NerveCenterTM 3.8: An Overview
-
Glossary -
Performs standard NerveCenter alarm actions in response to detected network conditions and based on additional conditions that you specify.
Users with administrator logon rights can customize NerveCenter and save changes to the NerveCenter database. In the NerveCenter Client, administrator rights are required to create or modify the objects used in behavior models. Those with administrator rights belong to the NerveCenter Admins group on Windows or to ncadmins on UNIX. The can also log in as administrator on Windows or root on UNIX.
A NerveCenter object that detects a trigger generated by a poll, trap mask, OpC mask, Perl subroutine, or another alarm. The alarm is a finite state machine that transitions from one state to the next and performs any actions assigned to a transition. Each transition is triggered by its own set of network data, which is defined in the associated trigger generator. When an alarm detects its first trigger, the alarm transitions to the next state, where it remains until another trigger is received -- either from the same or another trigger generator. The sequence of transitions enables NerveCenter to monitor persistent, simultaneous, or sequential events that, taken together, indicate a critical or important condition.
A NerveCenter automated response that helps you manage network activity and stay informed about network conditions. You can assign one or more actions to any transition in an alarm state diagram. Actions fall into four main categories: notification, logging, triggering other alarms, and correcting network conditions. Examples include sending e-mail, issuing a page, logging data, sending an SNMP trap, executing a command, and sending an Inform message to a network management platform. In addition, NerveCenter actions can be performed conditionally based on criteria that you specify using the Action Router.
A single instance of a detected network event. Each instance is one active occurrence of an alarm definition that tracks a current network or system condition through its own copy of the alarm's state diagram. For example, one alarm might have five distinct alarm instances, each tracking the same condition on a different node.
A setting that determines whether an alarm instance monitors a subobject (for example, a port), several MIB objects on a subobject, a node, or an entire enterprise. Scope is assigned in an alarm's definition window.
If an alarm is using node scope, each alarm instance tracks the alarm's states for a single, distinct node. If an alarm is using subobject scope, each instance tracks the alarm's states for a MIB base object on a node, for example, an interface on a router. Instance scope alarms track instances for every interface or port that fits the polled condition regardless of the base object. Enterprise scope alarms track an event for the enterprise as a whole.
An indication of the urgency of a detected event. When creating an alarm, you assign each state a severity level, which is defined by a name and unique color. NerveCenter ships with severity options ranging from normal to critical for a fault condition, and from very low to saturated for a traffic condition. If your network management platform has event severities, you can map NerveCenter's severities to match those on your platform.
Corresponds to a network condition that an alarm is monitoring. To monitor certain network conditions, or states, you must specify these states in the alarm's state diagram. Each state listens for certain triggers. Once the correct trigger is fired, the alarm transitions to the corresponding state.
Specifies which detected conditions are correlated, in what order, and which responses (if any) are assigned to each stage. For each alarm that you create, you design a state diagram to specify the states you want to monitor. The state diagram can detect persistent, simultaneous, or sequential events that, taken together, indicate a critical or important network condition. Incoming triggers transition the alarm from one state to another.
A change from one alarm state to another, prompted by a trigger. When an alarm transitions from its ground state, the transition creates an alarm instance. Further triggers affect the current alarm instance, each generating a transition in the alarm. During a transition, NerveCenter carries out any alarm actions that are assigned to the transition.
MIB base objects are defined using Abstract Syntax Notation One (ASN.1), a language that's understood by network management protocols. The ASN.1 language is described in the ISO documents ISO.8824 and ISO.8825.
In SNMP v3 communication, the process of confirming the parties (i.e. entities) that communicate with each other as well as the timeliness of the messages received at an SNMP v3 entity.
The seed used to generate a message digest, as specified in the authentication protocols, to authenticate SNMP v3 messages. Both sender and receiver generate the digest, and the receiver matches the generated digest against the digest accompanying the message received to authenticate the message.
