HP OpenView System Administration Handbook [Electronic resources] : Network Node Manager, Customer Views, Service Information Portal, HP OpenView Operations نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

HP OpenView System Administration Handbook [Electronic resources] : Network Node Manager, Customer Views, Service Information Portal, HP OpenView Operations - نسخه متنی

Tammy Zitello

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

  • Sitemap

    HP OpenView System Administration Handbook: Network Node Manager, Customer Views, Service Information Portal, HP OpenView Operations

    Table of Contents

    Copyright

    Praise for HP OpenView System Administration Handbook

    Hewlett-Packard Professional Books

    How This Book Is Organized

    Acknowledgements

    Who This Book Is For

    Conventions Used in This Book

    Part 1: Network Node Manager, Customer Views, and Service Information Portal

    Chapter 1. Introduction to Network Node Manager, Customer Views, and Service Information Portal

    1.1 AN SNMP COKE MACHINE

    1.2 WHAT NETWORK NODE MANAGER PROVIDES

    1.3 WHAT CUSTOMER VIEWS PROVIDES

    1.4 WHAT SERVICE INFORMATION PORTAL PROVIDES

    1.5 OBTAINING EVALUATION COPIES OF NNM, CV, AND SIP

    1.6 ADDITIONAL OPENVIEW PRODUCTS

    1.7 SOME HELPFUL URLS

    Chapter 2. Why Network and Systems Management Systems Fail

    2.1 ...TO WORK PROPERLY

    2.2 ...TO EFFECTIVELY MANAGE THE ENTERPRISE GROWTH

    2.3 ...TO MANAGE EVERYTHING AT ONCE

    2.4 ...TO EVEN GET OFF THE GROUND

    2.5 SUMMARY

    Chapter 3. Create a Deployment Plan

    3.1 MANAGEMENT REQUIREMENTS

    3.2 DEFINE THE MANAGEMENT DOMAIN

    3.3 ARE THERE FIREWALLS WITHIN THE MANAGEMENT DOMAIN?

    3.4 OUT-OF-BAND NETWORK MANAGEMENT

    3.5 BACKUP AND RECOVERY REQUIREMENTS

    3.6 AUTHENTICATION, AUTHORIZATION, AND ACCESS CONTROL REQUIREMENTS

    3.7 EVENT CORRELATION REQUIREMENTS

    3.8 HIGH AVAILABILITY AND FAULT TOLERANCE REQUIREMENTS

    3.9 CONFIGURATION AND CHANGE MANAGEMENT PROCESS REQUIREMENTS

    3.10 HARDWARE CONFIGURATION REQUIREMENTS

    3.11 SUMMARY

    Chapter 4. Out-of-the-box Network Node Manager

    4.1 NNM DISCOVERY

    4.2 SYMBOLS AND OBJECTS

    4.3 ALARM CATEGORIES

    4.4 QUERYING THE MIB

    4.5 WEB ACCESS

    4.6 SUMMARY

    Chapter 5. Network Discovery

    5.1 SEEDING INITIAL DISCOVERY

    5.2 ADDITIONAL DISCOVERY METHODS

    5.3 NETMON POLLING STATISTICS

    5.4 CONFIGURING SNMP COMMUNITY NAMES

    5.5 FIREWALL CONSIDERATIONS IN NETWORK DISCOVERY

    5.6 SUMMARY

    Chapter 6. Customizing NNM from the GUI

    6.1 CUSTOMIZING SUBMAPS

    6.2 SUMMARY

    Chapter 7. Advanced Customization

    7.1 Application Integration using Application Registration Files (ARFs)

    7.2 Application Integration using Web Launcher Registration Files (WLRF) and Network Presenter Registration Files (NPRF)

    7.3 Defining Custom Symbols and Fields

    7.4 Summary

    Chapter 8. Data Collection and Event Configuration

    8.1 CREATING A DATA COLLECTION

    8.2 CREATING THRESHOLD AND REARM EVENTS

    8.3 CUSTOMIZING EXISTING DATA COLLECTIONS

    8.4 CUSTOMIZING EXISTING EVENTS

    8.5 TEST YOUR KNOWLEDGE OF DATA COLLECTION AND EVENTS

    8.6 DETAILED SOLUTION TO NETWORK PRINTER EXERCISE

    8.7 SUMMARY

    Chapter 9. Scalability and Distribution

    9.1 REMOTE CONSOLES

    9.2 CONFIGURING THE ON-DEMAND LEVEL FOR A MAP

    9.3 CONFIGURING THE POLLING FREQUENCY

    9.4 DEFINING FILTERS

    9.5 DISTRIBUTED INTERNET MONITORING (DIM)

    9.6 SUMMARY

    Chapter 10. Customer Views

    10.1 THE FIVE ADDITIONAL VIEWS

    10.2 THE OVCUSTOMER UTILITY

    10.3 CONFIGURING THE HIERARCHICAL SUBMAP BUILDER

    10.4 SUMMARY

    Chapter 11. Service Information Portal

    11.1 GENERIC NET DEMO

    11.2 INTEGRATING SIP WITH NNM

    11.3 SUMMARY

    Chapter 12. Introduction to OpenView Operations (OVO)

