict users or do we define different ACLs to expand or

ep
restrict access? How do we audit these configurations?

R
.
ly
IMC has the ability to create configuration templates to aid in deployment of

on
standardized security policies. Configuration management can deploy

s
technologies such as 802.1x (controlling user access to the network) and provide
er
the ability to audit configurations to ensure the proper code versions or ACLs are
d
ol
deployed.
eh
ak
St
&L
C
P
H
Rev. 14.41 1 25
Single pane-of-glass management
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 1-15. Single pane-of-glass management.
rt
pa
IMC provides a single pane of glass to manage your IT environment. This single
in
or
pane of glass is a web browser based client that can access a database containing
support for devices over 6000 unique devices from over 220 manufacturers. The
le
ho
majority of all HP and Cisco devices are included in this support out of the box.
w
Support for additional devices can be extended through use of APIs (Application
in
Programming Interfaces) and MIBs (Management Information Bases). IMC is able

n
to access and manage a majority of IT based solutions using standard protocols

c tio
including Simple Network Management Protocol (SNMP), Standard Object

du
Application Protocol (SOAP), Telnet, Secure Shell (SSH), and Windows

ro
Management Interface (WMI). Over 6000 devices come supported for monitoring
ep
with in the device, and a majority of all HP and Cisco devices can be configured.
.R
ly
Note
on
Almost All Cisco and HP routers and switches can be monitored and
s
er
configured with IMC

d
ol
eh
With the architecture designed for scalability and additional functions brought in by
ak
modules, IMC can continue to add new features and solutions by plugging in the
St
new module to the base platform.

&L
C
P
H
1 26 Rev. 14.41
IMC features
d.
te
ibi
oh
pr
Figure 1-16. IMC features.
is
on
With its vast array of capabilities, IMC is uniquely capable of simplifying network
si
management, even as it sifts through thousands of network nodes. The
is
m
management platform highlights the areas that need attention and provides insight
er
and health information on the network as a whole. The highlights of the network
tp
management solution include:
ou
Single-pane management: The single-pane management feature of IMC
ith

w
enables you to get the information you need at a glance, including a display of
rt
both physical and virtual assets as well as wired and wireless elements.
pa
Convenient color-coded displays, topology overlays, and focused zooming
in
make it easy for you to view the entire network or to concentrate on an area of
or
interest.
le
ho
Unified control of virtual and physical worlds: IMC unifies physical and
w
virtual network management and helps IT overcome the challenges of

in
administering the new virtual server edge. It maps the topology of the entire
n
tio
network, making it clear which devices are virtual and which are physical.
c
Management focus and policies remain linked to virtual assets, even if those
du
assets move.
ro
ep
Management of virtualized resources is made a lot easier with:

R
Automatic discovery of VMs and virtual switches, as well as their

ly
on
relationships with the physical network

s

er
Template-based approach for connection policy definition and automation

d
and orchestration of VM network connectivityto help eliminate the

ol
eh
manual provisioning process

ak
VM and virtual switch resource management, including the creation of

St
virtual switches and port groups

&L
Virtual/physical topology views and status indicators for networks,

P
workloads, and virtual switches

H
Automatic reconfiguration when virtual workloads are moved within and

across the data center
Network policies remain bound to VMs during migration
With these features, IMC can help eliminate service interruptions caused by
virtual/physical network configuration errors. It can reduce administration and
troubleshooting by providing unified management of physical and virtual
Rev. 14.41 1 27
network infrastructure. And it can accelerate the delivery of new applications

and services by automating configuration of the virtual and physical network
infrastructures.
Unified management of wired and wireless networks: IMC provides a
unified view of wired and wireless networks with enhanced network
performance monitoring and management. From access points to edge
routers, administrators can manage these devices in a consistent manner
using policies. IMC delivers role-based access and centralized policy
d.
te
enforcement for users and their devices. Identity-based access helps ensure
bi
that the appropriate security measures and policies are applied consistently to
i
oh
users, whether each user connects through a wired or wireless LAN.
pr
Comprehensive multivendor support, including support for Cisco: IMC
is

provides comprehensive management of network devices, including those
on
from HP as well as Cisco and other vendors. Management begins with the
si
is
automatic discovery and mapping of all devices on the network, and it is
m
further enhanced by in-depth monitoring of those devices. Unlike a few other
er
tp
solutions, IMC goes beyond monitoring and enables sophisticated
ou
management of multivendor equipment, interoperability, and cross-vendor
ith
communication.
w
rt
Having a consolidated management platform that covers multivendor support
pa
not only reduces the number of required management tools, it also increases
in
the efficiency of troubleshooting and the mean time to repair (MTTR) with
or
correlated information. The efficiency gains with MTTR are due to the fact that
le
the data is stored within a single database rather than across a disparate
ho
management architecture.
w
in
Powerful administration and control: With IMCs comprehensive

n
configuration and management tools at your disposal, managing individual

c tio
devices in a serial, one-off fashion would be a thing of the past. In addition,

du
with IMC, you can view the health and state of VMs, provision VM connectivity
ro
with policy-driven automation, migrate VMs while keeping network profiles

ep
intact, and recognize where virtual resources connect to the physical network.
.R
ly
on
After devices are deployed, your job is made easier by unified resource
management. Color-coded displays show at a glance if a device is out of
s
er
service and offer detailed physical topology views that help technicians
d
ol
pinpoint the exact rack, slot, and device where trouble is occurring.
eh
Flexible centralized reporting: IMC receives and logs SNMP traps and
ak
syslog reports, and it can generate online and historical network performance
St
information in highly adaptable report formats. The reports enable powerful

&L
fault finding and event generation. In addition, flexible historical reports

C
provide the information you need for network trend analysis and capacity
P
H
planning. You can also easily create inventory reports that show network
device details, such as model, firmware, available memory, IP address, and
serial number. The reports can be run with a mouse click or can be scheduled
to run at regular intervals. And you can view reports in a number of formats,
including .pdf and .xls, and send them automatically via email.
Hierarchical management: In forward-thinking organizations, larger and
larger portions of the network are being combined in ways that actually make
the network easier to manage. And even the standard version of IMC offers
1 28 Rev. 14.41
distributed management capabilities that allow multiple servers with different

installed modules to retain the appearance of a single UI. The enterprise
version provides the greatest span of control, with a hierarchical deployment
mode that can extend visibility across multiple networks, multiple countries,
and even multiple continentsall while acting as a manager of managers.
IMC is designed to handle many tens of thousands of users and offer them
varying levels of access to network resources. For greater flexibility and
convenience, you can combine the distributed and hierarchical modes of
d.
deployment.
te
bi
Compliance Center: IMCs Compliance Center offers an event notification
i
oh
system that can take action for remediation, based on user-defined policies.
pr
Policies can be set up to notify administrators of activities such as SNMP and
is
broadcast traffic. Administrators can then take appropriate action for
on
remediation to enable seamless network operations.
si
is
m
With the Compliance Center, administrators can adopt a proactive approach to
er
management with audit capabilities. IT can audit the infrastructure to maintain
tp
network consistency and ensure that device configurations comply with
ou
policies defined in the Compliance Center.
ith
Trouble-free administration that transcends the network: IMC includes
rt
features designed specifically to make life easier for network administrators.
pa
This management solution is scalable from SMBs (small-to-medium
in
businesses) to SPs (service providers), so organizations undergoing dynamic
or
changes or transformations can be confident that their network administration

le
will remain stable.

ho
w
in
n
ctio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 29
Answer the hard questions
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
Figure 1-16. IMC can answer the hard questions for administrators.
ou
ith
Ultimately, IMC enables peace of mind for IT administrators as it:
w
Aligns with industry standards: IMC aligns with all areas of the ISO
rt

pa
Telecommunications Management Networks highly regarded Fault,
in
Configuration, Accounting, Performance, and Security (FCAPS) model. It also
or
supports the IT Infrastructure Library (ITIL) operational center of excellence

le
IT practices model and relies on a service-oriented architecture framework to

ho
provide unparalleled resource, service, and user management.

w
Scales and expands with the network: An IMC deployment begins with a
in
base management systemeither IMC Standard for single-network

tio
deployments or IMC Enterprise that is a manager of managers for controlling

c
du
geographically distributed networks. In most cases, the base platform is all

ro
you needthe platform is highly flexible and a single server can manage
ep
networks up to 10,000 nodes. While the base platform provides a broad set of
R
features, you can choose from an la carte menu of additional software

.
ly
modules to enable a deeper level of functionality across the FCAPS model.

on
Functions you can add include sophisticated traffic analysis, secure access
s
management with any type of device, endpoint posturing, powerful wireless

er
d
management, and extensive quality of service (QoS) or service-level

ol
agreement (SLA) management.

eh
ak
With IMC, you can quickly deploy applications by automating VM connectivity

St
and monitoring network performance. The same goes for devices, which you
can remotely deploy and manage in a secure fashion. You can add
&L
multiprotocol label switching (MPLS) and IPSec VPN management too. You
C
can even add service health monitoring and service operations to provide full
P
H
IT workflow management, from problem recognition, ticket creation, and

problem resolutionall the way to knowledge base creation. In short, IMC is a
unified solution that knits together all your infrastructure management
components in a single console.
1 30 Rev. 14.41
Answers the hard questions: IMC answers questions such as:

What is the configuration state and software level of all my network
resources?
What is the network topology and state of each link and interface?
How can I quickly deploy new network resources, while conforming to my
companys standards?
d.

te
What applications are running in my network?
bi

i
oh
Is my VLAN architecture intact? And how can I gain visibility to determine
pr
if changes are necessary, and where to add or prune?
is
How can I audit all the adds, changes, and deletions to all of my network
on
resources?
si
is

m
How can I deliver important services? And how should I change resource
er
deployment when services change?
tp

ou
What traffic is affecting my network? And who or what is consuming
ith
bandwidth?
w
Where am I over- or undersubscribed?
rt
pa
Which users need to be controlled, and how?
in
or
How can I link the network to my organizations business processes?

le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 1 31
IMC and integration
Figure 1-16. Integration.
IMC is able to bring together a powerful range of capabilities in a single system

that can be distributed and scalable. This solution can bring FCAPS to
organizations to enable them to meet the needs of managing IT. The goal of
integration is to take the business needs and policies and codify them into
discernible objects that can be easily implemented by IT on a single device or
across many devices.
This slide provides a brief overview of a few features IMC uses to deliver powerful
integration, including:
Faults:
Alarms: ability to alert in real-time with severity levels
Reporting: generate views showing the number of alarms and severity on
a device
Views: access alarms from a variety of sources in IMC
Configuration:
Additions: add new devices
Modifications: make changes to existing devices
Change Management: record changes made by operators
Backups: gather configurations for maintenance
Standardization: allow for pre-defined scripts to be applied across
equipment
Accounting:
Reporting: summarize actions and performances on devices showing to
aid in audits and holistic view
Auditing: be able to compare results with expected ones
Quantity: handle large number of inputs and provide reports of them
Overview: provide a 10,000 foot view of actions in the environment
1 32 Rev. 14.41
Performance:
Reporting: ability to drill down and review operations from a utilization
stand point
Views: access performance in variety of methods to provide a holistic
view
Trending: use of line charts and tables to show how performance is over
time
Security:
Credentials: identify users by a username and password
Encryption: allow support for secure protocols, SSH, SNMPv3, HTTPS
Integrity: ensure the information provided has not been mishandled
Oversight: summarize actions that have been taken
Rev. 14.41 1 33
1 34 Rev. 14.41
IMC Technical Design

Module 2
Objectives
IMC is an SNMP-based network management application. This module will give a
brief review of SNMP before providing calculations of the load placed upon an IMC
server by SNMP data collection. Well see that IMC uses a Service-Oriented
Architecture (SOA) allowing for the database to be separated from the application
with the modular architecture enabling multiple deployment methods.
After completing this module, you should be able to:
Demonstrate how SNMP uses MIBs to gather data
Calculate Collection units give the number of performance metrics and polling
times
Describe the SOA based model for IMC
Differentiate between Centralized, Distributed, Hierarchical and Hybrid
Rev. 14.41 2 1
Overview
Figure 2-1. Overview.
This slide brings together the processes that allow IMC to implement a scalable,
integrated solution for network management solutions, including third-party support
and integration. The remainder of the pages in this module will expand upon these
topics.
2 2 Rev. 14.41
IMCs Service-Oriented Architecture (SOA)
Figure 2-2. IMCs Service-Oriented Architecture.
HP IMC is a flexible service-oriented architecture platform tailored for managing

enterprise networks so they can effectively deliver network services to customers
and employees around the world and support dozens of remote locations. It
aggregates information from network devices and services to give visibility into the
enterprisefrom the data center to the networks edge. It provides seamless wired
and wireless infrastructure management, user access policies, and traffic analysis
across a mixed environment.
HP IMC eliminates the need to use dozens of separate, vendor-specific network
management tools. It provides a holistic view of the enterprise, giving network
administrators the insights they need to enhance network configuration and
improve performance. IMC also integrates security into network management by
providing network access control across the enterprise.
HP IMC helps organizations make more efficient use of their IT staffs resources
and budgets. IMC is easy to use, deploy, and operate, which translates for most
organizations into significant savings on training, network management, and
operations. With just one network management tool that everyone in IT can use,
network managers can dedicate less budget money on individual software
maintenance licenses. IT employees can turn their attention to delivering new
services that increase their organizations business productivity.
HP IMC: modular and scalable

The modular, scalable architecture of HP IMC lets organizations choose the
functionality they need today and install new features as they grow into them for a
solution tailored to their needs. With eAPIs (extended APIs), organizations can
integrate their in-house management tools with those of IMC.
The eAPIs are an extension of IMC's open and extensible platform and can be
used to share this SOA platform with an organization's homegrown and in-house
applications. By integrating with IMC, developers can ensure their applications will
work with all the aggregated network data collected by IMC. Developers can write
Rev. 14.41 2 3
their programs only once to interface with IMC, instead of many times to integrate
with the operating system of each third-party device on their network. To provision,
monitor, and manage network elements, IMC provides a broad set of features
across the Fault, Configuration, Accounting, Performance, and Security (FCAPS).
IT administrators can use IMC to perform a wide variety of network management
tasks across their heterogeneous networks. IMC supports HP and third-party
devices for:
Discover and topology
Monitoring and performance management
Data center orchestration
Bulk configuration, configuration backup, and restore
HP IMC: open and extensible APIs

HP IMC is based on service-oriented architecture (SOA) and uses a business
application flow model as the core. This enables its modular, on-demand design
and its integration of separate network management tools.
The eAPIs are an extension of HP IMCs open and extensible platform and can be
used to share this SOA platform with an organizations homegrown and in-house
applications. Developers can write their programs only once to interface with IMC,
instead of many times to integrate with the operating system of each third-party
device on their network. By integrating with IMC, developers can ensure their
applications work with all the aggregated network data collected by the
management platform. This allows the IT administrator to control the entire mixed
network from a single management tool.
The eAPIs further extend the openness of HP IMC. Third-parties are now able to
access and control functions that were only available from a CLI interface, or only
from the IMC interface. The eAPIs help extend the value of IMC beyond the
network operations center to other parts of the business.
The eAPIs are designed to be developer friendly. They include more than 200 pre-
defined calls with error codes and input variables for accessing IMC functionality.
The eAPIs can be used to tap into IMCs range of features: device configuration
and monitoring, change management, resource management, user management,
alarm, logging, performance and analysis, virtual LAN management, quality of
service (QoS) management, asset management, virtual management, and
reporting. For each of these areas, the eAPIs have anywhere from 15 to 35
procedural calls that allow read-and-write functionality.
The eAPIs enable organizations to provide new services to their customers and
add new capabilities to their devicesand the IT staff can do it with the speed and
efficiency they have never had before.
Providing a path to the cloud

The eAPIs play a crucial role in automating the orchestration of enterprise
networks for virtualization and cloud computing. They are part of the HP Virtual
Application Networks vision of delivering end-to-end network virtualization
2 4 Rev. 14.41
creating a unified platform for the dynamic and rapid deployment of cloud
applications and services.
Virtual Application Networks is enabled by HP IMC VAN Manager Module,
which allows network managers to create consistency, reliability, and
repeatability across the entire network infrastructure.
Virtual Application Networks enables administrators to create programmable
and agile networks that are automatically orchestrated to streamline
operations.
Virtual Application Networks is the next logical step in the path to the cloud.
Customers are able to focus less on managing network infrastructure and
more on connecting users to applications.
Extending HP IMC with RESTful eAPIs

The eAPIs are a representational state transfer (RESTful) implementation of Web
services and uses a SOAP/XML interface. At the heart of the eAPIs is a data
abstraction layer that is leveraged by the eAPIs to cohesively manage a mixed
network environment (see Figure 2-2). The REST-style Web services enable third-
party developers to create applications that interface and leverage IMC services,
including those for HP Virtual Application Networks.
Figure 2-3. eAPI integration across IMC.
The eAPIs enable integration of virtual machine edge profile administration and
control. Cloud orchestration is enabled using IMC with VAN Policy Engine to
deploy HP Virtual Application Networks. Organizations can rapidly and dynamically
connect users to applications and services while eliminating device-level
management. RESTful eAPIs enable external access to HP Virtual Application
Networks functions from cloud and network orchestration frameworks. They allow
network and enterprise IT administrators to programmatically access, configure,
provision, and manage connection resources in conjunction with virtual machine
operations.
Note
REpresentational State Transfer (REST) is a style of software architecture
for distributed systems such as the World Wide Web. REST has emerged over
the past few years as a predominant Web service design model.
Rev. 14.41 2 5
Integration scenarios: how IMC and eAPI can benefit you

Organizations can use the eAPIs to develop customized management solutions for
their enterprise. They can be used for internal development to create new services
for easier network management or for building out new capabilities for third-party
networking devices.
Networking hardware manufacturers: Security appliances, load balancers,
and other networking devices connect to the physical network, collect data
about the network, and send it to IMC. Hardware manufacturers can use the
eAPIs to develop applications for their devices to work more effectively and
send comprehensive information to IMC.
For example, an intrusion prevention system (IPS) captures data about traffic
that travels through the network core, but wont necessarily collect information
about traffic that stays on the edge of the network. The eAPIs can get
information logged in IMC from switches and provide this to the IPS, which
makes the IPS more likely to catch security threats across the enterprise.
Internal IT shop: Organizations with growing enterprise networks often need
to manage a wide variety of equipment. The eAPIs let internal IT shops freely
develop applications to make their enterprise networks more agile without
having to interface directly with myriad networking equipment.
For example, an internal IT shop could use the eAPIs to create an IT help
desk system that lets everyone in IT connect to the network, see network
status information, and configure certain parameters on network devices. This
could be useful for provisioning network connections for new users, or
creating new VLANs anywhere on the enterprise network. Internal IT shops
can use the eAPIs to grab traffic analysis and network performance data from
IMC and visualize it in any way that makes sense for their business needs.
Cloud service provider: The HP Virtual Application Networks-related eAPIs
allow cloud service providers to rapidly deploy cloud services. System
administrators can speed the deployment of new virtual machines and
orchestrate VM migrations without compromising connectivity. Administrators
can deploy the VMs directly from their cloud management systems, which can
now interface with the HP Virtual Application Networks eAPIs.
Service providers and networking hardware manufacturers writing to IMC eAPIs
can be supported by the HP AllianceONE program for improved competitive
advantage, easier collaboration, and greater exposure to HP sales, channel
partners, and customers. AllianceONE gives you the framework, tools and
resources you need to have a successful collaborative relationship with HP.
HP IMC & eAPIs: efficient, fast, simple

HP IMCcoupled with the new eAPIsgive IT administrators more control and
deeper insight into their enterprise networks than ever before. IT works more
efficiently, faster, and with less complexity when network management is unified in
a single-pane-of-glass management platform.
HP IMC eAPIs support the growing DevOps movement, which encourages better
communication and collaboration among applications development and IT
2 6 Rev. 14.41
operations teams. The eAPIs can be used by organizations of all sizes to meet the
fundamental goal of DevOps: to develop applications that perform better and meet
intended business and service-level requirements.
HP IMCs single-pane-of-glass management platform forms the basis of HP
FlexManagement Solutions that converge network management and network
orchestration. Its also at the heart of HP FlexNetwork Architecture, an open and
standards-based way to build a scalable, secure, agile, and consistent enterprise.
Note
The Extended APIs are included with the Enterprise Platform and are an
optional license upgrade for the Standard Platform. Comprehensive coverage
Rev. 14.41 2 7
SNMP overview
Figure 2-4. SNMP overview.
Simple Network Management Protocol (SNMP) is an "Internet-standard protocol

for managing devices on IP networks." Devices that typically support SNMP
include routers, switches, servers, workstations, printers, modem racks, and
more." It is used mostly in network management systems to monitor network-
attached devices for conditions that warrant administrative attention. SNMP is a
component of the Internet Protocol Suite as defined by the Internet Engineering
Task Force (IETF).
An SNMP-managed network consists of three main components:
Managed device
Agent software which runs on managed devices
Network management station (NMS) software which runs on the manager
A managed device is a network node that implements an SNMP interface that
allows unidirectional (read-only) or bidirectional access to node-specific
information. Managed devices exchange node-specific information with the NMSs.
Sometimes called network elements, the managed devices can be any type of
device, including, but not limited to, routers, switches, firewalls, VoIP phones, IP
video cameras, computer hosts (PCs, laptops, and servers), and printers, to name
a few.
An agent is a network-management software module that resides on a managed
device. An agent has local knowledge of management information and translates
that information to or from an SNMP specific form.
A network management station (NMS) executes applications that monitor and
control managed devices. NMSs provide the bulk of the processing and memory
resources required for network management. One or more NMSs may exist on any
managed network.
SNMP itself does not define which information (which variables) a managed
system should offer. Rather, SNMP uses an extensible design, where the available
information is defined by management information bases (MIBs). You can manage
the switch via SNMP from a network management station running an application
such as Intelligent Management Center (IMC).
2 8 Rev. 14.41
To implement SNMP management, the networking devices must have an IP

address, and any intermediate filtering devices must allow the SNMP traffic
between the managed devices and the NMS.
SNMP provides the following five basic operations:
Get operation: The Get operation is a request sent by the NMS to the agent to
retrieve one or more values from the agent.
GetNext operation: The GetNext operation is a request sent by the NMS to
retrieve the value of the next OID in the tree.
Set operation: The Set operation is a request sent by the NMS to the agent to
set one or more values of the agent.
Response operation: The Response operation is a response sent by the agent
to the NMS.
Trap operation: The Trap operation is an unsolicited response sent by the
agent to notify the NMS of the events occurred.
The NMS sends the first four kinds of packets to UDP port 161, and the agent
sends traps to UDP port 162. By using two different port numbers, a single device
can act as an agent and an NMS at the same time.
Rev. 14.41 2 9
SNMP versions 1 and 2c
Figure 2-5. SNMP version 1 and 2C.
SNMP version 1 (SNMPv1) is the initial implementation of the SNMP protocol.

SNMPv1 operates over protocols such as User Datagram Protocol (UDP), Internet
Protocol (IP).
Version 1 has been criticized for its poor security. Authentication of clients is
performed only by a "community string", in effect a type of password, which is
transmitted in clear text.
SNMPv2 revises version 1 and includes improvements in the areas of
performance, security, confidentiality, and manager-to-manager communications.
However, the new party-based security system in SNMPv2, viewed by many as
too complex, was not widely accepted by networking vendors.
As presently specified, SNMPv2c is incompatible with SNMPv1 in two key areas:
message formats and protocol operations. SNMPv2c messages use different
header and protocol data unit (PDU) formats from SNMPv1 messages. SNMPv2c
also uses two protocol operations that are not specified in SNMPv1.
WARNING
Common strings for read are public and write for private. GET
requests need read privileges. SET requests need write privileges. If
forced to use SNMPv1 or v2c, you should change these strings to
something less obvious; however, remember that these two versions of
SNMP send the community strings in clear text and thus are susceptible
to eavesdropping in the network.
2 10 Rev. 14.41
SNMP version 3
Figure 2-6. SNMP version 3.
By adopting User-based Security Model (USM) and View-based Access Control

(VACM) technologies, SNMPv3 enhances security. USM offers authentication and
privacy functions; while VACM controls users access to specific MIBs.
USM introduces the concepts of username and group. You can set the
authentication and privacy functions. The former is used to authenticate the validity
of the sending end of the authentication packets, preventing access of illegal
users; the latter is used to encrypt packets between the NMS and Agent,
preventing the packets from being intercepted. USM ensures a more secure
communication between SNMP NMS and SNMP Agent by authentication with
privacy, authentication without privacy, or no authentication no privacy.
VACM defines the five elements: groups, security level, contexts, MIB views, and
access policy. These five elements together control users access to management
information. Only a user with access rights can manage the objects. You can
define different groups on the same SNMP entity; these groups are bound with
MIB views. In addition, you can define multiple users in one group. When a user
accesses the management information, he can access only the objects defined by
the corresponding MIB view.
HP networking devices supports SNMPv1, SNMPv2c, and SNMPv3. To make
SNMPv1 and SNMPv2c compatible with SNMPv3, you can configure group, user
and view for these two versions. In this case, you only need to configure the
parameter settings of the community name on the NMS as the username
configured on the device. You can enable multiple SNMP versions on the device at
the same time, but you need to make them consistent with those on the NMS.
Rev. 14.41 2 11
Management information base
Figure 2-7. Management information base.
SNMP allows for a Network Management System (NMS) to access variables held
in structures known as Management Information Bases (MIBs). MIBs use a
hierarchical namespace containing Object Identifiers (OID). These OID variables
provide configuration and performance data on the operation of the managed
device. MIB hierarchy defines what variable is being requested (GET) or modified
(SET).
For example, IMC can be used to modify the sysname/ hostname of a device
using SNMP with proper privileges (read and write). For this happen, the SysName
variable would need to be modified using proper credentials and an SNMP SET
command. The MIB identifier number and MIB variable name for SysName are:
1.3.6.1.2.1.1.5
ISO.ORG.DOD.INTERNET.MGMT.SYSTEM.SysName
GET requests are more common and used to poll the equipment to gather data
about the managed device. For a GET or SET request to function, the SNMP
community strings must be configured in the SNMP agent on the managed device.
The SNMP agent is typically a daemon running SNMP in the Network Operating
System (NOS) and configured via Command Line Interface, CLI.
SNMP has gone through versions to improve functionality with version 2c
(SNMPv2c) adding security and GET BULK requests to handle more information
at a time rather than every possible MIB being queried uniquely.
SNMPv3 added to the security model by creating groups of users defining what
could be accessed and enabling integrity and complete encryption of the SNMP
packet.
2 12 Rev. 14.41
Collection units and managed devices
Figure 2-8. Collection units and managed devices.
The load on an IMC server is measured by the number of operators connected

and collection units. In measuring load on an IMC server, polling for performance
data is a major contributor. Collection units (CUs) are basic measure of how much
CPU, memory and disk I/O will be required. Performance data is polled by default
every 5 minutes. These values can be modified globally and per device. Typically
in high CPU environments polling for configuration data can be reduced for a
majority of the equipment except those that take priority, such as core equipment.
Disk I/O should also be well understood with large amounts of CUs collected
faster disks are required. IMC doesnt define how disks are setup but does require
that throughputs be maintained for expected number of operations.
The iMC Solution Deployment and Planning Guide documents serve as an
important reference for planning the server hardware capabilities required for a
successful IMC installation. Two tables (Tables 2-1 and 2-2) from this document
have been added to the Student Guide for this course.
IMC uses polling with defaults to query performance data every 5 minutes and to
check the device configuration every 2 hours. The measure of load placed on the
server by this data collection is measured in collection units. Each MIB of data
gathered in a 1 minute polling period is counted as a collection unit.
Rev. 14.41 2 13
Table 2-1. 64-bit Windows environment (recommended)
Management scale System requirements (minimum)

Max. CPU (main Java Disk space for Disk space for
Node Collection Mem
online frequency heap installation data storage
count units 2.5 GHz) ory
operators size (imcInstallDir) (imcDataDir)
0 to 0 to 5K 20 30GB
2-core CPU 4GB 2GB 3GB
200 5K to 50K 10 60GB
200 to 0 to 10K 30 50GB
4-core CPU 8GB 2 GB 3GB
1K 10K to 100K 10 100GB
1K to 0 to 20K 30 60GB
2K 20K to 200K 10 200GB
2K to 0 to 30K 40 80GB
5K 30K to 300K 20 250GB
5K to 0 to 40K 50 16-core 100GB
32GB 12GB 7GB
10 K 40K to 400K 20 CPU 300GB
10K~1 0~40K 50 24-core 200GB
64GB 16GB 10GB
5K 40K~400K 20 CPU 600GB
CAUTION:
To improve the I/O performance, follow these guidelines:
If the number of collection units is from 100 K to 200 K, install two or more disks and a RAID card
with a cache of 256 MB or more.
If the number of collection units is from 300 K to 400 K, install four or more disks and a RAID card
with a cache of 1 GB or more.
HP recommends you to set the RAID level to 5, which needs three or more disks. If you use more than
four disks, HP recommends you to set the RAID level to 0+1.
2 14 Rev. 14.41
Table 2-2. 64-bit Linux environment (recommended)
Management scale System requirements (minimum)

Disk space
Max. CPU (main Java Disk space for
Node Collection Mem for data
online frequency heap installation
count units 2.5 GHz) ory storage
operators size (imcInstallDir)
(imcDataDir)
0 to 5K 20 2-core 30GB
0 to 200 6GB 2GB 3 GB
CPU
5 K to 50 K 10 60GB
0 to 10 K 30 4-core 50GB
200 to 1K 12GB 4 GB 3 GB
10K to 100K 10 CPU 100GB
0 to 20 K 30 6-core 60GB
1K to 2K 16GB 6 GB 4 GB
2 K to 200K 10 CPU 200GB
0 to 30 K 40 8-core 80GB
2K to 5K 24GB 8 GB 5 GB
30K to 300K 20 CPU 250GB
5K to 0 to 40 K 50 16-core 100GB
32GB 12GB 7GB
10K 40K to 400 K 20 CPU 300GB
0~40K 50 24-core 200GB
10K~15K 64GB 16GB 10GB
40K~400K 20 CPU 600GB
CAUTION:
To improve the I/O performance, follow these guidelines:
If the number of collection units is from 300 K to 400 K, install four or more disks and a RAID card
with a cache of 1 GB or more.
HP recommends you to set the RAID level to 5, which needs three or more disks. If you use more than
four disks, HP recommends you to set the RAID level to 0+1.
Rev. 14.41 2 15
Limitations of SNMP and needs for other protocols
Figure 2-9. Collection units and managed devices.
SNMP has limitations when managing a network, as shown in the table in Figure
2-9. Because of these limitations, other networking protocols are necessary to
complement SNMP.
For example, there is not an SNMP OID for every device event type that you want
to measure or view, and this can vary from vendor to vendor. Because of this
limitation, you need to the ability to capture any event that occurs on a device,
which can easily be done by using syslog. IMC supports syslog server functions
and can perform this role.
Likewise, there is not an SNMP MIB for every configurable option for a managed
device; therefore, scripting capabilities are needed so that the SNMP management
station can remotely log into the device (using telnet or SSH) and perform the
necessary configuration. IMC supports telnet and SSH access for the configuration
of non-SNMP configurable commands and parameters.
When generating SNMP traps, having the correct date and time is crucial in
understanding when an event occurred or if there is a correlation between multiple
events occurring in a network. NTP is required for this purpose on your networking
devices.
Last, there is no SNMP MIB/OID to perform configuration backups and restores or
operating system upgrades and downgrades. This requires the use of two
protocols. First the network management station needs to remotely login into a
device using telnet or SSH. Secondly, the file must be transferred across the
network using a file transfer protocol, like TFTP, FTP, or SFTP. IMC supports these
functions with built-in scripting.
2 16 Rev. 14.41
Technical design
Figure 2-10. Technical design.
IMC uses a Service-Oriented Architecture with the concept of layers to provide

functionality and separation of tasks.
The Service Presentation and Basic Presentation Layers provide the interface
that operators access and utilize to manage and configure IMC base and its
many modules.
The Message Communication Bus with its Java based Unified Web SDK is
the method that notifications are published and subscribed to the GUI and
how configurations are pushed into the IMC configuration files.
The Service Logical Layer (SLL) and Common Service Unit (CSU) are the
middleware that remove the business logic from the presentation. These two
components are at the heart of IMC and tie together they may disparate
functions. FCAPS is handled by CSU and allows for it to be maintained in a
Database.
The Data Abstraction layer using JDBC (Java Database Connectivity) allows
for IMC to converse with different databases that support JDBC. Further it
uses standard protocols to talk to resources to gather data that is to be
processed by SLL and CSU for presentation to the administrator.
Rev. 14.41 2 17
IMC requirements
Figure 2-11. IMC software requirements.
The above figure shows the supported operating systems that IMC can be
deployed on (it can even run as a virtual machine [VM]) and the supported
databases. IMC does support an internal database, but in medium-to-large scale
networks, an external database product must be used to support a large number of
managed devices. VM support is on VMWare Workstation 6.5, 9.0, and 10.0 and
VMWare ESX 4.x and 5.x.
Note
The minimum hardware requirements are based on many different factors,
including the IMC software package you choose to install, the number of
managed devices and monitored OIDs, they type of installation (like
centralized and distributed), and etcetera. Please refer to the installation guide
for IMC 7.0 for further details.
2 18 Rev. 14.41
Deployment models
Figure 2-12. Deployment models.
IMC provides different models for deployment to allow for scalability. In general,
the database server is on a remote server. While IMC can be installed in
virtualized environments, recognize that existing design recommendations are
made for physical servers. In virtual environment deployments, ensure the
guidelines for number of CPUs, memory and disk space allocated are followed.
The protocols used are defined in tables in later pages of this section.
Rev. 14.41 2 19
Centralized model
Figure 2-13. Centralized deployment model.
Central deployments are best suited to a small number of nodes to be managed.

All components are on one server, reducing support and maintenance.
The demo should only be used for assessment and not production, because
assessment is looking to gather data, not manage. Best practice is to separate the
database from the Base platform install.
Note that scalability is sacrificed when using a centralized deployment, but it is
suited for smaller environments.
Centralized Deployment of IMC:
Total number of nodes to be managed by IMC is < 5,000
Majority of managed nodes are in 1 location
Number of collection units is less than 400,000
Number of operators accessing IMC is < 50
Note
The demo software is for install on Windows Server (preferably Windows 2008
R2) and contains the MS SQL 2008 Express which has a 10GB data limit and
accessibility to only 1 CPU and 1GB of data.
2 20 Rev. 14.41
Distributed model
Figure 2-14. Distributed deployment model.
Distributed deployments still run with a single, central IMC installation or

instance. The differentiator is that certain IMC modules, processes or functions
are distributed to one or more separate, slave servers. This distribution of work
and load has performance and scalability benefits while retaining a single master
IMC instance.
Rev. 14.41 2 21
Hierarchical model
Figure 2-15. Hierarchical deployment model.
Hierarchical is used in large deployments where polling would overwhelm a single

server and/or to separate administrative groups in charge of IMC. Parent/Child
terminology is used to identify the IMC Base Platform server acting as the Parent
and those acting as Children (the servers that obey the command or control of the
Parent).
The example in this slide includes two Children in Domains B and C that upload
data to their Parent in Domain A. In other words, North Americas 5,000 nodes and
Europes 5,000 nodes are polled by their local IMC servers. These local (Child)
servers feed data to the HQ Parent, which does no polling but handles all the
reporting and alarms globally. Operators can access the local/ child platform to
manage day to day tasks. The HQ platform is used to provide consolidated
reporting.
Hierarchical deployment of IMC:
Total number of nodes managed by IMC > 5,000
Nodes to be managed are located in multiple, geographically dispersed
locations
When operators using IMC are geographically dispersed
Number of collection units > 400,000
Number of operators accessing IMC > 50
2 22 Rev. 14.41
Hybrid model
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 2-16. Hybrid deployment model.
ith
w
Hybrid allows for the distribution of load across servers and can be used in either
rt
Central or Hierarchical. Many of the IMC modules are best managed if they are
pa
loaded on separate servers and can even have separate DBs (but that is not best
in
practice). In the example above we show that NTA is deployed separately with a
or
Dig Server to gather traffic flow data and process it. By separating the NTA server
le
from the Base Platform server, the Slave NTA server can fully utilize its servers
ho
processing capabilities.
w
in
A Dig Server is able to see data from a port mirror and consolidate into traffic flow
n
information for NTA to graph the results. Dig Servers are used when the devices
ctio
do not support a Traffic Flow protocol such as NetStream/NetFlow/IPFIX or sFlow.

du
ro
ep
Master < - - - > NTA Slave NTA Slave < - - > Dig Server
R
.
ly
on
TCP 61616 TCP 20

s
er
TCP 8800 TCP 21

d
ol
TCP 8051 UDP 18801

eh
ak
TCP 9099
St
&L
UDP 18802
C
P
UDP 18803
H
Rev. 14.41 2 23
IMC protocols and ports
d.
te
bi
i
oh
pr
is
on
Figure 2-17. IMC ports and protocols.
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
Figure 2-18. IMC ports and protocols (cont.).

le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
Figure 2-19. IMC ports and protocols (cont.).

