telco operations operations support systems - c.ymcdn.comc.ymcdn.com/sites/ · what's new in...

© 2007 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice

What's new in Network Node Manager and Network Management Smart Plug-Ins

Telco Operations

Operations Support Systems

HP Software

Universe

June 18-22, 2007 | The Venetian | Las Vegas, Nevada


What's new in Network Node Manager and Network Management Smart Plug-Ins Fred F. ShadSoftware Technology Solutions Group

3 6 August 2007

About the presenter•

Software Technology Solutions Group

•

Support, design and implementation for management solutions

•

Working with network and telecom system management for 22 years. With Hewlett Packard since 16 years

•

Technical lead engineer for network management applications in the support and services organization

•

Fields of studies computer science and microelectronics

4 6 August 2007

Agenda•

What’s new in network node manager

•

Advanced routing SPI •

Event classifier correlator

•

MPLS/VPN SPI functionalities and OVPI report packs integration

•

LAN/WAN Edge functionalities and OVPI Report Packs integration

•

RAMS integration module and RAMS reporting •

SNMPv3 SPI and Secure Polling Agent

5 6 August 2007

What’s new in Network Node Manager•

NNM Advanced Edition (AE) & Starter Edition (SE)•

Run on HP-UX, Solaris, Windows and Linux Operating Systems •

Active Problem Analyzer (APA) major enhancements •

Handling overlapping IP address domains from a single management

station with full support for HSPR, VRRP and MPLS discovery and layout•

Adjacent device failures analysis and correlation•

Inclusion of problem diagnosis capabilities and smart path•

Many extended topology discovery and layout enhancement •

Multiple dynamic views enhancements (e.g. containers, topology filter, node view ET filtering, security (NIAP certification)

•

Event subsystem major enhancements (ECS/Composer/pmd and ovtrapd)

6 6 August 2007

NNM v7.5 AE key benefits for telecom consumers •

Root cause analysis & event correlation •

L2/L3 discovery and layout•

Overlapping address domain management (a.k.a. NAT management)

•

Device board/port aggregation and address level support with APA

•

Active Problem Analyzer (APA)•

VLAN, HSRP, VRRP, OSPF and IPv6 discovery and layout •

Integration with MPLS/VPN, LAN/WAN Edge, IPT (e.g. Avaya and Cisco), SNMPv3 and Secure Polling Smart plug ins.

•

Route Analytics Management System (RAMS) integration module •

OVPI integration module •

Cisco Classifier Event SPI

7 6 August 2007

Key benefits (cont.)•

Integrations, e.g.−OVO/U and OVO/W −HP Multicast SPI −Cisco Works −HP Dashboard −See Network Node Manager Release Notes

for more information

8 6 August 2007

High-level architecture of NNM advanced edition

pd

Managed Networks

ovtrapd

pmd/ecs

traps

syslog agent

SysLog MessagesHSRP,dupipL2,L3polling

L3 Discovery L2/,vlan,HSRPDiscovery

Dynamic Views UI Legacy ovw UI

Java Alarm Browser

NNM Databases

ovet_disco

Composer

ovet_pollnetmon

9 6 August 2007

NNM classic layer 2 view

Segment indicates same broadcast domain(logical view)

10 6 August 2007

NNM AE extended topology L2 view

Now we see the connections to the port level(physical view)

11 6 August 2007

VLANS in OAD

12 6 August 2007

HSRP groups in OAD

13 6 August 2007

Technical tools and materials •

http://partners.openview.hp.com (channel partners)

−

Search demos & evaluations:•

Evaluation kits, demos−

Search sales tool central, technical white papers•

Migration guides, performance & configuration guides−

Search sales tool central, technical sales guides•

Technical sales guides−

Search pricing & configuration, product support matrices:•

OV support matrix, ET device support matrix

•

http://openview.hp.com−

Search information library:•

Product manuals, whitepapers

http://partners.openview.hp.com/

http://openview.hp.com/

© 2007 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice ©

2007 Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice

15 6 August 2007

Network management solution Smart Plug In (SPI) for telecom consumers

•

Dramatically increase size of total managed environment

•

Reduce number of distributed system required to manage large environments

•

New product structure (Starter Edition and Advanced Edition) to support cost effective license, installation, support and maintenance (e.g., upgrading, version control)