    12.1 MONITORING THE ENTERPRISE WITH OVO

    12.2 THE OVO OPERATOR

    12.3 THE OVO ADMINISTRATOR

    12.4 TEMPLATE ADMINISTRATORS

    12.5 SUMMARY

    Part 2: OpenView Operations

    Chapter 13. Out-of-the-box with HP OpenView Operations

    13.1 CONSIDER A SERVICE LEVEL IMPLEMENTATION

    13.2 PRE- AND POST-SOFTWARE INSTALLATION SUMMARY

    13.3 INSTALLING THE MANAGEMENT SERVER

    13.4 AGENT SOFTWARE INSTALLATION

    13.5 OPENVIEW STATUS CHECKS

    13.6 OVO AUTOMATIC STARTUP AT BOOT TIME

    13.7 THE ADMINISTRATOR CONSOLE

    13.8 WINDOWS AND MENUS

    13.9 NODES, NODE GROUPS, NODE LAYOUT GROUPS, NODE HIERARCHIES

    13.10 MESSAGE GROUPS

    13.11 USERS AND USER PROfiles

    13.12 APPLICATIONS

    13.13 THE OPERATOR CONSOLE

    13.14 CONFIGURE A NEW OVO OPERATOR

    13.15 CONFIGURE THE MANAGEMENT SERVER

    13.16 WORKING FROM THE COMMAND LINE

    13.17 PROBLEM SOLVING WITH OPENVIEW OPERATIONS

    13.18 OVO SERVER AND NODE RESOURCES

    13.19 DOCUMENTATION

    13.20 TOOLS AND RESOURCES

    13.21 SUMMARY OF EXECUTING OVOINSTALL

    13.22 SUMMARY

    Chapter 14. Agents, Policies and Distribution

    14.1 THE OVO AGENTS

    14.2 THE OVO MANAGEMENT SERVER PROCESSES

    14.3 AGENTS ALIVE AND WELL AT ALL TIMES

    14.4 AGENT INSTALLATION

    14.5 AGENT CONFIGURATION

    14.6 POLICIES

    14.7 ACTIONS, MONITORS, COMMANDS AND EXTERNAL NOTIFICATION SERVICES

    14.8 USING TEMPLATES FOR MESSAGE SUPPRESSION

    14.9 CONTROL MESSAGES WITH MESSAGE CORRELATION

    14.10 DISTRIBUTION

    14.11 SUMMARY

    Chapter 15. Smart Plug-Ins

    15.1 INSTALLING AN SPI

    15.2 COMPONENTS OF AN SPI

    15.3 TYPES OF SPIS

    15.4 SPI DOCUMENTATION AND WHITE PAPERS

    15.5 SPI TRAINING

    15.6 SUMMARY

    Chapter 16. Built-in Performance Tools

    16.1 EMBEDDED PERFORMANCE AGENT (OVOA)

    16.2 THE PERFORMANCE AGENT

    16.3 OTHER PERFORMANCE TOOLS

    16.4 OPERATING SYSTEM TOOLS INTEGRATION EXAMPLE

    16.5 DOCUMENTS AND REFERENCES

    16.6 SUMMARY

    Chapter 17. Server Administration

    17.1 SYSTEM ADMINISTRATION RESPONSIBILITIES

    17.2 SYSTEM STARTUP AND SHUTDOWN

    17.3 FILE SYSTEMS AND DISKS

    17. 4 OVO SERVER BACKUP

    17.5 CONFIGURATION DOWNLOAD

    17.6 CONFIGURATION UPLOAD

    17.7 HISTORY DOWNLOAD

    17.8 AUDITING

    17.9 REPORTING

    17.10 UTILITIES AND CONTRIBUTED TOOLS

    17.11 SUMMARY

    Chapter 18. Oracle for OpenView

    18.1 DATABASE TERMINOLOGY

    18.2 DATABASE STRUCTURES