Protocol used with SNMP v3 communication that allows you to verify the sender and timestamp of a message. Two authentication protocols are currently defined: HMAC-MD5-96, which is based on MD5, and HMAC-SHA-96, which is based on SHA-1 cryptographic algorithms. NerveCenter supports both protocols.
Security level that requires message authentication services to be used while communicating with an SNMP v3 entity.
Security level that requires both the message authentication and message encryption services to be used while communicating with an SNMP v3 entity.
The group of all alarm, trigger generator, and property group definitions required to detect and handle a particular network or system behavior. A typical behavior model consists of an alarm with all its supporting trigger generators, though behavior models can have multiple alarms. Any NerveCenter object can be associated with one or more behavior models.
You can customize the behavior models that ship with NerveCenter as well as create new behavior models.
A privacy protocol as specified in SNMP v3 specifications to be used for message encryption in communication between two SNMP v3 entities with AuthPriv security level. This protocol is supported by NerveCenter.
A network management platform that can be configured to receive NerveCenter Inform messages. The Unicenter platform host requires NerveCenter's universal platform adapter to communicate with NerveCenter.
Every communication between two SNMP v3 entities takes place on behalf of a user (a uniquely identified entity in the SNMP v3 management domain) in some context (a uniquely identified entity for access control generally configured on conventional SNMP v3 agents/nodes) with any one of three security levels. These three parameters (user, context, and security level) are used together by VACM (View based Access Control Mechanism defined in SNMP v3 specifications) to grant access to any MIB data at the agents/nodes. Context can be thought of as the MIB information available to a particular user who seeks information from an agent using a certain security level. By default, the NerveCenter user is NCUser and the NerveCenter context is NCContext.
The utility that enables you to create or convert a NerveCenter database on Windows NT. Run the Database Wizard, DBWizard.exe, from your Start menu.
A privacy protocol as specified in SNMP v3 specifications to be used for message encryption in communication between two SNMP v3 entities with AuthPriv security level. This protocol is supported by NerveCenter. See also CBC-DES.
The hashing code generated for message authentication using authentication key. This digest is appended to the message being sent out by a sending SNMP v3 entity. The receiving SNMP v3 entity separate out this digest from the message, generate the digest again from the message using the locally available authentication key and then compares the two digests for message authentication.
The process of discovering nodes and adding them to the NerveCenter database. When you enable discovery, if the NerveCenter database does not already contain a node matching the source of an SNMP trap or NerveCenter Inform, it adds that node to the database. You can also customize NerveCenter's Discovery behavior model, which uses a TCI/IP sweep program (ipsweep.exe) to populate your node list. Alternatively, the NerveCenter node list can be populated from your network management platform.
A NerveCenter behavior model that uses parent-child topology information to determine the status of nodes and suppress polling on nodes that are down.
Number of times an SNMP v3 engine has been started or re-initialized (i.e., booted) since its engine ID was last configured.
An SNMPEngineID value with a length of 12 octets that uniquely identifies an SNMP v3 engine within the SNMP v3 management domain. There is one SNMP engine ID for every instance of a NerveCenter Server.
As defined in SNMP v3 specifications, number of seconds elapsed since the last engine boot. When this counter reaches its maximum limit, it is reset to 0 and the engine boots value is incremented by 1.
A setting for an alarm definition that determines that there will be at most one alarm instance monitoring the entire enterprise.
A detected network or system condition. An event can be forwarded to one or more NerveCenters and network management platforms.
Indicates the nature of an SNMP trap detected by a NerveCenter trap mask. There are seven different types of traps, numbered 0 through 6. The first six (0-5) are industry-standard traps and are described in any standard SNMP text. NerveCenter also provides an option for selecting all six traps. Trap number 6 is reserved for enterprise-specific traps and NerveCenter Inform actions.
A part of the OpenView network management platform that provides network and system management. NerveCenter integrates with IT/Operations by sending OpC Informs and receiving IT/Operations messages, which are detected by OpC masks. IT/Operations requires the SEMSOPCA adapter on its host machine. SEMSOPCA is installed when OVPA platform integration is selected during installation.
