Managing NerveCenter
-
Managing SNMP Settings - Overview of NerveCenter SNMP v3 Support -
Specifying SNMP Ports for NerveCenter
NerveCenter Support for SNMP v3 Digest Keys and Passwords
Overview of NerveCenter SNMP v3 Support
NerveCenter support for SNMP v2c (community-based SNMP v2) and v3 includes new data types and enhanced security for communication. SNMP v1 and v2c rely on community names for authentication. SNMP v3 enhances authentication and expands its services to include privacy. SNMP v3 expands on the earlier concept of MIB views to control access to management information. SNMP v3 uses a View-based Access Control Model (VACM) to determine the level of access a user has for viewing MIB data.
Following are highlights of NerveCenter support for SNMP v2c/v3:
- Before NerveCenter can discover SNMP v3 agents on nodes, the nodes must have an initial user configured for discovery.
See Configuring an Initial User for Discovering an SNMP v3 Agent.
Refer to the book Designing and Managing Behavior Models for details about testing
communication with a node using the NerveCenter Test Version poll.
- NerveCenter communicates (sends polls) with an SNMP v3 agent on behalf of a specified NerveCenter user in a defined context. Before NerveCenter can poll SNMP v3 agents, the agents must be configured to support the NerveCenter user and context. By default, the user name is NCUser and the context is NCContext, though you can change both in NerveCenter.
See Configuring an SNMP v3 Agent for NerveCenter.
See Changing the NerveCenter SNMP v3 User Name and Context.
- NerveCenter supports three security levels for communicating with SNMP v3 agents. By default, NerveCenter sets the security level to noAuthNoPriv, which means the v3 agent sends and receives messages without authentication or encryption.
See NerveCenter Support for SNMP v3 Security for details about security.
Refer to the book Designing and Managing Behavior Models for details about setting a node's
security level.
- The authentication and privacy protocols require specialized keys, called authentication and privacy keys. These keys are generated from corresponding passwords. You can change these passwords in NerveCenter, thereby changing the keys. When changing keys in NerveCenter, you can command NerveCenter to update the key changes on all nodes.
See NerveCenter Support for SNMP v3 Digest Keys and Passwords.
See Changing the SNMP v3 Key Passwords.
- NerveCenter supports either HMAC-MD5-96 (MD5) or HMAC-SHA-96 (SHA) as authentication protocol on a per-node basis and CBC-DES as the privacy protocol. The default authentication protocol for NerveCenter is MD5. If you change the authentication protocol on an SNMP v3 agent, you must likewise change the protocol used by NerveCenter to manage the corresponding node in its database.
Refer to the book Designing and Managing Behavior Models for details about changing the
authentication protocol used by NerveCenter for an agent.
- A node must have SNMP version information before NerveCenter can poll the node or process a trap from the node. NerveCenter can discover the version of a node automatically or manually. If auto-classification is enabled, then a newly added node (discovered from a trap, added from a platform such as HP OpenView, imported from another NerveCenter) will be classified at the highest level possible.
Auto-classification is disabled when you install NerveCenter. You must enable this feature before NerveCenter can classify nodes added to its database.
See SNMP Auto and Manual Classification Settings.
Refer to the book Designing and Managing Behavior Models for details about classifying
nodes manually.
- The trap source specified during installation can be changed to MSTrap, OVTrapD or NerveCenter. Changing the trap source requires stopping and starting the related applications (e.g., OVTrapD) and restarting the NerveCenter Server.
See Managing the NerveCenter Trap Source on page 46.
- SNMP v3 operations are logged to a file so that you can follow the progress of v3 activities. The log includes information about activities (e.g., a key change initiated by the user) as well as errors that occur while NerveCenter attempts to perform the activities.
See SNMP v3 Operations Log.
See SNMP Error Status for information about SNMP v3 errors.
- NerveCenter ships with behavior models that provide the status of various applications monitored by the SNMP Research CIAgent.
For complete details about these and all behavior models, refer to the Behavior Models
Cookbook.
NerveCenter Support for SNMP v3 Security
SNMP v3 specifications enable any two devices to communicate in a completely secure fashion using message authentication to validate users and encryption to ensure the secrecy of the communication. SNMP v3 provides a User-based Security Model (USM) to establish authentication and secrecy.
NerveCenter supports three security levels for communicating with an SNMP v3 agent:
- NoAuth/NoPriv: Passwords for authorization and privacy are not required to communicate with the agent. NerveCenter still requires the user name and context for polling.
- Auth/NoPriv: The authorization protocol and password are required to communicate with the agent. NerveCenter requires the user name, context, and authentication password for polling.
- Auth/Priv: All security parameters are required to communicate with the agent. NerveCenter requires the user name, context, and the privacy and authentication passwords for polling.
Communication between any two SNMP v3 entities takes place on behalf of a uniquely identified user within the management domain. The security level used for this communication defines the kind of security services -- message authentication and encryption -- used while exchanging data. NerveCenter communicates with SNMP v3 nodes on behalf of the NerveCenter poll user in the poll context. By default, the user name for MD5 authentication is NCUser, the user name for SHA-1 authentication is NCUserSHA1 and the context is NCContext, though you can change both the user names and context in NerveCenter.
If you do not specify a security level for an SNMP v3 node, NerveCenter uses a default security level of NoAuthNoPriv, which means that message authentication and encryption services are not used for data exchange with the node. You can later change the security level in NerveCenter.
The NerveCenter poll user, context, authentication password, and privacy password can be changed in NerveCenter Administrator. If you change the passwords, you can update this information on all nodes directly from the NerveCenter Administrator.
The security level used by NerveCenter while polling SNMP v3 nodes is configured for each node in NerveCenter Client. Information specific to nodes, such as version, security level, and authentication protocol, are entered in NerveCenter Client for the node.