    18.3 ENVIRONMENT VARIABLES

    18.4 DATABASE files AND DIRECTORY LOCATIONS

    18.5 DATABASE STARTUP AND SHUTDOWN

    18.6 DATABASE QUERIES

    18.7 DATABASE REPORT

    18.8 DATABASE TOOLS AND RESOURCES

    18.9 SUMMARY

    Chapter 19. Enterprise Management Flexibility with Multiple Management Servers

    19.1 DISTRIBUTED OPENVIEW SERVER CONCEPTS

    19.2 TERMINOLOGY

    19.3 DIRECTORIES

    19.4 COMMANDS AND UTILITIES

    19.5 TEMPLATES

    19.6 MESSAGE FORWARDING

    19.7 BUILDING A BACKUP SERVER

    19.8 ESCALATIONS

    19.9 CONFIGURATION VARIABLES

    19.10 SUMMARY

    Part 3: OpenView Best Practices

    Chapter 20. Security

    20.1 DCE-RPC PROCESSES AND COMMUNICATIONS

    20.2 GENERAL TCP/IP AND RPC COMMUNICATIONS

    20.3 NON-RPC AGENTS

    20.4 HTTP PROXY AGENT

    20.5 USERS AND PASSWORDS

    20.6 files AND DATA

    20.7 AUDITS

    20.8 ENHANCED SECURITY

    20.9 GENERAL SECURITY MEASURES

    20.10 SUDO

    20.11 SECURE SHELL (SSH) FOR HP-UX

    20.12 THE FIREWALL

    20.13 SUMMARY

    Chapter 21. Plan, Document, Take Corrective Actions, Administer Changes

    21.1 PLANNING THE OVO ENVIRONMENT

    21.2 OVO DOCUMENTATION

    21.3 CORRECTIVE ACTIONS

    21.5 SUMMARY

    Chapter 22. Troubleshooting Tools and Techniques

    22.1 DATA GATHERING TECHNIQUES AND TOOLS

    22.2 FUNCTIONAL CHECKS

    22.3 PROBLEM SOLVING

    22.4 SELF-HEALING SERVICES (SHS)

    22.5 SUMMARY

    Part 4: OpenView Operations for Windows

    Chapter 23. Introducing OVO for Windows

    23.1 ARCHITECTURE

    23.2 INSTALLATION

    23.3 EXPLORING THE FEATURES OF THE CONSOLE

    23.4 MESSAGE PROCESSING

    23.5 SUMMARY

    Chapter 24. OVO Windows and OVO UNIX Interoperability

    24.1 OVOW and OVOU Communications

    24.2 Message Forwarding

    24.3 Policy, Template, and Service Data Exchange

    24.4 Comparing Features of OVOU and OVOW

    24.5 Summary

    Chapter 25. OVOW Implementation Tasks

    25.1 AUTO-DISCOVERY AND AUTO-DEPLOYMENT

    25.2 ADD NODES

    25.3 CREATE AND DEPLOY POLICIES

    25.4 TOOLS, AUTOMATIC COMMANDS, AND SERVICES

    25.5 SUMMARY

    Appendix A. OpenView Commands Quick Reference Guide

    A.1 NETWORK NODE MANAGER COMMANDS

    A.2 CUSTOMER VIEWS AND SERVICE INFORMATION PORTAL COMMANDS

    A.3 OPENVIEW OPERATIONS COMMANDS

    Appendix B. Hostname Resolution

    B.1 THE DEFINITION OF HOSTNAME

    B.2 SETTING A SYSTEMS HOSTNAME

    B.3 ARE /ETC/HOSTS, NIS, AND DNS CONFIGURED PROPERLY?