C
P
The ports and protocols defined in Figure 2-17, 2-18, and 2-19 are used by IMC,
H
based on the deployed model. The importance of these ports and protocols is that
if an intermediate firewall sits between the different components in the network
management architecture (NMA), youll have to notify your firewall administrator to
allow the necessary ports in order for NMA to operate correctly.
2 24 Rev. 14.41
Databases and high availability
d.
te
ibi
oh
pr
is
on
si
is
m
Figure 2-20. Databases and high availability.
er
tp
IMCs dbman tool allows for backups to be made of the database and used to
ou
restore the database. In a single install of IMC, the remote database is backing up
ith
the configuration with another DB. This DB runs a scripted or manual process to
w
load the IMC database. Dual installs require purchase of licenses for another IMC
rt
install that has its own database that is using dbman to capture backups of the
primary IMC DB and uploaded. pa
in
or
All configuration changes are made on the Primary until failure. The devices must
le
be configured to send SNMP traps and Syslog to both IMC installs to achieve High
ho
Availability (HA) operation.

w
in
Since both Single and Dual require backups to be restored via automatic or
n
manual processes, data can be lost back to the time of the last backup. Though
tio
not documented, the Dual can be modified to use a SAN with the DB on it and
c
du
accessed by two separate IMC servers. The SAN functionality would allow for
ro
either IMC install to be immediately available upon failure of the other (without
ep
need to restore the DB).

R
.
ly
Important
!
on
The importance of good redundancy cannot be overstressed. The Dual design

s
is preferred over the single design because if there Primary IMC server fails,
er
you dont want to create issues for your networks. For example, if the IMC
d
ol
primary server fails, users wont be able to authentication to the network and
eh
thus wont be able to access the network. A good redundant design, with quick
ak
failover, is criticial.
St
&L
C
P
H
Rev. 14.41 2 25
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
2 26 Rev. 14.41
IMC Product Overview

Module 3
Objectives
This module introduces the IMC products and modules. This course is based on
d.
version 7.0 of IMC: some items have changed from version 5.x to 7.0. The look-
te
and-feel is similar between the two versions, but there are differences, including
bii
licensing, which are pointed out in this module.
oh
pr
Here are the topics covered in this module:
is
Describe the IMC 7.0 platform portfolio
on

si
Describe the licensing used in IMC 7.0
is
m
Provide an overview of the modules available for IMC 7.0
er

tp
Provide an overview of the new features in IMC 7.0
ou
ith
Understanding how the IMC components provide a cohesive solution
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 1
IMC product portfolio: comprehensive

management capabilities
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 3-1. IMCs comprehensive management capabilities.
w
rt
The IMC platform provides for a variety of functions in FCAPS out of the box.
pa
Using a Service Oriented Architecture (SOA), these functions provide operators
in
with services acting on resources managed by IMC. Operators are users of IMC
or
that implement and maintain the IMC solution.

le
ho
The main services are:

w
Alarms, Intelligent Configuration Center (iCC)

in
n
Compliance Center
c tio
VLAN manager
du
ro
ACL manager
ep
Network assets
R

.
ly
Performance Management
on
Security Control Center

s
er
d
Additional add-on modules bring additional services operators can use to manage,
ol
monitor and configure resources. The additional modules tie into the IMC platform
eh
and cannot be installed without access to the IMC platform.

ak
St
&L
C
P
H
3 2 Rev. 14.41
Main IMC platforms
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 3-2. Main IMC platforms.
w
rt
HP IMC has historically been offered in two platform editions:
pa
Standard and Enterprise. With the release of IMC 5.2, HPs introduced a Basic
in
edition.
or
The new Basic edition is a feature-limited edition, for smaller customers, with
le
ho
limited network management requirements. The main goal of Basic is to provide

w
customers with the ProCurve Manager (PCM+) product (which is end-of-sale) an

in
option to migrate to the IMC platform with minimal expense. IMC Basic comes in
n
two flavors:
c tio
IMC Basic Software Platform

du
ro
IMC Basic WLAN Manager Software Platform - same as Basic, with

ep
added Wireless Management capabilities

R .
Table 3-1 summarizes the differences between the three IMC platforms.
ly
on
Table 3.1 Main IMC platforms.

s
er
Feature Basic Standard Enterprise

d
ol
Managed SNMP Nodes 50 (maximum) 100 (base, expandable) 200 (base, expandable)
eh
Managed wireless APs 50 with Basic WLAN 0 base, need license for 0 base, need license for
ak
Manager (expandable) WSM WSM

St
Fault management Yes Yes Yes

&L
Performance Yes Yes Yes

management
C
Reporting Yes (Basic) Yes (basic, custom Yes (basic, custom

P
H
reporting requires iAR reporting requires iAR

license) license)
Configuration Basic (no compliance Yes Yes
management management)
WLAN monitoring Yes with WLAN version With WSM license With WSM license
Netflow/sFlow sFlow only (max 24 hours 0 base, can add NTA 2 devices base, can add
of data) license more with NTA license
Embedded DB Yes, Windows only Yes, Windows only No
External DB Yes Yes Yes
Syslogs No Yes Yes
Rev. 14.41 3 3
Service Monitor No Yes Yes

Security Control Center No Yes Yes
ACL management No Yes Yes
Virtual Connect No Yes Yes
Customized functions No Yes Yes
Virtual Network No Yes Yes
Management
Hierarchical monitoring No Yes (can be lower tier) Yes
eAPI No With license Yes
d.
Additional modules None Yes Yes
te
bi
i
oh
IMC Basic
pr
is
HP IMC Basic Software Platform is next-generation network management software
on
with unified resource and device management. IMC Basic software is designed for
si
is
simplicity and ease of use, and offers many capabilities that make it an ideal
m
choice for small- to medium-sized businesses with small network environments
er
tp
that need single pane of glass visibility into their network infrastructures.
ou
IMC Basic software supports the management of HP and third-party devices, and
ith
is compatible with Microsoft Windows and Linux operating systems. The
w
software has a fixed-device limit of 50 nodes.
rt
pa
Centralized deployment for small network environments
in
HP Intelligent Management Software (IMC) cohesively integrates fault
or
management, element configuration, and network monitoring from a central

le
vantage point; built-in support for third-party devices enables network

ho
administrators to centrally manage all network elements with a variety of

w
automated tasks, including discovery, categorization, baseline configurations,

in
and software images; the software also provides configuration comparison

n
tio
tools, version tracking, change alerts, and more

c
du
Centralized deployment model IMC Basic software delivers an extensive

ro
set of capabilities for managing small heterogeneous networks and is

ep
designed for simplicity and ease of use

R
.
Rich resource management IMC software provides powerful network

ly

on
discovery and topology, including a detailed inventory of the network and

s
highly accurate depictions of how it is configured; supported views include

er
Layer 2 and 3, and the ability to create custom views like a dashboard
d
ol
homepage; customization enables administrators to organize and control the

eh
network infrastructure based on their preferred organizational model

ak
St
Flexible, centralized reporting simplifies an organization's report

&L
administration; flexible historical reports provide the information needed for

C
network trend analysis and capacity planning, and offer predefined reports or
P
customization options to define parameters; reports can be viewed in a

H
number of formats, including .pdf and .xls, and can be sent automatically via
email, or be scheduled to run at a set timeframe
Integrated sFlow traffic analysis using the integrated sFlow traffic
analysis, the system can collect flow information from sFlow-capable devices;
through traffic analysis, IMC Basic software can help identify network
bottlenecks, recognize anomalous traffic, and pinpoint varying levels of
bandwidth traffic for different services and applications
3 4 Rev. 14.41
IMC mobile application IMC software provides a new mobile application

for the iPhone and the Android operating system; this provides administrators
with the flexibility to monitor the network while they are away from their offices
Telnet/SSH proxy with the Telnet/SSH proxy, an administrator can use a
browser to remotely access and manage devices through Telnet/SSH without
installing a Telnet/SSH tool on the PC client used to access the device; this
promotes secure and controlled access to devices while providing an audit of
changes made on any device
d.
te
Traffic topology is based on the network's physical topology and enables
ibi
users to view the traffic conditions of various links
oh
pr
Performance monitoring IMC Basic software provides new ways to view
is
interface performance data; includes four interface performance views: TopN,
on
trend analysis, summary data, and at a glance; the GUI is flexible and allows
si
for instant viewing, switching between multiple views, and quick access to the
is
m
various interface performance summary views
er
Network data collection generates, packages, and sends archived
tp

ou
information about your network, device, or IMC Basic software to the
ith
appropriate HP Networking support or sales organizations in one simple step;
w
this feature gathers the data you selected and then generates reports and
rt
data files containing the relevant information; finally, it delivers the reports to
pa
your selected destination, either by email, FTP, SFTP, or to a file location
in
or
The new Basic edition is a feature-limited edition, for smaller customers, with
limited network management requirements. The main goal of Basic is to provide
le
ho
customers with the ProCurve Manager (PCM+) product (which is end-of-sale) an

w
option to migrate to the IMC platform with minimal expense. IMC Basic comes in
in
two flavors:
n
tio
IMC Basic Software Platform

c
du
IMC Basic WLAN Manager Software Platform - same as Basic, with

ro
added Wireless Management capabilities

ep
R.
ly
IMC Standard
on
s
er
HP Intelligent Management Center (IMC) Standard Edition Software is a

d
standalone, comprehensive management platform that delivers integrated,

ol
eh
modular management capabilities across fault, configuration, accounting,

ak
performance, and security needs. IMC Standard Edition is designed on a service-

St
oriented architecture (SOA) using a business application flow model as the core to
&L
allow the management of resources, services, and users to be fully integrated.

C
IMC Standard Edition allows an enterprise business to grow its management in

P
scale and seamlessly accommodate new technologies. Using an SOA, IMC is

H
capable of including additional modules to the base platform to provide deeper

functionality. IMC supports the management of HP and third-party devices and is
compatible with Microsoft Windows and Linux operating systems. IMC
Standard Edition comes with an initial license for 50 managed devices. Additional
node licenses are available to extend the node limit.
Rev. 14.41 3 5
Features include the following:

HP Intelligent Management Center (IMC) Standard Software
Cohesively integrates fault management, element configuration, and
network monitoring from a central vantage point
Built-in support for third-party devices enables network administrators to
centrally manage all network elements with a variety of automated tasks,
d.
including discovery, categorization, baseline configurations, and software
te
images
bi
i

oh
IMC software provides configuration comparison tools, version tracking,
pr
change alerts, and more
is
Modular architecture new modules can be added to enrich network
on
management capabilities; modules for user access management, VPN
si
is
management, and traffic analysis can be quickly added to provide instant
m
benefits; the architecture allows modules to share information and provide
er
collaborative policy creation and reports
tp
ou
Live update enhancements IMC Standard Software now provides
ith
notification and download availability of the latest IMC patches as well as new
w
firmware version releases for HP devices
rt
Virtualization management pa
in
HP IMC software is one of the first management tools to integrate
or
management and monitoring of both virtual and physical networks

le
ho
Provides insight and management of virtual networks and reduces

w
migration complexity by aligning and automating network policies with

in
n
virtual images
tio
Supports VMware, Hyper-V, and KVM; IMC Virtual Network Management

du
software also supports automatic tracking of the network access port of

ro
virtual machines
ep
R
Highly flexible and scalable deployment models IMC Standard Software

.
ly
delivers an extensive set of capabilities for managing large heterogeneous

on
networks and provides scalability and high availability through a flexible

s
distributed deployment model; with its modular design, IMC software can be
er
d
deployed across multiple servers to provide increased scalability and

ol
resilience
eh
ak
NEW Rich resource management IMC software provides powerful

St
network discovery and topology, including a detailed inventory of the network

&L
and highly accurate depictions of how it is configured; supported views include

C
Layer 2 and 3, as well as VLAN topology and the ability to create custom
P
views like a dashboard homepage; customization enables administrators to

H
organize and control the network infrastructure. IMC now supports multi-
device context and Intelligent Resilient Framework.
Flexible, centralized reporting centralized report management simplifies
an organization's report administration; the software's flexible historical reports
provide the information necessary for network trend analysis and capacity
planning, and offer predefined reports or customization options to define
parameters; reports can be viewed in a number of formats, including .pdf and
3 6 Rev. 14.41
.xls, and can be sent automatically via email, or can be set to run on a
particular schedule
Access control list management IMC software simplifies the definition,
deployment, and control of ACLs with effective policy-based control of network
security and quality of service (QoS) across an organization's network
infrastructure; ACL rule optimization helps ensure efficient use of ACL
resources on devices
d.
Identification and access management with the addition of the optional
te
IMC User Access Manager (UAM) module, the system implements unified and
ibi
centralized access management, supporting access through authentications,
oh
including LAN, WAN, WLAN, and VPN; it supports strong authentication using
pr
smart card, certificate, and others, and supports various methods for endpoint
is
access control and identity-based network services that efficiently integrate
on
the management of user resources and services
si
is
Compliance Center the Compliance Center feature associates compliance
er
policies with devices that need to be checked; the compliance check function
tp
can promptly fix configuration and security problems in the network; if
ou
incorrect configurations are found, the data for the specific device and the
ith
configuration error are included in the Compliance Center report; IMC now
w
includes predefined policies for the Compliance Center as well as alarm
rt
pa
generation when devices fail compliance checks
in
Virtual Connect support IMC software supports add/remove connections
or
for Virtual Connect Manager and displays the connect information from the
le
device detail page

ho
w

in
for the iPhone and Android operating systems; the app offers administrators
n
increased mobility by allowing them to monitor the network while away from
ctio
their offices
du

ro

ep

R
.
ly
promotes secure and controlled access to devices while providing auditing of

on
changes on any device

s
Unified Task Management and Wizard Center the IMC Wizard Center
er
feature services many of the configuration wizards found within IMC software,
ol
eh
such as quick start and the third-party device configuration wizard; new to this
ak
release is Unified Task Management, a section that hosts all tasks within IMC
St
software
&L
NEW Traffic topology based on the network's physical topology, it enables

C
users to view the traffic conditions of various links; utilizes IMC geo-location
P
H
data to automatically derive and place topographic maps

Customized functions and third-party device support IMC Standard
software extends device management and configuration functions; users can
either extend an existing function to support third-party devices by compiling
interactive scripts and XML files, or customize a function by compiling
interactive scripts, XML files, and UI configuration files
Rev. 14.41 3 7
Performance views
IMC software provides new ways to view performance data: TopN, trend
analysis, summary data, and at-a-glance
The GUI is flexible and allows for instant viewing, switching between
multiple views, and quick access to the various performance summary
views
Security Control Center the Security Control Center (SCC) can be used
d.

te
to define policies and enforce device settings consistently on selected
bi
devices; you can also use policies to manage VLANs and VLAN port settings
i
oh
or automatically apply a configuration template on newly discovered devices;
pr
you can configure policies to send alarms when device configurations become
is
noncompliant
on
Network data collection network data collection generates, packages,
si

is
and sends archived information about your network, device, or IMC software
m
er
to the appropriate HP Networking support or sales organizations in one simple
tp
step; this feature gathers the data you selected and generates reports and
ou
data files containing the relevant information; it delivers the reports to your
ith
selected destination by email, FTP, SFTP, or to a file location
w
Service Monitor use the Service Monitor feature to monitor the availability
rt

pa
and responsiveness of common network services via probes that you
in
configure; the probes reside on local and remote IMC software agents and
or
test services from servers and devices that you select when configuring the
le
probes
ho
w
in
IMC Enterprise
n
c tio
HP Intelligent Management Center (IMC) Enterprise Edition is a standalone,

du
comprehensive management platform that delivers next-generation, integrated,

ro
modular network management capabilities that efficiently meet the needs of

ep
advanced, heterogeneous enterprise networks. IMC Enterprise Edition is designed

.R
on a service-oriented architecture (SOA) using a business application flow model

ly
on
as its core and featuring an on-demand, modularized structure. The allows the
efficient implementation of end-to-end business management, while IMC
s
er
software's modular design allows for the effective integration of traditionally

d
ol
separate management tools. Together, they provide complete management of

eh
resources, services, and users. The software is compatible with Microsoft

ak
Windows Server and Linux operating systems and supports the management of
St
HP and third-party devices. The base license supports 200 managed devices.
&L
Additional node licenses can be purchased. Two nodes of Network Traffic Analyzer
C
are also included.

P
H
Features include the following:

Highly flexible and scalable deployment models IMC Enterprise
software delivers an extensive set of capabilities for managing large networks,
and supplies a greater level of scalability and high availability through a
flexible distributed deployment model than is the case with IMC Standard
software deployments; IMC software can be deployed across multiple servers
in a hierarchical architecture to provide increased scalability and resilience
3 8 Rev. 14.41
Intelligent management
cohesively integrates fault management, element configuration, and
network monitoring from a central vantage point
with support for third-party devices, IMC software enables network
administrators to centrally manage all network elements with a variety of
automated tasks: discovery, categorization, baseline configurations and
software images, and others
d.
te
IMC software provides configuration compare tools, version tracking,
ibi
change alerts, and more
oh
pr
Modular architecture optional modules can be added to enrich network
is
management capabilities; modules for user access management, VPN
on
management, and traffic analysis can be quickly added and provide instant
si
benefits; the architecture allows modules to share information and provide
is
m
collaborative policy creation and reports
er
eAPI library to integrate third-party applications The IMC eAPI library
tp

ou
utilizes a RESTful implementation for simplified integration with HP and third-
ith
party applications. Over 200 eAPI calls are available in the library, which is
w
included with IMC Enterprise software
rt
Live update enhancements IMC Enterprise software now provides
pa

notification and download availability of the latest IMC patches as well as new
in
firmware version releases for HP devices
or
le
NEW Virtualization management

ho
HP IMC software is one of the first management tools to integrate

in
management and monitoring of both virtual and physical networks

n
tio
provides insight and management of virtual networks and reduces

c
du
migration complexity by aligning and automating network policies with

ro
virtual images
ep
supports VMware, Hyper-V, and KVM; IMC Virtual Network Management

R
.
software also supports automatic tracking of the network access port of

ly
on
virtual machines
s
NEW Rich resource management IMC software provides powerful

er
network discovery and topology, including a detailed inventory of the network

ol
and highly accurate depictions of how it is configured; supported views include

eh
Layers 2 and 3, as well as VLAN topology and the ability to create custom
ak
St
views like dashboard homepage; customization enables administrators to

organize and control the network infrastructure. Supports Multi Device Context
&L
and Intelligent Resilient Framework.

C
P
Flexible, centralized reporting centralized report management simplifies

H
an organization's report administration; flexible historical reports provide the

information necessary for network trend analysis and capacity planning, and
offer predefined reports or customization options to define parameters; reports
can be viewed in a number of formats, including .pdf and .xls, and can be sent
automatically via email, or can be scheduled to run on a set timeframe
Rev. 14.41 3 9
Access control list management IMC software simplifies the definition,

deployment, and control of ACLs with effective policy-based control of network
security and quality of service (QoS) across an organization's network
infrastructure; ACL rule optimization provides efficient use of ACL resources
on devices
Identification and access management the system implements unified
and centralized management for access, supporting access through
authentications, including LAN, WAN, WLAN, and VPN; it supports strong
d.
te
authentication using smart card, certificate, and others, and supports various
bi
methods of endpoint access control and identity-based network services that
i
oh
efficiently integrate the management of user resources and services
pr
Compliance Center the Compliance Center feature associates compliance
is

policies with devices that need to be checked; the compliance check function
on
can promptly fix configuration and security problems in the network; if
si
is
incorrect configurations are found, the data for the specific device and the
m
configuration error are included in the Compliance Center report; IMC now
er
tp
includes predefined policies for the Compliance Center as well as alarm
ou
generation when devices fail compliance checks
ith
Virtual Connect support IMC software supports add/remove connections
w
for Virtual Connect Manager and displays the connect information from the
rt
pa
device detail page in
or
for the iPhone and Android operating systems; this app offers administrators
le
increased mobility by allowing them to monitor the network while away from
ho
their offices
w
in
Extensible platform and module services IMC software has an open

n
platform to support a service-oriented architecture (SOA); features within the

c tio
software can be integrated with third-party software, utilizing the available

du
APIs
ro

ep

.
ly
on
promotes secure and controlled access to devices while providing auditing of

s
changes on any device

er
d
Unified Task Management and Wizard Center the IMC Wizard Center is
ol

eh
a section that services many of the configuration wizards found within IMC
ak
software, such as quick start and the third-party device configuration wizard;
St
new to this release is Unified Task Management, which is a section that hosts
&L
all tasks within IMC software

C
Traffic topology based on the network's physical topology, it enables

P
H
users to view the traffic conditions of various links; utilizes IMC geo-location
data to automatically derive and place topographic maps
Customized functions and third-party device support IMC Enterprise
software extends device management and configuration functions; users can
either extend an existing function to support third-party devices by compiling
interactive scripts and XML files, or customize a function by compiling
interactive scripts, XML files, and UI configuration files
3 10 Rev. 14.41
Performance enhancement
IMC software provides new ways to view performance data: TopN, trend
analysis, summary data, and at-a-glance
The GUI is flexible and allows for instant viewing, switching between
multiple views, and quick access to the various performance summary
views
Security Control Center the Security Control Center (SCC) can be used
d.

te
to define policies and enforce device settings consistently on selected
bi
devices; you can also use policies to manage VLANs and VLAN port settings
i
oh
or automatically apply a configuration template on newly discovered devices;
pr
you can configure policies to send alarms when device configurations become
is
noncompliant
on
Network data collection network data collection generates, packages,
si

is
and sends archived information about your network, device, or IMC software
m
er
to the appropriate HP Networking support or sales organizations in one simple
tp
step; this feature gathers the data you selected and generates reports and
ou
data files containing the relevant information; it delivers the reports to your
ith
selected destination, either by email, FTP, SFTP, or to a file location
w
Service Monitor use Service Monitor to monitor the availability and
rt

pa
responsiveness of common network services via probes that you configure;
in
the probes reside on local and remote IMC software agents and test services
or
from servers and devices that you select when configuring the probes
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 11
Other IMC Platforms
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 3-3. Other IMC platforms.
ith
w
rt
IMC Basic WLAN Manager in
pa
HP Intelligent Management Center (IMC) Basic WLAN Manager Software Platform
or
provides unified management of wired and wireless networks, adding wireless

le
network management functions into existing wired network management systems.

ho
w
in
IMC Basic WLAN Manager software offers wireless LAN (WLAN) device
n
configuration, topology, performance monitoring, RF heat mapping, and WLAN

tio
service reports. It facilitates centralized control over your midsize or small wired
c
du
and wireless network to reduce the time needed to deploy configuration changes,
ro
as well as helps provide uniformity throughout your wired and WLAN

ep
infrastructure.
.R
ly
IMC Basic WLAN Manager software supports the management of HP and third-
on
party devices, and is compatible with Microsoft Windows and Linux operating
s
systems. The software comes with a fixed-device limit of 50 nodes and includes a
er
d
50-node license of HP IMC Wireless Services Manager (WSM).

ol
Intuitive, easy-to-use interface

eh
ak
Unified wired and wireless network management

St
Range of topology management modes

&L
Low maintenance costs and low TCO

P
H
Unified resource and device management
IMC Smart Connect Virtual Appliance Software

HP Intelligent Management Center (IMC) Smart Connect Virtual Appliance
Software offers a comprehensive bring your own device (BYOD) solution with easy
onboarding, provisioning, and monitoring of users and clients. With this software,
HP moves beyond the basic BYOD requirements of identity-based access by
3 12 Rev. 14.41
offering a comprehensive solution that includes single policy enforcement and

converged network management across wired and wireless environments. Unified
BYOD monitoring further enables administrators to plan for capacity and comply
with regulatory requirements.
Identity-based access, advanced device profiling, and real-time traffic
quarantining
Converged network support with universal policies for all wired and wireless
d.
devices
te
bi
Seamless policy enforcement based on user and/or device
i
oh
Unified monitoring of BYOD traffic and user behavior
pr

is
Simplified deployment and configuration
on
The IMC Smart Connect Virtual Appliance makes it easy for customers to deploy
si
is
BYOD. It includes IMC Standard and IMC User Access Management to provide full
m
network management and smart network access capabilities to solve your BYOD
er
tp
initiatives.
ou
Combines IMC Smart Connect and IMC Smart Connect w/WLAN Manager:
ith
Secure user authentication, advanced device profiling and real-time traffic
w
quarantine
rt

pa
Centralized authentication, authorization and accounting support
in
Seamless policy enforcement across wired and wireless infrastructures from
or

HP or other vendors
le
ho
Comprehensive network management with 3rd party network support

w
in
Unified wired and wireless management with IMC Smart Connect w/WLAN
n
Manager
ctio
du
ro
HP IMC Smart Connect with Wireless Service Manager

ep
Virtual Appliance Software

R .
ly
on
HP Intelligent Management Center (IMC) Smart Connect w/WLAN Manager Virtual

Appliance Software offers a comprehensive bring your own device (BYOD)
s
er
solution with easy onboarding, provisioning, and monitoring of users and clients.
d
ol
With this software, HP moves beyond the basic BYOD requirements of identity-
eh
based access by offering a comprehensive solution that includes single policy

ak
enforcement and converged network management across wired and wireless

St
environments. Unified BYOD monitoring further enables administrators to plan for

&L
capacity and comply with regulatory requirements.

C
Identity-based access, advanced device profiling, and real-time traffic

P
quarantining
Converged network support with universal policies for all wired and wireless
devices
Seamless policy enforcement based on user and/or device
Unified monitoring of BYOD traffic and user behavior
Simplified deployment and configuration
Rev. 14.41 3 13
IMC Smart Connect w/ WLAN Manager Virtual Appliance builds on top IMC Smart
Connect by unifying the management of wired and wireless networks.
Combine IMC Smart Connect and IMC Smart Connect w/WLAN Manager:
Secure user authentication
Advanced device profiling and real-time traffic quarantine
Centralized authentication, authorization and accounting support
d.
Seamless policy enforcement across wired and wireless infrastructures from
te
HP or other vendors
bi
i
oh
Comprehensive network management with 3rd party network support
pr
Unified wired and wireless management with IMC Smart Connect w/WLAN
is
Manager
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
3 14 Rev. 14.41
Licensing:
IMC 7.0 License Restructuring
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 3-4. IMC 7.0 license restructuring.
ith
w
HP has changed the license allocations and block sizes for IMC. Previously IMC
rt
Standard came with 100 nodes included in the base license, while IMC Enterprise
pa
came with 200 nodes. The smallest additional license block was 100 nodes. That
in
has now changed both Standard and Enterprise ship with 50 nodes, and you can
or
buy 50-node blocks. NTA (NetFlow/sFlow) licenses previously started at 10 nodes,

le
ho
now they start at 5 nodes.

w
The new IMC version 7.0 will be easier to purchase. This brings two key changes:
in
n
Reduction in the number of SKUs

c tio
Shift from user-based licensing to concurrent licensing

du
ro
To help you better understand this, heres some background information:

ep
IMC utilizes three different models for licensing: node-based, user-based, or

R.
perpetual. The licensing model used for a particular module depends on the
ly
on
modules capabilities.
s
Node-based: Entitles device or node to be managed by IMC

er
User-based: Entitles named user/device to be managed by IMC

ol

eh
Perpetual: One-time license fee for module entitlement

ak

St
See Table 3-2 for more information.

&L
Table 3-2. IMC 7.0 licensing.

C
P
New product and/or license

H
License model Current product structure

structure
Defined node count packages Single package SKU with a node count
Node-based of different sizes with volume of 50 licenses with volume discounts
discounts built into SKUs applied at time of purchase.
Single package with a node count of 50
User-based License for each named user
licenses and concurrent licensing
Perpetual License package for a flat fee No change
Rev. 14.41 3 15
The customer will order the base IMC platformeither a Standard or Enterprise
versionwhich equals 50 nodes, and then purchase additional IMC 50-pack
nodes to meet the required number of managed nodes. All modules with the
exception of NTA will also start with a base license with 50 license pack add-ons
available. With NTA, the base license is for 5 nodes with each add-on providing an
additional 5 nodes.
Figure 3-5 and 3-6 illustrate how much easier it is to order IMC 7.0: fewer SKUs
equates to an easier process for ordering what you need.
d.
te
bi
Over 200 to less than 50
i
oh
pr
is
on
Affected SKUs
si
is
Base platform products Campus/Branch General
m
er
IMC Standard User Access Manager Application Performance Mgr
tp
IMC Enterprise Endpoint Admission Defense IPSec VPN
ou
IMC Smart Connect User Behavior Analyzer MPLS VPN
ith
Wireless Services Manager Network Traffic Analyzer
w
BIMS TACACS+ Authentication Mgr
rt
pa
in
Figure 3-5. IMC 7.0 has fewer SKUs.
or
The ordering process for IMC 5.2 could be cumbersome to identify which SKU or
le
ho
SKUs to order with over 200 SKUs available to enumerate all the module and
w
licensing options. With IMC 7.0, the process has been streamlined with fewer than
in
50 SKUs required to provide all the ordering options for the base IMC product,
n
add-on modules and licensing add-ons.

c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Figure 3-6. Fewer SKUs equates to an easier ordering process.
3 16 Rev. 14.41
With IMC 7.0, the full product can be purchased and licensed using only 2 SKUs.
Select the SKU for your base product (Standard or Enterprise) and add a single
SKU to add-on licensing for the appropriate number of managed devices. Rather
than different SKUs for each quantity, a single 50 device add-on license SKU is
now used with the customer specifying how many 50 packs to order to meet their
full managed device licensing needs.
To these two SKUs, you select and order the additional add-on module SKUs
desired for your installation.
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 17
Pricing changes and licensing
d.
te
i bi
oh
pr
is
on
si
is
m
Figure 3-7. Pricing changes and licensing.
er
tp
Pricing has been updated to reflect changed node counts. This means that starting
ou
points are much lower, particularly for Enterprise. Steps are smaller too, but the
ith
overall costs are the same if you previously needed say 400 nodes, the overall
w
price will be the same but you might be able to get away with buying 350 nodes,
rt
pa
instead of 400. It gives you just a little more flexibility.
in
See Figure 3-8 for an example on volume price breaks for additional nodes. A
or
quantity of 10 add-on license packs ordered during a single transaction would

le
result in a 33.3% discount off of the per node list price. Volume discounts are
ho
calculated at time of purchase based on the quantity of licenses ordered. Note that
w
the discount rate on a prior purchase cannot be applied to future purchases.

in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
Figure 3-8. IMC 7.0 pricing breaks on volume purchases.

P
H
3 18 Rev. 14.41
UAM licensing: concurrent users
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 3-9. User licensing in IMC 7.0.
ou
ith
UAM licensing has also changed: it is licensed based on concurrent users, not
w
users in the database. This can have a very large impact on your required license
rt
pa
numbers. in
Figure 3-9 illustrates on the user licensing is changing from IMC 5.2 to 7.0. IMC
or
5.2 would require a license for each user in the database whether or not that user
le
was actively connected to the network. In 7.0, licenses are tracked based on
ho
concurrent usage of actual, current device connections to the network. If the same
w
user has three devices authenticated to the network at the same time, this now
in
counts as using three licenses. However, users and devices not connected to the
n
tio
network do NOT count against the concurrent license count.

c
du
Figure 3-10 illustrates the flexibility of concurrent licensing. With the existing
ro
structure, each member of a 100 user organization would require a license to

ep
access the network. However, not all 100 licenses are used at the same time,
R
because employees access the network at different times. With a shared pool of
.
ly
licenses, concurrent licensing enables the organization to serve the same 100-
on
person population with just 5067 licenses.

s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 19
Changing from total (named) users to concurrent users

Concurrent licensing model Benefits
Simpler
Shared No need for named users
User
licenses license Less cost
pool Flexible for guest access
d.
te
i bi
oh
Affects User Access Manager,
pr
User Behavior Auditor and
is
Endpoint Admission Defense
on
si
is
m
er
Figure 3-10. UAM 7.0 provides greater flexibility with concurrent licensing.
tp
ou
Figure 3-11 explains the process of migrating from user to concurrent licensing.
ith
w
Concurrent licensing
rt
I plan on pa will be automatically
in
purchasing
or
upgraded upon
additional user
le
registration of
ho
licenses
w
additional licenses
in
n
c tio
du
ro
I dont plan on Must request an

ep
purchasing
R
upgrade to concurrent
.
ly
additional user
on
licensing (next slide)

licenses
s
er
d
ol
eh
ak
Figure 3-11. How do I get concurrent licensing.

St
&L
This new structure will allow greater flexibility around licensing; multiple license
C
packs can be combined and installed on a single server or they can be split across
P
multiple IMC servers.