Dramatically reduce TCO•Optimize use of existing management

resources and investments

16 6 August 2007

Network services management solutions

•

Network Smart Plug-ins provide unique out-of-the-box management for popular network infrastructure services. The Network Management Smart Plug-ins include discovery, monitoring, root-cause analysis, performance optimization and forecasting.−

Network Management Smart Plug-in for IP Telephony−

Network Management Smart Plug-in for MPLS VPN−

Network Management Smart Plug-in for LAN/WAN Edge−

Network Node Manager Smart Plug-in for Advanced Routing (HSRP, VRRP, OSPF, IPv6)

−

SNMPv3 and Secure Polling Agent −

Network Node Manager Integration Module with RAMS and OVPI (Report Pack)

Network services management•Out-of-the-box management for specific network protocols and services

through Network Management Smart Plug-ins (SPIs)


Network Node Manager v7.5 advanced routing SPI

©



18 6 August 2007

Advanced routing SPI overview •

Network Node Manager v7.5 Advanced Edition Extended Topology discovery subsystem discovers and layout L2 and L3 device connectivity information that you can use to diagnose network problems. The Advanced Routing SPI enhances Extended Topology offerings

by providing protocol based discovery for HSRP, VRRP, OSPF and IPv6

appliances in the Extended Topology managed domain.

•

The AR SPI Provides information about interconnections for HSRP,

VRRP, OSPF and IPv6

•

The AR SPI discovers and displays (in Dynamic Views User Interface) HSRP, VRRP, OSPF and IPv6 information from managed devices

•

The AR SPI monitor multiple network domains that contain Overlapping Addresses from the private internet address space Domains (OAD),

HSRP, VRRP and local OSPF and IPv6 domains

19 6 August 2007

Advanced routing SPI requirements•

Network Node Manager v7.5 Advanced Edition with Extended Topology Subsystem Enabled

•

For IPv6 discovery and layout the Network Node Manager v7.5 Advanced Edition with Extended Topology Subsystem Enabled must

be dual stacked

(IPv6 and IPv4)•

Support for Specific protocol based MIB is required (see MIB Support in the User Guides) to discover and monitor protocol based managed devices

20 6 August 2007

Advanced routing SPI requirements (cont.)•

SNMP Access for the managed devices •

For OSPF discovery (a.k.a. OSPF Basic) discovery and layout must be initiated manually or via automated code. OSPF discovery and layout is not part of the Extended Topology Discovery process (ovet_disco) and dos not use the Extended Topology Data Store (ETTopoDB).

•

The OSPF discovery requires manual configuration for the OSPF Areas

•

The OSPF database is a stand alone database base (flat files) and not part of the ETTopoDB or NNMTopoDB

•

If RAMS Integration Module is loaded the OSPF Basic discovery and layout functionality is automatically disabled.

21 6 August 2007

Advanced routing SPI requirements (cont.)•

IPv6 discovery requires manual configuration for the IPv6 appliances

•

IPv6 Routers must be duals stacked (IPv6 and IPv4) for accurate discovery and monitoring for IPv6 devices

•

Name Revolver should be properly configured •

Active Problem Analyzer (ovet_poll) must be running to monitor HSRP and VRRP network appliances

•

Verify Operating System support, patching and release requirements in the product release notes.

22 6 August 2007

Enabling the AR SPIs•

The Advanced Routing SPI code is part of the Network Node Manager v7.5 media

and is

installed during Network Node Manager v7.5 installation. It is important to notice that event the Advanced Routing SPI code is installed it is not

activated

•

Users must activate AR SPI code during the Extended Topology Subsystem setup (controlled by the setupExtTopo.ovpl script)

23 6 August 2007

Enabling the AR SPIs (cont.)•

During Network Node Manager Advanced Edition setup the user is informed that “..you should have a valid Advanced Routing license..”

If the user has

an LTU for the AR SPI s/he can select yes and the AR SPI functionality will be automatically enabled.

•

In case the user wants to disable the AR SPI functionality, re-run setupExtTopo.ovpl and select No to the “..you should have a valid Advanced Routing license..”

statement.