    B.4 SUMMARY

    Appendix C. Resources

    C.1 BOOKS

    C.2 CERTIFICATION

    C.3 DATABASES

    C.4 HP INFORMATION AND RESOURCES

    C.5 JAVA

    C.6 LDAP

    C.7 MANAGED NODES

    C.8 MIBS

    C.9 NETWORKING AND SERVICE MANAGEMENT

    C.10 OPENVIEW SELF HEALING SERVICES

    C.11 OPENVIEW DOCUMENTATION, SUPPORT, AND PRODUCT RESOURCES

    C. 12 PERFORMANCE

    C. 13 RFCS

    C.14 SECURITY

    C.15 SOFTWARE

    C.16 SNMP

    C.17 SYSTEM ADMINISTRATION

    C.18 TRAINING

    C.19 TROUBLESHOOTING

    C.20 USER GROUPS

    C.21 UNIX

    C.22 WHITE PAPERS

    Index

    index_SYMBOL

    index_A

    index_B

    index_C

    index_D

    index_E

    index_F

    index_G

    index_H

    index_I

    index_J

    index_K

    index_L

    index_M

    index_N

    index_O

    index_P

    index_Q

    index_R

    index_S

    index_T

    index_U

    index_V

    index_W

    index_X

    index_Z

    •
    توضیحات
    افزودن یادداشت جدید


    20.8 ENHANCED SECURITY


    OpenView supports industry standard system security features. These features introduce multiple layers of security enhancements. Some of these are at the socket layer and go up through the application layer. In this section, we discuss some of the most popular security components available for TCP/IP environments. When the enhanced security options are installed on the management server, you have the option to choose the security method to configure on a node-by-node basis.

    20.8.1 Data Encryption Standard (DES)Private Key


    DES is a single-symmetric key used for encryption and decryption. The key is a single large random-number (from 64 up to 128 bits), used by the client and server to encrypt and decrypt messages. Here is an example of how the algorithm works: Node A sends a message that is encrypted with the

    fully qualified domain name (FQDN) of the node. A message arrives at the server after transmission over the network is decrypted using the client's FQDN. When authenticated, the message moves to the next upstream process. The message is decrypted and authentication of the server is performed on the managed node by a decryption routine.

    20.8.2 RSAPublic Key


    Developed by Ronald Rivest, Adi Shamir, and Leonard Aldeman, RSA differs from DES because the encryption algorithm uses two keys. RSA is based on a standard called

    Public-Key Cryptography (PKC). Originally based on the ANSI draft standard X9.42 an algorithm developed by Diffie-Hellman, one key is private and the other key is public. The size of the key generated by the algorithm is up to 512 bits. The PKC servers keep users' public keys. The server validates the users' ownership of their public keys. Here is an example of how the algorithm works: Node A sends a message to server encrypted with the server's public key. At the server, the server's private key is used to decrypt the message. When the server sends a message to the client, it is encrypted with the client's public key and decrypted by the client using a private key known only to the client.

    20.8.3 Kerberos


    Kerberos was developed as part of the Massachusetts Institute of Technology project Athena (and specified in RFC 1510). Kerberos is an add-on service that provides authentication and can be used with many network protocols including RPC. Kerberos uses

    Data Encryption Standard (DES) encryption to protect data as it travels across the network. DES uses tickets (also called keys) that are encrypted with a secret password and the ticket can only be decrypted at the other end with the same secret password. The secret password is stored on the Kerberos server.

    The Kerberos server provides a centralized authentication service. This key distribution function is to mutually authenticate clients to servers. There are three services involved in completion of the user or process authentication:

    Key Distribution Center (KDC),

    Authentication Service (AS), and

    Ticket Granting Service (TGS). The six steps in the authentication process are outlined here for reference:


  • Request for TGT

  • Get TGT plus session key

  • Request ticket for specific service

  • Get service-ticket plus session key

  • Request service

  • Provide server authentication

    • This authentication method initiates the client-server data exchange. Subsequent exchanges do not utilize all six steps and can be summarized as follows:

      20.8.4 Distributed Compute Environment (DCE)


      Distributed Computer Environment (DCE), developed by the

      Open Software Foundation (OSF) provides configuration management, distributed file sharing, remote procedure calls, and user authentication. DCE enhances the Kerberos authentication model by using a combination of packet encryption, time-based authentication credentials, and a security server (called a "trusted third-party"). The DCE security server maintains an access control list similar to a database of users, servers, and security policies (this collection of data is referred to as the registry service). Authenticated RPC requires that each DCE principal (user, application program, computer, DCE cell, or DCE service) use a key known only to the client and the security server. The key is generated from a users secret password and is maintained by the registry service. Clients and servers use authenticated RPC based on the key (also called a ticket). The steps involved with obtaining the ticket are outlined here for reference:


    • The RPC client reads its password from the key file on the node.

    • The RPC client logs in and gets a login context (name/password) from the security server.

    • When authenticated, the RPC client sends the RPC request.

    • The RPC server checks the ticket with the password in the key file on the server.

      • The RPC client on the managed node is the message agent (opcmsga) process. The RPC server on the managed node is the control agent (opcctla) process. On the management server, the message receiver is the RPC server.

      The base DCE client components include the shared libraries and daemons (rpcd/dced). Out-of-the-box, the DCE client components include the features for authenticated RPC. The configuration steps must be performed on every node within that will use DCE/RPC security.