H
Customers who have purchased licenses prior to the change will be entitled to the
number of licenses they have already purchased.
3 20 Rev. 14.41
Customers who have purchased user-based licenses will be at an advantage

because the number of licenses that they have purchased prior to the change will
be converted to concurrent licenses.
Customers who have already purchased unlimited licenses will be able to keep
their unlimited licenses when they upgrade to IMC 7.0, however, unlimited licenses
will no longer be sold with IMC 7.0.
Note
d.
Unlimited licensing is no longer being sold in IMC 7.0; however customers that
te
bi
have previously purchased unlimited licensing in IMC 5.2 will still retain their
i
oh
unlimited licensing when upgrading to 7.0. More information on IMC 7.0
pr
licensing can be obtained from the IMC Product Restructuring FAQ:
http://www8.hp.com/h20195/v2/GetPDF.aspx%2Fc03897281.pdf.
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 21
IMC Modules
IMC Modules Overview
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 3-12. IMC modules overview.
w
rt
pa
There are 19 modules that are licensed separately from IMC base platform. The
in
Single licensing can be applied to existing base platform node licensing and
or
provide additional functionality for the nodes managed. Tiered licensing requires
le
separate licenses and can be purchased to cover all the nodes in the base
ho
platform or subset.
w
An example of Tiered licensing is NTA. NTA is licensed per node that will be
in
n
providing traffic flow information to be gathered and displayed.

c tio
The slide above is a listing of licensing for available IMC modules. Below is a
du
description of the modules by function or where they fall within the FCAPS model.
ro
ep
FAULT
R
Many of the modules add new alarms and thresholds for measurement
.
ly
on
CONFIGURATION
s
er
WSM Wireless Services Manager

d
ol

eh
BIM Branch Intelligent Management

ak
QoS Quality of Service

St

&L
RSM Remote Site Manager

C
MVM MPLS VPN Manager

P
H
IVM - IPSec/VPN Manager

VAN Virtual Applications Network Manager (Connection Manager,
Fabric Manager, and SDN Manager)
eAPIs external Application Programming Interfaces
3 22 Rev. 14.41
ACCOUNTING
Many of the modules add to reporting.
UBA User Behavior Analyzer
IAR Intelligent Analysis Reporter
SOM Service Operation Management
d.
PERFORMANCE
te
bi
NTA Network Traffic Analyzer
i
oh

pr
SHM Service Health Manager
is
APM Application Performance Manager
on
si
SECURITY
is
m
UAM User Access Manager
er
tp
EAD Endpoint Admission Defense
ou

ith
TAM TACACS Authentication Manager
w
The remaining slides in this section provide additional details on the role, function
rt
or application of each IMC module.
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 23
Application Performance Management (APM)
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
Figure 3-13. APM module.
ith
w
Application Performance Manager (APM) is an IMC module that allows
rt
administrators to visualize and measure the health of critical business applications
pa
and their impact on network performance. With the available data, you can easily
in
determine which business process is affected and which application issues to
or
prioritizeall leading to quick and effective troubleshooting. The comprehensive

le
monitoring and management that APM provides includes fault management, and
ho
performance monitoring of application servers, servers, and databases.

w
Applications can easily be discovered by APM, and administrators can be informed

in
of application issues through generated alarms. As with many of IMC modules,

n
tio
APM provides comprehensive reporting features.

c
du
Application health and performance monitoring

ro
ep
Automatic discovery of applications

R
Fault management for monitored applications

.
ly
on
Comprehensive reporting of monitored objects

s
er
Features of APM include:

d
Flexible deployment architecture leverages two mechanisms to monitor

ol

eh
and manage applications: agent and agentless; the agent is installed on

ak
servers to provide feedback to IMC, while the agentless mechanism uses

St
CLI/telnet for monitoring servers

&L
NEW Comprehensive monitoring functions monitors all kinds of

C

applications and servers, including the following: Apache/IIS Web servers,
P
H
Microsoft .NET/JBoss/Tomcat servers, operating systems, databases, email

servers, and network services; provides a global view for the entire service
infrastructure. Adds the Linux/Unix application monitoring indexes, including
the system version, iNode, zombie process, session information, and volume
group.
3 24 Rev. 14.41
Troubleshooting and analysis includes several tools to help

administrators identify issues quickly and equip administrators to address
problems by providing root cause analysis; administrators can set threshold
values for monitored parameters; alarms are generated if the set value
exceeds the threshold
Comprehensive reporting all monitored data is available for reporting;
reports can be generated at specified intervals and can be output in a variety
of formats
d.
te
Resource manager and network topology provides integrated
ibi
application and network management
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 25
Network Traffic Analyzer (NTA)
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
Figure 3-14. NTA module.
ith
HP IMC Network Traffic Analyzer (NTA) Software Module is a graphical network-
w
monitoring tool that provides network administrators with real-time information
rt
pa
about users and applications consuming network bandwidth. A reliable solution for
in
enterprise and campus network traffic analysis, it defends the network against
or
virus attacks and applies varying levels of bandwidth traffic to different services
le
and applications. The IMC NTA software module's network bandwidth statistics
ho
help plan, monitor, enhance, and troubleshoot networks, as well as identify

w
bottlenecks and apply corrective measures for enhanced throughput. The software
in
also monitors Internet egress traffic, helping administrators to analyze the

n
tio
bandwidth usage of specific applications and monitor the impact of non-business

c
applications (e.g., network games) on user productivity. Granular, network-wide

du
surveillance of complex, multilayer switched and routed environments helps rapidly

ro
identify and resolve network threats.

ep
R
Real-time monitoring of database space

.
ly
on
Automatic generation of four types of reports

s
Uses instruments embedded in switches/routers

er

d
ol
Support for sFlow, NetFlow, and NetStream

eh
Granular insight of applications, users, and ports

ak

St
Features of NTA include:

&L
Network-wide surveillance The Network Traffic Analysis (NTA) module for

C
IMC provides visibility of complex multilayer switched and routed

P
H
environments, delivering the rapid identification and resolution of any threat to

the network; this information allows administrators to enforce security policies,
identify suspicious behavior quickly, respond to security threats, provide
quality of service, account for network usage, and reduce network costs.
Intelligent traffic analysis Automatically generates a traffic baseline from
general network usage. With this baseline, NTA can find abnormal network
usage and send an alarm to the administrator.
3 26 Rev. 14.41
Advanced application and protocol mapping NTA will break down your
network traffic into applications you can recognize by providing insight into top
application usage and reports for in/out/total bandwidth organized by source,
destination, protocol, application, and application groups.
NEW In-depth visibility Provides both quick-glance reports for a better
understanding of the bandwidth utilization in your network as well as the ability
to drill-into data for more thorough analysis. It can also automatically discover
the interfaces sending traffic.
CAPEX reduction Network Traffic Analyzer enables you to monitor and
enhance network usage without acquiring additional bandwidth at tremendous
cost savings, including understanding under and over-saturated areas of the
network and application usage.
NEW Virtualization Monitor HP IMC Virtualization Monitor Software
(vMon) is an IMC module that supports port running features for any switch or
hub in physical and virtual environments. It allows IT departments to analyze
network traffic and track security information. IMC vMon software is vendor
agnostic it is not dependent on vendor-specific devices.
Rev. 14.41 3 27
Unified wired and wireless access control
Figure 3-15. Unified wired and wireless access control with UAM and EAD.
UAM provides a RADIUS server and integration into Active Directory (AD) or LDAP
allowing for user logins to be handled to access the network via 802.1X. With EAD,
policies can be enforced on end clients with iNode client installed.
Integrated and Collaborative
Unified network and user policy management, from the device to the data
center
Pervasive Security
Heterogeneous device support
Client-based and Clientless device authentication
Greater Visibility and Control
Stricter access control through policy options
Blacklist, resource and bandwidth monitoring, & logging
Scalable services
Native interoperability between modules i.e. ACL Manager, User
Behavior Analysis module, and etcetera.
Works with 3rd party push software
3 28 Rev. 14.41
User Access Manager (UAM)
Figure 3-16. UAM module.
How does this endpoint compliance process work?

1. [Build Discover] The first step in this process is for the access point to
discover the device attempting access.
2. [Build Enforce] From there, the solution can apply an integrity check to
determine if the endpoint is compliant with current security policy.
3. [Build Remediate] If out of policy, the system can be quarantined, remediated
or given federated access to the LAN.
4. [Build Monitor] It is also important to have ongoing checks to ensure that if a
security event occurs, the system can be discovered/remediated at a
subsequent time.
These steps ensure compliance on contact, but also the ability to have an ongoing
connection to that endpoint.
HP IMC User Access Management (UAM) Software supports user identity
authentication based on access policies associated with infrastructure resources
such as routers, switches, and servers. IMC UAM software extends management
to wired, wireless, and remote network usersenabling the integration,
correlation, and collaboration of network device management and user
management on a single unified platform. This solution provides a full-featured
RADIUS server that supports centralized authentication, authorization, and
accounting management of endpoints that connect and use network services. IMC
UAM software helps reduce vulnerabilities and security breaches.
UAM features include:
Centralized access user management provides centralized policy
creation to set the appropriate access rights for each type of user and device
across the network; access-user-related management functions are integrated
into a user-friendly interface for easy operation; user management includes
authentication binding policy, security policy, and access control policy;
additionally, policies can be set for concurrent sessions and proxy servers
NEW Centralized resource management of devices and users provides
centralized maintenance of basic user information, such as name, contact
information, and user group; this supplemental information function allows
Rev. 14.41 3 29
user data to be customized as needed, such as student ID and grade for

campus networks, or department and title for enterprise networks. Also
supports multiple instances of the HP Intelligent Management Center User
Access Management (UAM) Software under a single IMC Platform instance.
Endpoint identity provides identification of all endpoints across the
network with centralized access policies; the module leverages existing user
directories and groups, including support for Active Directory, LDAP, and
RADIUS; in addition to user name credentials, smart card and certificate
authentication are supported; an administrator can set devices/users into roles
for specifying access levels; in addition, UAM administrators can be assigned
to set policies only for specific roles
Device fingerprinting network-agnostic device fingerprinting capabilities
based on HTTP+MAC+DHCP device recognition
Auto-MAC registration Simple Network Access Control (SNAC) enhanced
with auto-MAC registration capabilities
Integration of device and user management administrators can view
users by different categories, such as location (access device), which
improves troubleshooting and reporting, and can select a device and perform
access operations like dropping a user; any online user can view details (e.g.,
alarms, performance) of the access device, reducing help desk calls;
integrating network device and user data into a common interface simplifies
deployment and aids in both device and user management
Multiple access authentication modes HP IMC UAM Software supports
authentication modes like IEEE 802.1X, VPN, portal, and wireless access
identity modes like PAP, CHAP, EAP-MD5, EAP-TLS, and PEAP to fit into
applications with different security requirements; access users can be bound
with hardware information, such as device IP address, access port, VLAN,
user IP address, and user MAC address, to help ensure secure authentication
and prevent account spoofing and illegal access
Various rights control measures for stricter access control policies can
be time or location specific, and can include bandwidth limitations or a set
number of concurrent user sessions; the system can be used to prevent IP
spoofing and address conflicts; to prevent the spread of corporate information
without permission, administrators can disable the use of multiple NICs or dial-
up networks, and monitor or block access to USB or CD drives
Intensive user monitor the powerful blacklist management function helps
administrators blacklist users that have made malicious login attempts, and
track the MAC/IP addresses of such users; administrators can monitor online
users in real time and prohibit unauthorized users from having access;
authentication failures are logged for analysis; in addition, administrators can
notify online users of such things as pending disconnections for system
updates
Flexible adjustment of service and environmental parameters the
system, policy service, running and certificate authentication parameters, user
prompt, client autorun task, and password strategy can all be configured
Integrated access device management the access device configuration
can interact with the IMC Software access control list manager for fast
deployment of user access services; the access devices come with links to
3 30 Rev. 14.41
their details, including the basic information, alarms, and performance;

administrators can view such information by simple clicks; in a topology,
administrators can clearly see the included access devices, view their
information, or click to set an access device to non-access
Selective deployment IMC UAM Software has multiple features to ease
deployment and provide high scalability, including the ability to preconfigure
and deploy IEEE 802.1X supplicant settings and leverage the IMC Platform to
configure access devices; IMC software can aid in phasing implementations
by location, users, and enforcement levels, including different modes such as
monitor, alert, and isolate, to allow an organization to enable access control
features when appropriate
Enhanced user account and device administrator management multi-
language user accounts are now supported; Active Directory (AD) support
includes on-demand synchronization of user accounts based on AD groups
and user authentication against AD; IMC UAM Software provides a
configuration wizard for portal authentication and PEAP authentication against
AD; charts for monitoring UAM Software status can now be customized
IPv6 support for portal authentication IMC UAM Software supports the
IPv6 protocol stack
Troubleshooting tool for user authentication makes troubleshooting
user authentication issues in the UAM module easier; it logs details of the user
authentication process and displays relevant information on the Web page;
with this tool, administrators can trace detailed information to users who try to
access the network
Simple Network Access Control the Simple Network Access Control
(SNAC) solution provides easy-to-use MAC-based authentication with self-
registration, requiring minimal administrative overhead; users can register the
MAC address of their devices to the UAM Software the first instance they
connect to the network; thereafter, MAC authentication will be automatically
performed by the access devices
eAPI for UAM a "restful" API for the IMC UAM Software module has been
provided
Enhancement of LDAP authentication an LDAP user can pre-register an
access user account in IMC UAM Software; the user group could also be
synchronized with the LDAP server and be based on the organizational unit
(OU) in the LDAP server; the service applied to an LDAP user could then be
based on the priority of OU defined by the administrator
SMS support for sending guest user credentials when a guest user
account is created, the credentials may be sent to the user by an SMS text
message
Enhanced IMC iNode client software the IMC iNode client software
supports IPv6, and IEEE 802.1X authentication in wireless scenarios
Customization of client experience Customize portal pages, and
attributes of pages for smart devices. Also create custom pages for smart
devices based on access scenarios, preregistration pages, and self-service
center home page.
Rev. 14.41 3 31
Endpoint Admission Defense (EAD)
Figure 3-17. EAD module.
How does this endpoint compliance process work?

1. [Build Discover] The first step in this process is for the access point to
discover the device attempting access.
2. [Build Enforce] From there, the solution can apply an integrity check to
determine if the endpoint is compliant with current security policy.
3. [Build Remediate] If out of policy, the system can be quarantined, remediated
or given federated access to the LAN.
4. [Build Monitor] It is also important to have ongoing checks to ensure that if a
security event occurs, the system can be discovered/remediated at a
subsequent time.
3 32 Rev. 14.41
EAD: Access control with health checking
Figure 3-18. EAD and access control with health checking.
The EAD policies are based on definitions created by the organization. These
health checks can be up to date software and anti-virus. A PC can be isolated
based on failure and allowed to access software and anti-virus updates. There can
devices with exceptions such as printers and phones. Once a device passes, it
can be assigned to the appropriate VLAN as defined by policy.
Rev. 14.41 3 33
EAD features
Figure 3-19. EAD features.
IMC Endpoint Admission Defense (EAD) Software reduces network exposure by

integrating security policy management and endpoint posture assessment to
identify and isolate risks at the network edge. The security policy component
allows administrators to control endpoint admission based on an endpoint's
identity and posture. If an endpoint is not compliant with software, network assets
can be protected by blocking or isolating an endpoint's access.
EAD reduces the risk of malicious code infections or other security breaches by
detecting endpoint patches, viruses, Address Resolution Protocol attacks,
abnormal traffic, the installation and running of sensitive software, as well as the
status of system services. EAD provides continual monitoring of endpoints. The
software now supports a concurrent licensing model.
Fully integrates all functions
Reduces infection risk of network terminal
Automatically blocks suspicious traffic
Protects sensitive data
EAD management features include:
Endpoint access control and management Endpoint Admission Defense
(EAD) Software supplies control and management of endpoint equipment; this
module requires that a fully licensed version of the IMC User Access
Management (UAM) Software module be installed; the number of licensed
users for EAD software must match the number of UAM licensed users
Enhancement of hierarchy management the root node in the hierarchy
architecture can set security policies for the entire network and distribute the
policies to lower-level nodes; the lower-level nodes can send security and
system status to the parent node, enabling the parent node to monitor lower-
level nodes in real time; reports are also provided to administrators
3 34 Rev. 14.41
Anti-X software policy management the Anti-X checking feature enables

administrators to set an Anti-X checking rule for each security policy made in
IMC, rather than having a single rule for all security policies
IPv6 support EAD policy server and Desktop Asset Management (DAM)
server supports IPv6 communication with endpoints.
COA support EAD supports change of authorization attributes for a
session. This feature offers a quarantine mode for devices, including other
vendor devices.
eAPI for DAM the IMC Extended API suite includes APIs for DAM.
EAD security features include:
NEW Complete security evaluation EAD reduces network vulnerabilities
by determining endpoint compliance to defined policies; security checks can
include anti-virus, anti-spyware, anti-phishing, firewall, required patches, and
hard disk encryption software. EAD supports auto-remediation options with
integration to patch management software like Microsoft Systems
Management Server (SMS)/Windows Server Update Services (WSUS), and
with antivirus software from Symantec, McAfee, and Trend Micro
Endpoint identity EAD software integrates with the UAM module to
leverage existing user directories and groups to aid in the access and posture
of policy creation; in addition to user name credentials, smart card and
certificate authentication are also supported
Integration of user management and device management
Report correlation using the IMC module design, data across modules
can be shared to create richer, more informative reports (e.g., network devices
can display end-user statistics)
Policy correlation in addition to reports, administrators can set policy
based on shared data (e.g., policies or actions can be location specific)
Module correlation network traffic data can be correlated to display user-
specific traffic analysis
Integration of user management and topology management on the
topology map, user management operations are provided in the menus of the
access devices or access terminals (e.g., view user information, disconnect
online users, and perform security checks); this makes user management
more flexible
Desktop asset management (DAM) EAD software supports desktop asset
management features to provide a complete inventory of endpoints; hardware
specifications can be auto-discovered (i.e., CPU, memory), and software
inventory can be completed to generate reports or run queries; in addition,
administrators can set policies to aid in data theft prevention by controlling the
computer peripherals, like USB storage; DAM also includes password and
share controls and power management across endpoints.
Rev. 14.41 3 35
Service Operations Management (SOM)
Figure 3-20. SOM module.
HP IMC Service Operation Management (SOM) Software is a module for the IMC
platform which focuses on operations and management flow to provide full IT
lifecycle management. It allows IT organizations to adhere to ITIL v3.0, including IT
services such as policy design, operation, and improvement.
Through flow management, IMC SOM Software provides controls, measures, and
audit capabilities for configuration changes, fault identification, and recovery.
Based on a unified configuration management database (CMDB), it provides
configurable flows and options for self-service, as well as management of asset
configuration, change, fault events, problem recognition, and auto-generation of a
knowledge base. This capability reduces IT involvement by allowing end users to
recognize known network issues as well as to create and track service requests.
SOM integrates with the HP IMC platform to correlate information about network
performance, traffic flows, and user controls.
Real-time and accurate CMDB
Complete service operation flow management
Integration with alarming
Integration with configuration center
Centralized knowledge base
Features of the SOM module include:
Complete service operation flow management HP IMC Service
Operation Management (SOM) Software provides lifetime management of IT
network operations from ticket creation, status checks, and execution to
resolution, close, and after-audit operations.
Integration with configuration management IMC SOM integrates with
HP IMC configuration management to set control mechanisms and audit
configuration changes. Along with IMC, it supports the automation of process-
driven change management capabilities. By completing the review stage of
the SOM process, in keeping with the trigger operation of IMC configuration
settings, the process can be based on IMC configuration abilities, and
automated or scheduled to fulfill the change after audit.
Integration with alarming IMC SOM integrates with the IMC platform
alarm functions for problem recognition, analysis, and resolution to reduce
maintenance. This provides a closed-loop management of alarms, including
3 36 Rev. 14.41
alarm fixes, scheme design, scheme checks, implementation, and

confirmation. With the reference of a knowledge base and historical schemes,
IMC SOM Software can provide resolution suggestions to reduce break time,
and improve network efficiency, stability, and quality.
Real-time and accurate CMDB IMC SOM Software provides problem
identification, analysis, and problem resolution by organizing IT assets into
logical data types for IT service management. SOM Software uses CMDB and
allows custom extensions of the configuration item (CI) types, as well as the
creation of new CI types such as network assets, desktop assets, software
assets, documents, and service operators.
Flexible and customizable flow management IMC SOM Software
provides flow customization, so that organizations can tailor their operations
management. Based on predefined templates, users can quickly define flows
that are appropriate for their organizations, including the allocation of
priorities, and assign operators to each flow. Customization can also
incorporate script languages to create or customize the flow template.
Centralized knowledge base As resolutions to previous issues are
recorded, IMC SOM Software will generate a knowledge base to provide
quicker problem identification and resolution for future issues. Efficient
knowledge sharing improves productivity and reduces IT involvement.
Service desk enablement The service desk provides a unique interface
between end users and operators to further reduce IT time in operations and
management. Each user can have unique content to both recognize known
issues and to generate, assign, and track service tasks and flows. All IMC
SOM Software functions can be integrated with the service desk.
NEW IMC SOM Software process designer The process designer allows
for customization of the ITIL process template which can be then uploaded to
the IMC SOM Software. It also includes a process design and task design
view.
Rev. 14.41 3 37
User Behavior Auditor (UBA)
Figure 3-21. UBA module.
Many enterprises are facing security threats from their internal networks. Auditing
the online behavior of internal users is an effective way to find and solve such
security threats. To satisfy this need, HP Intelligent Management Center (IMC)
user behavior auditor (UBA) was introduced. It provides a high-performance,
scalable network log audit and analysis solution. UBA provides comprehensive log
collection and audit functions and supports various log formats such as NAT, flow,
NetStreamV5, and DIG. UBA provides DIG logs for you to audit security-sensitive
operations and digest information from HTTP, FTP, and SMTP packets. UBA
provides good scalability, and the behavior audit is based on the IMC platform and
thus adapted to network environment changes. UBA implements user behavior
tracking with the User Authentication Manager (UAM) module.
Distributed architecture
Audit template customization
Export and audit of log files
Flexible filter strategy configuration
Intelligent data storage space management
Features of UBA include:
Service configuration
Probe management
Device management
Server management
Application management
Application identification management
Parameter configuration
3 38 Rev. 14.41
Query and audit

General log audit
NAT log audit
Web log audit
FTP log audit
Email log audit
Template customization
Customized general log audit
Customized NAT audit
Customized Web log audit
Customized FTP log audit
Customized email log audit
Log export
Log export configuration
Log export record query
Log file audit
Filter strategy management Filter strategy contains default policy and
user-defined policy with different filter conditions. If there is no filter condition
match, the log packet is handled by default policy. If a packet matches a filter
condition, it is handled by the dedicated policy. If a log packet matches
multiple filter conditions in different policies, the packet is handled by the
policy with the highest priority.
NEW Device behavior analysis Device behavior analysis including traffic
monitoring and website tracking.
NEW Virtualization monitor HP IMC Virtualization Monitor (vMon)
Software is an IMC software module that supports port running features for
any switch or hub in physical and virtual environments. It allows IT
departments to analyze network traffic and track security information. IMC v
Mon Software is vendor agnostic it is not dependent on vendor-specific
devices.
Rev. 14.41 3 39
WSM module
Unified wired and wireless management
Figure 3-22. Unified wired and wireless management.
HP Intelligent Management Center (IMC) Wireless Service Manager (WSM)

provides unified management of wired and wireless networks, adding network
management functions into existing wired network management systems.
HP IMC WSM offers wireless LAN (WLAN) device configuration, topology,
performance monitoring, RF heat mapping, WLAN intrusion detection and
defense, and WLAN service reports. To help ensure network integrity, IMC WSM
uses both wired and wireless network scans to identify and locate rogue access
points (APs), including the detection of rogue APs that are not in range of your
authorized APs or sensors.
IMC WSM empowers your staff to take the necessary steps to counteract any
threats by detecting wireless attacks and sending alerts about vulnerabilities. It
facilitates centralized control over your wireless network, even if it is
geographically dispersed. This reduces the time needed to deploy configuration
changes and provides uniformity throughout your WLAN infrastructure.
Intuitive, easy-to-use interface
Illegal detection and disposal
Unified wired and wireless device management
Range of topology management modes
Low maintenance costs and low TCO
3 40 Rev. 14.41
WSM module features
Figure 3-23. WSM module.
Here are the features of the WSM module:

NEW WLAN device management IMC Wireless Services Manager (WSM)
software supports the HP MSM series of WLAN devices, including controllers,
fit access points (APs), and fat APs. Cisco wireless infrastructure is supported.
WLAN device management
access controller list
access controller detail information
fit/fat AP list
fit/fat AP detail information
Wireless status view IMC WSM Software displays key information in one
place; for controllers it maintains status on mobility activity, DHCP server,
VPNs, ports, VLANs, IPSec, and RADIUS; for APs, the software provides
details on usage at the client level down to the CPU load level and across
neighbors and local meshes; provides north-south status views (high-level
health down to detailed status of services such as your RADIUS running on
controllers)
WLAN management automatically displays WLAN SSIDs in your network,
compares performance, and relates APs to the WLAN by SSID
Batch configuration wizard the batch configuration wizard can help users
configure the WLAN network step by step, including WLANs, AP groups, and
radio parameters
Topologyaccess controller and fit AP logical topology displays
logical and physical views of WLAN by AP, controller, or WLAN, and view
status as well as detailed information in real time; provides links to quickly
click and find device location
Location views location topology feature shows the physical position for
each AP and supports the JPG/PNG format background image; RF coverage
displays the radio frequency coverage area of each AP to help you locate the
problem of slow access speed or network access failure; you can then
Rev. 14.41 3 41
redeploy APs or adjust radio power or channel parameters to achieve the best
signal coverage with the lowest cost
RF predictor
shows area coverages so you can predict the coverage before buying or
moving APs
antennas shape direct signals so you can play with antenna types and
add in obstacles to plan for best performance
predicts best placement of APs based on scale and obstacles you provide
send and save your RF plan using popular file formats
Client management because connection issues require information about
your client, WSM Software tracks client connection history, and provides top-
down (AP-to-client) and client-to-AP views to ease troubleshooting processes
Performance monitoring IMC WSM Software displays graphs and
performance charts for wireless devices status, wireless alarms statistics,
online client trending, and AP traffic monitoring; users can define tasks to
monitor performance items of interest
WLAN reports provide AP statistics, radio statistics, client statistics, and
traffic statistics
Wireless terminal trace display logs the online and offline records of a
wireless terminal and uses these records to display the movements of the
wireless terminal in the location view
WDS/mesh management WSM Software displays local mesh
neighborhood and local mesh link information
PoE port management to facilitate management, IMC WSM Software can
automatically learn which APs are connected to a switch's PoE ports, enabling
control of those PoE ports; set the fault AP to perform a cold restart, which will
be a fast resume
Google Maps integration with IMC WSM Software support for Google
Maps integration, users can add hotspots to the map, view the number of APs
and clients in the hotspot, and jump to the location topology from the hotspot
to view detailed information
Wireless intrusion detection integration helps manage the intrusion
detection system at the controller level
Support for HP MSM AP radio resource management provides
configuration management of radio resources, including auto power, auto
channel, and scheduling
Location-based services locate MSM APs and connected clients
NEW Real-time Spectrum Guard IMC WSM Software spectrum analysis
scans the 2.4-GHz and 5-GHz frequency bands to detect interferences and
affected channels and to generate real-time spectrum data. Operators can get
the wireless spectrum performance and WLAN security by viewing the current
interference data and real-time spectrum data. Real-time Spectrum Guard
requires a license.
3 42 Rev. 14.41
Virtual Application Networks (VAN) Software-Defined

Networks (SDN) Manager
Figure 3-24. VAN SDN module.
Virtual Application Networks provides a proactive, dynamic, application-aware

provisioning model that aligns with end-to-end IT operations. The components of
VAN are:
The VAN Designer provides the GUI. It enables administrators to define
profiles, which consist of connection characteristics and a policy for VMs. It
also configures and manages edge switches deployed as part of the Virtual
Application Networks.
The VAN Policy Engine stores connection policy information, publishes
connections to the hypervisor, and services/authorizes connection requests.
The VAN plug-in, which is installed on the VM hypervisor manager, integrates
with the VAN Policy Engine and is used by the system administrator to bind
connection profiles to VM interfaces.
Virtual network provisioning requires different resources to interoperate to provide
a service to end users. These points of coordination have different vocabularies
and configuration requirements. The capability offered by VAN Manager eliminates
the need for manual configuration and leverages a template-based approach for
applications and VM connectivity. Server and network administrators can
collaborate and characterize the application, for security, performance and quality
assurance.
These characteristics are defined in a template within IMC. Once the templates are
built for applications or class of applications, next time the server admin ask for
deployment of a new application, network admin can utilize the templates library
and quickly implement the solution touching all the different systems requiring
configuration.
VAN SDN Manager Features

VAN SDN Manager Software monitors and manages all three layers of the SDN
architecture: infrastructure, control and application layers. You will be able to
visualize your software defined-network, including location of the switches- both
physically and logically- relative to the control point of the network. The traffic flow
Rev. 14.41 3 43
across the SDN domain is monitored and represented visually in VAN SDN
Manager Software, enabling fast troubleshooting. IMC Software provides lifecycle
management and monitoring of the HP VAN SDN Controller and provides details
of network service status and OpenFlow related information.
Consistent management experience across traditional and software-defined
networks
Configuration, monitoring and policy management for a software-defined
network
OpenFlow switch management for quick troubleshooting and deployment
Performance management of the control point of your network
Features of VAN SDN include:
OpenFlow network management
Manage OpenFlow resources, flow policies, traffic monitoring, reporting,
troubleshooting, and application management.
Visualize network traffic flows, service quality and SDN application status.
Single click to detailed service management interface from dashboard.
Inventory and monitor network resources. Information reliant on IMC
platform information and other module information.
OpenFlow controller management
Supports single, teamed and redundant controllers.
Displays information such as network service status, OpenFlow device
types, host numbers, flow entry numbers, and VLAN.
OpenFlow device management
Displays all the flow entries, counters, DPIDs, and other OpenFlow
statistics per device.
Locate an OpenFlow device within the network topology.
Service flow management
Enables end-to-end flow deployment from the physical topology
OpenFlow topology
Displays device links, utilization, and nodes accessing the network.
Visualize service over physical and logical links allowing for real-time
monitoring of flow status.
Filter view by controller, application, or flow.
Fault troubleshooting
Monitor topology based faults through faulty link and device positioning.
Display affected hosts and corresponding flow entries.
Analyze flow paths for root-cause detection.
3 44 Rev. 14.41
Determine the root cause of problems with automatic analysis per node
including matching fields, input/output and more.
Service reporting
Provides real time and historical statistics in detailed reports that can be
exported in a variety of reporting formats.
Reports OpenFlow network assets, utilization, flow statistics, fault
statistics and terminal statistic.
Supports reports by tenant allowing for auditing and capacity analysis.
Note
For more information on Virtual Application Networks, visit:
http://h17007.www1.hp.com/docs/interopny/4AA4-3872ENW.pdf.
VAN Networking Fabric Manager Software

HP IMC Virtual Application Networking (VAN) Fabric Manager Software is an IMC
module which simplifies the management of data center and Fibre Channel
Storage Area Networks (SAN) fabrics. It provides a unified view of all of the
network and storage devices in the data center fabric alongside fabric health to
enable quick troubleshooting and pro-active management.
VAN Fabric Manager Software eliminates manual provisioning and allows you to
easily configure Ethernet Virtual Interconnect (EVI), Shortest Path Bridging (SPB)
or TRILL (Transparent Interconnect of Lots of Links) through the same graphical
user interface used to automate, monitor and manage your entire network. You will
gain a better understanding of workload mobility through VAN Fabric Manager
Software since it reports critical information, such as the longest VM duration and
allows you to visualize the migration of VM through the virtualized network. With
an optional add-on license, data center network management can be extended to
physical and virtual FCSANs fabrics with FCoE management, simplifying the
configuration of FCoE in the SAN and vSAN.
Delivers unified SPB and TRILL management
Manages across geographically dispersed data centers (DCI/EVI)
Offers VMware vMotion playback
Provides unified data center bridging (DCB), DCBx, FCoE converged
management
Unified networking and FC SAN fabric management
Edge Virtual Bridging

The emerging Edge Virtual Bridging (EVB; 802.1Qbg) standard addresses
numerous networking-related challenges introduced by server virtualization. Today
well focus on EVBs easiest component: VM provisioning and Virtual Station
Interface (VSI) Discovery and Configuration Protocol (VDP).
Challenge: If you want to deploy virtual machines belonging to different security
zones within the same physical host, you have to isolate them. VLANs are the
most common approach. If you want to migrate a running VM from one host to
another while preserving its user sessions, you usually have to rely on bridging.
Rev. 14.41 3 45
The set of VLANs needed on a trunk link between the hypervisor host and access
switch is thus unpredictable.
Solution #1 (painful): Configure all possible VLANs on the trunk link.
Stretched VLANs spanning the whole data center are an ideal ingredient of a
major meltdown.
Solution #2 (proprietary): Buy access switches that can download VLAN
information from vCenter
Solution #3 (proprietary/future standard): Use Cisco UCS system with VN-
Tag (precursor to 802.1Qbh). UCS manager downloads VLAN information
from vCenter and applies it to dynamic virtual ports connected to vNICs.
Solution #4 (future): Use Edge Virtual Bridging. The emerging Edge Virtual
Bridging (EVB; 802.1Qbg) standard addresses numerous networking-related
challenges introduced by server virtualization. Today well focus on EVBs
easiest component: VM provisioning and Virtual Station Interface (VSI)
Discovery and Configuration Protocol (VDP).
VAN Resource Automation Manager Software

HP IMC Virtual Application Networking (VAN) Resource Automation Manager
Software is an IMC module providing a network fabric orchestration tool for service
application delivery, optimizing the utilization of network resources for specific
cloud-based or virtualized applications or tenants. This tool accelerates the
deployment of applications while tuning the network to provide the best experience
to users without overprovisioning valuable network resources. Converged
infrastructure and cloud management becomes more robust with the end-to-end
infrastructure provisioning and monitoring over the physical and virtual network.
VAN Resource Automation Manager Software has a simple-to-use service model
design tool leveraging a drag-and-drop UI of HP or 3rd party network resources.
You can associate a specific application or tenant, desired network resources and
characteristic for each service model and provision virtual service paths through
the software's orchestration capabilities. The service models allow for repeatable
and consistent experience throughout the network since it can be cloned and
provisioned to other parts of the network
Eliminates manual provisioning of network service parameters across the
network
Simplifies planning, provisioning, monitoring and troubleshooting of
applications
Accelerates deployment of services and applications across the network
Delivers thin provisioning of network resources for services tuned to business
requirements
Provides an easy-to-use service modeling tool with drag and drop UI
3 46 Rev. 14.41
VAN Resource Automation Management includes the following:

Topology driven service creation
Based off of discovered networks.
Network zoned based service models.
Easy-to-use, drag-and-drop user interface for creating service models.
Simulate service models to test and validate service.
Inventory and monitor network resources. Information reliant on IMC
platform information and other module information.
Save service models for repurposing and re-application to other zones.
Thin provisioning
Deploy applications without overprovisioning infrastructure for worst case
usage scenarios.
Provides L2 + L3 connectivity with quality of service.
Allocates network resources from pools on a just-enough, just-in-time
basis this includes bandwidth as well as load balancing services
provided by F5.
Topology independence
Enables free placement of applications and workloads with associated
policies within the network infrastructure.
Removes the complexity and reliance on a per app static network
infrastructure configuration.
Link applications to the required attributes and infrastructure
characteristics instead of tying applications to a VLAN or port.
As applications change or move, underlying infrastructure will dynamically
reflect new characteristics when model is provisioned.
Rev. 14.41 3 47
TACACS+ Authentication Manager (TAM)
Figure 3-26. TAM module.
HP IMC TACACS+ Authentication Manager (TAM) Software is an IMC module that

provides basic authentication, authorization, and accounting functions for network
device or IT users in order to deliver network device management security. TAM,
which utilizes the TACACS+ protocol, can assign users with different privileges,
monitor login and command execution operations, and simplify user management.
TAM works with devices that support the TACACS+ protocol.
Device identification and authentication support
Flexible authorization policies
Comprehensive user and log monitoring
Centralized management of device users
TAM features include:
Support for device identification and authentication
Support for multiple access methods, including Telnet, SSH, and FTP
Support for multiple identity verification methods, including ASCII, PAP,
and CHAP
Support for unified authentication with a LDAP server, Windows domain
server, and third-party LDAP-enabled email system
Flexible authorization policies
Group management of device users allows different user groups to be
assigned with different authorization policies
Shell profiles and command set assignment assigns device users with
different shell profiles and command sets based on scenarios such as
user group, device area, device type, and access period
3 48 Rev. 14.41
Comprehensive user and log monitoring

Comprehensive user monitoring allows administrators to monitor
online users and add malicious users into a blacklist
User monitor and log monitor HP IMC TACACS+ Authentication
Manager (TAM) Software records the authentication, authorization, and
audit logs; all logs can be exported for auditing purposes
Centralized management of device users
Provide group management for device users; allow different users to be
managed by different administrators
Provide batch operations to device users, including file loading, making
changes, making additions to blacklists, and deleting users
Support for synchronizing device user information from LDAP systems;
LDAP synchronization policy can be self-defined; device user information
can be synchronized from LDAP systems via manual or regular intervals
Granular device control
Provide refined control of operator privileges for both assigning the
operator's operation limits as well as providing controls on an operator's
ability to add, delete, change, and check in some functions
TAM device support is vendor agnostic and supports devices that utilize
the TACACs+ protocol
Rev. 14.41 3 49
Qos Manager (QoSM)
Figure 3-27. QoSM module.
HP Intelligent Management Center (IMC) Quality of Service Manager (QoSM)

Software enhances visibility and control over QoS configurations on network
devices and helps administrators focus on QoS service planning and the most
economical and effective use of network resources by providing a rich set of QoS
device and configuration management functions. HP IMC QoS Manager provides
real-time network detection of QoS configurations as it identifies QoS network-
wide configurations, enabling unified management of QoS policies. In addition, it
allows administrators to organize traffic into different classes based on the
configured matching criteria (e.g., IP protocol type) to provide differentiated
services. The software provides insight into committed access rate (CAR), generic
traffic shaping (GTS), priority marking, queue scheduling, and congestion
avoidance, which enables IT staff to more effectively control and allocate network
resources.
Traffic classification in QoS policy
Flexible deployment scheme for QoS policies
Broadcast and multicast support
Automatic topology discovery
Bandwidth-sharing fairness among stations
Features of QoSM include:
NEW Powerful QoS equipment management in combination with the
functions provided with the IMC platform, a QoS-enabled device can be added
to IMC QoS Manager for managing QoS-specific functions. Support for Cisco
devices using IPSLA now available.
Automatic discovery of existing QoS services supplies predefined
service identification character base; the QoS configuration on a device is
automatically obtained by following the configuration guide and is saved on
QoS Manager selectively; the QoS configuration, as a policy that is applied in
a direction of the device interface or VLAN, includes the traffic classification,
traffic behavior, traffic policy, and policy application
3 50 Rev. 14.41
Centralized traffic classification administrators can set traffic

classification policy in which the traffic is classified with certain rules, such as
the source address, destination address, IP protocol, or the port number of the
application; administrators can configure the features such as CAR, GTS,
traffic policy, and WRED to control the data stream and reasonably allocate
network resources; adding, modifying, deleting, copying, and viewing
classification or behavior is available
Diversified QoS deployment guide a traffic policy that is composed of the
traffic classification and traffic behavior is bound to a device interface, VLAN,
or VPN; users can configure different devices according to a deployment
solution; a general QoS configuration and industry-customized QoS
configuration guides are provided, such as VoIP service
Integration of QoS management and network traffic analysis
administrators can clearly understand a network traffic model on the basis of
traffic representation and discover the bandwidth utilization and application
traffic use condition of a network interface or VLAN; according to the result of
traffic analysis, a QoS policy is formulated across the whole network through
the QoS Manager
Integration of QoS management and network configuration the HP
IMC platform provides functions such as automatically performing device
configuration backups at certain times, comparing the startup configuration
with the running configuration of a device, and comparing the history
configuration with the current startup or startup configuration of a device; with
this component, QoS configurations and others can be standardized and
managed uniformly
Rev. 14.41 3 51
IPSec/VPN Manager (IVM)
Figure 3-28. IVM module.
HP IPSec/VPN Manager (IVM) is a module for the HP Intelligent Management