A part of the OpenView network management platform that provides network discovery, a map, threshold detection, a MIB browser, an event browser, and other functions. NerveCenter integrates with Network Node Manager by retrieving nodes from its OpenView database, sending color changes to the node symbols on the map, and sending events to the event browser. The Network Node Manager host requires NerveCenter's OVPA adapter to communicate with NerveCenter.
A network management platform that can be configured to receive NerveCenter Inform messages. The Enterprise Console platform host requires NerveCenter's universal platform adapter to communicate with NerveCenter.
A message indicating a specified network condition. You can configure alarms to send a NerveCenter Inform when a particular network event is detected. NerveCenter can send the Inform data to one or more NerveCenters and network management platforms. In NerveCenter Administrator, you specify Inform recipients and the types of events to be forwarded (for example, those above a specified severity level). This allows you to manage which platforms handle particular events.
The identity of a particular MIB base object when there are multiples of that base object on a node. For example, if a managed node has four ports, it has four instances of the ifEntry base object, numbered one through four. In NerveCenter, a base object and its instance is called a subobject.
A setting for an alarm definition that lets you monitor one or more base objects in an alarm instance. Instance scope is similar to Subobject scope but has the following difference: Instance scope lets you monitor any instance for different base objects.
The 32-bit host address defined by the Internet Protocol in STD 5, RFC 791. It is usually represented in dotted decimal notation, for example, 192.164.10.0.
A node that can be targeted by NerveCenter polls. Only managed nodes are polled. SNMP traps, however, are received from nodes regardless of their managed state.
A defined collection of device information that's governed by SNMP. An agent's MIB contains the configuration and status values for the particular type of device. A specific type or class of management information is called a MIB base object.
MIB-II defines the common set of objects for network management of TCP/IP-based intranets. Other enterprise-specific MIBs can be defined to support specific pieces of hardware.
The graphic representation of your network and its devices that a network management platform provides.
Message authentication/hashing algorithm as defined in HMAC-MD5-96 specifications, intended for secure message exchanges between any two entities communicating with each other. The algorithm takes a message of arbitrary length and produces a 128-bit message digest. This is one of the two algorithms suggested in SNMP v3 specifications for message authentication. This protocol is supported by NerveCenter.
An object that is managed by a network manager. Base objects contain attributes that have values. In MIB-II, for example, system, ifEntry, icmp, and ipAddrEntry are all base objects. System contains attributes such as sysDescr and sysUpTime that have associated values.
Some base objects, such as system, are simply the MIB group name and contain a single set of attributes. These are zero-instance base objects because they have no separate instances. Other base objects represent one instance out of two or more. IfEntry, for example, is one interface on a device that may contain several interfaces. Connecting the base object name and instance number with a period, as in ifEntry.2, fully qualifies the base object instance that is being referenced.
A network management platform that can be configured to receive NerveCenter Inform messages. The Netcool platform host requires NerveCenter's universal platform adapter to communicate with NerveCenter.
Every communication between two SNMP v3 entities takes place on behalf of a user (a uniquely identified entity in the SNMP v3 management domain) in some context (a uniquely identified entity for access control generally configured on conventional SNMP v3 agents/nodes). Before NerveCenter can poll SNMP v3 agents, the agents must be configured to support a NerveCenter user and NerveCenter context. By default, the user is NCUser and the context is NCContext, though you can change both names in NerveCenter Administrator.
Every communication between two SNMP v3 entities takes place on behalf of a user (a uniquely identified entity in the SNMP v3 management domain) in some context (a uniquely identified entity for access control generally configured on conventional SNMP v3 agents/nodes). Before NerveCenter can poll SNMP v3 agents, the agents must be configured to support a NerveCenter user and NerveCenter context. By default, the user is NCUser and the context is NCContext, though you can change both names in NerveCenter Administrator.