      The security services are configured on the managed nodes, which become members of a DCE cell. The cell includes a security server located on a managed node or the management server. A utility program called dce_config provides a menu-driven interface to help configure the local node into the cell. When configured for DCE/RPC, the management server will not communicate with nodes that are not members of the DCE cell.

      20.8.5 GSS APIs


      The

      Generic Security Service (GSS)-

      Application Program Interface (API) is provided with OVAS as a customizable security solution that enables you to develop and implement your own security requirements. GSS is defined by RFC-2743 and is incorporated as OVO's security protocol. When installed, the GSS functionality is enabled for the managed node communications via

      ActionsNodeModifyCommunications . Select Network Security Protocol GSS. This option adds a new line item to the nodeinfo file OPC_NSP_TYPE GSS_API_V2.

      OVO ANS only provides the interfaces for a GSS-compliant encryption product to be "plugged-in." OVO ANS does not provide this encryption by itself.

      20.8.6 HTTP and S-HTTP


      SSL encryption for HTTP ensures the integrity of transactions and the confidentiality of information exchanged via HTTP. The early development of the S-HTTP is a joint effort between

      Enterprise Integration Technologies (EIT) and the

      National Center for Supercomputing Applications (NCSA) at the University of Illinois and RSA Data Security. Several S-HTTP web servers are based on RSA's public-key cryptography and EIT's Secure HTTP software. S-HTTP provides application-level transaction security and supports digital signatures at the application level. OpenView uses the Public-Key Encryption model provided by Entrust.

      Additional information about HTTP and S-HTTP can be found at http://www.dmc.ie/maim2002/mairead/practice/projects/MP4/indesl and http://www.eit.com/projects/s-http. Also refer to the HP OpenView Operations HTTPS Agent Concepts and Configuration Guide.

      20.8.7 Secure Socket Layer (SSL)


      SSL is an application-independent protocol. Sockets live at layer-5 of the OSI model. Sockets are either connection-oriented or connectionless. Connection-oriented sockets allow data flow (back and forth as needed) between the client and server. As socket, when established, represents the IP address and a known port number and is represented as follows:

      10.2.12.14:23 represents the IP address and the well known telnet port

      Sockets are used locally for

      inter-process communications (IPC) and for Internet connections, as shown in the previous example. In using a TCP Socket, the connection setup uses a file descriptor for subsequent read and write operations. Check the established connections with the command

      netstat in from the command line. Basic operation of SSL transmissions include the following steps:


    • Client sends server a "hello" message

    • Server sends over its certificate (includes server's public key)

    • Client creates session-key and sends it encrypted to the server

    • Server encrypts future communications with client's session key.

    • Additional information about the SSL protocol is available at http://home.netscape.com/security/techbriefs

      • SSL helps secure the JAVA client console. This prevents eavesdropping of the passwords and message information that traverses the network between the client console and the management server. The client components are a component of the OVAS add-on package. After the OVAS secure JAVA client is installed on the server, distribution to the clients follows the standard procedure via http://<management_server_name>:8880/ITO_OP. The two files installed from the management server are ito_op.jar and ito_ssl.jar. The authentication certificates are generated on the server with the opcca utility provided with OVAS. The certificate is installed on the client in addition to the two (dot) jar files. The handshake protocol is initiated using SSL when you startup the JAVA client console. When the session initiates, the JAVA client GUI displays a closed padlock icon.

      20.8.8 PAM Authentication


      The

      HP Configuration Guide for Kerberos Products on HP-UX states the following about PAM authentication: "HP-UX provides Kerberos authentication as part of the Pluggable Authentication Module (PAM) architecture that is specified in RFC 86 of the Open Group. PAM allows multiple authentication technologies to coexist on HP-UX. A configuration file determines which authentication module to use, in a manner transparent to the applications that use the PAM library."

      OVO user accounts exist in two places on the management server, the database and the password file. The account names and passwords for each configured OVO user are authenticated by the PAM modules that are installed on the management server operating system. PAM authentication is configured in the /etc/pam.conf files. The configuration requires valid entries for each user in the OVO database (new users are added via the GUI) and the /etc/passwd file (with entries for all users accounts that access OVO).

      20.8.9 SOAP (XML)


      The World Wide Web Consortium (www.w3c.org) defines SOAP Version 1.2 as a lightweight protocol intended for exchanging structured information in a decentralized, distributed environment. It uses XML technologies to define an extensible messaging framework providing a message construct that can be exchanged over a variety of underlying protocols. The framework has been designed to be independent of any particular programming model and other implementation specific semantics.

      SOAP (XML) technology replaces the DCE-RPCs for use with the HTTPS-based agent.


      / 276