Center (IMC) platform that provides features for all aspects of IPSec VPN
management. HP IPSec/VPN Manager delivers a total VPN solution, which allows
you to construct an IPSec VPN network, effectively monitor the operation and
performance of the VPN network, and quickly locate device faults for full IPSec
VPN lifecycle management. IPSec/VPN Manager expedites IPSec VPN
deployments and displays a graphical VPN topology, VPN channel status, and
other configurable monitors. It is also scalable and can configure and monitor
multiple devices at once.
Reduced VPN setup and management time
VPN performance monitoring
VPN topology chart
Template network domain
DVPN management
The Dynamic Virtual Private Network (DVPN) solution is highly automated,
scalable and secure which is implemented with HP 6600 and 6800 router series,
HP MSR series routers, and Intelligent Management Center (IMC) for single-pane-
of-glass management. This solution scales to over 3000 sites on a single HP
6600/6800 router (DVPN domain) and can easily scale for very large networks with
multiple DVPN domains. HP solution can be implemented on any WAN technology
with the flexibility to lower the cost by using DVPN over lower cost broadband
access.
IPSec VPN has many advantages, but there are numerous configuration options
and devices in an IPSec VPN network. This creates complexities for management,
problem identification, and resolution. There are many configuration commands
and professional parameters that can make VPN deployments challenging. In
some environments, spoke equipment is SOHO or software based and may only
have private IP addresses. Also, running spoke equipment behind NAT may be
unmanageable for typical network management software. HP IPSec VPN Manager
(IVM) is a module for the HP Intelligent Management Center (IMC) platform that
3 52 Rev. 14.41
provides features for all aspects of IPSec VPN management. This includes real-
time and historic status, performance monitors, problem recognition, and
resolution. In addition, IVM expedites IPSec VPN deployments and displays a
graphical VPN topology, VPN channel status, and other configurable monitors. It is
scalable and can configure and monitor multiple devices at once.
Here are some features of IVM:
Reduced VPN setup and management time provides auto-discovery,
d.
automatic performance to monitor thresholds, and a creation wizard to reduce
te
IPSec VPN creation and management; wizards help administrators quickly
ibi
deploy IPSec VPN networks; the wizard is useful for simplifying the creation of
oh
even complicated VPN networks, reducing configuration load and decreasing
pr
maintenance costs
is
on
VPN performance monitoring delivers both historic and real-time status
si
monitoring and alerting; this facilitates the identification of equipment faults or
is
m
areas where data package loss occurs; the software displays information in
er
easy-to-read charts, such as bar charts, pie charts, and Gantt charts, that
tp
display useful information for administrators; uses a virtual spoke to monitor
ou
devices, even when they run behind NAT
ith
VPN topology chart automatically discovers and displays VPN
rt
deployments using a topology view; administrators can view the VPN
pa
deployment, see performance metrics of the device or tunnels, and quickly
in
access configurations from the topology
or
Template network domain allows administrators to create logical domains

le

ho
to distinguish VPNs, which aids in the creation and management of VPNs;

w
includes templates for domain configuration and provides mechanisms to

in
customize domain configurations

n
tio
NEW Dynamic VPN (DVPN) domain management

c
du
Visual DVPN domain plan allows you to plan and edit your DVPN
ro
configuration with topology for routers in the DVPN domain

ep
R
DVPN configuration management allows you to deploy or undeploy

.
ly
a DVPN configuration to routers, or copy the devices' DVPN configuration

on
to IPSec/VPN Manager
s
er
DVPN auto-discovery allows you to discover a DVPN configuration in

d
ol
routers and create a DVPN domain based on the discovery result

eh
NEW DVPN audit

ak

St
DVPN configuration audit allows you to audit routers to determine

&L
whether the device configuration and configuration within IPSec/VPN

C
Manager are consistent

P
H
DVPN tunnels audit allows you to audit the DVPN tunnels to

determine whether the DVPN tunnels are connected
Rev. 14.41 3 53
Service Health Manager (SHM)
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 3-29. SHM module.
tp
ou
HP Intelligent Management Center (IMC) is a modular, comprehensive resource
ith
management platform. With its extensive device support, IMC provides true end-
w
to-end management for the entire network, as well as the entire operation cycle.
rt
pa
IMC Service Health Manager (SHM) is an IMC module that provides end-to-end
in
service monitoring and service assurance through the visualization of
or
infrastructure or network variance/factors that are in the service path. SHM

le
leverages data derived from other IMC components to yield critical performance
ho
metrics. SHM then aggregates key performance indicators (KPIs) to generate key
w
quality indicator (KQI) metrics. KQIs can be modeled to provide a visual

in
representation of service-level agreement (SLA) obligations. With SHM,

n
administrators can visually determine the level of quality for defined services and
c tio
take proactive measures to maintain SLAs.

du
ro
Predefined and custom KPIs

ep
Visual service modeling

.R
ly
Complete NQA link monitoring

on
Comprehensive SHM reports

s
er
Features of SHM include:

d
ol
Predefined KPIs and custom KPIs

eh

ak
Comprehensive KPI collecting predefines five KPIs (device

St
monitoring, interface monitoring, NQA voice, NQA link, and NTA traffic) by
&L
extracting the KPI indexes from all IMC modules (including platform traps,
C
performance, NQA, and NTA) to realize metered definitions of network

P
H
performance
Predefine abundant KQIs allows you to predefine different KQIs,
including device status, interface performance, NQA voice and link quality,
and NTA host traffic
Visual service modeling provides visual SLA modeling tools; allows you
to define the service-related resources, set up a KQI/compound KQI, and then
create evaluation policies to obtain a holistic view of the service
3 54 Rev. 14.41
Complete network quality assurance (NQA) link monitoring

Comprehensive service quality monitoring monitors delay; jitter; packet
loss; and throughput of different services, including voice, video, network
connectivity, and VRF
Multivendor device management
Support for NQA grouping based on service types
d.
Real-time monitoring, audit, and alarm of NQA instances
te

bi

i
Instant management is the core function of NQA and allows you to
oh
configure test period, alarm mode, service level, service class, and device
pr
parameter through instant management
is
on
The real-time audit function helps solve problems when the configured
si
instance cannot collect data normally
is
m

er
The threshold values for alarms
tp
Comprehensive SHM reports includes daily, weekly, monthly, and annual
ou
service health monitoring reports
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 55
Remote Site Manager (RSM)
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
Figure 3-30. RSM module.
ou
ith
The IMC Remote Site Manager (RSM) securely extends the IMC core platform
w
capability to remote sites by deploying remote agents. These remote agents
rt
pa
manage and monitor the remote network, and apply policies and configurations to
the remote network devices on behalf of the central IMC server. The use of agents
in
allows IMC to securely manage remote networks, even in a firewalled
or
environment. Additionally, these local distributed agents increase polling efficiency,

le
ho
allowing you to monitor your network with higher granularity, which provides more
w
accurate and real-time visibility.

in
Comprehensive, efficient remote site management

n
tio
Support for firewalled remote networks

c
du
Isolated local network discovery

ro
ep
Remote site service monitoring

.R
Secure communication to agents with SSL

ly
on
Features of RSM include:

s
er
FCAPS management for each remote agent provides popular network

d
ol
management functions through RSM agents, including resource management,

eh
alarm, configuration, security, performance, and topology

ak
Management of firewalled networks with NAT manages firewalled

St

devices or branch networks with NAT through HTTPS security tunnels
&L
between IMC and a remote agent

C
P
Proxy Telnet/SSH/HTTP through firewall each RSM agent can work as a

H
network management proxy; administrators can access local branch devices

and utilize the proxy RSM agent to bypass the remote firewall; supports
Telnet, SSH, and HTTP
Restrict management and discovery protocols to local networks
allows restriction of network operations (such as network polling, performance
monitoring, and device discovery) and data flows to local networks to achieve
flow separation management from a large-scale network
3 56 Rev. 14.41
Service monitoring uses "Service Monitor" to monitor the availability and

responsiveness of common network services via configurable probes; probes
reside on local and remote IMC agents, as well as on test services from
servers and selected devices; probes can be configured to monitor the
following services: DHCP, DNS, Internet (HTTP), SNMP, RADIUS, and FTP
Support for overlapping domains (duplicate IPs)
Support for grouping devices across multiples remote agents allows
d.
devices to be grouped and managed by multiple RSM agent nodes
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 57
Intelligent Analysis Reporter (IAR)
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
Figure 3-31. IAR module.
ou
ith
HP IMC Intelligent Analysis Reporter (IAR) extends the reporting capabilities within
w
IMC to include customized reporting. These extended reporting capabilities enable
rt
pa
network administrators to perform proper analysis and make informed decisions.
IAR makes customized reporting easy by including a report designer, which can
in
save designs into report templates. Report outputs include a variety of formats,
or
including charts. Reports can be automatically generated at specified intervals and

le
ho
distributed to key stakeholders.

w
In-depth data collection of the network

in
n
Report design tools (templates)

c tio
Report management includes automation/distribution

du

ro
Exports into a variety of formats

ep
R
IAR features include:

.
ly
Powerful report design tools

on
Visual design environment includes drag-and-drop reporting elements

er
such as title and other parameters

d
ol

eh
Extensible report formats supports a variety of table formats

ak
Supported chart types includes bar, pie, Gantt, curve, bubble, ring, and
St
radar charts
&L
C
Intelligent wizards reports can easily be designed with wizards, which

P
allow users to select and set format, database link, record, and group
H
Extended programmable function supports simple or complex formulas

for data access; also supports embedded SQL to extract data from the IMC
database
Flexible export file format supports direct print, fax, or report exports;
includes RPT (IAR format), Microsoft Word (RTF) and Excel, PDF, XML,
CSV, and TXT; data can also be exported to an ODBC-compatible database
3 58 Rev. 14.41
Convenient report management manages templates to support periodic

reporting and distribution; reports can be distributed to defined users via
email; template customization also includes the option of adding logos to the
reports
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 59
MPLS VPN Manager (MVM)
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 3-32. MVM module.
tp
ou
Providing reliable, private connections is a good way to improve the value of your
ith
network. Virtual private networks (VPNs) enable you to use the Internet as a
w
medium for secure data exchanges. But VPNs must also maintain minimum
rt
service levels and improve network resource utility to allow the delivery of
pa
bandwidth-intensive applications such as streaming multimedia. Established MPLS
in
VPN standards enable flexible support for proprietary and standards-based
or
networking equipment. HP Intelligent Management Center (IMC) MPLS VPN

le
Manager (MVM) was created to help administer these private connections. IMC
ho
MVM provides functions such as VPN auto discovery, topology, monitoring,

w
auditing, and performance evaluation, as well as VPN and service deployment,

in
n
which enable IT managers to best allocate resources. IMC MVM also contains a
tio
traffic engineering component that helps operators monitor an entire network and
c
du
deliver service quality by distributing suitable network resources as needed.

ro
MPLS VPN resource management

ep
R
MPLS VPN monitoring

.
ly
MPLS VPN traffic monitoring

on
MPLS VPN deployment

er
d
MVM features include:

ol
eh
MPLS VPN resource management IMC MPLS VPN Manager (MVM)

ak
Software provides an easy way to add VPN resources such as provider edges
St
(PEs), customer edges (CEs), and VPNs. PEs and CEs can be imported from
&L
the basic network resources, while VPNs can be either manually added or
C
automatically discovered.
P
H
MPLS VPN monitoring, with MVM displaying both fault and configuration
status of the network in real time, including
VPN access topology displays the link status of CEs and the core (that is,
the connection and link status between PEs, CEs, and the core in real
time).
3 60 Rev. 14.41
VPN service topology displays connections between CEs, helping to

monitor the connections and connectivity status between client subnets in
a VPN group in real time.
MPLS VPN traffic monitoring MVM delivers the traffic statistics and report
functions for VPN and service access, providing a way to analyze traffic trends
in specific and general terms. Service access traffic is collected from the links
that CEs use to access PEs. VPN and service access traffic statistics can be
displayed in bar and line charts, and the statistics reports can be exported on
d.
te
a per-day, per-month, or per-year basis in HTML, PDF, or other formats to
bi
meet different needs.
i
oh
MPLS VPN deployment MVM provides the BGP MPLS VPN deployment
pr

is
function, which can be used to deploy a VPN through easy operations. This
on
reduces the configuration workload remarkably. It also supports VPN link
si
deployment and batch removal.
is
m
MPLS management VPN By establishing a management VPN,
er
administrators can add CEs to the management VPN, which can then manage
tp
the CE topology, alarms, and performances. To prevent building management
ou
VPNs that interrupt service VPN discovery and management, MVM allows you
ith
to set and filter the management VPN to separate it from service VPNs.
w
rt
MPLS VPN report MVM supplies an integrated VPN report, VPN connect
pa
report, VPN details report, and VPN access flow report. It also allows users to
in
easily obtain VPN network information.
or
MPLS VPN traffic analysis Integrated with IMC NTA Software, MVM can
le

ho
analyze the VPN traffic flow based on different applications. It displays a chart
w
and detailed VPN traffic information.

in
Layer 2 MPLS VPN This provides support for LDP mode VPLS VPN, BGP
n

tio
mode VPLS VPN, VLL, and PBB. It can also assign different VPN priority
c
du
levels to different operators.

ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 61
Branch Intelligent Management System (BIMS)
d.
te
bi
i
oh
pr
Figure 3-33. BIMS module.
is
on
The HP Intelligent Management Center (IMC) Branch Intelligent Management
si
is
System (BIMS) uses an intelligent component-based architecture to provide
m
powerful support for service operations, delivering high reliability, scalability,
er
flexibility, and IP investment returns. Based on the TR-069 protocol, IMC BIMS
tp
offers resource, configuration, service, alarm, group, and privilege management. It
ou
allows the remote management of customer premise equipment (CPE) in WANs.
ith
w
Unified resource management
rt
Single-pane visibility pa
in
Integrated access and user management
or
le
Powerful support for service operations

ho
w
An administrator pre-stages a brief CPE WAN Management Protocol (CWMP)

in
configuration on the spoke router (currently supported on MSRs) and configures

n
the appropriate dynamic IP address method to be used on the Internet facing

tio
interface (DHCP, PPPoE) of the router before shipping it to the remote site. The
c
du
BIMS server pushes the remaining device configuration to the device once the
ro
spoke has authenticated with the BIMS server.

ep
R
In this case BIMS is pushing the DVPN related configuration and any other
.
configuration that is required.

ly
on
The VPN Address Management (VAM) Client (Spoke) initiates a tunnel

s
er
request to the VAM server

d
ol
The VAM server (Hub) and spoke negotiate the tunnel security, once
eh
successfully negotiated the VAM tunnel is established

ak
St
The VAM server sends an auth-request to the VAM client

&L
The VAM Client then responds with an auth-response which is forwarded to

C
the AAA server.

P
H
At this point the spoke establishes a permanent tunnel to each hub router. The hub
routers have already established a permanent tunnel between them each other as
part of their VAM registration process
3 62 Rev. 14.41
Features of BIMS include:

Management
Dynamic management of IP devices uses serial numbers, rather
than IP, to identify a device
Device management in private networks uses HTTP to
communicate with the device, and the session is initiated by the device,
d.
so the IMC Branch Intelligent Management Software (BIMS) can pass
te
through NAT to manage the device
ibi

oh
Zero-touch configuration provides easy management; records the
pr
upgrade history of devices
is
Large-scale device management supports distributed architecture;
on
the auto-configuration server (ACS) of BIMS can be distributed to multiple
si
is
servers, with each ACS managing part of the devices
m
er
Support of load balancing and failover between ACSs provides
tp
high availability
ou
Security
ith

w
Outstanding security can use HTTPS to communicate with or to
rt
pa
transfer files to the device; HTTPS is more secure than TFTP, FTP, or
in
Telnet
or
Configuration
le
ho
Easy upgrade of device configurations in batches automates batch

w
updates or upgrades on configuration files and operating system software

in
images for network devices; this is especially convenient when numerous

n
tio
similarly configured devices need their configurations updated; automates

c
the many time-consuming steps required to upgrade while reducing the

du
error-prone complexities of the upgrade process

ro
ep
NEW Configuration management The configuration management

R
feature will restore branch device configuration by time and/or baseline

.
ly
software.
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 63
IMC and its modules

IMC module solution map
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 3-34. IMC module solution map: one platform for multiple solution requirements.
w
rt
pa
IMC modules can be tied together to bring solutions to different technologies that
in
are maintained in IT, as shown in the Figure 3-34 and with the descriptions below:
or
Bring Your Own Device BYOD has become more common with mobile
le
devices and users expectations that their personal devices can be used at
ho
work. BYOD brings headaches to IT which has been use to common

w
standards and policies for equipment access. By using IMC with UAM, EAD,
in
n
UBA, NTA and WSM, IT can enforce policies across a variety of end user
tio
devices and maintain support and management of plethora of devices coming

c
du
through their doors.

ro
Network Access IMC with UAM and EAD can ensure devices are with
ep
policy guidelines to reduce worm outbreaks and maintain end user equipment.
.R
Multisite Management RSM enables for polling data gathering to occur

ly

on
locally to reduce WAN traffic and handle equipment behind firewalls. BIMs
s
provide easy of deployment for equipment by having ship to site and be

er
d
configured locally without staging.

ol
eh
Cloud/Virtualization VANM, SHM, APM and eAPI provide tools to ensure

ak
performance of the cloud infrastructure is being utilized efficiently and

St
provisioning is done without headaches.

&L
DVPN IVM and BIMS work on getting the proper Dynamic VPN
C
configuration applied to the equipment so that it can easily speak with other
P
H
devices across the Internet or WAN.

Blade Virtual Management HP C7000 and C3000 blade enclosures using
Virtual Connect can be managed and reviewed with insight into the upstream
switches to ensure proper configuration and handling.
3 64 Rev. 14.41
BYOD and beyond
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 3-35. BYOD and beyond: building blocks for BYOD and unified wired/wireless management.
ou
ith
HP leverages the UAM, EAD, UBA, NTA, and WSM modules to provide a holistic
w
solution to BYOD environments: a solution that is easy to scale, configure,
rt
manage, and monitor.
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 65
Network Access Control (NAC)
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
Figure 3-36. NAC.
ou
ith
Network Access Control ensures devices that are connected to the network are not
w
malicious and have been verified. NAC can be implemented with the UAM and
rt
pa
EAD modules. in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
3 66 Rev. 14.41
Multi-site management
d.
te
ibi
oh
pr
is
on
si
is
m
er
Figure 3-37. Simplify multi-site management.
tp
ou
IMC modules like BIMS and RSM easily allow you to manage large numbers of
ith
branch offices in an enterprise network.
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 67
Network orchestration for cloud-bases services
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 3-38. Network orchestration for cloud-bases services.
w
rt
pa
To understand HPs vision for virtual application networks, lets explore how it all
in
comes together. We start with the blueprint FlexNetwork architecture, with the
or
solutions for the data center FlexFabric, FlexCampus and FlexBranch to connect
le
the users. We are going to virtualize that entire infrastructure symbolized by these
ho
three blue ribbons that come into the center discs. And here, once we virtualize the
w
network, we can use tools built on top of IMC to characterize applications using
in
preconfigured templates.
n
tio
So that we can take advantage of virtualized, end-to-end network infrastructure to

c
du
deliver applications from a cloud data center to a user in a way where the network
ro
is tuned to the delivery requirements of that class of applications whether it is

ep
video in multiple forms, conferencing, playback, training, or communications like

R
Lync, real time business applications or messaging applications. You can have
.
ly
hundreds of applications falling into several classes requiring maybe 12 different

on
virtual application networks.

s
er
Most importantly, as these applications move from the private cloud into the public
d
cloud, the policy for virtual application network can follow it as the users move and
ol
eh
we will follow them as well providing for a dynamic environment, one where the
ak
applications are deployed rapidly.

St
You can have speed without compromise and it is built on open standards,
&L
providing the choice, the flexibility as well as the confidence to have a proven path
C
to the cloud.
P
H
3 68 Rev. 14.41
Dynamic VPN automates secure connectivity
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 3-39. DMVPN automates secure connectivity.
ith
w
IMCs IVM and BIMS modules helps scale DVPN solutions to thousands of
rt
devices.
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 69
Data center simplicity
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
Figure 3-40. Data center simplicity.
ou
ith
Virtual Connect (VC) was designed to be a simple network connection alternative
w
to traditional edge networking products for HPs blade server solutions. For any
rt
pa
provisioning or management function, VC provides an embedded, out-of-the-box
in
console, Virtual Connect Manager, for small environments. However, for most data
or
center deployments requiring a scalable management console to provision and

le
manage server connectivity, Virtual Connect Enterprise Manager is the

ho
recommended solution.
w
To manage a VC environment, we provide simple tools that perform the essential

in
functions without requiring extensive training for any team. Role based security
n
tio
allows server, network and storage teams to perform their respective provisioning,
c
du
configuration, profile management and monitoring and troubleshooting functions

ro
efficiently and with full accounting from a single console. And VC also integrates
ep
with many other HP, 3rd party and even custom management tools to monitor and
R
manage VC within a broader enterprise context.

.
ly
on
Note
s
For more information on VC, visit:

er
http://h17007.www1.hp.com/us/en/enterprise/servers/bladesystem/virtual-
d
ol
connect/index.aspx#.Uzyt9PldXh4
eh
ak
St
&L
C
P
H
3 70 Rev. 14.41
Pulling the pieces together

Single pane-of-glass management with IMC
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
Figure 3-46. Single pane-of-glass management with IMC.
in
IMC uses an SOA-based solution brings together disparate functions into single
or
cohesive web interface that provides oversight to a majority of IT arenas.

le
ho
There are three main versions of IMC:

w
Basic Smaller organizations not planning on having more than 50 nodes to

in
be managed.
tio
Standard Medium-sized organizations not planning on having more than

c

du
5000 nodes to be managed.

ro
ep
Enterprise Scales to unlimited and provides the hierarchical model support.

R
It has additional support for 2 node license NTA and eAPI licensing.
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 71
IMC module portfolio
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 3-47. IMC module portfolio.
tp
ou
The above slide summarized the FCAP architecture that IMC supports and how
ith
the IMC modules fit into that architecture.
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
3 72 Rev. 14.41
Network management tools: HP vs. Cisco
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 3-38. Network management tools: HP vs. Cisco.
w
rt
pa
The above slide illustrates how HP compares to other vendors, like Cisco.
Whereas HP has a cohesive, integrated, and scalable NMS solution for today
in
networks, other vendors have to tape together a lot of dissimilar products that lack
or
any type of integration or cohesion.

le
ho
w
in
n
c tio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 3 73
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
3 74 Rev. 14.41
IMC 7.0: Enhancements and Features

Module 4
Objectives
This module introduces new features and enhancements to IMC 7.0. IMC 7.0 is a
d.
major upgrade from version 5.2. One of the first differences youll see is the
te
modernization of the user interface. Most workflow processes are the same as the
bii
tasks performed in version 5.2, but as youll see, the look and feel of the new
oh
version of code is very different. This module will provide a brief introduction to
pr
some of the new features as well as the enhancements from IMC 5.2
is
on
si
is
User interface enhancements
m
er
Usability enhancements
tp
ou
Resource management features
ith
Topology management features
w
rt
Alarm management features
Configuration Center features pa
in

or
WSM module features

le
ho
UAM and EAD module features

w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 1
System features
d.
te
i bi
oh
pr
is
on
si
is
m
Figure 4-1. New interface and usability enhancements in IMC 7.0
er
tp
The following pages will cover the interface and usability features of IMC 7.0.
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 2 Rev. 14.41
Interface and usability enhancements
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 4-2. New interface style in IMC 7.0.
w
rt
IMC 7.0 has moved towards a HTML 5 based interface. This has increased
pa
performance as well as compatibility with modern operating systems and devices.
in
You have four interface styles you can choose from:
or
Classic
le
ho
Midnight
w
in
Gun Metal
n
tio
Ocean
c
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 3
HTML interface for mobile platforms
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 4-3. IMC 7.0 supports a user interface for mobile platforms.
tp
ou
IMC 7.0 now has an HTML interface which enables the web server to display a
ith
device appropriate interface when a mobile device, like a tablet or smartphone,
w
connects. This eliminates the requirement for a separate mobile application as was
rt
pa
the case in previous versions of IMC. in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 4 Rev. 14.41
Usability enhancements: general search
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 4-4. Enhanced general search capabilities.
ou
ith
HP IMC 7.0 has greatly enhanced the search capabilities of the base platform. The
w
search bar can now be used to:
rt
Query devices (like names or IP addresses)
pa
in
Query users
or
le
Query help files

ho
The search capabilities can perform both specific and fuzzy searches. IMC 7.0
w
also allows the user to distribute the general search service from the IMC main
in
platform to a separate logical host to reduce the performance load on the master
n
tio
IMC server (see Figure 4-5).

c
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Figure 4-5. The Search Service supports centralized and distributed deployments.
Rev. 14.41 4 5
Usability enhancements: Export MIB walk results
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-6. Exporting MIB walk results.
ith
HP IMC 7.0 has enhanced the native MIB browser. In addition to using the
w
rt
included MIB browser for querying their SNMP capable network devices, users are
pa
now able to export the MIB results into a TXT file for further analysis (see Figure 4-
in
6).
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 6 Rev. 14.41
Usability enhancement: Operator Group privileges
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 4-7. Centrally managed operator group privileges.
ou
ith
In IMC 5.x the operator groups could be used as a privilege assignment object, but
w
the assignment was spread out all over the interface. IMC 7.0 has consolidated
rt
pa
many of these functions under the operator group settings, providing IMC
operators a centralized location to view or modify the privileges for a specific
in
operator group (see Figure 4-7).
or
le
ho
w
in
n
c tio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 7
Enhanced visualizations: real-time statistics charts
d.
te
i bi
oh
pr
is
on
si
is
Figure 4-8. Creating real-time statistics charts.
m
er
tp
IMC 7.0 allows users to create semi-custom visualizations. Custom visualizations
ou
are supported for the following:
ith
List objects: device view, port group, operation log
w
Chart types: Count Statistics Bar Chart and Count Statistics Pie Chart
rt

pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 8 Rev. 14.41
Resource management features
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 4-9. A summary of the resource management features in IMC 7.0.
rt
pa
Figure 4-9 has a summary of the resource management features that have been
in
enhanced and added to IMC 7.0. The following pages will discuss these briefly.
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 9
Enhanced Auto-Discover
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-10. Enhancements to IMCs auto-discovery process.
ith
w
In the IMC 7.0 advanced discovery, a new filter option is now available that will
rt
pa
allow administrators to perform the discovery while filtering the specified device
in
models. The filter can be used to include or exclude the specific models, as
or
needed. Though most discoveries are intended to pull in all devices within an
le
environment, this enhancement will be of great value for some users seeking to
ho
exclude specific families or device models at the core or edge of a network from
w
IMC discovery.
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 10 Rev. 14.41
Enhanced performance monitoring
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-11. You can now apply polling time for service monitoring.
ith
In IMC 7.0, the Service monitoring on the resource page will now poll the
w
rt
monitored service on the resource page equal to the poll interval of the
pa
configuration management setting (see Figure 4-11). The default is 2 hours. In
in
previous versions of IMC, this was polled at six(6) times the value of the
or
configuration poll interval setting.

le
ho
w
in
n
c tio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 11
Enhanced maintenance functions
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-12. Unmanaged devices pauses polling functions.
ith
w
In previous versions of IMC, unmanaged devices could still raise faults from other
rt
performance tasks. In IMC 7.0, IMC will remove the device from synchronization
pa
with service modules, such as the VLAN Manager. IMC 7.0 will also pause all
in
device polling tasks such as the following, for unmanaged devices:
or
Default performance monitors

le

ho
Custom performance monitors

w
in
Service monitoring
n
tio
VLAN Manager synchronization

c
du
Syslog
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 12 Rev. 14.41
Enhanced batch operations
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 4-13. Supports scheduling of operations.
w
rt
pa
IMC 7.0 now allows users to configure batch operation interface tasks to run on a
daily schedule. Supported schedule options include:
in
or
Immediately
le
ho
Once
w
Daily
in
n
IMC 5.x and previous only allowed scheduling options of Immediately or Once
tio
for batch operations.

c
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 13
Virtual Machine (VM) support
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-14. VM support by IMC.
ith
w
HP IMC software is one of the first management tools to integrate management
rt
and monitoring of both virtual and physical networks. It provides insight and
pa
management of virtual networks and reduces migration complexity by aligning and
in
automating network policies with virtual images IMC 7.0 supports VMware, Hyper-
or
V, and KVM; IMC Virtual Network Management software also supports automatic
le
tracking of the network access port of virtual machines. Figure 4-14 illustrates the
ho
supported VMs, including those added in IMC 7.0

w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 14 Rev. 14.41
Supporting MDC on devices
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-15. Multi-tenant device context support is new in IMC 7.0.
ith
w
A device can be virtualized into multiple logical devices called multi-tenant device
rt
contexts (MDCs). Each MDC uses its own resources and runs independently.
pa
From the user's perspective, an MDC is a standalone device. Using MDC
in
technology, you can improve network resource utilization while integrating network
or
resources. As shown in Figure 4-15, IMC 7.0 now supports MDC.

le
ho
w
in
n
c tio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 15
Supporting MDC on devices (cont.)
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-16. Supporting MDC on devices.
ith
w
Supporting MDC on devices is new, including identifying MDC device, create
rt
MDC, allocate resource to MDC, and check some performance of MDC. The MDC
pa
Management, accessible from the resource page of the MDC capable device, is
in
currently available only for the HP 12500 and 12900 which support MDC with
or
Comware 7.
le
ho
Note
w
One MDC is seen as an independent device. If it is added to IMC resource, it

in
uses one license. If it is not a resource in IMC, it doesnt use a license, and
n
tio
only can be seen in MDC management. For example, if 3 MDCs are all added
c
to IMC resource, the whole device uses 5 IMC platform licenses (1 for the
du
base 12500 or 12900 and 4 for each MDC).

ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 16 Rev. 14.41
IMC setup: Supports custom view name for importing
d.
te
ibi
oh
pr
is
on
si
is
m
er
Figure 4-17. IMC 7.0 supports custom view names during setup.
tp
ou
IMC 7.0 now allows users to input the custom view name within the import file
ith
used to populate the IMC database (see Figure 4-17). This will help to speed the
w
installation process.
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 17
Topology management features
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-18. Topology management features in IMC 7.0.
ith
w
Figure 4-18 lists some of the topology management features that were enhanced
rt
pa
or added in IMC 7.0. The following sections will briefly introduce these features.
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 18 Rev. 14.41
IMC 7.0 web-based interface
d.
te
ibi
oh
pr
is
on
si
is
m
Figure 4-19. HTML 5 topologies.
er
tp
IMC 7.0 has introduced HTML5 based topologies. Topologies accessed through
ou
the native IMC browser window will show as HTML topologies when using a
ith
modern HTML5 capable browser. Legacy browsers may continue to use java to
w
access the topology functions. Some topologies, like the Network Topology map,
rt
pa
are still Java-based; however, the push in IMC 7.0 is to eventually convert
in
everything to HTML 5. For the Java applets still in use, they are now digitally
or
signed and can be verified.

le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 19
Customize icons in topology maps
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-20. Customized icons are supported in Topology maps.
ith
w
IMC 7.0 now allows users to customize icons for specific devices in the java applet
rt
pa
topology maps. in
Note
or
This function is NOT available in the HTML5 topology maps yet, but will be
le
supported in a future update.

ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 20 Rev. 14.41
Data center topology enhancements
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 4-21. Can add room notes in the Data Center topology map.
ou
ith
IMC 7.0 now allows users to add in notes which can be displayed in a room in the
w
Data Center Topology function.
rt
Note pa
in
The Data Center topology is only available in the Java Applet based
or
topologies. The Data Center topology is NOT yet available in the HTML5
le
topologies, but will be added in a future release.

ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 21
Enhanced visualizations in topology maps
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 4-22. You can show interface abbreviations for topology links in the topology maps.
rt
pa
IMC 7 now allows users to choose to display the interface description of a specific
in
link on the topology map (see Figure 4-22). This function is currently available in
or
the Java Applet topologies and will be added to HTML5 topologies in a future
le
update.
ho
w
Figure 4-23 shows support for cloud color consistency with a related topology
in
view: the color of the cloud is linked to the highest level of alarm in the linked view.
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
Figure 4-23. Cloud color consistency with Topology View Related.

H
4 22 Rev. 14.41
GEO topology
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 4-24. Support for GEO location data for map auto-placement.
ou
ith
The new GEO topology map auto-placement features uses TWaver map. It must
w
be enabled through a configuration file on the IMC server. The Geo Topology only
rt
pa
applies to the Java applet Topologies and does not currently support HTML5
(Support within HTML5 will be added in a future update.)
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 23
Alarm management features
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
Figure 4-25. Alarm management features enhanced and added in IMC 7.0.
ou
ith
Figure 4-25 lists some of the enhancements and additions to the alarm
w
management features in IMC 7.0. The following pages will briefly cover these
rt
features.
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 24 Rev. 14.41
Adding Interface Descriptions to Interface Traps
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 4-26. Adding interface descriptions to interface traps.
ou
ith
In IMC 7.0, a new enhancement is the capability of adding interface descriptions to
w
interface traps, as shown in Figure 4-26.
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 25
Alarm Recovery in upper/lower IMC panes
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 4-27. Allows for Alarm Recovery in both Upper and Lower IMC panes.
w
rt
When a customer recovers a trap in a hierarchical IMC window pane, the related
pa
trap in the upper or lower IMC window pane will also be recovered. This is a new
in
enhancement in IMC 7.0.
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 26 Rev. 14.41
Viewing Interface Alarms in Interface View
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-28. Add Interface Alarms display.
ith
w
In IMC 7.0, you can now add Interface Alarms in the Interface Details view. All
rt
alarms are then displayed on one page.
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 27
Process all alarms
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-29. Delete, acknowledge, or recover all alarms.
ith
w
IMC 7.0 now allows you to delete, acknowledge, or recover all alarms, as shown in
rt
pa
Figure 4-29. in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 28 Rev. 14.41
Configuration Center features
d.
te
ibi
oh
pr
is
on
si
is
Figure 4-30. New Configuration Center enhancements and features in IMC 7.0.
m
er
tp
Figure 4-30 lists some of the enhancements and new features in IMC 7.0. The
ou
following pages will briefly cover these.
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 29
Copying system-defined Compliance Policies
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
Figure 4-31. You can copy system-defined compliance policies for new tasks.
ou
Compliance has had some minor workflow improvements. Previously, if you only
ith
wanted to run a single Compliance Policy check, you had to go through and
w
rt
individually disable all the other policies. Now you can disable them all in a single
pa
step. IMC 7.0 allows users to copy the pre-defined Compliance tasks. This
in
significantly speeds up the creation of new compliance tasks, as illustrated in
or
Figure 4-31. You can also select or delete multiple policies when creating a new
le
Check Task.
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 30 Rev. 14.41
ICC upgrade for ProVision
d.
te
ibi
oh
pr
is
on
si
is
Figure 4-32. SCP support for ProVision upgrades.
m
er
tp
IMC 7.0 Configuration Center now supports SCP the (secure copy) protocol
ou
transfer mode for legacy ProVision devices, as shown in Figure 4-32. Currently,
ith
SCP is not supported for HP Comware devices.
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 31
Auto Deployment Plan (ADP) and Undeployed Devices
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-33. Undeployed devices in Auto Deployment Plan.
ith
w
The Undeployed Devices in the Auto Deployment Plan (ADP) supports a new
rt
pa
filtering option in IMC 7.0. In Figure 4-33, the Undeployed Devices Only option
in
only shows the devices whose running status is not Successfully Deployed. This
or
option provides an elegant mechanism for applying deployment plan policies or

le
settings ONLY to the Undeployed Devices using a single checkbox.

ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 32 Rev. 14.41
Configuration Backup Through OOBM for ProVision
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
Figure 4-34. Configuration backup support through OOBM for Provision devices.
pa
in
IMC 7.0 now supports configuration management tasks through the OOBM (Out of
or
Band Management) ports. The OOBM is a dedicated management port (or ports)
le
separate from the data (user and resource) ports available on selected hardware
ho
devices (currently, the HP Provision switches).

w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 33
Supports ISSU for Comware V7 devices
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-35. Support added for ISSU updates of Comware version 7 devices.
ith
w
IMC 7.0 adds support for in-service updates (ISSU) for Comware 7 devices. In
rt
IMC 5.2, only Comware 5 was supported for ISSU.
pa
in
Note
or
le
Software upgradability checks are performed by the device, not IMC. The
ho
device will then judge the software upgrade compatibility and choose the right
w
upgrade method.
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 34 Rev. 14.41
WSM module features
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
Figure 4-36. New wireless device support in IMC 7.0.

ho
w
WSM now offers support for three wireless vendors.

in
HP Wireless MSM and Unified Wireless (Comware) products are supported.

n
tio
H3C Comware products are supported.

c

du
Cisco Wireless products are supported.

ro

ep
Note: HP IMC WSM Cisco WLAN support was tested with:

R .
Cisco 2106 Wireless LAN Controller (7.0.240.0)

ly

on
AIR-LAP1142N-K9
s
er
AIR-CAP3502i-A-K9
d
ol
eh
Although it is expected that Cisco Wireless products that conform to the same
ak
general management (MIB and CLI) characteristics as the 2106 controller will
St
function with WSM as well, no other Cisco wireless devices have been tested yet.
&L
Upon discovering a Cisco Wireless device, WSM will synchronize automatically

C
and add an additional tab in the configuration. And if you add a device to WSM,
P
you will also find there is a configuration tab for Cisco device. The HP IMC WSM
H
module now supports the RF spectrum view for Cisco devices. Note that currently,
there are no Cisco Access Points or Cisco wireless antennas modeled in the IMC
database.
Rev. 14.41 4 35
RF network plan
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 4-37. AP number calculation in the RF network plan.
rt
pa
The RF Network Plan feature has been optimized to support:
in
AP deploy number calculation automatically
or
le
AP auto deploy in multi-area

ho
w
Note
in
Currently no support for Cisco wireless products, but this will be added in the
n
future.
c tio
du
In RF network plan, AP number can be calculated automatically before deploying.

ro
Before using this feature, draw the coverage area in the map, then click the
ep
calculator (see Figure 4-38) to calculate the number of AP which can be deployed
R
in the area
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Figure 4-38. AP number auto-calculator.

4 36 Rev. 14.41
In the calculator, you can modify the value of the parameters to make the result
more accurate.
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 4-39. AP auto-deploy in multi-area networks.
w
rt
You can draw multiple areas, and use AP auto deploy function to deploy the AP
pa
before the real deployment (see Figure 4-39). It gives the engineer a suggestion
in
on the deployment.
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 37
Spectrum Analysis
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 4-40. Spectrum analysis.
rt
pa
The WSM spectrum analysis feature only works with hardware which is capable of
in
supporting this function. Currently only the following Access Points are supported
or
with the HP Unified Wireless (Comware) based controllers

le
ho
This feature is support on the following HP Access Points:

w
HP MSM 425
in
n
HP MSM 430
c tio
HP MSM 460
du
ro
HP MSM 466
ep
HP MSM 466-R
R

.
ly
After configuring spectrum analysis, go to the radio configure page, click the
on
operation button of a radio. There are two operations: one is SS monitor, the other
s
is SS monitor history.
er
d
ol
Heres the configuration you need on a Comware wireless controller:

eh
[AC-wlan-rrm] {dot11bg | dot11a} spectrum-analysis enable

ak
St
[AC-wlan-ap-ap1-radio-1] spectrum-analysis enable

&L
[AC-wlan-ap-ap1-radio-1] radio enable

C
P
[AC-wlan-ap-ap1-radio-2] spectrum-analysis enable

H
[AC-wlan-ap-ap1-radio-1] radio enable

If an AP is in the normal mode, a service template must be bound to the radio to
enable spectrum analysis. If an AP is in monitor or hybrid mode, this is not
required.
Note
SNMP also needs to be configured correctly on the controller.
4 38 Rev. 14.41
The WSM Spectrum Analysis feature provides administrators with information on

the nature & strength of RF interference, as well as where and when the
interference occurred (see Figure 4-41).
d.
te
i bi
oh
pr
is
on
si
Figure 4-41. Spectrum Analysis provides information to pinpoint wireless problems.
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 39
Spectrum Analysis topology maps
d.
te
ibi
oh
pr
is
on
si
is
m
er
Figure 4-42. Spectrum Analysis topology maps.
tp
ou
WSM can display the RF interference sources on the WSM topology maps. This
ith
function is only available in the java applet based topology map.
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 40 Rev. 14.41
UAM and EAD Module Features
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 4-43. Location change for UAM in IMC 7.0.
ith
w
New features in UAM 7.0:
rt
Location changed pa
in
or
Support customize portal page

le
Support customize PC preregistration page

ho
Support customize BYOD page

in
n
Support customize self-service page

ctio
Support configuration templates for endpoints

du
ro
Support endpoint configuration distribution policy

ep
Support endpoint configuration tool

R .
ly
Enhanced features in UAM 7.0:

on
Support EAP-TTLS Authentication

s
er
In previous versions of HP IMC, the UAM, EAD, and DAM service modules were
d
ol
all found under the Services main section. In IMC 7.0, the UAM, EAD, and DAM
eh
service modules have been moved under the User main heading (see above).
ak
This is a more logical placement for these modules as they are focused on user
St
management.
&L
C
In UAM V5 BYOD deployment required the IMC server HTTP port to be set to port
P
80. This complicated the installation process by requiring manual intervention

H
during the install. UAM 7.0 removes this requirement. (EIP will continue to work
with the default IMC HTTP server settings of port 8080/8443.
In UAM 5.2, The DNS redirect was seen to cause many issues in live
environments. Certain Browsers and Operating Systems would cache the DNS
information beyond the intended time interval, resulting in Users getting redirected
to the IMC server after the onboarding process had completed successfully.
Because of the unreliability of the DNS redirection, UAM 7.0 has changed to an
HTTP redirect method for gathering the HTTP User Agent information and User
Rev. 14.41 4 41
Onboarding. The redirect is done via a Comware switch (Provision currently

doesnt support this feature).
The DNS redirection has been removed completely from UAM 7.0 and the UAM
7.0 DHCP Agent. For customers who are currently running the IMC 5.2 BYOD
solution using the DNS redirect function will be required to configure their
environment with a compatible Comware HTTP portal configuration before
upgrading to UAM 7.0. As well, customers upgrading are required to upgrade the
UAM DHCP agent on the Windows DHCP server at the time of UAM upgrade.
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 42 Rev. 14.41
Endpoint configuration templates for BYOD
d.
te
ibi
oh
pr
is
on
si
is
m
Figure 4-44. Endpoint configuration templates for BYOD.
er
tp
Endpoint Configuration Templates help to easy the administrative burden of
ou
deploying different configuration elements to BYOD endpoints.
ith
w
Currently UAM supports four different endpoint configuration templates
rt
SCEP Template: This is supported on iOS, Android, as well as Windows PCs.
pa
in
iOS General Cfg Template: This is supported only on Apple iOS devices.
or
WiFi template: There are two versions of this template. One for Apple iOS
le

ho
devices and one for Android devices.

w
Password Policy Template: This is only supported on iOS devices.

in
n
Table 4.1 describes the support for the different Endpoint templates for specific
tio
operating systems:
c
du
Table 4-1. Supported OSes

ro
ep
iOS General Wifi Template Password

Operating SCEP
R
Config Policy
.
Systems Template
ly
Template Template
on
iOS Y Y Y Y
s
er
Android Y N Y N
d
Windows Y N N N
ol
eh
SCEP (Simple Certificate Enrollment Protocol) is part of PKI (public key

ak
infrastructure) protocol system, it automates the certificate enrollment process for

St
endpoints by offering digital certificate to endpoints during the onboarding

&L
process. The SCEP template in UAM could be used to configure SCEP server to
C
deploy certificate to iOS, Android and WM devices. For SCEP functionality, a full
P
H
PKI infrastructure is required.

The iOS template provides the framework of the new description file created by
UAM on the iOS endpoint. The framework includes the Wi-Fi template and
password policy template.
Rev. 14.41 4 43
Endpoint configuration distribution policy
d.
te
i bi
oh
pr
is
on
si
is
m
er
Figure 4-45. Endpoint configuration distribution policy.
tp
ou
The Endpoint Configuration distribution policy allows administrators to combine a
ith
set of endpoint templates and bind them to a user group. Once a user onboards,
w
UAM will look at their user group and apply the appropriate iOS configuration,
rt
pa
password policy, Wi-Fi, and SCEP templates as defined in the Endpoint
configuration distribution policy assigned to that users user group.
in
or
Using this feature, administrators can fully automate the onboarding of users and
le
assign them the appropriate network and security without having to handle the
ho
users device.
w
in
The Endpoint Configuration Flow is as follows (see Figure 4-46):

n
tio
1. Create Endpoint Templates: In this step, the UAM administrator will create all
c
of the appropriate templates for their environment.

du
ro
2. Create Endpoint Configuration Distribution Policy: In this step, the UAM

ep
administrator will create the ECDP and bind all of the appropriate Endpoint
R
templates to the policy.

.
ly
on
3. Assign to User Group: The UAM administrator will also be required to bind the
s
ECDP to a one or many IMC User Groups. The user group setting will be used
er
to determine which ECDP should be selected and deployed when a specific

d
ol
user attempts to onboard a new endpoint.

eh
ak
4. Deploy to Devices: This step will automatically occur as users onboard new
St
endpoints to the network.

&L
C
P
H
4 44 Rev. 14.41
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Figure 4-46 Endpoint Configuration Flow.
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 45
Customizable portal pages
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 4-47. Customizable BYOD portal pages.
tp
ou
There are 5 types of templates for portal page style, customer could add a default
ith
template into Portal page, includes Login Page, authentication success page,
w
heartbeat page and password change page.
rt
pa
BYOD portal includes authentication registration and register successful pages.
in
Customize PC BYOD page is similar with Portal Page, customer could define
or
parameters by themselves.
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 46 Rev. 14.41
EAD overview
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 4-48. EAD has moved to a new location in IMC 7.0
ou
ith
Similar to UAM 7.0, EAD has moved to a new home in the User main tab.
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 47
New Features of iNode

New iNode features include:
Support iNode update via UAM
Support force to use designated domain suffix
Support unified authentication connection with PEAP authentication type
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
Figure 4-49. iNode update via UAM..

ho
w
iNode will generate a update package for iNode client automatically, find it, then
in
upload it to UAM, after that when you setup iNode next time, it will request the
n
tio
end-use to update their client.

c
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Figure 4-50. Automatic iNode client updates.
4 48 Rev. 14.41
Using the iNode Management Center, you can perform various client
customizations. iNode 7.0 now allows add a domain suffix automatically. In older
versions of iNode., after you create a new connection in iNode, you could choose
to input the domain suffix in Username, such as: Ethan@h3c.com, or choose the
domain in Domain column, but in V7, you could only choose from domain column,
this is to reduce the name errors.
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 4-51. iNode support for PEAP.
w
rt
pa
EAD also supports unified authentication connection with PEAP authentication
type
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 4 49
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
4 50 Rev. 14.41
IMC Initial Access

Module 5
Objectives
This module introduces the installation and access to IMC. Here you will learn how
d.
to install IMC in a single-server environment. After the installation process, youll
te
become familiar with the Deployment Monitoring Agent (DMA), which can be used
bii
to verify the installation, backup the IMC databases, and troubleshoot operation
oh
issues with IMC. Youll then learn how to log into IMC and become familiar with the
pr
GUI interface displayed in IMC 7.0. This module focuses on you learning where
is
on
the main sections of IMC are: youll learn more information about these sections
si
throughout the rest of the course. Last, youll learn how to set up management
is
accounts in IMC that your administrators can use to manage your network. Youll
m
then configure these topics in the Lab Activity.
er
tp
ou
ith
Install IMC on a single server
w
Use the Deployment Monitoring Agent to validate the installation and backup
rt
pa
IMC in
Log into IMC and become familiar with the look-and-feel of the GUI interface
or
Set up management accounts for administering IMC

le

ho
w
in
n
ctio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 5 1
Pre-installation
Supported Systems
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 5-1. IMC 7.0s supported operating systems, hypervisors, and database products.
ith
w
HP IMC is supported on the following operating systems
rt
Microsoft Windows Versions pa
in

or
Windows Server 2003 with Service Pack 2

le

ho
Windows Server 2003 X64 with Service Pack 2 and KB942288

w
Windows Server 2003 R2 with Service Pack 2

in
n

tio
Windows Server 2003 R2 X64 with Service Pack 2 with KB942288

c

du
Windows Server 2008 with Service Pack 2

ro

ep
Windows Server 2008 X64 with Service Pack 2

R
Windows Server 2008 R2 X64 with Service Pack 1

.
ly
on
Windows Server 2012 X64 with KB2836988

s
er
Red Hat Linux

d
ol
Red Hat Enterprise Linux 5 (Enterprise and Standard versions only)

eh
ak
Red Hat Enterprise Linux 5 X64 (Enterprise and Standard versions only)
St

&L
Red Hat Enterprise Linux 5.5 (Enterprise and Standard versions only)
C
Red Hat Enterprise Linux 5.5 X64 (Enterprise and Standard versions
P
H
only)
Red Hat Enterprise Linux 5.9 (Enterprise and Standard versions only)
only)
only)
5 2 Rev. 14.41
IMC Initial Access
only)
HP IMC in a virtual environment is supported on the following hypervisors:

Microsoft
Windows Server 2008 R2 Hyper-V
d.
te
Windows Server 2012 Hyper-V
bi
i
oh
VMware
pr
VMware Workstation 6.5.x
is
on
VMware Workstation 9.0.x
si
is
VMware ESX Server 4.x
m
er
VMware ESX Server 5.x
tp
ou
ith
HP IMC is supported on the following database products:
w
rt
Microsoft SQL Server
pa
in
Microsoft SQL Server 2005 Service Pack 4 (Windows only)
or

le
ho
Microsoft SQL Server 2008 R2 Service Pack 2 (Windows only)

w
in

n
tio
MySQL
c
du
MySQL Enterprise Server 5.1 (Linux and Windows) (Up to 1000 devices
ro
ep
are supported)
R
.
ly
are supported)
on
er
d
are supported)
ol
eh
Oracle
ak
Oracle 11g Release 1 (Linux only)

St
&L
Oracle 11g Release 2 (Linux only)

C
P
H
Note
Please refer to the current IMC release notes for updated system
requirements.
Rev. 14.41 5 3
Web browser requirements
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 5-2. IMC 7.0 browser requirements.
rt
pa
IMC 7.0 has raised the browser requirements to align with the HTML5
in
enhancements available in the IMC 7.0 platform and modules. See Figure 5-2 for a
or
list of recommended browsers. Older browsers may continue to work with a subset
le
of the available functionality.

ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
5 4 Rev. 14.41
IMC Initial Access
Pre-installation and upgrades
d.
te
bi
i
oh
pr
is
on
si
is
m
Figure 5.3. Installation enhancements and upgrading.
er
tp
During the installation, if the installation path has different OS information from the
ou
current OS, the installation process cannot continue: for example, in Windows OS,
ith
w
if the installation path has linux word, the OK button is greyed out (see Figure 5-
rt
3). This proactively avoids inadvertent selection of Linux component folders during
an IMC install on a Windows OS system, for example. pa
in
or
WARNING
Before performing any installation or upgrade, perform these steps:
le
ho
1. Read the release notes. With IMC, there are A LOT of factors that can
w
influence your installation, like the IMC product to install (Base,

in
Standard, or Enterprise), centralized versus distributed versus

n
hierarchical deployment model, the kind of database youll be using, the

tio
number of nodes youll be managing, etcetera. HP has different

c
du
installation guides for your IMC product, the database you plan to use,
and the deployment model youll implement
ro
ep
2. Before performing upgrades or major changes to IMCs settings, you

R
test the process in a lab environment to ensure any

.
upgrade/update/installation issues that occur can be dealt with.

ly
on
3. Back up your operating system and its settings.

4. Now youre ready to make your changes.
s
er
d
ol
eh
Note
ak
You can download a trial version of IMC (Basic, Standard, and Enterprise) that
St
you can use to demo the product. The trial is good for 60 days and this is a
&L
great way of testing IMC in a lab environment. Visit HPs site to start your
C
download today:
P
http://h17007.www1.hp.com/us/en/networking/products/network-
H
management/IMC_ES_Platform/index.aspx#.UzmjifldXh4.
Rev. 14.41 5 5
Installation process
Locale information
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
Figure 5-4. First installation screen.

le
ho
Find the install.bat file and run it (for Windows deployment). You will be presented
w
with the above window. From this window, you to select a country/region,
in
language, and installation type (typical or custom).

n
c tio
IMC supports typical and custom installation.

du
Typical installationAllows you to quickly install and deploy all platform

ro

ep
subcomponents on the master server. Before performing the typical

R
installation, you must first configure the installation parameters, such as

.
ly
database connectivity, installation location, and Web service port numbers.

on
Typical installation applies to centralized deployment. All subcomponents of

s
the IMC Platform must use a local database, embedded or separate.

er
d
Custom installationAllows you to select certain platform subcomponents to

ol

eh
install and deploy on the master server and specify a remote database server.
ak
This installation method is available for both local and remote databases.
St
&L
C
P
H
5 6 Rev. 14.41
IMC Initial Access
Database information
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
Figure 5-5. Database information.

in
n
Enter parameters for checking the database connectivity:

c tio
du
Select the database type and instance name. Use the default instance or
ro
select Other Instance from the list to specify an instance name.

ep
Enter the database superuser name (sa by default), password, and listening
R
port number (1433 by default). You can also use another port number that is
.
ly
not used by another service. The parameters appear only when you install
on
IMC on Windows.
s
er
Select other server, specify the server IP address and enter the superuser
d

ol
name and password for the specified database server.

eh
ak
Other information may be required based on the type of database used. Figure 5-5
St
shows an example using Microsoft SQL Server on a remote server.

&L
C
P
H
Rev. 14.41 5 7
Installation and deployment
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 5-6. Installation and deployment.
ith
w
If you chose the custom installation option, youll be prompted for many additional
rt
pa
items; however, with the typical installation option, you are not prompted for
anything. The right hand window shown in Figure 5-6 shows the deployment of
in
various modulesyoull see this window appear and disappear based on the
or
module being deployed (remember that in a distributed environment, components

le
ho
of IMC can be remotely deployed).

w
Upon completion, youll see the screen in Figure 5-7.

in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
Figure 5-7. Batch deploy succeeded window.

ol
eh
ak
St
&L
C
P
H
5 8 Rev. 14.41
IMC Initial Access
Deployment Monitoring Agent (DMA)

Monitor tab
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
Figure 5-8. DMA Monitor tab.

w
in
DMA allows you to:

n
tio
Monitor tabStart and stop IMC and install additional IMC modules or
c
du
components
ro
Process tabVerify the status of the currently running IMC processes

ep
R
Deploy tabVerify the installation and deployment process performed by

.
ly
IMC.
on
Environment tabView the database use and set up database backup and
s
er
restore policies.
d
ol
Figure 5-8 shows the Monitor tab. By default, IMC doesnt start automatically when
eh
the OS bootsyou can enable from this screen. You can also manually stop or
ak
start IMC by clicking the appropriate button. Clicking the Install button allows you
St
to install additional IMC modules. Below this you can view the disk space, CPU,
&L
and memory usage of IMC.

C
P
H
Rev. 14.41 5 9
Process tab
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
Figure 5-9. DMA Process tab.

le
ho
The Process tab window in DMA allows you to see the currently running
w
processes used by IMC. From this screen you can manually start or stop a
in
process by right-clicking it and choosing the respective action.

n
tio
Important
c
!
du
When you are having problems with the operation of IMC (like logging into it),
ro
this should be one of the first screens you look at to verify that all the
ep
necessary IMC processes are running. One process that sometimes has to be
R
restarted is the jserver process when first booting the server: this happens if
.
ly
you dont have enough processing or memory and its taking too long for IMC
on
to start up.
s
er
d
ol
eh
ak
St
&L
C
P
H
5 10 Rev. 14.41
IMC Initial Access
Deploy tab
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
Figure 5-10. DMA Deploy tab.

le
ho
The DMA Deploy tab allows you to see the IMC components and modules that
w
have been installed. The Status column should say Deployed if the component
in
has been successfully installed, deployed, and operational. As you can see in
n
tio
Figure 5-10, the NTA module (the one selected) has been installed along with the
c
du
IMC base installation package.

ro
Note
ep
R
In IMC Enterprise, the NTA module is automatically installed when choosing

.
typical; however IMC Standard requires this to be installed after the IMC
ly
on
base installation occurs.

s
er
You can right-click a component and perform the following:

d
ol
Deploy the component

eh

ak
Batch deploy a group of selected components

St
Undeploy a component
&L
Upgrade a component
P
H
Batch upgrade a group of selected components

Remove the component
Show pre-requisites for a currently undeployed component
Show IMC dependencies (other components or modules)
Rev. 14.41 5 11
Environment tab
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
Figure 5-11. DMA Environment tab.

le
The DMA Environment tab allows you to see the Running Environment
ho
w
information of the local server (left-hand side), the database space usage (right-
in
hand side), and to control database backup and restore policies (bottom).
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
5 12 Rev. 14.41
IMC Initial Access
Database backup/restore
Click the Configure button to set up automatic backup and recovery settings. This
is shown in Figure 5-12. Backups can be automated on a daily basis. For proper
backups, IMC backup file should be send to a separate server via SMB file share
or FTP.
Note
All operations by users can be audited and reviewed using the Operation Log
d.
te
under the IMC System menu option.
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Figure 5-12. Configure backup and restore database policies for IMC.
Rev. 14.41 5 13
The Backup and Restore buttons under the DMA Environment tab (Figure 5-11)
are used to backup and restore the local IMC databasetheyll be greyed-out if
you are using an external database product.
Figure 5-13 displays the pop-up window that is displayed when defining your
backup/restore policies when using an external database server. You have to
install the Dbman application on the external database server and then run it on
the external server.
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 5-13. Backup instructions for an external database.
ith
w
When IMC uses a remote database, you must use the following methods to back
rt
up the IMC installation directory and database files separately:
pa
To back up the IMC installation directory, execute the backup.bat script that is
in

located in the IMC installation package.
or
le
To backup files of a remote database, use Dbman in DMA. Dbman cannot

ho
back up the IMC installation directory.

w
in
When IMC uses remote databases, execute the backup.bat script to back up the
n
IMC installation directory on the IMC server and use Dbman to back up the
tio
database files of each component.

c
du
Installing Dbman on Windows Server and Linux are similar. This example uses the
ro
ep
Windows Server.
R
1. Run the vcredist.exe file that is located in the \components\common\server

.
ly
directory of the IMC installation package to install Microsoft Visual C++ 2008
on
Redistributable to the database server.

s
er
2. Copy the dbman folder in the IMC installation path on the master server to the
d
ol
INSTDIR directory on the database server.

eh
ak
In this example, the INSTDIR directory is the directory in which Dbman is installed
St
on the remote database server. You should replace the INSTDIR with the actual
&L
directory name.
C
When Dbman is running on the database server, you can perform database
P
backup and restoration operations by following the aids on the screen, including:
H
Start automatic backup and restoration: dbman

Stop automatic backup and restoration: dbman -k
Manually back up: dbman backup "path where the backup file is saved"
Manually restore: dbman -restore "specifies the path and name of the file
to be restored"
Check whether Dbman runs normally: dbman c
5 14 Rev. 14.41
IMC Initial Access
This is done by moving to the INSTDIR\dbmain\bin directory from a command

window and executing the dbman command. Figure 5-14 shows an example of
this for Windows:
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 5-14. Running automatic backups with dbman on a Windows server.
w
rt
! Important pa
in
Do not close the Command Prompt window or Terminal window when
or
automatic backup is being performed. Otherwise, the backup process

le
terminates.
ho
w
IMC backup/restore
in
n
Back up IMC by performing the following:

ctio
du
1. Log in to the operating system as an Administrator.

ro
2. Run the install\backup.bat script in the downloaded installation package. The

ep
Backup IMC window appears, as shown in Figure 5-15.

R.
ly
3. Check the size of the backup files and make sure the disk for saving the files
on
has enough memory. Insufficient memory may cause backup failure.

s
Click Browse to customize the location for saving the backup files.
er
4.
d
ol
5. Click Start to start backing up IMC.

eh
ak
St
&L
C
P
H
Rev. 14.41 5 15
After the backup is complete, the backup file directory generates a package
IMC.zip, which contains the complete backup files under the IMC installation path.
In the backup directory also is a folder named db\, which contains the database
backup data of all components. Because a remote database is used, the db folder
is empty.
d.
te
i bi
oh
pr
is
on
si
Figure 5-15. Backing up local IMC files and installation.
is
m
er
Caution
tp
To back up IMC in Windows Server 2003 or Windows Server 2003 R2,
ou
you must log in as an administrator and then back up IMC.
ith
To back up IMC in Windows Server 2008 or Windows Server 2008 R2,
w
you must first right-click the backup.bat script and select Run as
rt
pa
Administrator from the shortcut menu, or modify the User Account
in
Control Settings and restart the server. After backing up IMC, you can
or
restore the related settings as needed.

To modify the user account control settings, select Start > Control
le
Panel > System and Security, click Change User Account Control
ho
Settings in the Action Center, and set the Choose when to be notified
w
about changes to your computer to Never notify in the User Account

in
n
Control Settings window.

c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
5 16 Rev. 14.41
IMC Initial Access
IMC GUI Overview

Accessing IMC
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 5-16. Accessing IMC.
w
rt
pa
To access IMC, use a supported web browser and connect to one of the following
in
URLs:
or
http://IMC-server-IP-address:8080/imc
le
ho
https://IMC-server-IP-address:8433/imc
w
The default login credentials are (case-sensitive):

in
n
Username: admin
tio
Password: admin
du

ro
IMC 7.0 uses HTML5 to provide webpages as its display interface (IMC 5.x used
ep
AJAX). With this functionality, access to different sections is typically a click away.
R
There is more than one way to access the information and different pages may
.
ly
show the same information in different manners. The goal in IMC is to use the
on
mouse to click on links that allow user access to data by drilling down into the
s
er
interface.
d
ol
Note
eh
ak
It is often best utilize IMC in a full screen browser. This encourages the user to
St
view IMC as a web-based application. Navigation should be performed from

menus and links within the application rather than using traditional browser
&L
controls such as forward and back.

C
P
H
Rev. 14.41 5 17
Installing licenses
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
Figure 5-17. Installing licenses.
ou
ith
From the screen in Figure 5-16, click the Activate hyperlink to install the initial or
w
additional licenses. Youre presented with the window at the top of Figure 5-15.
rt
pa
Youll need to copy the serial number, since this is necessary to request the
appropriate license file from HP. Once you have the license file, click the Activate
in
Now button in the top window and in the bottom window, click Browse to find the
or
file and then click the OK button to activate the license.

le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
5 18 Rev. 14.41
IMC Initial Access
Home screen
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 5-18. Home screen.
ou
The IMC home page displays information in a hierarchical way. It comprises two
ith
w
layers, space and widget. If you log in to the IMC for the first time, you can see the
rt
default space (Welcome), which comprises six widgets displaying the alarm,
pa
resource, and performance summary information of the IMC, as shown in Figure 5-
in
18.
or
IMC modules also offer a variety of widgets in order to meet your viewing and
le
ho
monitoring needs. You can customize a space and add system-defined alarm,
w
resource, performance, and other modules widgets to your space. In addition, you
in
can customize RSS widgets, which provide you with the ability to subscribe to the
n
RSS feeds.
ctio
For the default space displayed on your first login to the IMC home page, no data
du
is available for any widgets. After you add devices to IMC, the system generates
ro
ep
statistics immediately and displays them in the default space. The next slide
R
discusses customization of widgets in more depth.

.
ly
At the top of the window you can see the account you used to log into IMC, Help
on
(discussed in a later section), About (displays the license information for IMC,
s
and Logout (to gracefully log out of IMC).

er
d
ol
On the IMC home page, you can perform basic operations on the spaces and
eh
widgets. To maximize the home page (hide the top menus):

ak
St
1. Click the Maximize icon ( ) on the top left corner of the default space to hide
&L
the tabular navigation system on the top and maximize the home page (see
C
Figure 5-19 for an example).

P
H
2. Click the Restore ( ) icon on the top left corner of the default space to
display the tabular navigation system on the top.
Rev. 14.41 5 19
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 5-19. Maximizing the home page.
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
5 20 Rev. 14.41
IMC Initial Access
Spaces and widgets/RSS feeds
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
Figure 5-20. Adding spaces with widgets and RSS feeds on the IMC home page.
ou
ith
By default, IMC provides 17 types of resource, alarm, and performance statistics
w
widgets defined by the system. Some of these are displayed under the Welcome
rt
tab.
pa
in
or
Adding your own widgets

le
ho
In addition to the default Welcome space defined by the system, you can
w
customize a space and add widgets to your space as needed. To customize a

in
space and add widgets to your space:

n
ctio
1. Log in to the IMC, move the pointer over the icon on the top left corner of
du
ro
the space, and the icon changes to a pin ( ) icon.

ep
2. Click to freeze the space tab. A tab bar appears on the top of the space.
R.
ly
on
3. Click of the space tab and a new space tab named New Space (
s
er
) appears.
d
ol
4. Type the name for the new space and click any blank part of the page to
eh
complete naming the space.

ak
St
5. Launch the dialog box for adding widgets by clicking the Edit icon on the
upper right corner of the space or the Add button in the middle of the screen.
&L
C
By default, the dialog box provides system-defined alarm, resource, and

P
performance widgets located under the Widgets tab.

H
Rev. 14.41 5 21
6. Select the layout for widgets. On the top middle of the widget adding dialog
box, select a layout
means two widgets are displayed per row. The left widget occupies
2/3 and the right occupies 1/3 of the row.
means two widgets are displayed per row. The left widget occupies
1/3 and the right occupies 2/3 of the row.
d.

te
means two widgets are displayed per row, each occupying 1/2 of the
bi
row.
i
oh
pr
means three widgets are displayed per row, each occupying 1/3 of
is
the row.
on
si
means one widget is displayed per row.
is
m
7. Locate a system-defined widget by using one of the following methods:
er
tp
Query a widget
ou

ith
Select the Widget tab in the dialog box.
w
On the top right corner of the dialog box, type the keyword of a
rt
pa
widget name and click Query. All widgets matching the query criteria
in
are displayed in the dialog box. The query supports fuzzy matching
or
and is case-sensitive.
le
Sort widgets
ho
w
Select the Widget tab in the dialog box.

in
On the top left corner of the dialog box, select the All, Alarm,
tio
Performance, and Resource sub-tabs to display all widgets, alarm-

c
du
related widgets, performance-related widgets, and resource-related

ro
widgets.
ep
On the bottom right corner of the page, click Previous or Next to

. R
display widgets on the previous or next pages.

ly
on
Use either method to display the desired widgets in the dialog box.
s
er
8. Click the Add icon ( ) button of a widget to add it to the space. Then the Add
d
ol
icon ( ) changes to Succeeded, indicating the widget is added successfully.

eh
You can add up to 10 widgets to a space.

ak
St
9. Click OK to complete the operations and return to the space.

&L
C
P
H
5 22 Rev. 14.41
IMC Initial Access
10. Click the Setting icon ( ) on the top right corner of a widget and select
Setting to launch the Setting dialog box.
Time RangeSpecifies the time range for statistics collection. The
available options include Last Hour, Today, Yesterday, This Week, Last
Week, This Month, Last Month, This Year, and Last Year.
TopSpecifies the number of devices for the widget. The available
d.
options include 5, 10, 20, and 30.
te
ColumnsSpecifies the quantities of IP segments and custom views to
ibi
oh
be displayed per row for the widget. The available options include 2, 4, 6,
pr
8, and 10. This parameter is available only for the Network widget.
is
NetworkSpecifies the content to be displayed for the widget. Select
on
si
Both to display both IP view and custom view; select IP View to display
is
only IP view; select Custom View to display only custom view. This
m
er
parameter is available only for the Network widget.
tp
SubnetSpecifies the subnet for which the topology is to be displayed.
ou
The available options include the existing subnets of the system. This
ith
parameter is available only for the IP Topology widget.
w
rt
ViewSpecifies the custom view for which the topology is to be
pa
displayed. The available options include the existing custom views of the
in
system. This parameter is available only for the Custom Topology widget.
or
le
Monitor IndexSpecifies the performance you want to monitor, The

ho
available options include CPU Usage (%), Memory Usage (%), Response
w
Time of Device (ms), Device Unreachability Proportion (%), IP Datagram

in
Receiving Rate (datagrams/s), IP Datagram Forwarding Rate

n
tio
(datagrams/s), Discarded Proportion of input Datagrams, Discarded

c
du
Proportion of output IP Datagrams, Interface Receiving Rate (bits/s),

ro
Interface Transmitting Rate (bits/s), Interface In-Bandwidth Usage (%),

ep
Interface out-Bandwidth Usage (%), Interface Receiving Broadcasting

R
Rate (package/s), Interface Transmitting Broadcasting Rate (package/s),

.
ly
Proportion of Receiving Packets Discarded (%), Proportion of Sending

on
Packets Discarded (%). This parameter is available only for the

s
Customize TopN widget.

er
d
Alarm LevelSpecifies for the alarm view which the alarm to be

ol
eh
displayed. The available options include Critical, Major and Higher, Minor
ak
and Higher, Warning and Higher. This parameter is available only for the
St
Alarm widget.
&L
Alarm StatisticsSpecifies the quantities of device to be displayed for

C
the Alarm view. The available options include 5, 10. This parameter is
P
H
available only for the Alarm widget. The available options include 5, 10.
This parameter is available only for the Alarm widget.
11. Click OK to confirm your changes.
12. Click the Save icon on the top right corner of the space to save your
configurations.
Rev. 14.41 5 23
Adding your own RSS feeds

RSS widgets offer you the ability to subscribe to the RSS feeds. To customize RSS
widgets:
1. Log in to the IMC, move the pointer over the icon on the top left corner of
the space, and the icon changes to .
d.
2. Click to freeze the space tab. A tab bar appears on the top of the space.
te
bi
3. Click the tab you want to add the RSS widget to.
i
oh
4. Launch the dialog box for adding widgets by clicking the Edit icon ( ) on the
pr
upper right corner of the space.
is
on
5. Click the RSS tab in the dialog box to customize the RSS widget.
si
is
6. Enter the following RSS information:
m
er
RSS SiteEnter the URL of the RSS feed you want to subscribe.
tp

ou
RSS TitleEnter the name of the RSS widget.
ith
w
7. Click the Check button ( ) to test the validity of the RSS feed URL.
rt
8. Click the Add button ( pa
) to add another RSS widget.
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
5 24 Rev. 14.41
IMC Initial Access
Help
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 5-21. IMCs system-wide help.
rt
IMC offers two levels of online help: pa
in
or
System-wide help
le
Context-sensitive help
ho

w
in
System-wide help
n
ctio
System-wide help can be accessed by clicking the Help link, shown in Figure 5-21,
du
located in the upper right corner of the IMC page.

ro
ep
The main pain of the system-wide help includes useful resources for managing
R
and using IMC. These resources include an overview of the IMC platform, a quick
.
ly
start guide, managing resources within IMC and more.

on
s
On the navigation tree located on the left of the Help page, help is organized by
er
functional groups within IMC. Operators can query the online help system using
d
ol
the Search field located at the upper left corner of the Help page by entering
eh
search criteria in the field provided. Results of the search query are displayed in
ak
the left pane of the IMC interface.