The NerveCenter software module that enables you to customize and manage NerveCenter operations. Run the NerveCenter Administrator program, ncadmin.exe, from your Start menu program group (Windows) or from the NerveCenter installation/bin directory.
A system or network administrator who is responsible for configuring and maintaining NerveCenter operations and, optionally, installing NerveCenter.
The NerveCenter software module that enables you to create and manage behavior models as well as monitor and report on network activity. Run the NerveCenter Client program, client.exe, from your Start menu program group (Windows) or from the NerveCenter installation/bin directory.
The enterprise-specific MIB object identifier (OID) for NerveCenter is 1.3.6.1.4.1.78. You use this number when creating trap masks to detect Inform messages.
A NerveCenter entity that can be part of a behavior model used to manage your network. The following are NerveCenter objects: nodes, property groups and their properties, polls, trap masks, OpC masks, and alarms.
The background engine that handles event correlation and manages the NerveCenter database. Each time you use the NerveCenter Client or Administrator, you must connect to a server. The server can be installed on the same machine as the NerveCenter Client or Administrator applications.
The NerveCenter software module that enables you to monitor network activity using Microsoft Internet Explorer 4.0 or Netscape Navigator 4.0. Run the Web Client from your browser by entering the following address:
http://servername/NerveCenter
If Web server integration was included with your NerveCenter installation, the NerveCenter Web Collector was installed on your machine. The Web Collector communicates with both the NerveCenter Server and your Web server in order to provide current information about alarms associated with the NerveCenter Server.
NerveCenter 3.5 supports several network management platforms, and communicates with each using a platform adapter. The platform adapter must be installed and running on the platform host before a connection can be established with NerveCenter.
Following are the platforms that can both provide node information and receive NerveCenter messages, using NerveCenter's OVPA adapter.
The following platforms can only receive NerveCenter messages and display those messages in their event or message browser. These use the NerveCenter universal platform adapter:
Finally, Hewlett Packard's OpenView IT/Operations (ITO) uses the SEMSOPCA adapter to send and receive IT/O messages. SEMSOPCA is installed when OVPA platform integration is selected during installation.
Security level that does not require message authentication or encryption services for communication between any two SNMP v3 entities. That means communication between the two SNMP v3 entities communicating with this (i.e. NoAuthNoPriv) security level is not secure.
Communication between two SNMP v3 entities takes place on behalf of a user (a uniquely identified entity in the SNMP v3 management domain) in some context (a uniquely identified entity for access control generally configured on conventional SNMP v3 agents/nodes). As such, NerveCenter still requires the user name and context for polling.
Any device on the network that can be managed. Examples of nodes are servers, workstations, printers, hubs, routers, bridges, and gateways. When NerveCenter is integrated with a network management platform, you can configure NerveCenter so its node list is populated by the platform. In addition, NerveCenter can be configured to add unknown nodes that send it a trap. You can also populate the list by using NerveCenter's Discovery behavior model, or you can add nodes manually.
A unique SNMP name given to each MIB base object, identified by the value of the sysObjectID object in the system group of MIB-II. The name is written as a sequence of integers separated by periods. For example, the sequence 1.3.6.1.2.1.1.1.0 specifies a system description. Each object associated with a vendor or type of equipment also has an object identifier.
You can obtain the object identifier for a node in your network by opening its Node Definition window. Select the Query Node tab and then select the Get button.
Similar to a NerveCenter trap mask, an OpC mask is used to detect and filter IT/Operations messages. It detects an incoming message, does a preliminary screening for values of interest, and issues a trigger. The OpC mask also gives you the option of creating a trigger function, a Perl subroutine that NerveCenter uses to do more complex filtering on the message.
A NerveCenter platform adapter process that resides on a Hewlett Packard OpenView Network Node Manager host. The adapter enables communication between the network management platform and NerveCenter.
