ehealth Integration for Cisco VPN Solutions Center User Guide
Size: px
Start display at page:

Download "ehealth Integration for Cisco VPN Solutions Center User Guide"

Transcription

1 ehealth Integration for Cisco VPN Solutions Center User Guide MN-NHVPNSC-001 June 2003

2 Important Notice Concord Communications, Inc., ehealth, ehealth Suite, the Concord Logo, eroi, AdvantEDGE, SystemEDGE, Live Health, Network Health, Live Status, System Health, Application Health, Automating Technology Management, Enterprise, Enterprise Monitor, Firstsense, FirstSense and design, FirstSense Enterprise, Pulse, Pulsecheck, Token/Net, Token/Scope, We See It Happening, Fault Manager, Empire, Empire Technologies and/or other Concord marks or products referenced herein are either registered trademarks or trademarks of Concord Communications, Inc. SMIC. Copyright 1992 SynOptics Communications, Inc. All Rights Reserved. SynOptics makes no representations about the suitability of this software for any particular purpose. The software is supplied as is, and SynOptics makes no warranty, either express or implied, as to the use, operation, condition, or performance of the software. SynOptics retains all title and ownership in the software. ehealth incorporates compression code by the Info-ZIP group. There are no extra charges or costs due to the use of this code, and the original compression sources are freely available from ftp://ftp.cdrom.com/pub/infozip/ on the Internet and from the Concord Communications Web site: Copyright Bigelow and Holmes 1986, Lucida is a registered trademark of Bigelow & Holmes. Sun Microsystems Inc., AT&T, and Bigelow & Holmes make no representations about the suitability of the source code for any purpose. It is provided as is without express or implied warranty of any kind. All other brand and product names are trademarks or registered trademarks of their respective companies. Proprietary Notice The information and descriptions contained herein are the property of Concord Communications, Inc. Such information and descriptions may not be copied, disseminated, or distributed without the express written consent of Concord Communications, Inc. Concord Communications, Inc., assumes no responsibility for any inaccuracies that may appear in this document. Concord Communications, Inc., reserves the right to improve its products and change specifications at any time without notice. U. S. Government Restricted Rights Use, reproduction, and disclosure by the U.S. Government are subject to the restrictions set forth in FAR (c) (1) and (2) and DFARS (c) (1) (ii). U. S. Patent 5,615,323 Patents Pending Patent Information 2003 Concord Communications, Inc. All Rights Reserved

3 Table of Contents Preface 7 Audience About This Guide Reading Path Revision Information Terms Documentation Conventions License Request Information Technical Support Professional Services Chapter 1 Product Overview 13 About ehealth About Cisco VPNSC Cisco VPNSC MPLS Solution Cisco VPNSC IPsec Solution Cisco VPNSC Features About ehealth Cisco VPNSC How ehealth Cisco VPNSC Works ehealth Reporting iii

4 iv Table of Contents Chapter 2 Getting Started with ehealth Cisco VPNSC 23 Before You Begin Setup Checklists ehealth System Requirements Cisco VPNSC System Requirements Obtaining User Permissions for Services ehealth Cisco VPNSC Performance Considerations Starting ehealth and Licensing ehealth Cisco VPNSC Starting ehealth Licensing ehealth Cisco VPNSC Setting up ehealth Cisco VPNSC Prerequisites Running the Setup Program Modifying ehealth Cisco VPNSC Settings Chapter 3 Configuring Cisco VPNSC Elements in ehealth 39 Before You Begin About the Configuration Process Adding Configuration Information to ehealth Adding SA Agent Information Adding Router Information Reconfiguring Response and Router Information Grouping Elements Scheduling the Configuration Process Managing the Configuration Process Element Files Response Element File Fields Router Element File Fields Element Definition Examples Sample Rules Files

5 Table of Contents v Chapter 4 Importing ehealth Cisco VPNSC Statistics 73 Importing Statistics Data Verifying Statistics Data Collection Stopping the Import Process Modifying Data Import Running ehealth Reports Index 79