St
&L
C
P
H
Rev. 14.41 5 25
Context-sensitive help
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
Figure 5-22. Context-sensitive help.
ou
ith
To access context-sensitive help, click the Help link located in the upper right
w
corner of one of the main pane of the IMC functional pages (Resource, User,
rt
pa
Service, Alarm, Report, or System), shown in Figure 5-22.
in
The help system displays online help relevant to the operators current page.
or
The context sensitive help link is located below the system wide help link.
le

ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
5 26 Rev. 14.41
IMC Initial Access
Search
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 5-23. IMC search capabilities.
tp
ou
Global search includes basic query and advanced query. Basic query helps you
ith
search devices and users. It also helps you search the data, help, and navigation
w
information that matches the search criteria. Advanced query helps you query
rt
devices, interfaces, and users.
pa
in
or
Performing a basic device search

le
ho
w
To perform a basic device search:

in
n
tio
1. Navigate to basic query: The basic query field ( )

c
can be found in the upper right corner of most IMC pages.

du
ro
Select the Query Devices

ep
2. option from the list by clicking the Search

R
icon located to the left of the search field. IMC supports fuzzy matching for
.
most search and filtering features.

ly
on
3. Enter a full or partial device name or IP address in the field provided.

s
er
Click the Go icon

d
4. . All devices matching the specified criteria are displayed

ol
on the Device List

eh
ak
5. Click Export Excel or Export CSV on the right of Device List to launch the
St
Download Exported Data window, and click the Download Exported Data link
&L
to export the query result in the format of Excel or CSV.

C
P
H
Rev. 14.41 5 27
Performing a basic user search

To perform a basic user search:
1. Navigate to basic query: The basic query field ( )

can be found in the upper right corner of most IMC pages.
2. Select the Query Users option from the list by clicking the Search
d.
icon located to the left of the search field. IMC supports fuzzy matching for
te
most search and filtering features.
bi
i
oh
3. Enter a full or partial user name in the field provided.
pr
is
4. Click the Go icon .
on
si
is
Performing a general search
m
er
tp
To perform a general search:
ou
1. Navigate to general search. The general search field (
ith
w
) can be found in the upper right corner of most
rt
pa
IMC pages. in
2. Select the General Search option from the list by clicking the Search icon
or
( ) located next to the search field.

le
ho
3. Enter what you want to search for in the general search field. This function
w
only supports exact match. For example, if you enter performance, all the
in
data, help, and navigation information that exactly matches performance is

n
tio
displayed. If you enter perf, only the data, help, and navigation information
c
that exactly matches perf is displayed, and the data, help, and navigation
du
information that does not exactly match perf, for example, information that
ro
contains performance, will not be displayed. Also, you can perform a search
ep
by using the following operators:

R
.
ly
ORThe default operator. When you include the OR operator (or a

on
space) between two terms, the items that contain either of the two terms
s
er
are searched. For example, when you input device OR interface, the
d
items that contain either of device and interface are searched.

ol
eh
ANDWhen you include the AND operator between two terms, the items
ak
that contain both terms are searched. For example, when you input
St
device AND interface, the items that contain both device and interface are
&L
searched.
C
P
NOTWhen you include the NOT operator between two terms, the items
H
that contain the term before NOT and do not contain the term after NOT
are searched. When the NOT operator is used before the only one term
input, no results will be searched. For example, when you input device
NOT interface, the items that contain device but do not contain interface
are searched.
5 28 Rev. 14.41
IMC Initial Access
Plus sign (+)When you input +XX, the items to be searched must
contain the term after +. For example, when you input +device, the items
that contain device are searched.
Minus sign (-)When you input -XX, the items to be searched cannot
contain the term after -. For example, when you input -device interface,
the items that do not contain device and that contain interface are
searched.
d.
Question mark (?)The single-character wildcard indicates any single
te
bi
character in the search. For example, when you input devi?e, the items
i
oh
that contain device, devide, and so on are searched.
pr
Asterisk sign (*)The multiple-character wildcard indicates 0 or more
is
on
characters. For example, when you input devi*, the items that contain
si
the word devi or any word prefixed with devi are searched.
is
m
4. Click the Go icon ( ). The Extension dialog box appears. All the data, help,
er
tp
and navigation information that matches the search criteria is displayed in the
ou
dialog box.
ith
w
Note
rt
pa
Advanced search capabilities are also supported but are beyond the scope of
in
this course. For more information, refer to one of the HP IMC Administration
or
Guide books.
le
ho
w
in
n
c tio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 5 29
Breadcrumb trails
d.
te
ibi
oh
pr
is
on
si
is
m
er
Figure 5-24. Breadcrumb trails.
tp
ou
A breadcrumb trail, shown in Figure 5-24, is a secondary navigation method that
ith
supports you in accessing more easily features and functions of the IMC system.
w
They are also an effective visual aid that displays the operators location within the
rt
pa
context of IMC Web interface. in
The first value for the breadcrumb trail in the IMC interface is most often one of the
or
functional areas of IMC that are denoted by the tabs in the tabular navigation
le
system. Thus the starting points for any navigation in IMC are these tabs and their
ho
breadcrumb counterpart:
w
in
Resource >>
n
tio
User >>
c
du
Service >>
ro
ep
Report >>
R
System >>
.
ly
on
Note
s
IMC online help system also uses breadcrumb trails to support you in
er
d
effectively and quickly navigating it.

ol
eh
ak
St
&L
C
P
H
5 30 Rev. 14.41
IMC Initial Access
Interface themes
d.
te
i bi
oh
pr
is
on
si
is
m
Figure 5-25. Interface themes.
er
tp
You can choose an IMC Web page theme, which is Classic by default. To set the
ou
IMC Web page theme:
ith
w
1. Point to the theme icon ( ) located at the top of the left navigation tree. A list
rt
pa
of predefined and user-defined favorites appears.
in
2. Point to Theme option.
or
le
3. On the menu that appears, select Classic, Midnight, Gun Metal, or Ocean.
ho
The selected theme will be applied to the IMC Web page.

w
in
n
ctio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 5 31
IMC tabs
Tab overview
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
Figure 5-26. Tabs at top of the IMC page.
in
The tabular navigation system includes the six functional areas of IMC:
or
Resource (or performance) management

le

ho
User management
w

in
Service management
n
tio
Alarm (or fault) management

c
du
Report
ro
ep
IMC System wide settings and configuration

.R
All IMC features and functions can be found under these tabs.
ly
on
After you log in to IMC, move the pointer over a tab on top of the page, and a list
s
appears, as shown in Figure 5-26. Select the desired function to enter the relevant
er
d
page.
ol
eh
ak
St
&L
C
P
H
5 32 Rev. 14.41
IMC Initial Access
Tab details
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 5-27. Clicking a tab to pull up the navigation window pane on the left.
ith
w
After you log in to IMC, click a tab on top of the page. After the page is refreshed,
rt
pa
select the desired function from the left navigation tree to enter the relevant page,
in
as shown in Figure 5-27.
or
The navigation tree located on the left of every IMC page contains context
le
sensitive options that change as you navigate using the tabular navigation system.
ho
For example, if you click Resource from the tabular navigation system, the
w
navigation tree on the left displays various features and functions under resource
in
management including:
n
tio
View Management
c

du
ro
Resource Management
ep
Terminal Access
R.
ly
Network Assets
on
Virtual Resource Management

s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 5 33
Resource tab
d.
te
bi
i
oh
pr
is
on
si
is
m
Figure 5-28. Resource tab.
er
tp
The Resource tab on the tabular navigation system displays the Resource
ou
Management page, shown in Figure 5-28.
ith
w
The main Resource page contains real time status views including:
rt

pa
Custom View SnapshotReal time status view for custom views.
in
Snapshot of Lower-Level NMS ViewReal time status view for lower-Level
or
NMS views.
le
ho
View SnapshotReal time status view by device type.

w
Faulty Device ListReal time status view of all devices reporting errors. In
in
addition, the lower portion of the Resource page provides tabs for viewing real
tio
time performance statistics for a subset of devices for the last hour.
c
du
The navigation tree on the left includes the ability to navigate to various real time
ro
status views of the network infrastructure including:

ep
R
Network TopologyProvides a real time status view of the network

.
ly
infrastructure based on topology.

on
Port GroupDisplays user-defined port group information.

s
er
Lower-Level NMS ViewDisplays the lower-level NMS servers managed by

d

ol
the current NMS.

eh
ak
Custom ViewProvides a real time status view of devices prioritized into

St
custom views by the administrator or operator.

&L
IP ViewProvides a real time status view of the network infrastructure

C
organized by IP address.
P
H
Device ViewProvides a real time status view of the network infrastructure

organized by device type.
5 34 Rev. 14.41
IMC Initial Access
You can also manage perform configuration tasks using the navigation tree
including:
Resource ManagementManages resources within IMC including adding
devices, device auto discovery, batch operations, and device/topology import
and export.
Terminal AccessManages IP addresses including address allocation,
binding, IP address location, discovery and device access.
d.
Network AssetsImplements network asset functions including asset audits
te

bi
and reporting.
i
oh
Virtual Resource ManagementManages the virtual network including
pr
servers, virtual switches, and virtual machines.
is
on
Performance ManagementConfigures real time reports on device
si
performance, including configuration of real time performance status reporting
is
m
on the main Resource page.
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 5 35
User tab
d.
te
bi
i
oh
Figure 5-29. User tab.
pr
is
Users are resources on the network that both use and impact network
on
infrastructure resources. To view and manage network user and their activity, click
si
the User tab, shown in Figure 5-29, located in the upper portion of the IMC
is
m
interface. The views available under the User tab depend on the installation of
er
user management modules (for example, Guest Access Manager and User Access
tp
Manager).
ou
ith
The main User page contains real time status views of user activity including:
w
24-Hour Online HistoryShows the number of secure, insecure, and
rt
unknown users on the network.
pa
in
Realtime Statistical Chart for Online UsersShows a statistical view of the
or
number of secure, insecure and unknown users in real time.

le
ho
24-Hour Security HistoryShows the number of users that are in breach of

w
security policies for patches, virus protection, unsanctioned software, and

in
other security violations.

n
tio
Security Chart of the DayDisplays security threats and attacks based on

c
du
IMC security log.

ro
Top10 User Groups by Online CountDisplays the top 10 groups with the
ep
most online users. The groups have been configured by the IMC administrator
R
or operator.
.
ly
on
s
er
The navigation tree on the left includes configuration options for:

d
ol
User ManagementGives you the ability to add, delete, modify platform

eh
users and change their group assignments, search for users, add
ak
supplemental information to user profiles, import users, and delete users in

St
individual or batch mode.

&L
Access UserAllows you to manage the access account associated with the
C
platform user.
H
GuestAllows you to manage the guest accounts provided by IMC UAM.

Guest Access ManagerAllows you to manage the guest accounts provided
by IMC Platform.
5 36 Rev. 14.41
IMC Initial Access
Guest Management is similar to Guest Access Manager. They are independent of

each other:
Guest Access Management requires only the installation of the IMC Platform.
Guest Management requires the installation of both the IMC Platform and IMC
UAM.
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 5 37
Service tab
d.
te
bi
i
oh
pr
is
on
si
Figure 5-30. Service tab.
is
m
er
Management of network infrastructure services can be accessed by clicking the
tp
Service tab. The Service page serves as a portal for you to access all of the
ou
service modules that together constitute the IMC system.
ith
w
rt
pa
Configuration Center in
ACL Management
or
VLAN Management
le
ho
For more information on using the services listed above, refer to the sections of
w
IMC Administration Guide for IMC 7.0 that correspond with these modules.
in
n
Desktop Asset Manager

c tio
Wireless Service Management

du
ro
Voice Service Manager

ep
R
MPLS TE
.
ly
MPLS VPN Manager

on
VPLS
s

er
d
Traffic Analysis
ol
eh
User Behavior Auditor Management

ak
Icons for the aforementioned service modules appear under the Service tab after a
St
successful installation of each module has been completed.

&L
C
Note
P
UAM and EAD have moved to the User tab starting in IMC 7.0 (once installed).
H
5 38 Rev. 14.41
IMC Initial Access
Alarm tab
d.
te
ibi
oh
pr
is
on
si
Figure 5-31. Alarm tab.
is
m
er
The real time event or fault management features of IMC can be accessed by
tp
clicking the Alarm tab, shown in Figure 5-31, of the tabular navigation system. The
ou
Alarm tab is IMC portal into the reporting of faults on the network infrastructure.
ith
IMC lists real time alarms or faults, sorted by most recent in the main portion of the
w
Alarm page. From this page, you can drill down into individual alarm details by
rt
clicking the Description field of an individual alarm. You can also quickly access
pa
the device in alarm mode by clicking the Alarm Source of an individual alarm. This
in
navigates the operator to Device Details for the device in alarm mode.
or
le
The navigation tree has the following configuration and viewing options:
ho
Real-Time AlarmsView, delete, and recover the recent 50 unrecovered

w

in
alarms with the exception of information alarms.

n
Root AlarmsView, delete, and recover the most recent important alarms
tio
with the exception of information alarms.

du
All AlarmsView all alarms.

ro

ep
Faulty DevicesView devices grouped by device type that are currently

R

reporting a fault or error.
.
ly
on
Alarm StatisticsView statistical analysis of alarm distribution in real time.

s
er
TopNView devices grouped by severity of alarm.

d
ol
The navigation tree also has the following configuration and viewing options:
eh
ak
Alarm SettingsConfigure alarm settings to include email and SMS

St
notification, alarm forwarding to IMC as well as to other management systems,

&L
and downstream alarm suppression.

C
Trap ManagementBrowse, filter traps, add and modify trap definitions

P
H
within IMC.
Syslog ManagementBrowse, filter and configure Syslog events.
Rev. 14.41 5 39
Report tab
d.
te
bi
i
oh
pr
is
on
Figure 5-32. Report tab.
si
Real time and historical reports in IMC can be accessed by clicking the Report
is
m
tab, shown in Figure 5-32, of the tabular navigation system. From the Report tab,
er
tp
you can access real time and historical reports. The main pane in the Report tab
ou
provides a listing of all configured Real Time reports.
ith
From this pane, you can also add quick reports and schedule reports as well
w
as delete reports.
rt

pa
From the navigation tree on the left, you can customize reports, add report
in
templates, and schedule reports.
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
5 40 Rev. 14.41
IMC Initial Access
System tab
Figure 5-33. System tab.
You can configure system wide resources and settings, including:

Resource ManagementConfigures IMC to manage devices globally by
configuring templates for SNMP, Telnet, SSH, SOAP/HTTP, PowerShell, and
WMI access. Manage devices through vendor, series, model and category
definitions and MIB management.
Operator ManagementManages access to IMC through operator accounts
and groups; and manage IMC access through login controls and password
strategies.
Group ManagementManages IMC device groups, user groups and service
groups.
Hierarchical NMSManages the flow of data and alarms through IMC
hierarchical alarm settings.
System ConfigurationConfigures IMC system parameters, log details, data
export, alarm and performance monitoring, SMS configuration, and mail
server settings.
The navigation tree on the left for the System tab provides a shortcut to all system
functions provided in the System tab.
Rev. 14.41 5 41
Favorites tab
Figure 5-34. Favorites tab.
IMC allows you to customize the IMC Web page theme and add the often-used
functions to My Favorites.
To add a favorite:
1. Click the Add to My Favorites link ( ) located in the upper right corner of
the main pane of most IMC pages.
2. Enter the new name of the favorite link in the Name field.
3. Click OK to confirm adding the link to my favorites.
4. Refresh or reload the page in your Web browser to access the newly created
favorite.
You can also modify, delete, or re-sort your favorites from this tab.
5 42 Rev. 14.41
IMC Initial Access
Display tiling
Figure 5-35. Display tiling overview.
IMC displays multiple types of data on separate views. For example, it displays
network structures in the network topology and displays device performance data
in performance views. Large projects and conferences usually require an
integrated view to show multiple types of network data together, including
concerned devices, views, alarms, and performance data.
To do that, you can use the display tiling feature of IMC. This feature allows
operators to customize concerned devices, views, alarms, performance data, and
other data in different areas known as "widgets" for a large-screen display.
Note
To obtain the best display effect, install your screen and tune its settings
before you use the display tiling feature.
The following describes important terms and concepts in display tiling:

PanelRepresents the configuration area in which an operator creates a view
and customizes widgets for the view. The panel displays one view at a time.
ViewContains one or more widgets and displays widgets' data on a large
screen. This term is different from IP, device, and other views in IMC. Views in
display tiling are configured with widgets as needed.
WidgetDisplays information about devices, alarms, performance, or custom
views. For example, the Unreachable Device widget displays the TopN
devices with which IMC cannot communicate in the last polling interval.
To use display tiling, an operator must first add views and customize widgets for
each view on the panel, then select one view, and complete the display settings.
The panel is actually a scaled-down screen that shows the layout of each view to
be displayed. IMC offers a link on its home page to launch a separate window for
view configuration.
An operator, who can be an administrator, a maintainer, or a viewer (see the next
section on IMC administration), can configure up to ten views and can manage
only views created by himself. The widgets that an operator can customize vary
with the operating privileges on the IMC Platform. For example, operators who
cannot display or configure custom views are not allowed to configure custom view
widgets.
Rev. 14.41 5 43
The follow sections show you how to configure views and customize widgets for a
view, and describe widgets in details,
Note
Widgets were introduced earlier in the Spaces and widgets section.
5 44 Rev. 14.41
IMC Initial Access
Accessing the view configuration window
Figure 5-36. Accessing the view configuration window.
To access the view configuration window:
1. Point to the My Shortcut icon located at the top of the left navigation tree.
A list of predefined and user-defined favorites appears.
2. Point to the Display Tiling folder option. The popup list appears.
3. Click the Configuration icon in the popup list.
The view configuration window appears. The window contains the following parts:
PanelThe panel uses a grid layout consisting of cells.
Cells in the first row and first column display the row number and the
column number of the current view, respectively.
The panel is fixed in size, and the cell size changes along with the grid
settings of the view.
A wider and higher view contains more cells and they look smaller on the
panel.
To properly display the view in a big screen, make sure the row and
column numbers of each view do not exceed the maximum solution of the
big screen.
You can drag and drop widgets down to the panel, and then adjust their
positions in the view.
Widget areaThe widget area is located at the top of the window and
displays all widgets loaded for view configuration. By default, the area
contains 17 widgets loaded from the IMC Platform. When other service
components are deployed, more widgets appear in the area.
Rev. 14.41 5 45
Command areaThe command area is located on the right of the window. It

displays the view name and comprises two subareas:
Grid PropertiesBy default, only the Grid Properties subarea appears.
The Grid Properties subarea allows you to set the view pixels, move
backward or forward between views, add or delete the view, save and
refresh views.
Cell PropertiesWhen you click a widget in the panel, the Cell
Properties subarea appears, on which you can set the position and size
of the widget.
Figure 5-37. Accessing the view configuration window.
Basic operations in the view configuration window

In the view configuration window, you can perform basic operations on the panel,
views, and widgets.
In the Grid Properties subarea, you can set the pixels for the panel grid. Set the
screen pixels in the Screen Width(PT) and Screen Height(PT) fields. The fields are
automatically populated with the resolution values of the current server. After you
set the grid properties, click the panel. The row and column numbers of the panel
change along with the grid properties. The number of cells that the panel contains
also changes.
Make sure the grid properties do not exceed the maximum resolution that your big
screen supports. Otherwise, the view displayed on the big screen is incomplete.
5 46 Rev. 14.41
IMC Initial Access
Navigating the views

To navigate the views:
Click Previous View to move backward to the previous view. If the

view is the first view, the icon is grayed out.
Click Next View to move forward to the next view. If the view is
the last view, the icon is grayed out.
Adding a view
To add a view:
1. Click New View . The Add View window appears.

2. Enter the view name. The default name is New View. The name string ranges
from 1 to 32 characters, and can be the same as that of an existing view.
3. Click OK.
Deleting a view
To delete the current view:
1. Click Delete View .

2. Click Yes in the dialog box that appears.
Saving modifications to all views

To save modifications to all views:
1. Click Save Configuration to save all modifications to all views. If

a view contains overlapping widgets, IMC displays a conflict message.
2. Adjust the widget positions and click Save Configuration again.
Rev. 14.41 5 47
Managing widgets
You can select the widgets to be loaded for view configuration. By default, the view
configuration view can load 17 widgets from the IMC Platform, 13 of which are for
resource management, 3 of which are for performance management, and 1 of
which is for alarm management.
To manage widgets:
1. Click Widget Management . The Widget Management window

appears, including these parameters:
Widget NameName of the widget.
CategoryName of the IMC Platform component or service component
to which the widget corresponds.
2. Select the boxes to the left of the names for the widgets to be loaded, or
select the box to the left of the Widget Name column to select all widgets.
3. Click Save. The widget management window is closed. IMC loads only the
selected widgets for the view configuration.
4. Click Reload to load all widgets again.
Refreshing all views
Click Refresh to refresh the current and all other views.
Caution
Save any modifications to the views before you refresh them. Otherwise, you
lose all modifications.
Setting widget properties

Select a widget and then set the following parameters in the command area:
Row IndexStart row number of the widget. Enter a number in the Row
Index field or modify the value by clicking or .
Column IndexStart column number of the widget. Enter a number in the
Column Index field or modify the value by clicking or .
Row SpansTotal rows of the widget. Enter a number in the Row Spans field
or modify the value by clicking or .
Column SpansTotal columns of the widget. Enter a number in the Column
Spans field or modify the value by clicking or .
On the panel, the cells covered by a widget depend on the properties of the
widget. If the rows or columns counted from the start row or column number of the
widget are less than the row or column spans, the widget covers a single cell only,
and has only part of its data displayed on the big screen.
HP recommends you to use the mouse pointer to adjust the widget positions and
sizes.
5 48 Rev. 14.41
IMC Initial Access
Displaying a view
Figure 5-38. Displaying a view.
Figure 5-39. Displaying a view (cont.).
The My Shortcut Display Tiling menu provides shortcuts to existing views. After
you select a shortcut from the menu, the view appears in a separate window. In
the view display window, you can modify only the display style, but cannot edit the
view and the widgets it contains. The view display window does not provide any
link to the view configuration window. To enter the view configuration window, you
must use the My Shortcut menu. After that, the view display window is
automatically switched into the view configuration window.
Rev. 14.41 5 49
To display a view:
1. Navigate to the view display window.
a. Point to the icon located at the top of the left navigation tree. A list of
predefined and user-defined favorites appears.
b. Point to the Display Tiling folder option. The popup list appears.
c. Click the view you want to display in the popup list. The popup list
appears.
2. Select a theme for the view display from the drop down list. The default setting
is Black (Default). The theme setting is stored in the cache of the browser and
applies to all views you display on the current server. If you clear the
browser's cache, the theme setting restores to the default next time you enter
a view display window.
3. In addition to the pre-loaded themes, IMC also supports user-defined themes.
To customize a theme:
a. Click Set Skin Color . Configure the following parameters in the

dialog box that appears:
Text ColorSet the color for the text to be easily distinguished from
the background of the view.
Widget Border ColorSet the border color for the widgets in the
view.
Widget Shadow ColorSet the shadow color for the widgets in the
view.
Widget Linear Gradient From/To ColorSet the widget
background to a linear gradient starting from Widget Linear Gradient
From Color at the top to Widget Linear Gradient To Color at the
bottom.
View Linear Gradient From/To ColorSet the view background to
a linear gradient starting from View Linear Gradient From Color at the
top to View Linear Gradient To Color at the bottom.
b. Click Color to the right of the parameter you want to modify, and
then select an RGB color or enter the 6-digit hexadecimal color code in
the window that appears.
4. Click OK.
5. To display the view in full screen, click Full Screen .

6. To quit the full screen mode, press Esc.
5 50 Rev. 14.41
IMC Initial Access
IMC administration
IMC management overview
Figure 5-40. IMC management overview.
Operator Management offers you powerful control over resources in the network
infrastructure. Sound network infrastructure security policy and practice should
include securing IMC through effective use of the IMC security features and
functions found in Operator Management under the System tab.
Access and management rights to network resources granted to or rescinded from
IMC operators through the use of three features:
Operator Groups
Device Groups
Device Views
It is through the configuration of the operator account itself that these three
features converge to define the specific set of access and management rights and
restrictions for each operator.
Operator groups allow you to grant or restrict access and rights to IMC features
and functions. You can create custom operator groups and grant or restrict
operator access to the following IMC functions:
Resource Manager
Alarm Management
Intelligent Configuration Center
Report Management
Network Asset Management
Guest Access Management
Rev. 14.41 5 51
ACL Management
VLAN Management
Syslog Management
NE Management
VRM Management
Once groups are created, you can add operators to an operator group to grant or
restrict their access to these IMC features.
Custom views allow you to grant or restrict access to devices by creating custom
views. Custom Views serve two purposes:
To grant or restrict access and management rights to a set of devices.
To provide operators with a logical view of devices for quick and efficient
access to managed devices.
You create custom views that group devices logically. These views become
available through the Resource tab to operators when they have been granted
rights to them. You then grant or restrict operator access to one or more custom
views when configuring individual operator accounts.
Device groups give you a layer of refinement for granting or restricting operator
access and rights to devices managed by IMC. While Device Views allow you to
group devices logically, device groups enable you to group devices by device type
or by any other logical grouping. You can create custom groups and add one or
more devices to a group. Once device groups are created, you can assign
operators to a device group, thus granting them access and rights to manage the
devices in that group. Operators have access only to those devices that are
included in the device groups that they have been granted rights to. In other
words, operators do not have access and cannot even view devices that are not
included in the groups that they have been granted access to. Device Groups
serve to grant access to devices only; they are not visible as device groups in IMC
features and functions.
You are then ready to assign or restrict access and management rights to network
resources through the configuration of operator accounts, once you have created:
Operator groups
Custom views
Device groups
Populated device views and groups with devices
In operator accounts, you assign to each operator membership in an operator
group and access and management rights to device views and groups. Adding an
operator to the Administrator Group grants that operator rights to all devices, all
device groups and all views, without exception. Thus, to use views and device
groups to manage rights and restrictions to IMC, you must add operators to either
the maintainer or the viewer group.
The sum of operator privileges and restrictions configured in add or modify
operator account pages determines ultimately what devices become visible to
each operator in IMC through custom views or IMC system defined views.
5 52 Rev. 14.41
IMC Initial Access
The rights and restrictions in operator accounts also determine which performance
reports, alarms, and other IMC management and reporting views and features
operators see as operators only view information and features for devices over
which they have rights.
In addition to access and rights management features discussed above, IMC
offers other features to secure access to IMC and the resources managed by it.
You have three options for operator authentication to IMC:
Local IMC password management
RADIUS
LDAP authentication
You can configure authentication services through RADIUS or LDAP using the
Authentication Server feature found under Operator Management. You can control
login access to IMC through IP address access control lists in the Login Control
Template function under Operator Management. You can also set password
strategies that apply to all operators in the Password Strategy function under
Operator Management.
Finally, IMC you apply these configurations individually when creating operator
accounts.
Rev. 14.41 5 53
Operator groups
Figure 5-41. Operator groups.
In IMC, you can create custom defined operator groups that assign or restrict IMC
service and component level privileges to members of the operator groups. Once
created, custom groups then appear as configuration options when adding
operators to IMC.
Once groups are created, you can add operators to an operator group to grant or
restrict their access to these IMC features. You can create custom operator groups
and grant or restrict operator access to the following IMC functions:
Resource Management
Alarm Management
Intelligent Configuration Center
Report Management
Network Asset Management
Guest Access Management
ACL Management
VLAN Management
Syslog Management
In IMC, administrators are granted the access to all data by default, and the
maintainers and viewers can view only the data that they have access to. Through
the data access right configuration, you can view all data that the administrators
have access to, and you can view the data access rights of maintainers and
viewers.
Securing IMC begins with defining and implementing operator groups that map the
roles and responsibilities of individuals and groups within the organization to the
services and components within IMC.
5 54 Rev. 14.41
IMC Initial Access
Once you have identified the various groups within your support organization and
their roles and responsibilities and how they map to IMC services and
components, you are ready to begin creating operator groups.
Accessing the Operating Group lists

To view the operator group list:
1. Navigate to System > Operator Group.
c. Click the System tab from the tabular navigation system on the top.
d. Click Operator Management on the navigation tree on the left.
e. Click the Operator Group icon under Operator Management from the
navigation system on the left.
IMC displays all operator groups in the Operator Group List displayed in the
main pane of the System > Operator Group window.
Add an Operator Group

To add an operator group:
a. Click the System tab from the tabular navigation system on the top.
b. Click Operator Management on the navigation tree on the left.
c. Click the Operator Group icon under Operator Management from the
2. Click Add.
3. Enter a unique name for the group you want to create in the Group Name
field.
4. Select the groups privilege level from the Privilege list. Options include:
ADMINOperators with the ADMIN level privilege has access to all
operations and resources available in IMC. Only the admin account that is
created during installation and operators who have been assigned to the
Administrator Group and are given the ADMIN privilege level have control
over the following IMC functions: operator management, device group
management, user group management, login control template
management, password strategy management and system parameter
settings. Select this option to grant access to all IMC features and
functions as well as all devices, users, and services managed by IMC to
all operators that are members of this group.
MaintainerOperators who are assigned to the Maintainer group and
have the Maintainer privilege level rights and control over all operations
for devices, users, and services within the groups and custom views
assigned to the Maintainer Group. Select this option to grant access to
Rev. 14.41 5 55
IMC features and functions and devices, users, and services managed by
IMC to all operators that are members of this group.
ViewerOperators who are assigned to the Viewer group and have a
Viewer privilege level have read-only access devices, users, and services
within the groups and views assigned to its Viewer Group. Select this
option to grant read-only access to IMC features and managed resources
to all operators of this group.
5. Enter a description for the operator group in the Description field.
6. Click the Expand ALL icon to view all Operator Privileges. This step grants or
restricts access to IMC features for the Operator Group.
7. Deselect any privileges you want to revoke for this operator group by clicking
the checked box to remove the check mark.
8. Click OK to create the Operator Group.
You cannot modify the name of an operator group once it has been created.
Configuring the data access rights

IMC supports configuring data access rights for all operator groups except the
administrator group. The administrator group has the access right to all data by
default. Through the data access right configuration, you can view all the data that
the administrators have access to, and the data access right of the administrator
group is not configurable.
To set the data access rights:
c. Click the Operator Group icon under Operator Management from the
2. Click the Data Privilege Configure icon for Group Name. If the group is an
administrator group, the page displays all data modules that the administrator
can view. If the group is of another type, the page displays data modules that
can be configured.
3. Two methods are available for configuring the data access rights to data
modules. The following two sections take setting the data access rights to
Real-Time Monitoring and setting the access rights to report templates for an
example.
5 56 Rev. 14.41
IMC Initial Access
Configuring the access rights to Real-Time Monitoring

To configure access rights to real-time monitoring, follow these steps:
1. On the Data Privilege Configure page, click the Real-Time Monitoring link.
The page updates to display all monitors in Real-Time Monitoring. The Monitor
Name column displays the names of monitors.
2. Do one of the following:
Click the box next to a monitor to allow the operators in the operator
group to access the monitor.
Clear the box next to a monitor to prevent the operators in the operator
group from accessing the monitor.
Click the box next to Monitor Name to allow operators in the operator
group to access all monitors.
3. From the Access Right list for a monitor name, select the access right of the
operator group:
Select Read Only to allow operators in an operator group only to view the
current monitor and change the background color of the monitor graphs.
Select Read/Write to allow operators to modify the current monitor and
customize the four configuration items.
4. Click OK.
Set access rights of report template

To set the access rights for a report template, follow these steps:
1. On the Data Privilege Configure page, click the Set access rights of report
template link. The page updates to display all report templates. Report
Template List contents:
Template NameContains the name of the system-defined or user-
defined template.
TypeContains the type of report that is generated by the associated
template.
Definition TypeIdentifies the source of the template. Template sources
include Custom or Pre-defined reports.
Click the box next to a template to allow operators in the operator group
to use the template.
Clear the box next to a template to prevent the operators in the operator
group from using the template.
Click the box next to Template Name to allow operators in the operator
group to use all templates.
3. Click OK.
Rev. 14.41 5 57
Adding and managing IMC operators
Figure 5-42. Adding and managing IMC operators.
The individual operator account is where all of the features you have used to grant
or restrict access to operator accounts converge. These features include the
creation of operator groups, custom views, and device groups. Once these are
created, you can grant or restrict access and management rights to network
resources using them when they configure individual operator accounts.
With operator accounts, you assign to each operator membership in an operator
group and access and management rights to device views and groups.
Adding an operator to the administrator group grants that operator rights to all
devices, all device groups and all views, without exception.
To use views and device groups to manage rights and restrictions to IMC, you
must add operators to either the maintainer or the viewer group.
The sum of operator privileges and restrictions configured in add or modify
operator account pages determines what devices become visible to each operator
in IMC through custom device views or IMC system defined views.
Operators only view information and features for devices over which they have
rights. The rights and restrictions in operator accounts determine which
performance reports, alarms, and other IMC management and reporting views and
features operators see.
You are ready to begin creating individual operator accounts, once you:
Have created the operator groups that grant or restrict access to IMC features
that match the IMC access requirements of your support organization;
Know which operators need rights to manage which network resources, users
and services;
Have created the device groups and Level 1 custom views as needed.
5 58 Rev. 14.41
IMC Initial Access
Viewing the operator list

To view the operator list:
1. Navigate to System > Operator:
c. Click the Operator icon under Operator Management from the navigation
system on the left.
2. The Operator page is displayed and a list of all operators is displayed on this
page.
Adding an administrator group operator

To add an IMC administrator group operator:
1. Navigate to System > Operator:
c. Click the Operator icon under Operator Management from the navigation
system on the left.
2. Click Add.
3. Enter a valid login name in the Login Name field. Login name can include
alphanumeric characters, underscores (_), and hyphens (-). Although spaces
are allowed, HP does not recommend the use of any spaces in a login name
as this can cause problems with LDAP and RADIUS authentication.
4. Enter the operators first and last name in the Full Name field.
5. Select the password authentication type from the Authentication Type list.
Options are: IMC local Password, RADIUS, and LDAP. You must configure the
IMC Authentication Service module for LDAP and RADIUS before operators
can authenticate using either one of these forms of authentication.
6. If you are using IMC local password feature, enter the operators password in
the Password field.
7. If you are using IMC local password feature, re-enter the operators password
in the Confirm Password field. The Idle Timeout (Minutes) option allows you to
configure how long IMC sessions remain open and active while not in use.
8. Select Same as System Settings if you want to apply system wide settings to
this operator account.
9. Select Configure Individually. The page updates to include a field to the right
of the Idle Timeout list.
10. Enter the idle timeout in minutes in this field.
11. Select the Administrator Group from the Operator Group list.
12. Select from the pre-defined IMC operator groups or configure your own.
Rev. 14.41 5 59
Note
When assigning an operator to the Administrator Group only, you are assigning
that operator all IMC privileges to all services within IMC and to all devices
groups and views. This does not apply when creating operators that belong to
the Maintainer or Viewer group as rights to views and groups can be assigned
in the individual operator account.
13. Enter a brief description for this operator in the Description field.
14. Select the Default Access Control Strategy you want to apply to this operator
by clicking the appropriate radio button.
15. If you want to apply a login control template or rule to this operator, click Add.
16. If you have already created a login control template, click the radio button to
the left of Select from Existing Templates.
17. Select the login control template you wish to apply to this operator by clicking
the radio button to the left of the Login Control Name you want to select.
18. Click OK.
19. If you have not already created a login control template, click the radio button
to the left of Manually Add to add an access control rule.
20. Enter the following information in the Add Access Control Rule dialog box:
a. Start IPEnter the first IP address in address range you want to permit
or deny access to in the field. If you are entering a single IP address,
enter the same address in the Start IP and the End IP address fields.
b. End IPEnter the last IP address in address range you want to permit or
deny access to in the field. If you are entering a single IP address, enter
the same address in the Start IP and the End IP address fields.
c. ActionSelect the action you want to implement for this IP address or IP
address range, Permit or Deny from the list.
d. DescriptionEnter a description for this login control template in the
field provided.
21. Click OK to complete the Login Control List configuration. If you enter more
than one login control into the Login Control List for an operator, the Web
page updates to include a Change Priority field. This field allows you to define
the order or priority for execution of login control list entries. Entries at the top
of the list are treated with a higher priority than those below it.
22. To move a login control entry up or down in priority, do one of the following:
To move a login control entry up in priority, click the up arrow

associated with that entry.
To move it down, click the down arrow associated with that entry.
23. Click OK to accept the operator configuration.
24. You cannot change the logging name once you create the operator account.
5 60 Rev. 14.41
IMC Initial Access
Modifying IMC passwords