•

The same procedure applies to protocol bases discovery HSRP, VRRP IPv6 but not OSPF


Event Classifier Correlator Smart Plug In

©



25 6 August 2007

NNM Event Classifier Correlator (ECC), version (Advanced or Starter Editions overview)•

The Event Classifier Correlator is a value-add (FREE)

software component to HP OpenView Network Node Manager.

•

The Event Classifier Correlator works with both NNM Advanced Edition and NNM Starter Edition.

•

The Event Classifier Correlator correlates traps from devices into higher-

level NNM alarms, greatly reducing the number of alarms an operator must consider in the NNM alarm browser.

•

Event Classifier Correlator correlates traps from Cisco devices only.•

The Event Classifier Correlator classifies traps into one of the

pre-

defined categories of the NNM alarm browser, which enables users

to find the important traps more quickly.

26 6 August 2007

ECC overview (cont.)•

For Cisco traps, there are eight pre-defined categories, which are based on the exception groups defined in Cisco Device Fault Manager (DFM)

•

When an identical classifier alarm is generated, NNM and the Event Classifier Correlator use de-duplication to nest the duplicate alarm

•

beneath the most recent alarm. By reducing the quantity of alarms displayed in the alarm browser, you can easily identify the most important alarms

•

For this release, NO Cisco traps are configured for the OV Backplane Utilization Exception Event or OV Resource Exception Event categories.

27 6 August 2007

Event classifications•

Traps are classified and correlated into one of eight event classifications or categories. These pre-defined categories correspond to the exception groups in Cisco Device Fault Manager (DFM). The

following list contains the types of alarms that can be generated and forwarded to the NNM alarm browser.−

OV Backplane Utilization Exception Event (OID .1.3.6.1.4.1.11.2.17.1.60001001)

−

OV Error Exception Event (OID .1.3.6.1.4.1.11.2.17.1.60001002)−

OV Operational Exception Event (OID .1.3.6.1.4.1.11.2.17.1.60001003)−

OV Performance Exception Event (OID .1.3.6.1.4.1.11.2.17.1.60001004)

−

OV Power Supply Exception Event (OID .1.3.6.1.4.1.11.2.17.1.60001005)

−

OV Resource Exception Event (OID .1.3.6.1.4.1.11.2.17.1.60001006)−

OV Temperature Exception Event (OID .1.3.6.1.4.1.11.2.17.1.60001007)

−

OV Unclassified Event (OID .1.3.6.1.4.1.11.2.17.1.60001008)

28 6 August 2007

ECC SPI requirements•

Network Node Manager v7.5 Advanced Edition with Extended Topology Subsystem Enabled or …

•

Network Node Manager v7.5 Starter Edition

•

SNMP Access to the Cisco managed devices highly recommended (not a must)

•

Name Revolver is highly recommended (not a must) •

Reporting and Network Solution (RNS) Media for NNM v7.50 and lower

•

Network Solution Media (June 2006) or greater for NNM v7.51 and higher

•

Proper Cisco traps configuration


MPLS/VPN Management Solution for Network Node Manager v7.5 Advanced Edition

©



30 6 August 2007

MPLS and VPN together•

Technologies are distinct and complimentary−

MPLS is usually installed to support IP VPNs

•

Virtual private network −

Allocated internal router interfaces that separates customer traffic and maintains security.

−

Makes it possible to manage multiple customers securely over a shared core network

•

Multiple protocol label switching−

Allows reliable, secure transport of legacy payloads with minimum packet handling in core network.

−

Label Switching Routers (LSRs) determine optimum local routes and manage forwarding using Layer 2 protocol techniques.

31 6 August 2007

Customer A

Site 3

Customer A

Site 1

CE-A1

Customer B

Site 1

Customer A Site 2

CE-A2

Customer B

Site 2

PE-3

VPN network

PE-1 Customer A VPNs

PE-2

PE-4

CE-A3

CE-B2

CE-B1

32 6 August 2007

PE-1

PE-2

PE-4

MPLS view

PE-3

P-1

P-2

P-4

P-5

P-3if-2

if-1 if-3

LSP

33 6 August 2007

MPLS VPN SPI for NNM AE overview•

Integrates with NNM Advanced Edition 7.5

•

Discovers VPN network configurations and relationships

•

Adds two new categories to the NNM alarms browser:−MPLS VPN for status and connectivity alarms−MPLS VPN Performance for threshold breaches