6

7 Preface This guide uses the term ehealth Cisco VPNSC to refer to this integration module. This guide describes how to set up, configure, and use the ehealth Integration for Cisco VPN Solutions Center (VPNSC) module. This module enables ehealth to collect performance data about virtual private networks (VPNs) that Cisco VPNSC manages. This release of the ehealth Integration for Cisco VPNSC module (ehealth Cisco VPNSC) is available with ehealth Release 5.6 and later. It supports Cisco VPNSC Releases 2.1 and 2.2. NOTE If you are using an ehealth release that is later than Release 5.6, refer to the ehealth Readme file for the latest information on the versions of Cisco VPNSC that are supported for that release. Audience This guide is intended for network management administrators and service providers who use Cisco VPNSC to manage their VPNs and collect data from Cisco routers, and who want to use ehealth Cisco VPNSC to import this data to ehealth and run ehealth reports. 7

8 8 Preface To use ehealth Cisco VPNSC, you must be knowledgeable about the following: Network management and terminology Your network topology Cisco routers in your network Configuration information stored on Cisco VPNSC Cisco router information (such as models, IOS versions, and addresses) About This Guide This guide assumes that you are using Cisco VPNSC to collect and store configuration information about Cisco routers in your network and that you are familiar with all aspects of managing this Cisco product. This guide provides the information that you need to integrate ehealth with Cisco VPNSC so that you can run ehealth reports on the data that Cisco VPNSC collects. If you are not currently using Cisco VPNSC, or you are a new ehealth user, you can refer to Chapter 1 for product overview information. To learn more about ehealth, refer to the reading path that follows for a list of ehealth documents. For information about installing and configuring Cisco products, refer to the Cisco Web site at and the Cisco Systems, Inc. documentation. The following sections provide a reading path that you can follow, revision information, a list of terms, and the documentation conventions used in this guide.

9 About This Guide 9 Reading Path Before you use ehealth Cisco VPNSC, you must install ehealth and become familiar with its features. For more information about ehealth, refer to the following documentation: Introduction to ehealth. This guide provides an introduction to and overview of ehealth. New Features in ehealth. This guide provides information about new features available with the current release. ehealth Installation Guide. This guide provides information about ehealth system requirements, licensing, installing the ehealth software, and starting the ehealth console. ehealth Administration Guide. This guide is intended for the person who must perform the critical ehealth administration tasks such as discovery, polling, database maintenance, or report administration. ehealth Reports Guide. This guide provides an overview of the types of reports that you can generate from the ehealth console and from the Web interface. ehealth Web Help. The Web Help provides detailed information about all ehealth reports that you can run from the Web interface. For information about Cisco products, refer to the Cisco Systems, Inc. documentation. Revision Information This guide is a revision of the ehealth Cisco VPN Solutions Center User Guide for ehealth Release and later. That guide supports the integration module for Cisco VPNSC Release 2.0. This guide supports ehealth Release 5.6 and later versions of this integration module (which supports Cisco VPNSC Releases 2.1 and 2.2).

10 10 Preface Terms In addition, this version of ehealth Cisco VPNSC provides the following: Support for the Cisco VPNSC IPsec Solution in addition to the MPLS solution Enhanced grouping for your response and router elements (For more information, refer to Grouping Elements on page 42.) This guide uses the following terms when referring to ehealth and Cisco products: ehealth. A Concord product that allows you to manage and monitor resources in your internet infrastructure. You use the ehealth console and Web interface to generate reports on data that you collect. VPN. Virtual private networks that Cisco VPNSC manages. VPNSC. The Cisco Virtual Private Network Solutions Center product. MPLS. The Cisco VPNSC solution that supports Multi-Protocol Label Switching. IPsec. The Cisco VPNSC solution that supports Internet Protocol security. API. Application programming interface. ehealth accesses information from Cisco VPNSC through its APIs. CORBA. The Common Object Request Broker Architecture application server platform that Cisco VPNSC uses. ehealth Cisco VPNSC. The ehealth integration module that collects data from Cisco VPNSC and enables you to generate ehealth reports on this data.

11 About This Guide 11 Documentation Conventions Table 1 lists the conventions used in this document. Table 1. Documentation Conventions Convention File or Directory Name code emphasis enter Name New Term Variable NOTE CAUTION WARNING Description Text that refers to file or directory names. Text that refers to system, code, or operating system command line examples. Text that refers to guide titles or text that is emphasized. Text that you must type exactly as shown. Text that refers to menus, fields in dialog boxes, or keyboard keys. Text that refers to a new term, that is, one that is being introduced. Text that refers to variable values that you substitute. A sequence of menus or menu options. For example, File Exit means Choose Exit from the File menu. Important information, tips, or other noteworthy details. Information that helps you avoid data corruption or system failures. Information that helps you avoid personal physical danger.