Individual IMC operators manage their own passwords once the operator account
has been established. To change your password:
1. Navigate to System > Modify Password:
a. a. Click the System tab from the tabular navigation system on the top.
b. b. Click Operator Management on the navigation tree on the left.
c. c. Click the Modify Password icon under Operator Management from the
navigation system on the left. The Modify Password page appears.
2. Enter the old password for the account that you are currently logged in as in
the Old Password field.
3. Enter the new password for the account that you are currently logged in as in
the New Password field.
4. Re-enter the new password for the account you are currently logged in as in
the Confirm New Password field.
5. Click OK.
Rev. 14.41 5 61
Lab Activity 5: Lab Topology
During this lab your group will apply the concepts learned in this module.
Consult your Lab Activity Guide for instructions for performing this activity.
5 62 Rev. 14.41
IMC Initial Access
Lab Activity Preview: IMC Initial Access
Lab Activity 5 will focus on installing and preparing IMC on a local server with a
remote database (Microsoft SQL Server). This lab is required in order to perform
the following labs in this course.
Important
! With some Learning Partners, the IMC base and add-on module might have
been pre-installed for you. Likewise, the switches might be pre-configured for
you. Ask your instructor if any of these are true, and if so, which Tasks you can
skip in the IMC Essentials lab book.
Rev. 14.41 5 63
Lab Activity 5 Debrief

Use the space below to record your key insights and challenges from Lab
Activity 5.
Debrief for Lab Activity 5

Challenges Key Insights
5 64 Rev. 14.41
Adding Devices to IMC

Module 6
Objectives
This module introduces adding devices to your IMC installation. Once youve
installed and initially set up your management access for IMC, you are ready to
automatically have IMC discover (or manually add) the devices in your network.
Youll learn how you can greatly simplify this process by using SMMP, telnet,
and/or SSH device management templates. Once youve added your devices,
youll learn how device groups can make it easier to managing large groups of
devices. Lastly, youll learn how to verify the device import process. Youll then
configure these topics in the Lab Activity.
Prepare HP ProVision, HP Comware, and Cisco IOS switches for IMC
management
Create SNMP, telnet, and SSH device management templates
Discover networking devices
Using device groups to manage devices
Verify your initial device discovery
Rev. 14.41 6 1
Device setup requirements

Basic device configuration requirements
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 6-1. Basic device configuration requirements.
rt
pa
IMC is primarily an SNMP-based management product, with support for remote
in
CLI access via telnet and/or SSH for items that cannot be performed via SNMP.
or
Therefore, for IMC to initially access the devices for remote management, youll
le
need to define the following on a Comware device:

ho
w
Define SNMP settings

in
Enable telnet or SSH

n
tio
Define the authentication mode and privilege level for the VTYs
c
du
On a ProVision switch, you only need to define the SNMP settings: remember that
ro
with ProVision switches, telnet is enabled by default and no Manager password is

ep
necessary.
.R
ly
Note
on
In most cases, to quickly discover and import the devices into IMC, youll use
s
er
SNMPv2c settings and telnet with no authentication. This kind of configuration

d
is simple on any networking device, but not secure. Obviously you will change
ol
eh
this after youve imported the device into IMC by using IMC itself to make the
ak
changes: like disabling telnet and enabling SSH, or changing from SNMPv2c
St
to SNMPv3. Youll have IMC push these kinds of changes to the networking
devices.
&L
C
Each vendor beyond that will have its own requirements for SSH/telnet/SNMP
P
H
access. The third bullet point in Figure 6-1 gives an example of the requirements
for a Cisco IOS switch. The following pages will discuss the actual configuration
commands performed on each device.
6 2 Rev. 14.41
SNMPv3 uses an authentication and privacy security model. On the NMS, the user
needs to specify the username and security level, and based on that level,
configure the authentication mode, authentication password, privacy mode, and
privacy password. In addition, the timeout time and number of retries should also
be configured. The user can inquire and configure the device through the NMS.
The steps for configuring SNMPv3 on Comware are:
1) Setup an SNMPv3 Group
d.
te
2) Setup an SNMPv3 User
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 3
Basic HP switch configurations
d.
te
ibi
oh
pr
is
on
si
Figure 6-2. Basic HP switch configurations.
is
m
er
Minimally, Comware switches require that you enable telnet or SSH as well as
tp
setting up the VTYs. ProVision switches are simpler: telnet is already enabled and
ou
no passwords are required. Notice how simple the configuration is. Obviously this
ith
configuration is not secure; however, the goal in using a network management tool
w
like IMC is make the device import process as simple and quick as possible. You
rt
pa
would then use IMC to change the security settings, like converting the SNMP
configuration from SNMPv2c to SNMPv3 and telnet to SSH.
in
or
Community strings are passwords that are applied to a Comware device to restrict
le
access (both read-only and read-write access) to the SNMP data on the device.
ho
These community strings, as with all passwords, should be carefully chosen to

w
ensure they are not trivial. Community strings should be changed at regular
in
intervals and in accordance with network security policies. For example, the strings
n
tio
should be changed when a network administrator changes roles or leaves the

c
company.
du
ro
The following Comware configuration lines configure a read-only community string

ep
of READONLY and a read/write community string of READWRITE:

.R
#
ly
on
snmp-agent community read READONLY

s
er
snmp-agent community write READWRITE

d
ol
Note that the preceding community string examples have been chosen to clearly
eh
explain the use of these strings. For production environments, community strings
ak
should be chosen with caution and should consist of a series of alphabetical,

St
numerical, and non-alphanumeric symbols.

&L
C
P
Secure Comware configuration

H
The following sections will discuss how to set up SSH and SNMPv3 on Comware
switches.
6 4 Rev. 14.41
SSH configuration on Comware

A secure Comware configuration would include the following commands for SSH
and SNMPv3 access:
Follow these steps to configure the user privilege level by using schemes with
local user accounts:
[Comware] user-interface <user-interface>
d.
[Comware-ui-aux0] authentication-mode scheme
te
bi
[Comware-ui-aux0] quit
i
oh
[Comware] local-user <user-name>
pr
[Comware-luser-<user>] password cipher <password>
is
on
[Comware-luser-<user>] service-type {terminal | telnet | ssh}
si
is
[Comware-luser-<user>] authorization-attribute level {0-3}
m
er
[Comware-luser-testuser] quit
tp
The cipher parameter in the password command encrypts the administrators
ou
password. The service-type command can be used to restrict the access
ith
services allowed. terminal refers to console or auxiliary port access. The
w
rt
authorization-attribute command assigns the privilege level to the user,
from visitor (0) to manager (3). pa
in
Heres an example of defining a user called testuser with a password of 12345678
or
that is used for access to the console of a switch:

le
ho
[Comware] user-interface aux0

w
in
[Comware-ui-aux0] authentication-mode scheme

n
tio
[Comware-ui-aux0] quit
c
du
[Comware] local-user testuser

ro
[Comware-luser-testuser] password cipher 12345678

ep
[Comware-luser-testuser] quit
R.
ly
Heres the Comware commands for SNMPv3:

on
[Comware] snmp-agent group v3 <group-name>

s
er
[authentication | privacy ]
d
ol
eh
[read-view <read-view>] [write-view <write-view>]

ak
[notify-view <notify-view>]
St
[acl <acl-list>]
&L
C
[Comware] snmp-agent usm-user v3 <user-name> <group-name> [cipher]

P
[authentication-mode {md5 | sha} <auth-password>

H
[privacy-mode {3des | aes128 | des56} <priv-password>]]

[acl <acl-number>]
Rev. 14.41 6 5
SNMPv3 group configuration for Comware

An SNMP group defines security model, access right, and so on. A user in this
SNMP group has all these public properties. Use the snmp-agent group
command to configure a new SNMP group and specify its access right. Here are
the parameters for the command:
<group-name>: Group name, a string of 1 to 32 characters.
authentication: Specifies the security model of the SNMP group to be
d.

te
authentication only (without privacy): HMAC without encryption.
bi
i
oh
privacy: Specifies the security model of the SNMP group to be
pr
authentication and privacy: HMAC and encryption.
is
read-view: Read view, a string of 1 to 32 characters. The default read view
on
is ViewDefault. Read View controls what MIB objects a group can view. By
si
is
default the group can view all MIB objects. Configuring Read View is beyond
m
the scope of this course.
er
tp
write-view: Write view, a string of 1 to 32 characters. By default, no Write
ou
View is configured. The NMS cannot perform write operations to any MIB
ith
objects on the device. Configuring Write View is beyond the scope of this
w
course.
rt

pa
notify-view: Notify View, for sending traps, a string of 1 to 32 characters.
in
By default, no notify view is configured. The device does not send traps to the
or
NMS. Configuring Notify View is beyond the scope of this course.

le
ho
acl: Associates a basic ACL with the group. <acl-number> is in the range
w
2000 to 2999. By using a basic ACL, you can restrict the source IP address of
in
SNMP packets, that is, you can configure to allow or prohibit SNMP packets
n
with a specific source IP address, so as to restrict the intercommunication

c tio
between the NMS and the agent.

du
ro
By default, SNMP groups configured by the snmp-agent group v3 command

ep
use a no-authentication-no-privacy security model.

.R
ly
on
SNMPv3 user configuration for Comware

s
er
Use the snmp-agent usm-user v3 command to add a user to an SNMP group.

d
ol
The user name configured by using this command is applicable to the SNMPv3
eh
networking environments, if the agent and the NMS use SNMPv3 packets to
ak
communicate with each other, you need to create an SNMPv3 user.

St
Here is an explanation of the parameters for snmp-agent usm-user v3:

&L
C
<user-name>: User name, a string of 1 to 32 characters. It is case sensitive.

P
H
<group-name>: Group name, a string of 1 to 32 characters. It is case

sensitive.
cipher: Specifies that auth-password and priv-password are cipher text
passwords, which can be calculated by using the snmp-agent calculate-
password command.
6 6 Rev. 14.41
authentication-mode: Specifies the security model to be authentication.

MD5 is faster than SHA, while SHA provides a higher security than MD5.
md5: Specifies the authentication protocol as MD5.
sha: Specifies the authentication protocol as SHA-1.
<auth-password>: Authentication password (HMAC key). If the cipher
keyword is not specified, auth-password indicates a plain text password,
d.
which is a string of 1 to 64 visible characters. If the cipher keyword is
te
specified, auth-password indicates a cipher text password of 32 or 40
ibi
oh
hexadecimal characters.
pr
If the md5 keyword is specified, auth-password is a string of 32
is
on
si
If the sha keyword is specified, auth-password is a string of 40
is
m
er
See additional notes below to determine the cipher text password.
tp

ou
privacy-mode: Specifies the security model to be privacy. The three
ith
encryption algorithms AES, 3DES, and DES are in descending order in terms
w
of security. Higher security means more complex implementation mechanism
rt
pa
and lower speed. DES is enough to meet general requirements.
in
3des: Specifies the privacy protocol as 3DES.
or

le
des56: Specifies the privacy protocol as DES.

ho
aes128: Specifies the privacy protocol as AES.

in
<priv-password>: The privacy password (encryption key). If the cipher

n
tio
keyword is not specified, priv-password indicates a plain text password, which

c
du
is a string of 1 to 64 characters; if the cipher keyword is specified, priv-

ro
password indicates a cipher text password of 40 or 80 hexadecimal

ep
characters.
R
If the 3des keyword is specified, priv-password is a string of 80

.

ly
on
hexadecimal characters;
s
If the aes128 keyword is specified, priv-password is a string of 40

er
d
hexadecimal characters;
ol
eh
If the des56 keyword is specified, priv-password is a string of 40

ak
St
See additional notes below to determine the cipher text password.

&L
acl: Associates a basic ACL with the user. acl-number is in the range 2000 to
P
2999. By using a basic ACL, you can restrict the source IP address of SNMP
H
packets, that is, you can configure to allow or prohibit SNMP packets with a
specific source IP address, so as to allow or prohibit the specified NMS to
access the agent by using this user name.
Rev. 14.41 6 7
Additional notes - SNMPv3 user configuration

Why use the cipher keyword - If you do not use the cipher keyword your
SNMP authentication and privacy passwords will be transmitted in clear text.
If you specify the cipher keyword - the system considers the arguments
auth-password and priv-password as cipher text passwords. This means you
will have to enter the passwords as a 32, 40 or 80 character cipher version of
the password. Use the process described below to determine the cipher text
d.
password. If the SNMP engine IDs of two devices are the same, you can
te
bi
copy and paste the SNMPv3 configuration commands from the configuration
i
oh
file on device A to device B. The cipher text password and plain text password
pr
on the two devices will be the same.
is
If you do not specify the cipher keyword, the system considers the
on
arguments auth-password and priv-password as plain text passwords. In this
si
is
case, the passwords will be transmitted in clear text.
m
er
To Determine the Cipher Text Password - When using the SNMPv3 User
tp
Configuration Command with the cipher keyword you can get the cipher of
ou
the plain text password using the command:
ith
w
snmp-agent calculate-password <passphrase> mode
rt
<privacy-mode> <engine id>
pa
When running this command make sure to use the same:
in
or
Privacy-Mode as used in the snmp-agent usm-user v3 cipher

le
command
ho
w
Engine ID as used on the device

in
A plain text password is required when the NMS accesses the device;
n
tio
therefore, please remember the user name and the plain text password used
c
to generate the cipher text.

du
ro
ep
SNMPv3 configuration example for Comware

R
.
ly
Here is an example of an SNMPv3 configuration for Comware that only uses

on
HMAC protection (no encryption):

s
er
# Add a user testUser to the SNMPv3 group testGroup. Configure the security model as
d
ol
authentication without privacy, the authentication protocol as MD5, the plain-

eh
text authentication password as authkey.

ak
Step 1 Setup an SNMPv3 Group

St
&L
[Sysname] snmp-agent group v3 testGroup authentication

C
Step 2 Setup an SNMPv3 User

P
H
[Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey

Here is an explanation of the configuration:
Sets the SNMP version on the NMS to SNMPv3
Defines the user name as testUser,
Sets the authentication protocol to MD5
Sets the authentication password (HMAC key) to authkey
6 8 Rev. 14.41
Here is an example SNMPv3 configuration for Comware that uses both encryption
and HMAC protection:
# Add a user testUser to the SNMPv3 group testGroup. Configure the security model as
authentication and privacy, the authentication protocol as MD5, the privacy
protocol as DES56, the plain-text authentication password as authkey, and
the plain-text privacy password as prikey.
Step 1 Setup an SNMPv3 Group
d.
[Sysname] snmp-agent group v3 testGroup privacy
te
bi
Step 2 Setup an SNMPv3 User
i
oh
[Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey
pr
privacy-mode des56 prikey
is
on
Here is an explanation to this configuration:
si
Sets the SNMP version on the NMS to SNMPv3
is

m
er
Defines the user name as testUser
tp
Sets the authentication protocol to MD5
ou
ith
Sets the authentication password to authkey
w
Sets the privacy (encryption) protocol to DES
rt
pa
Sets the privacy password (encryption key) to prikey
in
or
le
Secure ProVision configuration

ho
w
The following sections will discuss how to set up SSH and SNMPv3 on ProVision
in
switches.
n
c tio
du
SSH configuration on ProVision

ro
ep
The ProVision switches use Secure Shell version 1 or 2 (SSHv1 or SSHv2) to

R
provide remote access to management functions on the switches via encrypted

.
ly
paths between the switch and management station clients capable of SSH
on
operation.
s
er
SSH provides Telnet-like functions but, unlike Telnet, SSH provides encrypted,
d
ol
authenticated transactions. The authentication types include:

eh
ak
Client public-key authentication, like Putty, TeraTerm, or SecureCRT

St
Switch SSH and user password authentication

&L
This option uses one or more public keys (from clients) that must be stored on the
C
switch. Only a client with a private key that matches a stored public key can gain
P
H
access to the switch. (The same private key can be stored on one or more clients.)
Important
! At a minimum, HP recommends that you always assign at least a Manager
password to the switch. Otherwise, under some circumstances, anyone with
Telnet, web, or serial port access could modify the switchs configuration.
Rev. 14.41 6 9
Here are the basic commands:

ProVision(config)# crypto key generate ssh rsa bits <key-size>
ProVision(config)# ip ssh [version 2]
ProVision(config)# no telnet-server
You must generate a public and private host key pair on the switch. The switch
uses this key pair, along with a dynamically generated session key pair to
negotiate an encryption method and session with an SSH client trying to connect
d.
te
to the switch. The key sizes supported are 512, 768, and 1,024 bits in length.
bi
i
oh
The host key pair is stored in the switchs flash memory, and only the public key in
pr
this pair is readable. When you generate a host key pair on the switch, the switch
places the key pair in flash memory (and not in the running-config file). Also, the
is
on
switch maintains the key pair across reboots, including power cycles. You should
si
consider this key pair to be "permanent"; that is, avoid re-generating the key pair
is
without a compelling reason. Otherwise, you will have to re-introduce the switchs
m
er
public key on all management stations you have set up for SSH access to the
tp
switch using the earlier pair.
ou
Removing (zeroing) the switchs public/private key pair renders the switch unable
ith
to engage in SSH operation and automatically disables IP SSH on the switch. (To
w
verify whether SSH is enabled, execute show ip ssh.) However, any active SSH
rt
pa
sessions will continue to run, unless explicitly terminated with the CLI kill
in
<session-number> command (the session number is displayed in the output of
or
the show ip ssh command).

le
ho
The ip ssh command enables or disables SSH on the switch and modifies
w
parameters the switch uses for transactions with clients. After you enable SSH, the
in
switch can authenticate itself to SSH clients.

n
tio
Heres a simple configuration example of setting up SSH on ProVision switches:

c
du
ProVision(config)# crypto key generate ssh rsa bits 1024

ro
ep
Installing new RSA key. If the key/entropy cache

R
is depleted, this could take up to a minute.

.
ly
on
ProVision(config)# ip ssh version 2

s
ProVision(config)# no telnet-server
er
d
The default authentication on ProVision switches allow you to set a password for
ol
eh
the operator and manager user types. Here are the commands to configure the
ak
passwords:
St
ProVision(config)# password operator

&L
New password for manager: <password>

C
P
Please retype new password for manager: <password>

H
ProVision(config)# password manager

New password for manager: <password>
Please retype new password for manager: <password>
6 10 Rev. 14.41
Once you have set the passwords, you can test them by logging into the switch,
like this:
Password: <password>
ProVision> enable
Password: <password>
ProVision#
d.
You can also set up SSH authentication using AAA, where IMC can perform the
te
AAA server function (the configuration of this is beyond the scope of this course).
ibi
oh
pr
Enabling SNMPv3 on ProVision switches
is
on
To enable SMNPv3 operation on the switch, use the following command:
si
is
ProVision(config)# snmpv3 enable
m
er
You may (optionally) restrict access to only SNMPv3 agents by using this
tp
command:
ou
ProVision(config)# snmpv3 only
ith
w
To restrict write-access to only SNMPv3 agents, use this command:
rt
ProVision(config)# snmpv3 restricted-access
pa
in
Note
or
le
Restricting access to only version 3 messages will make the community

ho
named public inaccessible to network management applications (such as

w
auto-discovery, traffic monitoring, SNMP trap generation, and threshold

in
setting) from operating in the switch.

n
tio
The show snmpv3 enable command displays the operating status of SNMPv3
c
du
and the show snmpv3 only displays the status of message reception of non-
ro
SNMPv3 messages. The show snmpv3 restricted-access command

ep
displays the status of write messages of non-SNMPv3 messages.

R
.
ly
on
Configure an SNMPv3 username and password

s
er
SNMPv3 usernames and passwords define the type of protection used for a
d
ol
particular management stations access. Here is the syntax of the command:

eh
ak
ProVision(config)# snmpv3 user <username>

St
[auth <md5|sha> <auth-pwd>

&L
priv <des|aes> <priv-pwd>]

C
P
Authorization and privacy (encryption) are optional, but to use privacy, you must
H
use authorization. When you delete a user, only the <username> is required. With
authorization, you can set either MD5 or SHA authentication. The authentication
password <auth-pass> must be 632 characters in length and is mandatory when
you configure authentication.
Rev. 14.41 6 11
With privacy, the switch supports DES (56-bit) and AES (128-bit) encryption. The
privacy password <priv-pwd> must be 632 characters in length and is mandatory
when you configure privacy. If you dont configure privacy, it defaults to DES.
Heres a configuration example:
ProVision(config)# snmpv3 user Miriam auth sha securepassword
priv aes securepassword
d.
To display the management stations configured to access the switch with SNMPv3
te
and view the authentication and privacy protocols that each station uses, enter the
bi
show snmpv3 user command.
i
oh
pr
is
Configure an SNMPv3 group on ProVision
on
si
An SNMPv3 group associates an SNMPv3 user to the SNMPv3 implementation it
is
m
uses and the restrictions applied to the user account. The syntax command is as
er
follows:
tp
ProVision(config)# snmpv3 group <group-name> user <username>
ou
ith
secmodel {ver1 | ver2c | ver3}
w
Group names for SNMPv3 users include:
rt
managerpriv pa
in
or
managerauth
le
operatorauth
ho
w
operatornoauth
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 12 Rev. 14.41
Basic Cisco IOS switch configuration
d.
te
ibi
oh
Figure 6-4. Basic Cisco IOS switch configuration.
pr
is
The above demonstrates a minimal configuration for a Cisco IOS device (switch or
on
router). The discussion of syntax commands is beyond the scope of this book.
si
is
Please note that other vendors syntax for a basic SNMP and telnet setup will
m
differ.
er
tp
ou
Secure SSH access for Cisco IOS
ith
w
Heres a basic configuration for SSH Access on a Cisco IOS device:
rt
Router(config)# username <username> privilege 15 pa
in
secret 0 <password>
or
le
Router(config)# line vty 0 15

ho
Router(config-line)# privilege level 15

w
in
Router(config-line)# login local

n
tio
Router(config-line)# transport input ssh

c
du
Router(config-line)# exit
ro
Router(config)# ip ssh version <1 | 2>

ep
R
Router(config)# crypto key generate rsa [modulus modulus]

.
ly
Because telnet is susceptible to eavesdropping attacks, it is recommended to use

on
SSH to secure CLI access to a router. SSHv1 was supported in 12.1(3)T and
s
er
SSHv2 in 12.3(4)T. You need an IPSec image to support SSH since SSH requires
d
encryption keys to perform encryption. However, before you can create your
ol
eh
encryption keys, you must first assign a host and domain name to your router
ak
otherwise, youll get an error message. The crypto key generate rsa
St
command creates your keys. If you omit the modulus, youll be prompted for it.
&L
C
P
H
Rev. 14.41 6 13
SNMPv3 configuration for Cisco IOS

Heres the syntax for a secure SNMPv3 configuration on a Cisco IOS device:
Router(config)# snmp-server view view_name oid_mib
{included | excluded}
Router(config)# snmp-server group group_name {v1 | v2c | v3}
{auth | noauth | priv} [read read_view]
d.
te
[write write_view] [notify notify_view]
bi
i
oh
[access-list ACL_ID]
pr
Router(config)# snmp-server user user_name group_name
is
{v1 | v2c | v3}
on
si
[auth {md5 | sha} auth_password] [priv {des |
is
m
3des | aes {128 | 192 | 256}} encr_password]
er
tp
[access ACL_ID]
ou
Router(config)# snmp-server host host_name_or_IP [traps | informs]
ith
[version {1 | 2c | 3} [auth user_name]
w
rt
Router(config)# snmp-server traps enable
pa
An explanation of the syntax is beyond the scope of this course.
in
or
Heres a configuration example:

le
ho
access-list 10 permit host 10.0.1.12

w
snmp-server view myview interfaces included

in
n
snmp-server group mygroup v3 priv read myview access 10

c tio
snmp-server user myuser mygroup v3 auth sha a3fh95t11a

du
ro
priv aes 128 dkfjiewokd892a

ep
snmp-server host 10.0.1.12 traps version 3 auth myuser

.R
snmp-server enable traps

ly
on
The above shows an example for setting up SNMPv3. In this example, an SNMP
s
view was created that includes the "interfaces" MIB/OID.An SNMP group for v3
er
d
was created, limiting the view to read-access. The group references the view and
ol
the ACL to restrict SNMPv3 access. The SNMP user specifies the access
eh
credentials (protection) and references the group to use. The SNMP server is
ak
defined with traps being sent to the server and the SNMP user configuration is
St
referenced so the router knows the access method to enforce. Last, SNMP traps
&L
are enabled so the router can send events to the SNMP management station.
C
P
H
6 14 Rev. 14.41
Resource management templates

SNMP management template
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
Figure 6-5. SNMP management templates.
in
Device resource templates enable you to save SNMP, Telnet, SSH, SOAP/HTTP,
or
PowerShell, and WMI configuration settings that IMC uses to access network
le
ho
devices. You can apply these templates when adding devices to IMC, performing
w
auto discovery to populate IMC with newly discovered devices, or to configure

in
device parameters in individual device or batch mode.

n
tio
IMC uses SNMP to query and manage remote network devices. The SNMP
c
template feature allows you to save SNMP configuration settings in IMC, which
du
can then be applied when adding new devices to IMC. SNMP templates store IMC
ro
SNMP configurations for devices to support IMC communication with the device.
ep
SNMP Templates do not configure the SNMP settings on the device itself.
R .
ly
This feature is particularly useful for organizations that use a variety of SNMP
on
configurations, such as using different SNMP configurations based on device type,

s
geographical location, or organizational support models.

er
d
ol
eh
Viewing the SNMP template list

ak
St
To view the SNMP template list, navigate to System > SNMP Template:
&L
1. Click the System tab from the tabular navigation system on the top.
C
Click Resource Management on the navigation tree on the left.

P
2.
H
3. Click the SNMP Template icon ( ) under Resource Management from the
IMC displays all SNMP templates in the SNMP Template List displayed in the main
pane of the System SNMP Template window.
Rev. 14.41 6 15
Adding an SNMPv1 or v2c template

To add a SNMPv1 or v2c template:
1. Navigate to System > SNMP Template.
b. Click Resource Management on the navigation tree on the left.
Click the SNMP Template icon under Resource Management from the
d.
c.
te
navigation system on the left. IMC displays all SNMP template entries in
bi
the SNMP Template List displayed in the main pane of the System SNMP
i
oh
Template window.
pr
Click Add.
is
2.
on
3. Enter the following information in the Add SNMP Template page.
si
is
4. Enter a unique name for the SNMP template name in the Name field. You
m
er
cannot modify the name of a template once the template has been created. To
tp
modify the name, you must first delete the template and then recreate it with
ou
the new name.
ith
5. Select the version of SNMP that is configured for use on the managed devices
w
from the Parameter Type list.
rt
6. Select SNMPv1, SNMPv2c, SNMPv3 and so on. pa
in
or
7. Enter the Read-Only community string that is configured on the managed

le
devices in the Read-Only Community String field. The default is public.

ho
8. Enter the Read-Write community string configured on the managed devices in

w
the Read-Write Community String field. The default is private. SNMP

in
n
configuration settings for each managed device must match the SNMP
tio
settings configured on it. For information on configuring SNMP settings on the

c
du
managed devices, refer to your vendor documentation.

ro
9. Enter the SNMP timeout value (160 seconds) in the Timeout field. This
ep
parameter determines how long IMC waits for an SNMP reply from the
R
managed device before declaring that the request has timed out.
.
ly
on
10. Enter the number of SNMP retries (120) in the Retries field. The retries
s
parameter defines how many times the management system (IMC) sends
er
d
SNMP retries in an attempt to communicate with the managed device before

ol
reporting a failure. The default is 3.

eh
ak
11. Click OK.

St
&L
C
P
H
6 16 Rev. 14.41
Adding an SNMPv3 template

To add a SNMPv3 template:
1. 1. Navigate to System > SNMP Template.
Click the SNMP Template icon under Resource Management from the
d.
c.
te
navigation system on the left. IMC displays all SNMP template entries in
bi
the SNMP Template List displayed in the main pane of the System SNMP
i
oh
Template window.
pr
Click Add.
is
2.
on
3. Enter the following information in the Add SNMP Template page.
si
is
4. Enter a unique name for the SNMP template name in the Name field.
m
er
5. Select the SNMPv3 type that matches the version of SNMP configured on the
tp
devices to be managed by this template from the Parameter Type list, shown
ou
in Figure 6-5.
ith
w
6. Enter the username that is configured on the managed devices in the
rt
Username field.
pa
in
7. If prompted, enter the authentication password that is configured on the
or
managed devices in the Authentication Password field.

le
8. If prompted, enter the encryption password that is configured on the managed

ho
devices in the Encryption Password field.

w
in
9. Enter the SNMP timeout value in the Timeout field. Valid range is 160
n
tio
seconds. The timeout parameter defines how long the system waits for the
c
device to respond to SNMP requests before reporting that the request has
du
timed out.
ro
ep
10. Enter the SNMP retries value in the Retries field. Valid range is 120. The
R
retries parameter defines how many times the management system (IMC)
.
ly
sends SNMP retries in an attempt to communicate with the managed device.

on
The default is 3.
s
er
11. Click OK.

d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 17
The SNMP templates you have created now appear as configuration options when
adding devices to IMC by auto discovery, by batch mode or by adding devices
individually.
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
Figure 6-5. SNMPv3 parameters for templates.
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 18 Rev. 14.41
Telnet management template
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 6-6. Telnet management templates.
ou
ith
IMC uses Telnet to provide you with remote access to managed devices. IMC also
w
uses Telnet for certain network resource management functions.
rt
pa
The Telnet template feature allows you to save Telnet configuration settings in
in
IMC, which can then be applied when adding new devices to IMC, performing an
or
auto discovery, or configuring devices in individual or batch mode. Telnet templates

le
store IMC Telnet configurations for devices to support IMC communication with the
ho
device. Telnet templates do not configure the Telnet settings on the device itself.
w
in
Viewing the Telnet template list

n
ctio
To view the Telnet template list, navigate to System > Telnet Template.
du
ro
ep

R
2.
.
ly
Click the Telnet Template icon (

on
3. ) under Resource Management from the

s
er
d
IMC displays all Telnet templates in the Telnet Template List displayed in the main
ol
pane of the System >Telnet Template window.

eh
ak
St
Adding a Telnet template

&L
C
To add a Telnet template:

P
H
1. 1. Navigate to System > Telnet Template.

c. Click the Telnet Template icon under Resource Management from the
navigation system on the left. IMC displays all Telnet templates in the
Telnet Template List displayed in the main pane of the System >Telnet
Template window.
Rev. 14.41 6 19
2. Click Add.
3. Enter the following information in the Add Telnet Template page.
4. Enter a unique name for the Telnet template in the Name field. You cannot
modify the name of a template once the template has been created. To modify
the name, you must first delete the template and then recreate it with a new
name.
5. Select the mode to match the telnet authentication mode configured on the
d.
te
managed devices from the Authentication Mode list. Options include:
bi
Password
i
oh
pr
Username + Password
is

on
Super Password
si
Password + Super Password
is
m
er
Username + Password + Super Password
tp

ou
No Username + No Password
ith
Username + No Password
w
rt
pa
6. If prompted, enter the username that is configured on managed devices in the
Username field.
in
or
7. If prompted, enter the password that is configured on the managed devices in

le
the Password field.

ho
w
8. If prompted, enter the super password that is configured on the managed

in
devices in the Super Password field.

n
tio
9. Enter the Telnet timeout value in the Timeout field. Valid range is 160
c
du
device to respond in seconds.

ro
ep
10. Click OK.

R
.
The Telnet templates you have added now appear as configuration options when
ly
on
configuring devices individually or in batch mode.

s
The Telnet configuration settings in IMC must match the Telnet settings configured
er
d
on the managed devices. For information on configuring Telnet settings on the

ol
managed devices, refer your vendors documentation. The Telnet templates also
eh
appear as configuration options when adding devices to IMC by auto discovery, by

ak
St
batch mode or by adding devices individually.

&L
C
P
H
6 20 Rev. 14.41
SSH management template
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 6-7. SSH management template.
ith
IMC uses SSH to enable secure remote access to managed devices. IMC also
w
uses SSH for certain network resource management functions. The SSH template
rt
pa
feature allows you to save SSH configuration settings in IMC, which can then be
in
applied when adding new devices to IMC, performing an auto discovery, or
or
configuring devices in individual or batch mode. SSH templates store IMC SSH
le
configurations for devices to support IMC communication with the device. SSH
ho
templates do not configure the SSH settings on the device itself.

w
in
n
Viewing the SSH template list

c tio
du
To view the SSH template list, navigate to System > SSH Template.
ro
Click the System tab from the tabular navigation system on the top.
ep
1.
R
2. Click Resource Management on the navigation tree on the left.

.
ly
on
3. Click the SSH Template icon ( ) under Resource Management from the
s

er
d
ol
IMC displays all SSH templates in the SSH Template List displayed in the main
eh
pane of the System >SSH Template window.

ak
St
&L
C
P
H
Rev. 14.41 6 21
Adding an SSH template

To add an SSH template:
1. Navigate to System > SSH Template.
Click the SSH Template icon under Resource Management from the
d.
c.
te
navigation system on the left. IMC displays all SSH templates in the SSH
bi
Template List displayed in the main pane of the System >SSH Template
i
oh
window.
pr
Click Add.
is
2.
on
3. Enter the following information in the Add SSH Template page.
si
is
4. Enter a unique name for the SSH template name in the Name field. You
m
er
cannot modify the name of a template once the template has been created. To
tp
modify the name, you must first delete the template and then recreate it with a
ou
new name.
ith
5. Select the mode that matches the SSH configuration mode configured on the
w
managed devices from the Authentication Mode list. Authentication mode
rt
options include:
pa
in
Password
or
le
Private Key
ho
Password + Private Key

in
Password + Super Password

n
tio
Private Key + Super Password

c
du
ro
Password + Private Key + Super Password

ep
R
6. Enter the username that is configured on managed devices in the User Name
.
field.
ly
on
7. Enter the password that is configured on the managed devices in the

s
er
Password field. If prompted, enter the path and filename of the private key file
d
that contains the key that enables login in the Private Key File field. If
ol
eh
prompted, enter the private key password for the private key file in the Private
ak
Key Password field. If prompted, enter the super password that is configured
St
on the managed devices in the Super Password field.

&L
8. Enter the TCP port for SSH configured on managed devices in the Port field.
C
The default TCP port is 22.