Before NerveCenter can poll SNMP v3 nodes, you must supply the proper passwords for the NerveCenter user. These passwords must be configured on your SNMP v3 agents as well as in NerveCenter Administrator. You need to provide the following passwords:
Depending on the security level you provide in NerveCenter Client for the node corresponding to an SNMP v3 agent, NerveCenter will use an appropriate combination of passwords to provide message authentication and message encryption services.
An ICMP echo request sent to a network device that returns an echo reply from the device. ICMP is an error-control protocol that works with the Internet Protocol.
A NerveCenter process that facilitates communication between NerveCenter and a network management platform.
See also OVPA (OpenView Platform Adapter) and Universal Platform Adapter (paserver).
A NerveCenter object that monitors the network for conditions of interest by polling SNMP agents on managed nodes for specific MIB data. The poll compares these values to a user-defined poll condition and trigger expression. If the condition is satisfied, the poll generates a trigger that signals one or more alarms. At least one alarm must be enabled and include a transition that can be triggered by the poll's trigger.
Defines the condition to be detected on each node that is tracked. When a poll condition is satisfied, the poll generates a trigger that signals one or more alarms.
You can create conditions, such as threshold crossings or rates of change for tracked values, using arithmetic and relational operators. You can string together combinations of conditions using logical (Boolean) operators.
The interval (in seconds, minutes, or hours) that a poll waits between requests for node MIB data and evaluation of the associated poll condition.
The seed used by the privacy protocol to encrypt messages while communicating with an SNMP v3 entity using AuthPriv security level. The privacy key is described in SNMP v3 specifications.
A text string that is a member of one or more property groups. Properties fall into two categories: MIB base objects and user-defined strings. Poll and alarm definitions use properties when determining whether a device should be monitored.
A collection of one or more text strings called properties. Property groups allow you to categorize nodes into logical or managerial units. The groups can be based on device type, location, priority, supported MIBs, business function, or any other useful characteristic.
Each managed node belongs to a property group and, therefore, is associated with all of the group's properties. These properties are used to restrict which polls and alarms monitor the node. Assigning a node to a property group that contains multiple properties allows the node to be targeted by multiple behavior models.
When NerveCenter is integrated with a network management platform, NerveCenter issues a Resync command upon start-up. This command updates NerveCenter's entire node list with information from the platform. The update contains all nodes within NerveCenter's subnet filters, if applicable, and includes details about each node's parents.
You can manually refresh the NerveCenter node list by selecting the Resync command from the client's Server menu. If this command is not available, the connection to the node source is down.
The use of message authentication and message encryption services for communication between any two SNMP v3 entities. NerveCenter supports the following security levels while communicating with SNMP v3 agents:
A utility that transfers data between the database being used by NerveCenter and a serialized file. This tool is useful for backing up and restoring database information. Run the SerializeDB program, serializedb.exe, from your Start menu (Windows) or from the NerveCenter installation/Bin directory.
A secure hash algorithm specified in the Secure Hash Standard (SHS, FIPS PUB 180). This is one of the two algorithms suggested in SNMP v3 specifications for message authentication. This protocol is supported by NerveCenter.
An industry-standard protocol that defines how network management systems exchange information with their managed nodes. Software processes called SNMP agents reside on each managed device and track defined sets of data. A database of network information, called a management information base (MIB), is associated with both the manager and agent. A manager and agent may exist on the same system.
SNMP messages allow a management application to set and retrieve agents' managed data. SNMP traps allow an agent to send events to a management application.
A NerveCenter feature that reduces the network overhead associated with SNMP management. A poll doesn't solicit data from nodes unless an alarm definition uses the poll's trigger. Even then, the poll is issued to a specific node only when the alarm exists in a state that the poll can trigger. For example, if a behavior model correlates high traffic followed by high error rates, a node is not polled for error rates unless it fulfills the high traffic condition first.
An asynchronous notification that an SNMP agent can send to a management application. Traps are identified by a generic number (0-6), an enterprise-specific number, and an enterprise name. Related information data is typically bundled with a trap in structured formats called variable bindings. NerveCenter detects and filters SNMP traps with trap masks.