(optional)

•

Monitors the MPLS VPN PE routers within the service provider network

34 6 August 2007

MPLS VPN SPI for NNM AE overview (cont.)•

Monitors the CE routers that connect to the PE routers•

Enriches events to show the effect on one or more VPNs −

Node Down, IF Down, Address Down, Connection Down

•

Clears the enriched event event using pair-wise correlation•

Provides automated reach-ability testing configuration for Cisco SAA ICMP echo request test and reports status in the VPN Views

•

Displays MPLS VPN views in the Dynamic Views User Interface

35 6 August 2007

MPLS VPN OVPI ReportPack overview•

Focuses on MPLS-enabled networks that support large-scale site-to-site VPNs.

•

The fundamental reporting component is the device-level logical interface. −

The interface can be MPLS-enabled, or it can be configured as one of many VPN endpoints, known as VRFs.

•

The package contains 27 reports in the following folders:−

Admin (3)−

Devices (3)−

Interfaces (11)−

VPNs (6)−

VRFs (4)

36 6 August 2007

MPLS VPN ReportPack Features•

Reporting solution that monitors, reports, and alarms on MPLS-based networks delivering VPN services

•

Understands VPN/VRF configurations & relationships −

Via OVPI auto-discovery or synchronization with NNM•

Identify VPN endpoints on the network that are generating errors

•

Identify VRFs that are not (or only partially) functioning•

Understand VRF associated interface relationships•

Rank VPNs based on historical utilization•

Group VPN-interfaces into logical VPN entities for SLR•

Apply service-level metrics to VPNs and VRFs•

Generate exception traps when thresholds are breached•

Understand label usage and lookup failure

37 6 August 2007

NNM

MPLS SPI w/SAA test

MPLS SPI w/SAA test

OVPI

MPLS, CAR, SAA, IR, DR

MPLS, CAR, SAA, IR, DR

MPLS Network

VPN Discovery

SAA traps

Report Cross-Launch

Enriched VPN events

Polling

Polling

OVPIThresholdForwarding

Overview of solution operation

38 6 August 2007

MPLS VPN SPI –

What does it do?•

Discovers the MPLS VPN network layout•

Maintains status information about these elements:−

Edge nodes−

Edge node interfaces−

Connectivity within the MPLS VPN cloud

•

When status is down, helps answer the questions:−

Who is impacted?−

What is the impact on the customer’s service availability?−

What is the priority of this failure?−

Are customers experiencing a service impact?

•

Identifies the VPNs and VRFs that are impacted

39 6 August 2007

MPLS VPN viewsMPLS VPN inventory

(home base)

MPLS VPN router inventory VPN Details –

Table view

VPN Details –

Graph view

VRF Details view

PE Details view

40 6 August 2007

MPLS VPN views from the DV UI

41 6 August 2007

MPLS VPN Views: Router inventory

42 6 August 2007

MPLS VPN views: VPN details view

43 6 August 2007

MPLS VPN views: PE details view

44 6 August 2007

MPLS VPN views: VRF details view


MPLS VPN Solution OVPI Report Pack

©



46 6 August 2007

MPLS VPN and OVPI ReportPack•

ReportPack first released in January 2003

•

Cross-product integration efforts continue with enhancements to the MPLS VPN SPI OVPI Integration.−Topology discovery−Automated SAA test configuration

47 6 August 2007

MPLS VPN and OVPI ReportPack (cont.)•

Two distinct technologies: MPLS and VPN•

MPLS is often installed to support VPNs•

Customers are confused between MPLS, VPNs, QoS, Service Assurance

•

We are selling a composite “solution,”

one part of which is PI MPLS VPN reporting.