P
H
9. Enter the SSH timeout value in the Timeout field. Valid range is 1120
device to respond in seconds before declaring that the response has timed
out. The default setting is 10 seconds.
6 22 Rev. 14.41
10. Enter the number of SSH retries in the Retries field. Valid range is 15. The
retries parameter defines how many times the management system (IMC)
sends SSH retries in an attempt to communicate with the managed device
before reporting a failure. The default setting is 3.
11. Click OK.
The SSH templates you have added now appear as options when configuring
devices individually or in batch mode. The SSH configuration settings in IMC must
d.
match the SSH settings configured on the managed devices. For information on
te
configuring SSH settings on the managed devices, refer your vendors
ibi
documentation. The SSH templates also appear as configuration options when
oh
adding devices to IMC by auto discovery, by batch mode or by adding devices
pr
individually.
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 23
Adding devices
The Resource tab provides you with a portal for the device monitoring and
management features of IMC. From this portal, you can view and manage network
resources including devices and IP addresses.
IMC offers you a variety of options for viewing and managing devices through
views that organize by:
d.
Device type (Device View)
te
bi
IP address (IP View)
oh
pr
Topology (Network Topology)
is
The operators own organization of devices using Custom Views.
on
si
Each of these views offers the ability to manage multiple devices from the device
is
lists on these pages. In addition, each view offers drill down capabilities to the
m
er
Device Details page, which includes a multitude of monitoring and management
tp
features for the selected device. From the Device Details page, you can
ou
synchronize, refresh, manage or unmanage, or delete a device.
ith
From this view, devices can be accessed remotely through Telnet, SSH, the
w
Device Panel, or Web Manager. You can also ping or traceroute to a device from
rt
the Device Details page that is accessed from all views.
pa
in
In addition, you can configure devices. Configuration options include modifying a
or
device label, system group attributes, SSH and Telnet settings, polling intervals,
le
ping and Web Manager parameters. You can add or cancel performance
ho
w
monitoring for a selected device.

in
From IMC, you can also manage devices including resetting or rebooting a device
n
tio
remotely, saving device configuration, or system information. You can configure

c
address binding, view hardware, OSPF, and IPv6 information and view and
du
configure Power over Ethernet configuration on switches.

ro
ep
In addition, you can view protocol information for routers and switches, view and
R
modify VLAN, RMON, and Spanning tree information on switches and IGMP
.
ly
Snooping configuration on wireless devices.

on
You can also view and manage interfaces on devices from IMC. Interface
s
er
management options including

d
ol
Managing and unmanaging interfaces

eh

ak
Synchronizing
St
Configuring management status and speed

&L
C
Loopback testing and adding ports to and removing ports from VLANs
P
H
IMC also offers you the ability to manage multiple devices from views and in batch
mode. From views, you can add, remove, delete, manage, unmanage,
synchronize, and refresh devices. You can configure SNMP, SSH, and Telnet
settings as well as check these settings on multiple devices.
You can also configure polling intervals, save configurations, reboot devices,
backup configurations, and deploy software for multiple devices.
6 24 Rev. 14.41
Using batch mode, you can configure SNMP, Telnet, and SSH settings, polling
intervals and modify login types. You can also check settings in batch mode for
SNMP, Telnet, and SSH. You can save device configurations, reboot devices,
check and configure management status on interfaces, implement PoE, configure
trap destinations, Spanning Tree on switches and interfaces and configure LACP
on switches.
You can also track the usage of and allocate IP addresses in IMC, bind IP
addresses to MAC address, and bind MAC addresses to interfaces. You can
d.
te
search IMC in real time and historically for locations of IP addresses to pinpoint the
bi
location of a user/device. You can track network assets, and perform and configure
i
oh
asset auditing.
pr
The most basic network resource management task is to add a device. IMC offers
is
you several methods for adding devices in IMC:
on
si
Add devices manually.
is
m
One or more devices can be added through auto discovery.
er

tp
Devices can be added by importing the device data directly into IMC.
ou
ith
When you add a device, either manually, by import, or through auto discovery, IMC
w
by default sets their status as managed. Managed devices consume node licenses
rt
in IMC and a warning dialog box appears. For a current license count, click the
About link in the upper right corner of IMC. pa
in
or
le
Auto-discovery: basic
ho
w
in
n
c tio
du
ro
ep
R .
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
Figure 6-8. Adding devices through basic auto discovery.

H
Auto discovering in IMC allows you to search the network and add all found
devices to IMC using two methods: basic and advanced. With the basic auto
discovery method, you provide a start and end IP address that directs the
discovery process. In addition, you provide SNMP and Telnet settings that support
the addition of devices for these protocols. You have the option to run basic and
advanced discoveries immediately or at a scheduled date and time. You can save
simple auto discoveries as plans and manage the plans in a plan list, including
viewing plan details and auto discovery results and modifying or deleting plans.
Rev. 14.41 6 25
The device to be added must be configured to support the access or login type
selected here. HP recommends configuring default monitor indexes before
performing an auto discovery. Monitor indexes gather the metrics that IMC uses to
measure performance of managed devices. Monitor indexes are also used to
generate alarms when they exceed configured thresholds. By configuring the
default monitor indexes first, IMC applies them to devices found in the discovery
process.
To add devices to IMC using the basic auto discovery method:
d.
te
1. Navigate to Resource > Auto Discovery:
bi
i
oh
a. Click the Resource tab from the tabular navigation system on the top.
pr
is
on
c. Click Auto Discovery under Resource Management from the navigation
si
system on the left.
is
m
2. Confirm that you are in Basic mode. The main section of the page title should
er
tp
read Auto Discovery (Basic).
ou
3. If the dialog box does not have this title and your breadcrumb trail is Resource
ith
> Auto Discovery (Advanced), then click the Go to Basic icon to navigate to
w
the Auto Discovery (Basic) page. Go to Basic can be found in the far right
rt
pa
corner of the Auto Discovery page. in
4. Enter the first IP address of the IP address range you want to search devices
or
for in the Start IP field.

le
ho
5. Enter the last IP address of the IP address range you want to search devices
w
for in the End IP field.

in
6. Click Add to add the IP address range.

n
tio
7. Import IP address ranges:

c
du
a. Click Import. The Import Network Segment Address window appears.

ro
ep
b. Click Browse to browse your local directories for the file. Text files no
R
greater than 5M are supported. Separate the start and end IP addresses
.
ly
with hyphens "-", for example, 192.168.1.1-192.168.1.20 and enter each

on
IP address range in a separate line.

s
er
c. Click OK. The imported IP address segments are displayed in the

d
ol
Network Segment field.

eh
ak
8. If you want to receive SNMP traps from the discovered devices that support
St
SNMP trap generation, verify that the checkbox to the left of Automatically
&L
register to receive SNMP traps from supported devices is checked.

C
Important
P
!
H
If the Automatically register to receive SNMP traps from supported devices

checkbox is not checked, IMC does not process, display, or alarm on traps
sent by the discovered devices.
9. Enter the SNMP v1 read community string in the SNMP Read Community
string field.
6 26 Rev. 14.41
10. Enter the SNMP v1 write community string in the SNMP Write Community
string field. The SNMP read and write community string configuration you
enter here must match the SNMP configuration settings on the devices to be
discovered and managed. Refer to each vendors manual for information on
setting the SNMP configuration parameters for each device type. In the basic
auto discovery mode, only SNMP v1 is supported.
11. Select the Telnet authentication mode that corresponds with the Telnet
authentication mode configured on the managed devices from the Telnet
d.
te
Authentication Mode list.
ibi
12. Do the following:
oh
pr
a. Telnet UsernameEnter the username configured on managed devices
is
in the Telnet Username field, if prompted.
on
b. Telnet PasswordEnter the password configured on the managed
si
is
devices in the Telnet Password field, if prompted.
m
er
c. Telnet Super PasswordEnter the super password configured on the
tp
managed devices for the Telnet Super Password, if prompted.
ou
ith
13. If you want IMC to perform scheduled auto discoveries, select the frequency
w
with which you want IMC to perform scheduled auto discoveries from the
rt
Schedule list. Options include Never, Hour, Day, Week, and Month.
pa
14. Select Never if you want IMC to perform the auto discovery immediately rather
in
than on a scheduled basis. IMC runs the auto discovery when you have
or
completed the configuration and clicked Auto Discovery.

le
ho
15. If you choose to schedule an auto discovery for hour, you only need to enter
w
the discover time.

in
n
16. If you choose to schedule an auto discovery for day, week, or month, enter the
tio
start date you want to begin the scheduled auto discovery in the Start Date
c
du
field. You can also click the Start Date field to select and auto-populate the
ro
field.
ep
R
17. Select the hour and minute from the lists located to the right of the Discover
.
ly
Time field.
on
18. The Save as Plan button is available if you select Hour, Day, Week, or Month
s
er
from the Schedullist. Click this button to save an auto discovery as a plan and
d
perform the scheduled auto discovery:

ol
eh
a. Click Save as Plan. The Save as Plan window appears.

ak
St
b. Enter the name of the plan.

&L
c. Click OK.
C
P
Then IMC runs the auto discovery at the specified period and adds the
H
discovered device to IMC. You can configure multiple scheduled auto

discoveries. To manage the scheduled auto discoveries, click the Plan List link
on the right of the auto discovery main pane.
19. Click Save Only if you want IMC to save the auto discovery configuration and
perform the auto discovery according to the schedule you have defined.
You can review summary results for all discoveries, including scheduled
discoveries in the Discovery Report that is found under Resource Statistics
Report.
Rev. 14.41 6 27
20. Click Auto Discovery if you want to begin the auto discovery immediately.
If you clicked Auto Discovery, the Auto Discovery Running window is displayed
along with details of the auto discovery process. While the auto discovery is
running, IMC displays a rotating icon . Click the Stop ( ) icon ONLY if you
want to cancel the auto discovery process. Once IMC has completed the auto
discovery, IMC displays a status and summary of the auto discovery process at the
top of the Auto Discovery Running window.
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 28 Rev. 14.41
Auto-discovery: advanced
d.
te
ibi
oh
pr
is
on
si
is
m
Figure 6-9. Auto-discovery: advanced.
er
tp
Advanced auto discovery allows you to discovery networking devices using the
ou
following methods:
ith
w
Routing-based
rt
ARP-based
pa
in
IPSec VPN-based
or
le
Network segment-based
ho
PPP-based
w

in
With advanced auto discoveries, you can search the network using routing tables.
n
tio
With this option, you configure hop counts to determine how far IMC searches the
c
infrastructure for new devices. In routing based discoveries, you also provide a
du
Seed IP to direct the starting point for the auto discovery.

ro
ep
Another option for auto discovery of network devices is an ARP-based auto

R
discovery. ARP-based auto discoveries search ARP tables to discover new

.
ly
devices. As with routing based discoveries, you also configure hop counts to
on
determine how far IMC searches the infrastructure for new devices. In ARP-based
s
discoveries, you also provide a Seed IP to direct the starting point for the auto
er
d
discovery.
ol
eh
A third option is the IPsec VPN-based auto discovery method. With this option,
ak
IMC queries IPsec devices for new devices, again using hop counts to limit how far
St
IMC searches the infrastructure. Seed IP addresses are also required for this
&L
method.
C
You can use the network segment-based advanced method for auto discovering
P
H
new devices. With this method, you configure IMC with IP address segments,
which IMC then searches for new devices. With this method, hop count and Seed
IP addresses are not required.
Rev. 14.41 6 29
You can use the network segment-based advanced method for auto discovering
new devices. With this method, you configure IMC with IP address segments,
which IMC then searches for new devices. With this method, hop count and Seed
IP addresses are not required.
You can use the PPP-based advanced method for auto discovering new devices.
With this method, hop count and Seed IP addresses are not required.
This course only covers the configuration of advanced auto discovery using the
d.
te
network segment-based approach. With this method, you configure IMC with one
bi
or more IP address segments, which IMC then searches for new devices. With this
i
oh
method, hop count and Seed IP addresses are not required.
pr
HP recommends configuring default monitor indexes before performing an auto
is
discovery. Monitor indexes gather the metrics that IMC uses to measure
on
performance of managed devices. Monitor indexes are also used to generate
si
is
alarms when they exceed configured thresholds. By configuring the default monitor
m
indexes first, IMC applies them to devices found in the discovery process.
er
tp
To add devices to IMC using Advanced Auto Discovery method:
ou
Navigate to Resource > Auto Discovery:
ith
1.
w
rt
b. pa
in
c. Click Auto Discovery under Resource Management from the navigation
or
system on the left.

le
ho
2. Confirm that you are in advanced mode. The dialog box title should be Select
w
Auto Discovery Mode and the breadcrumb trail should be Resource > Auto
in
Discovery (Advanced). If not, then click the Go to Advanced icon located to

n
tio
the far right of the Auto Discovery page (see Figure 6-9)
c
du
3. Select the auto discovery mode, Network Segment-Based discovery mode.

ro
Click Next.
ep
4.
R
5. Enter the first IP address of the IP address range you want to search for new
.
ly
devices in this auto discovery in the Start IP field (see Figure 6-10).
on
s
6. Enter the last IP address of the IP address range you want to search for new
er
devices in this auto discovery in the End IP field.

d
ol
Click Add to add the IP address range to the Configured Segment Address
eh
7.
ak
list. You can add more than one IP Segment to the list by repeating Steps 3-4
St
for each segment you want to add.

&L
C
P
H
6 30 Rev. 14.41
d.
te
ibi
oh
pr
is
on
si
is
m
er
Figure 6-10. Auto-discovery: advanced (cont).
tp
ou
ith
Editing SNMP settings manually
w
rt
pa
1. To edit the SNMP parameters, verify that the radio button to the left of Edit
SNMP Parameters is selected.
in
or
le
ho
a. Parameter TypeSelect the version of SNMP (v1 or v2c) that is

w
configured on the device to be added from the Parameter Type list. You
in
can only add devices that are configured with SNMPv3 using SNMP
n
templates. You must create an SNMP template with the SNMPv3

tio
c
parameters for this device before adding this device.

du
ro
b. Read-Only Community StringEnter the read-only community string for

ep
this device in the Read-Only Community String field. This value must
R
match the read only community string that is configured on the device to
.
ly
be added.
on
c. Read-Write Community StringEnter the read-write community string for

s
er
this device in the Read-Write Community String field. This value must
d
match the read only community string that is configured on the device to
ol
eh
be added.
ak
d. TimeoutEnter the SNMP timeout value (160 seconds) in the Timeout

St
field. This parameter determines how long IMC waits for an SNMP reply
&L
from the managed device before declaring that the request has timed out.
C
The default is 4.
P
H
e. RetriesEnter the number of SNMP retries (120) in the Retries field.

The retries parameter defines how many times the management system
(IMC) sends SNMP retries in an attempt to communicate with the
managed device before reporting a failure. The default is 3.
Rev. 14.41 6 31
Using existing SNMP template

1. To configure the SNMP settings for this device using an SNMP template, click
the radio button to the left of Select an Existing Template.
2. Click the radio button to the left of the SNMP template you want to use.
3. Click OK.
4. To configure the SNMP settings, click the Configure icon located at the Telnet
d.
Parameters section. The SNMP Parameters dialog box appears.
te
bi
5. 5. Do one of the following:
i
oh

pr
Enter the SNMP settings in this dialog box.
is
Create a SNMP template that contains the Telnet settings for this device.
on
si
is
m
Editing Telnet setting manually
er
tp
1. To edit the Telnet parameters manually, verify that the radio button to the left
ou
of Edit Telnet Parameters is selected.
ith
w
rt
a.
pa
Authentication ModeSelect the mode that corresponds with the Telnet
in
authentication mode configured on the managed devices from the
or
Authentication Mode list.

le
b. UsernameEnter the username configured on managed devices in the

ho
Username field, if prompted.

w
in
c. PasswordEnter the password configured on the managed devices in

n
tio
the Password field, if prompted.

c
du
d. Super Password: Enter the super password configured on the managed

ro
devices for the Super Password, if prompted.

ep
e. TimeoutEnter the Telnet timeout value configured on the managed

R
device in the Timeout field. Valid range is 160 seconds.

.
ly
on
s
Using existing Telnet template

er
d
ol
eh
1. To configure the Telnet settings for this device using Telnet templates, click the
ak
radio button to the left of Select an Existing Template.

St
2. Click the radio button to the left of the Telnet template you want to use.
&L
3. Click OK.
C
P
4. To configure the Telnet settings, click the Configure icon located at the Telnet
H
Parameters section.
5. The Telnet Parameters dialog box appears.
Enter the Telnet settings in this dialog box.
Create a Telnet template that contains the Telnet settings for this device.
6 32 Rev. 14.41
Editing SSH settings manually

1. To edit the SSH parameters, verify that the radio button to the left of Edit SSH
Parameters is selected.
a. Authentication Mode: Select the authentication mode that corresponds
d.
with the SSH configuration mode on the managed devices from the list.
te
bi
b. User NameEnter the username that is configured on managed devices.
i
oh
pr
c. PasswordIf prompted, enter the password that is configured on the
is
managed devices.
on
d. Private Key FileEnter the path and filename of the private key file that
si
is
contains the key that enables login, if prompted.
m
er
e. Private Key PasswordEnter the private key password for the private
tp
key file, if prompted.
ou
f. Super PasswordEnter the super password that is configured on the
ith
managed devices.
w
rt
g. PortEnter the TCP port for SSH configured on managed devices. The
default TCP port is 22. pa
in
or
h. TimeoutEnter the SSH timeout value (1120 seconds). The timeout

le
parameter defines how long the system waits for the device to respond in
ho
seconds before declaring that the response has timed out. The default
w
setting is 10 seconds.
in
n
i. RetriesEnter the number of SSH retries (15). The retries parameter

tio
defines how many times the management system (IMC) sends SSH
c
du
retries in an attempt to communicate with the managed device before

ro
reporting a failure. The default setting is 3.

ep
R
.
Using existing SSH template

ly
on
s
1. To configure the SSH settings for this device using SSH templates, click the
er
radio button to the left of Select an Existing Template.

d
ol
eh
2. Click the radio button to the left of the SSH template you want to use.
ak
3. Click OK to accept the SSH configuration.

St
&L
4. The filter settings offer you flexibility in determining which subnets and devices
to either include in or exclude from the auto discovery process.
C
P
5. Enter the IP address subnet range and the subnet mask you want to filter by
H
in the Subnet IP field. Masks can be entered using either CIDR or dotted
decimal notation. For example, a valid network/subnet mask entry using CIDR
notation would be 192.168.1.0/24 where /24 represents the bits allocated to
the network portion of the address and implying the remaining bits allocated to
the host portion. Alternatively, a valid network/subnet mask using dotted
decimal notation would be 192.168.1.0/255.255.255.0
Rev. 14.41 6 33

Click the radio button to the left of Yes if you want IMCs discovery to
include devices captured by the subnet list.
Click the radio button to the left of No if you want IMCs discovery to
exclude devices captured by the subnet list.
You can add more than one IP address/subnet range by clicking Add after entering
d.
the IP address range in the Subnet IP field.
te
bi
i
oh
The rest of the configuration on Figure 6-10 is basically the same as the basic auto
pr
discovery.
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 34 Rev. 14.41
Manually adding a device
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 6-10. manually adding a device.
w
rt
You can add devices manually, one at a time. IMC automatically manages a device
pa
once a device has been added to IMC, whether it has been manually or
in
automatically added. To add a device manually:
or
1. Navigate to Resources > Add Device:

le
ho
w

in
b.
n
Click Add Device under Resource Management from the navigation

tio
c.
c
system on the left.

du
ro
2. Enter the node name or IP address of the network device you want to add in
ep
the Host Name/IP address field. This field is required.

R
3. Enter the name that is displayed on the IMC platform in the Device Label field.
.
ly
on
4. Enter a valid IP subnet mask for the device to be added in the Mask field.
s
er
5. Select the device group to which you want to add this device from the Device
d
ol
Group list. If you do not want to add the device to a device group, leave this
eh
option blank. All devices that have not been added to a device group are
ak
displayed in the Ungrouped Devices List. You can add devices to groups from
St
the Ungrouped Devices List after they have been added to IMC. You must
&L
create device groups before you can add devices to them. Once you have
C
created the device groups, they appear in the Device Group list.
P
H
6. Select the access method for this device from the Login Type list. Options
include Telnet, SSH, and None. The device to be added must be configured to
support the access or login type selected here.
Rev. 14.41 6 35
7. If you want IMC to process traps sent by this device for alarming and
notification purposes, verify that the checkbox to the left of Automatically
register to receive SNMP traps from supported devices is checked .
Important
! If the Automatically register to receive SNMP traps from supported devices
d.
checkbox is not checked, IMC does not process, display, or alarm on traps
te
bi
sent by this device. If the Automatically register to receive SNMP traps from
i
oh
supported devices checkbox is checked, IMC automatically sets the IP
address of the IMC master server as the destination host on each newly added
pr
device to receive traps generated by the device.
is
on
si
is

m
If you select the checkbox next to Support Ping Operation, IMC will use
er
ping packets to probe devices. Devices that respond to IMC ping packets
tp
are added. The devices (for example, firewalls) that filter or do not
ou
respond to IMC ping packets are not added.
ith
w
If you clear the checkbox next to Support Ping Operation, IMC will use
rt
SNMP packets to probe devices and add devices (for example, firewalls)
that support SNMP. pa
in
or
9. If you want to add the device even if it does not respond to ping requests, click
le
the checkbox to the left of Add the device regardless of the ping result.
ho
10. If you want IMC to use the Loopback address for the management of the
w
in
discovered device, check the box to the left of Use the loopback address as
n
the management IP.

tio
11. To view and configure SNMP settings for this device, click the SNMP Settings
c
du
link. Click the Configure URL to change the SNMP settings.

ro
ep
12. To view and configure Telnet settings for this device, click the Telnet Settings
R
link. Click the Configure URL to change the Telnet settings.

.
ly
13. To view and configure SSH settings for this device, click the SSH Settings
on
link. Click the Configure URL to change the SSH settings.

s
er
14. Click the OK button at the bottom.

d
ol
eh
ak
St
&L
C
P
H
6 36 Rev. 14.41
IMC support for third-party devices

The IMC network management platform supports extending device management
and configuration functions through dynamic language scripts. You can either
extend an existing function to support third-party devices by compiling interactive
scripts and XML files, or customize a function by compiling interactive scripts, XML
files, and UI configuration files.
In either way, you can define vendor, drive, service, and action scripts through
d.
te
XML files, define device interaction through standard TCL\Expect scripts, and
bi
parse or process returned information through standard Perl scripts. Before
i
oh
customizing a function, you must compile UI configuration files so that IMC can
pr
automatically add the operation entrance and display pages as required.
is
The function extension feature makes investment in IMC rewarding in a long term,
on
and provides powerful regular expression processing capability by using the
si
is
Expect and Perl language scripts. You can extend IMC components to support
m
third-party device management by customizing scripts. For example, by default,
er
tp
the IMC Configuration Center component supports configuration file management
ou
and software upgrade for devices of HP, Cisco, and many other vendors.
ith
You can enable the component to support configuration file backup and
w
deployment and software upgrade for other third-party devices by customizing the
rt
pa
script. By default, IMC VLAN Manager supports VLAN management for devices of
HP, Cisco, and many other vendors. You can also enable the component to
in
support VLAN management for other third-party devices by customizing the script.
or
le
Follow these steps to customize a third-party device process:

ho
w
Create a vendor folder

in
Create a drive index file and a drive folder

n
tio
Create a drive definition file

c

du
Create various service and action definition files

ro

ep
Create TCL and Perl scripts

R.
The content under the directory IMC\server\conf\adapters\ICC can be used as a

ly
on
reference. For more information on this configuration support for third-party

s
devices and scripting, please see the IMC Administrator Guide.

er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 37
Verification of adding a device
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 6-11. Verification of adding a device via auto discovery.
w
rt
If you clicked Auto Discovery, the Auto Discovery Running window is displayed
pa
along with details of the auto discovery process. While the auto discovery is
in
or
running, IMC displays a rotating icon . Click the Stop ( ) icon ONLY if you
le
want to cancel the auto discovery process. Once IMC has completed the auto
ho
discovery, IMC displays a status and summary of the auto discovery process at the
w
top of the Auto Discovery Running window.

in
n
You can return to the auto discovery page and view the results from the last time it
tio
was run by clicking the Latest Result icon ( ) in the upper right-hand corner of
c
du
the page.
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 38 Rev. 14.41
Other tasks for adding new devices

Classification of devices
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 6-12. Classification of devices: Device Groups.
ou
ith
Group Management enables you to more simply and effectively organize and
w
secure access and management rights over network resources managed by IMC.
rt
It also enables you to grant or restrict access to and management of network
pa
resources more easily by assigning operators rights by device, user, or service
in
groups. A device can belong to one or more device groups. Note also that more
or
than one operator can manage one or more groups.

le
ho
Device groups allow you to organize network devices by logical groups that you
w
define. Groups can consist of devices of the same type, in the same location, or
in
devices to be managed by the same operator or team within the organization.

n
tio
Device groups are one of the three features that IMC offers you for granting or
c
restricting access to network resources managed by IMC. Create custom device

du
groups and then add devices to the groups. Then assign operators rights to the
ro
ep
device groups. This gives operators access and rights to manage only the devices
R
in the groups to which they have been granted management access.

.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 39
Creating device groups
d.
te
ibi
oh
pr
Figure 6-13. Device groups.
is
on
To view the list of all device groups in IMC, navigate to System > Device Group:
si
is
m
er
2. Click Group Management on the navigation tree on the left.
tp
Click the Device Group icon under Group Management from the navigation
ou
3.
ith
system on the left.
w
IMC displays all device groups in the Device Group List displayed in the main pane
rt
pa
of the System > Device Group window. (see Figure 6-13).
in
There are no pre-defined device groups besides the generic classifications
or
like routers, switches, servers, desktops, etcetera.

le
ho
To view all devices in IMC click the All Devices link located in the far right
w

corner of the Device Group List window.
in
n
To view all devices in IMC that are not in a device group, click the Ungrouped
tio
Devices link
du
.
ro
To add a device group from the System > Device Group window.
ep
R
1. Click Add. (see Figure 6-14).

.
ly
on
2. Enter the name for this device group in the Group Name field.
s
3. Select an option from the Automatically Add New Devices list. The options
er
d
include None, All, and From Network Segment. If you select None, newly
ol
added devices are not automatically added to the device group; if you select
eh
All, newly added devices are automatically added to the device group; if you
ak
select From Network Segment, newly added devices whose IP address fall
St
into the specified address range are automatically added to the device group.
&L
If you select From Network Segment, go to Step 4; if you select None or All,
C
go to Step 7.
P
H
4. Enter the first IP address of the IP address range in the Start IP field.
5. Enter the last IP address of the IP address range in the End IP field.
6. Click Add to add the IP address range to the Network Segment list.
7. Select an IP address range on the Network Segment list, and click Delete to
delete the IP address range.
6 40 Rev. 14.41
8. Enter a description for this device group in the Description field.

9. To grant rights to this device group, click the checkbox next to the operators
login name in the Operator list.
10. Click OK. Only administrators or operators who are members of a group with
the ADMIN privilege level can configure a device group.
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 6-14. Adding a device group.
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 41
Placing a device in a group
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
Figure 6-15. Placing a device in a group.
ith
w
To add devices to a device group:
rt
Navigate to System > Device Group:
pa
1. in
or
Click Group Management on the navigation tree on the left.

le
b.
ho
c. Click the Device Group icon under Group Management from the
w
navigation system on the left. IMC displays all device groups in the
in
Device Group List displayed in the main pane of the System > Device
n
tio
Group window.
c
du
2. Click the Device List icon ( ) displayed in the Device List column
ro
ep
associated with the device group you want to add devices to. The Device List
R
window appears.
.
ly
3. Click Add.
on
s
4. Select the devices you want to add to the device group. You can add devices
er
by using either the View or Advanced query option.

d
ol
eh
ak
St
&L
C
P
H
6 42 Rev. 14.41
Basic new device verification

Home screen
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Figure 6-16. Home screen.
rt
pa
When you access the home screen of IMC, the upper left-hand corner summarizes
in
the devices in your network based on device type, like routers, switches, servers
or
etcetera. To the right of this you can directly access the topology views. The
le
Network topology is introduced later in this section, and other topologies are
ho
discussed in the next module.

w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 43
Device view
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
Figure 6-17. Device view.
w
rt
pa
IMC offers you a variety of options for viewing network resources and for drilling
down into the features used to manage them. IMC provides you with a graphical
in
representation of the physical network in the Topology view. Table views of the
or
network are provided in the Device View, IP View and Custom View. Each of these
le
ho
three view types offer you a real time snapshot of the status of devices in the
w
network infrastructure. Also, all views offer drilldown capabilities to devices within
in
the groups and ultimately to the device details for an individual device. The Device
n
Details page provides you with access to IMCs network device management
tio
features.
c
du
In the Device View, IP View, and Custom View, you can add interested
ro
ep
performance indexes to the device list and sort them in ascending order. In
R
addition, you can add the Interface List and Device List in Port Group and Custom
.
ly
View to the home page of IMC.

on
This view, like all IMC views, offers you a real time snapshot of the status of
s
er
devices in the network infrastructure through color-coded icons that match the
d
highest severity or alarm level for devices in the view. Also, all views offer you
ol
eh
high-level groupings of devices with drilldown capabilities to devices within the

ak
groups and ultimately to the device details for an individual device.

St
From the Device Details page, you can access IMC powerful management
&L
features that enable quick and easy access to network resources as well as the
C
ability to manage them. You can add interested performance indexes to the device
P
H
list in the Device View and sort them in ascending order.
Note
The Device Details screen will be discussed in much more depth in the View
Management module (Module 7).
6 44 Rev. 14.41
Accessing the Device View

To access the Device View:
1. Navigate to Resource > Device View:
b. Click View Management on the navigation tree on the left.
c. Click Device View under View Management from the navigation system
d.
te
on the left.
ibi
oh
By default, devices in all states are displayed. Click View in the upper part
pr
of the list, select View Device Status from the menu that appears, and
is
select a state from the upper part of the page to display all devices in this
on
state. Device states include:
si

is
ALL
er
Critical
tp
Major
ou
ith
Minor
rt
Warning
Normal pa
in
or
Unknown
le

ho
Unmanaged
w
Each state is displayed as a different color.

in
n
Click View in the upper part of the list, and select Include Desktops or
tio
Exclude Desktops from the menu that appears to display or exclude the
c
du
desktops on the device list At the same time, the device list title changes
ro
when the device state changes and displayed as Device List <Status>
ep
<Include/Exclude Desktops>
R
.
2. Move the pointer over the icon on the navigation tree on the left. Device type
ly
on
icons are displayed in the popup menu. By default, the following device types
are displayed:
s
er
d
ol
Click Routers under Devices View from the navigation tree on the left
eh
for a summary view of all routers.

ak
St
Click Switches under Devices View from the navigation tree on the
&L
left for a summary view of all switches.

C
P
H
Click Servers under Devices View from the navigation tree on the left
for a summary view of all servers.
Click Security under Devices View from the navigation tree on the
left for a summary view of all security devices.
Click Desktops under Devices View from the navigation tree on the
left for a summary view of all desktop devices.
Rev. 14.41 6 45
Click Others under Devices View from the navigation tree on the left
for a summary view of all devices that were not classified by the
categories listed above.
If a device of any other type exists, the floating menu displays the icon of
the corresponding device type. To enter the device list page for this type
of device, click the icon.
Each category of device in the Device View is followed by a number that
d.
is enclosed with square brackets []. This number represents the number
te
bi
of devices in that category.
i
oh
The status of a Device View depends on the status of the devices in it.
pr
The color of the group icon represents the highest severity or alarm
is
setting of all devices in the category.
on
si
The icon of a device view is grayed out if there is no device in the view.
is
m
er
tp
Device view management options
ou
ith
The right-hand window pane in Device View allows you to perform basic
w
management actions, like delete the device, telnet to the device, SSH to the
rt
device (go to System > System Configuration > System Settings to define the
pa
SSH client to use), view the MIB tree of the device, view the devices front panel,
in
and ping/traceroute the device.
or
le
At the bottom of the window you can see the performance information for the
ho
selected device, like the average CPU and memory utilization, the unreachability
w
information, and the average response time.

in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 46 Rev. 14.41
Network topology
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
Figure 6-18. Network topology overview.
ou
ith
Network Topology and Network Topology (Applet) provides you with a graphical
w
view of the health and status of network connectivity and devices, allowing you to
rt
pa
quickly and easily locate, monitor, modify, and manage network devices directly
in
from this graphical representation of the network.
or
In addition to the standard drilldown capabilities of all views, the Network Topology
le
(Applet) offers special navigation capabilities accessed through left and right
ho
mouse clicks, allowing you to monitor network devices and gain quick access to
w
in
the device management features of IMC, respectively.

n
tio
To access the network topology:

c
Click the Resource tab from the tabular navigation system on the top.
du
1.
ro
2. Click View Management on the navigation tree on the left.

ep
R
3. Click Network Topology (Applet) under View Management from the

.
ly

on
s
Note
er
The Network Topology screen will be discussed in much more depth in the
d
ol
View Management module (Module 7).

eh
ak
St
&L
C
P
H
Rev. 14.41 6 47
Network asset report
d.
te
bi
i
oh
pr
is
on
si
is
m
er
Figure 6-19. Network asset information.
tp
ou
Reports are access from the Reports tab. Access the Report Template List and
ith
choose Device Asset Report to see the actual asset information of your devices
w
(see Figure 6-20).
rt
pa
in
or
le
ho
w
in
n
c tio
du
Figure 6-20. Device asset report.

ro
ep
Note
R
The Reports tab will be discussed in much more depth in the Reports module
.
ly
(Module 15).
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 48 Rev. 14.41
Lab Activity 6: Lab Topology
d.
te
ibi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
During this lab your group will apply the concepts learned in this module.
rt
Completing the previous lab is necessary to perform this lab.
pa
in
or
Consult your Lab Activity Guide for instructions for performing this activity.
le
ho
w
in
n
ctio
du
ro
ep
R
.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 49
Lab Activity Preview: Adding Devices to IMC
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
Lab Activity 6 will focus on adding devices to IMC. Finishing Lab 5 is necessary to
rt
perform this lab. You will be configuring all three switches in this lab for
pa
SNMP/telnet access as well as adding the three switches, the SQL Server, and
in
IMC itself to its managed topology.
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 50 Rev. 14.41
Lab Activity 6 Debrief

Use the space below to record your key insights and challenges from Lab
Activity 6.
d.
Debrief for Lab Activity 6
te
bi
Challenges Key Insights
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
ctio
du
ro
ep
R.
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
Rev. 14.41 6 51
d.
te
bi
i
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
.R
ly
on
s
er
d
ol
eh
ak
St
&L
C
P
H
6 52 Rev. 14.41
d.
te
i bi
oh
pr
is
on
si
is
m
er
tp
ou
ith
w
rt
pa
in
or
le
ho
w
in
n
c tio
du
ro
ep
R.
ly
on
s
d er
ol
eh
ak
St
&L
C
P
H
To learn more about HP Networking, visit

www.hp.com/networking
2013 Hewlett-Packard Development Company, L.P. The information contained herein is
subject to change without notice. The only warranties for HP products and services are set
forth in the express warranty statements accompanying such products and services. Nothing
herein should be construed as constituting an additional warranty. HP shall not be liable for
technical or editorial errors or omissions contained herein.

SG1 English 00925084

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

SG1 English 00925084

Загружено:

Авторское право:

Доступные форматы

BitSpyder - The Culture of Knowledge

iMC Essentials for Network

Learner guide book 1 of 3

iMC Essentials for Network

Learner guide book 1 of 3

Copyright 2014 Hewlett-Packard Development Company, L.P.

iMC Essentials for Network Administrators

This course is an HP ExpertOne authorized course designed to prepare you for

HP ExpertOne provides training and certification for the most sought-after IT

HP ExpertOne gives you:

Visit hp.com/go/ExpertOne to learn more about HP certifications and find the

Extending HP IMC with RESTful eAPIs...............................................................2-5

Endpoint Admission Defense (EAD)..................................................................3-32

Supporting MDC on devices..............................................................................4-15

Deployment Monitoring Agent (DMA)..............................................................................5-9

Basic Cisco IOS switch configuration................................................................6-13

Rev. 14.41 Intro 1

iMC Essentials for Network Administrators

Figure Intro-1. Course agenda.

Figure Intro-2. Course agenda (cont.).

Intro 2 Rev. 14.41

Figure Intro-3. Course agenda (cont.).

Figure Intro-4. Course agenda (cont.).

Figure Intro-5. Course agenda (cont.).

Rev. 14.41 Intro 3

iMC Essentials for Network Administrators

The above 15 modules, excluding this introduction, provide an introduction to the

Intro 4 Rev. 14.41

Figure Intro-6. Prerequisites.

Rev. 14.41 Intro 5

iMC Essentials for Network Administrators

Intro 6 Rev. 14.41

Rev. 14.41 Intro 7

iMC Essentials for Network Administrators

Intro 8 Rev. 14.41

Designing Your Network Management

Identify the value in planning a NMA design

Describe the people and expectations to consider when designing an IMC

List 3 major drivers of an IMC design

Distinguish the 5 functions delivered by IMC as an FCAPS management

iMC Essentials for Network Administrators

Needs for integrated network management

Data Data Remote

Network Management Protocol (SNMP) and/or management data.

Decisions must be made on what is to be monitored and actively managed. The

key to designing a Network Management Architecture is focusing on the items that

operations. These pieces of information have to be defined by the organization.

Historically, problems with network management have included the following:

Too many network management tools that lacked integration

Lack of visibility of the network because of the disparage of networking

Disparate security management tools with no centralized coordination or

correlation of security events

Inconsistent application of policies because network management tools lacked

Based on these historical problems, a better approach to network management is

Designing Your Network Management Architecture

Network management design overview

future design to be better thought out.

iMC Essentials for Network Administrators

receive SNMP data or management information.

A good design incorporates these attributes:

A decision has to be made on what is to be watched? The key to design is

important in maintaining operations. These blocks of information have to be

defined by the organization.