An SNMP trap number associated with an enterprise MIB. When defining trap masks, generic trap numbers (0-6) indicate the nature of the SNMP trap being reported. In addition, each enterprise, or vendor, can have any number of subtrap numbers, called specific trap numbers, within the category 6 generic trap. Each vendor defines its own number of enterprise traps, their associated specific numbers, their functions, and their variable bindings.
A base object and an instance connected by a period. Examples from MIB-II include ifEntry.3, system.0, and ipForwardEntry.2.
A setting for an alarm definition that determines that each alarm instance monitors a subobject. Subobject scope indicates that conditions for each subobject are tracked separately with separate alarm instances. For example, one alarm instance would track conditions on ifEntry.1, another would track conditions on ifEntry.2, and so on.
Suppression affects only polling; SNMP traps are still received from a managed node even though it is suppressed.
When NerveCenter is integrated with a network management platform, the platform uses a process called synchronization to update NerveCenter whenever the platform adds, updates, or deletes nodes. This type of update does not include parent information.
A NerveCenter object that captures SNMP traps received from managed nodes and fires a trigger that transitions an alarm instance. A mask can detect a standard SNMP trap identified by one of six generic categories, an enterprise-specific trap, and, with the advanced Trigger Function feature, a trap whose contents match user-specified criteria. At least one alarm must be enabled and include a transition that can be triggered by the mask's trigger.
A flag sent to one or more alarms to indicate that an event has been detected or a condition satisfied. The trigger transitions an alarm from one state to another. The alarm must be enabled and include a transition that can be triggered by this particular trigger.
Triggers are generated by polls, trap masks, OpC masks, and the Fire Trigger or Perl Subroutine alarm actions. You specify a trigger using the FireTrigger() function in a poll condition, Perl subroutine, or trap mask trigger function. NerveCenter generates its own built-in triggers, designed to detect unresponsive nodes.
A Perl script that you define for a NerveCenter trap mask or OpC mask. The script is called whenever a detected SNMP trap or OpC message matches the mask's data fields.
The Perl script issues triggers based upon the contents of the trap's variable bindings. When a suitable trap is detected, NerveCenter executes the trigger function, supplying data from the trap's variable bindings. Your script evaluates the variable-binding contents and conditionally fires triggers or assigns property groups.
A NerveCenter object or action that fires a trigger when a certain condition is detected. The trigger is sent to one or more alarms, where it transitions one or more alarm states.
The following are NerveCenter trigger generators: polls, trap masks, OpC masks, Perl subroutines that include the FireTrigger() function, and alarm actions (Send Trap, Fire Trigger). NerveCenter generates its own built-in triggers when it detects unresponsive nodes.
A NerveCenter platform adapter process that resides on IBM Tivoli Systems TME Enterprise Console, Computer Associates Unicenter TNG, or Micromuse Netcool/OMNIbus. The universal platform adapter enables NerveCenter to send Inform messages to those platforms.
Those with user rights belong to the NerveCenter Users (Windows) or ncusers (UNIX) group. They perform such tasks as monitoring NerveCenter alarms, resetting alarms, and generating reports. They cannot modify the NerveCenter database, for example, by making changes to nodes, property groups, polls, masks, or alarms.
An array of related information that accompanies an SNMP message. The variable bindings are typically defined in standard or vendor-specific MIB definitions (.ASN1 files). The format of each variable binding is defined by SNMP. NerveCenter polls and trap masks obtain variable bindings from the nodes they monitor.
A MIB base object that has only one instance and, therefore, contains a single set of attributes. For example, system is a zero-instance base object because it contains attributes (like sysLocation) that have only one associated value per node. In contrast, ifEntry is a base object with multiple instances. If a node had four ports, the node would has four instances of the ifEntry base object, numbered one through four, and each instance has associated attributes.
| Starting With NerveCenter | Index |
| 29 July 2003 |