Other parts include:−

SAA reporting−

QoS reporting (CAR and IPStat) and in the future CB-QoS−

NNM –

for network management−

ECS –

for advanced event correlation

48 6 August 2007

MPLS VPN ReportPack— customer added value

•

Customer value− Identify VPN endpoints on the network that are

generating errors− Identify VRFs that are not (or only partially) functioning−Understand VRF associated interface relationships−Rank VPNs based on historical utilization−Group VPN-interfaces into logical VPN entities for SLR−Apply service-level metrics to VPNs and VRFs−Generate exception traps when thresholds are breached−Auto-discover VPN/VRF configurations & relationships−Understand label usage and lookup failure

49 6 August 2007

MPLS VPN OVPI reports•

Requires MPLS VPN MIB −

Available on IOS 12.2.10(T) or later−

Also on Juniper Systems•

Works with Interface Reporting−

Re-indexing−

Directed instance polling−

Leverages polled interface stats−

Inherits property & customer information•

Large number of reports•

Integrated with thresholds package−

Traps NNM/OVO−

Remote report launching•

Very compelling solution for MPLS VPN providers−

Largely “invisible”

technology−

New technology means few solutions in the marketplace

50 6 August 2007

MPLS VPN OVPI reports (cont.)•

At the device level−

Recent MPLS activity−

Recent VPN activity−

Recent VPN route activity•

At the MIB-II interface level−

Availability & response-time reports for VPNs and MPLS interfaces

−

Unreachable MPLS & VPN interfaces−

Near real-time reports for MPLS & VPN interfaces

−

Exception reports−

Grade of service reports−

Top-10 volume of MPLS & VPN interfaces

51 6 August 2007

MPLS VPN OVPI reports (cont.)•

VPN−

Route activity−

Top-10 & Bottom-10 interface availability per VPN

−

Traffic & exception counts per VPN−

Exception hot-spots across all VPNs−

Executive summary of historical VPN across VPNs

•

VRF−

Current operational status−

Historical utilization−

Recent operational status−

Recent utilization

52 6 August 2007

MPLS VPN RP -

information provided•

Reports include−

Active interfaces−

Associated interfaces−

Availability−

Discard rate−

Error rate−

Discard rate threshold violations−

Error rate threshold violations−

Response time−

Route activity−

Label security violations−

Utilization−

Utilization threshold violations•

Provisioned information includes−

Customer id−

Location•

SLAs for VPNs!−

Response time for VPN component interfaces−

Operational availability of VPN component interfaces


LAN/WAN Edge Solution

(a.k.a. Frame Relay SPI)

©



54 6 August 2007

LAN/WAN Edge SPI for NNM What does it do?

•

The LAN/WAN Edge SPI detects and reports problems with frame relay virtual connections.

•

It performs root cause analysis to distinguish between failures within the provider network and failures within the local edge router.

•

Enriched alarms are sent to the Frame Relay Alarms category of the NNM Alarms Browser

55 6 August 2007

LAN/WAN Edge SPI event messages•

Example alarm text:−Frame Relay: Local PVC problem due to LMI failure.− ifIndex=3 ((40, 1), (42, 3)) connect to Cisco4k1-S0.1

56 6 August 2007

Frame Relay OVPI solution •

Reports in the Frame Relay Report Pack display performance information for frame relay switches and edge devices.

•

Use these reports to deal with the following issues:−Which locations are experiencing service degradation

due to network congestion?− Which PVCs or ports are overloaded? Are there

underutilized PVCs or ports that could handle more traffic?

−What are the traffic patterns on the network?

57 6 August 2007

Frame Relay Report Pack benefits •

Port and PVC reports•

Utilization, discards and errors•

Capacity planning•

Congestion •

FECN and BECN reporting•

Monthly and daily reports•

Near Real Time.•

Multiple data pipes−

RFC1315−

Wellfleet (Bay Nortel)−

Stratacom (Cisco WAN)−

Newbridge (Alcatel)−

Ascend (Lucent)

58 6 August 2007

Change PVC configuration•

Enter Description, CIR, PVC Id, location, customer, and thresholds for FECN, BECN, and DE.

•

Incorrect CIR is RED

59 6 August 2007

CPT support—trickle down


OpenView Route Analytics Management System (RAMS) and Network Node Manager Integration Module (IM)

©



61 6 August 2007

Route analytics—a new technique to manage modern IP networks•

Management by network service instead of network element−

Understand the dynamics of the network as it provides the intended services to its members

−

Most accurate and authoritative view of how the current routed network is operating

•

Management at the speed of the network, from inside the network−

Issues detected in real-time by passive router, no polling required−

Faster root cause analysis (RCA) isolation of service-affecting problems•

New ability to manage the routing protocol layer−

This is the service layer−

IS-IS, OSPF, EIGRP, BGP visualization, monitoring, diagnosis −

Intelligently diagnose the problem

62 6 August 2007

AS 1 (OSPF)

IGP Routing Adjacencies

BGP Routing Adjacencies

RouteReflector

AS 2 (IS-IS)

AS 3 (OSPF)Complete concurrent monitoring of multiple routing protocols –OSPF, IS-IS, BGP, EIGRPA single appliance can monitor multi-AS networksProvides routing protocol-specific or network-wide viewing and analysis

HP OV RAMS Appliance

RAMS appliance

63 6 August 2007

RAMS

NNM AE

syslog

Reports

SNMP Traps

Events

XML

DB Query

RAMS

GUI Launch

NNM/RAMS integration module

64 6 August 2007

Use Case -

Direct OSPF adjacency loss•

Upon link failure, RAMS generates an adjacency lost event •

NNM AE receives this event and either:−Correlates it beneath a physical layer 2 failure, or−Active Problem Analyzer (APA) does on-demand polling

at the area of the failure

Adjacency Loss!

65 6 August 2007

Samples of RAMS protocols•

Interior Gateway Protocols (IGP)−OSPF− IS-IS−EIGRP

•

Exterior Gateway Protocols (EGP)−BGP

66 6 August 2007

NNM AE

syslog

SNMP Traps

Events

RAMS

*NOTE: New Route Analytics Alarms category on Home Base

RAMS specific events•

Types of events generated include−

Route flaps−

Excessive routing events −

Router adjacency loss−

Router config errors−

Route prefix availability−

Route prefix origination change−

Route prefix flood/drought−

Route redundancy changes−

BGP routing instabilities−

Rerouting for metric-sensitive services such as VoIP

67 6 August 2007

RAMS IGP view (OSPF)*

* Replaces NNM AE OSPF (Basic) View

68 6 August 2007

Cross-launch to RAMS IGP view

69 6 August 2007

RAMS Path History View•

A view dedicated to visualizing IGP path data−A path from a router to any IP address can be viewed at

different points in time

•

Similar to existing path view, but specifically tied to routing protocol data−Source node must be an OSPF router ID−Destination is any routable IP address−Path shown is based on base time specified

70 6 August 2007

RAMS Path History View (OSPF)

71 6 August 2007

RAMS GUI—unified view of routed network in real-time•

As changes are detected in the network, the topology map is instantly updated

•

Detailed data can be easily accessed−

link status, link metrics, new prefixes

•

A specific source and destination can be highlighted for viewing of the active route between routers

72 6 August 2007

RAMS GUI— solves new classes of problems!

•

Playback route changes•

Forensic analysis of intermittent routing problems

•

Time-series correlation (e.g. MRTG)

•

Validate redundancy of network routes

•

What if analysis of the operational network

73 6 August 2007

Comprehensive reports•

Predefined reports provide detailed routing activity data and higher-level trend information; examples−

Flapping links−

Link metric changes−

New prefixes and routers

•

Web-based reports can be generated for any time period recorded in the database

74 6 August 2007

NNM/RAMS integration event configurationThe following RAMS events must be configured via NNM ET RAMS cfg in order to receive them−Adjacency Lost Event−Route Flap Event

•

Must specify a watch list

−Prefix Origination Change−Prefix Flap

75 6 August 2007

RAMS benefits summary•

Increase network availability−

Isolate problems (layer 2 and layer 3) to relevant network segments in real-

time and historically

−

Manage a new class of problems in the routed network, undetectable by today’s traditional SNMP-based systems

•

Optimize network performance−

Monitor/alert on end-to-end changes of key routes/routers (VoIP, top customers, etc.)

−

Identify route instabilities that go undetected but impact services−

Reduce Operating Costs−

Reduce dramatically the time spent in fault isolation and root cause analysis; diagnose problems with forensic accuracy

−

Speed frequent maintenance tasks by planning changes on “as running”

network and quickly validating operational results−

Increase productivity of network engineering team; reduce problem escalations and handle them more quickly

−

Improve processes between network design and engineering

76 6 August 2007

RAMS technical tools•

http://partners.openview.hp.com

(channel)•

Search demos & evaluations:−

Eval kits, demos•

Search sales tool central, technical white papers−

Migration guides, perf & cfg guides•

Search sales tool central, technical sales guides−

Technical sales guides•

Search pricing & configuration, product support matrices:−

OV support matrix, NNM ET device support matrix•

http://openview.hp.com

(customer)•

Search information library:−

Product manuals, whitepapers

http://partners.openview.hp.com/

http://openview.hp.com/

78 6 August 2007

SNMP in one slide

Common organization structure for management information (SMI)

One naming space for all management “objects” (MIB)

Communications Protocol (SNMP)

Manager

Agents

Requests

Responses NotificationsGetSet

Networking EquipmentServers

PCsSoftware Applications

79 6 August 2007

AdministrativeWorkstation

HPOV NNM

Firewall

ManagedDevice(s)

Attacker

ManagedSystem(s)

SNMPv1/v2 traffic

SNMPv1/SNMPv2c—not secure

80 6 August 2007

AdministrativeWorkstation

HP OV NNMwith

NNM SPI for

SNMPv3

Firewall

ManagedDevice(s)

Attacker

ManagedSystem(s)

SNMPv3 traffic

Secure SNMPv3

81 6 August 2007

SNMPv3 includes everything in versions 1 and 2c plus…•

Authentication: −

User-based authentication of messages−

Who is doing the communicating•

Privacy: −

The ability to encrypt management messages−

Protection from disclosure•

Authorization:−

The concept of users−

What operations are allowed (e.g., read, write, notify)•

Access control:−

View-based−

Restriction on what data may be read/written•

Administrative framework to support the above

82 6 August 2007

SNMPv3 typical deployment scenarios for telecom consumers •

A few “user”

names are associated with

management stations (e.g., ow1, nnmbldg4)•

Authentication used for all communications

•

Both authentication and privacy used for sets•

Authentication and privacy used for retrieval of sensitive information (e.g., routing tables)

•

SNMP security configuration management is done by:−Hand—Editing or copying over local configuration files−Security configuration distribution application(s) via

SNMPv3 set requests

83 6 August 2007

Key elements of a complete solution•

Secure agents

•

Secure management applications•

Administrative policies

•

Configuration management of users, keys, etc•

Coexist with legacy systems

84 6 August 2007

Secure agents•

SNMPv3 agents available on most networking devices•

SNMPv3 agents available on most open operating systems and embedded real-time operating systems

•

For integrated network and system management, smart agents based

on SNMPv3 are available−

Support common SNMPV3 administrative framework−

Network monitoring−

Host resource monitoring−

File system monitoring−

Critical application monitoring−

Log file monitoring−

Service monitoring

85 6 August 2007

Secure management applications•

Network Node Manager with HP OpenView NNM SPI for SNMPv3

•

After initial configuration, NNM functions work transparently−MIB browser−Node polling−Data collection

•

Partner applications which use NNM SNMP stack will also work transparently

86 6 August 2007

Configuration management issues•

Users, keys, notifications, etc. must be configured on both managers and agents

•

Keys are generated from pass-phrases, pass-phrases not stored on managed devices

•

Keys need to be changed periodically•

Configuration must be updated in a timely manner (e.g., deny rights to a terminated employee)

•

Configuration needs to be done remotely from a security management station, using a secure and private method

87 6 August 2007

Coexist with legacy systems•

Some managed systems will not have SNMPv3 agents

•

Cannot upgrade all agents at once•

NNM SPI for SNMPv3 is multi-lingual, so fully supports a heterogeneous SNMPv1/ SNMPv2c/SNMPv3 agent environment−Old agent, old packet, old rules, old response−New agent, new packet, new rules, new response

•

Properly handle SNMPv1 traps•

Properly handle SNMPv2c traps and informs

88 6 August 2007

HP OpenView NNM SPI for SNMPv3


Questions?

90 6 August 2007

HP Software

Universe

June 18-22, 2007 | The Venetian | Las Vegas, Nevada

telco operations operations support systems - c.ymcdn.comc.ymcdn.com/sites/ · what's new in...

Documents