12 12 Preface License Request Information Technical Support Professional Services You must submit a completed License Request form for all ehealth products that you purchase. This form is in your ehealth package and on the TotalDoc online documentation CD-ROM. Fax it to the License Generation Group at (508) or forward it using to licenses@concord.com. If you have a support Contract ID and password, you can access our Support Express knowledgebase at the following URL: If you have a software maintenance contract, you can obtain assistance with this product. Have your Support Contract ID available and contact Technical Support at the following: Phone: (888) (508) support@concord.com Web site: If you need any assistance with customizing this product, contact Professional Services at the following: Phone: (800) Fax: (508) proserv@concord.com Web site:

13 1 Product Overview Cisco is a registered trademark of Cisco Systems, Inc. About ehealth This chapter provides information about ehealth, Cisco VPNSC, and the ehealth Cisco VPNSC integration module. Concord s ehealth Suite of software products provides a comprehensive fault, availability, and performance management solution that spans the entire infrastructure, including applications, systems, and networks. All Concord products are integrated and store data in the ehealth database. ehealth automates technology management for IT departments, telecommunication carriers, and service providers. With ehealth, you can manage the quality and performance of services such as data, voice, wireless, Internet, and cable. You can report on behavior for thousands of elements in real time, or you can generate reports on historical information. You generate these reports from the ehealth console or from the ehealth Web interface. You can run scheduled reports automatically, create your own custom reports, view live data, or perform on-demand queries. For more information about running reports, refer to the ehealth Reports Guide. 13

14 14 Chapter 1 Product Overview In addition to providing out-of-the-box support for many devices, ehealth does the following: Discovers devices in your infrastructure using Simple Network Management Protocol (SNMP) Frequently polls statistics collected by each device s Management Information Base (MIB) Collects information and stores it in a database where it is available for reporting Concord also provides several modules that enable ehealth to integrate with various network management software products. These integration modules enable you to use the reporting capabilities of ehealth to monitor data that third party products gather about switches, routers, and other devices in your infrastructure. For more information about the ehealth suite of products, refer to the Introduction to ehealth. About Cisco VPNSC MPLS is the acronym for Multi- Protocol Label Switching. IPsec is the acronym for Internet Protocol security. Cisco VPNSC is a network- and service-management system that you use to manage IP virtual private networks (VPNs) and services. More specifically, Cisco VPNSC provides provisioning, auditing, and service level agreement (SLA) monitoring tools that you can use to manage both MPLS and IPsec VPNs. Cisco VPNSC manages VPNs that use the following routers: Provider edge (PE) Customer edge (CE) Customer premise equipment (CPE) Cisco VPNSC provides two solutions; Cisco VPNSC for MPLS and Cisco VPNSC for IPsec. You use the solution that is appropriate for your particular VPN. NOTE ehealth Release 5.6 and later versions of ehealth Cisco VPNSC support both of these solutions.

15 About Cisco VPNSC 15 Cisco VPNSC MPLS Solution The Cisco VPNSC MPLS Solution enables you to manage IP VPN services such as service provisioning, service auditing, and service-level accounting. External operating support systems (OSSs) can access the configuration information that Cisco VPNSC for MPLS gathers from CE and PE routers through a set of Common Object Request Broker Architecture (CORBA) application programming interfaces (APIs). Through these interfaces, you can add, delete, or modify MPLS VPNs and define the VPN service topology associated with each. 1 About MPLS VPNs PE routers communicate through the Border Gateway Protocol-Multiprotocol (MP-BGP). In an MPLS VPN, a CE router connects to a PE router, which sends traffic to other CE routers. Cisco VPNSC for MPLS accesses configuration files on both the CE and PE routers and makes the changes required to support the services over the various CE and PE router connections. An MPLS VPN consists of a set of sites that are interconnected by one MPLS provider network. Each site contains one or more CE routers, which connect to one or more PE routers. The Cisco VPNSC IPsec Solution is also known as the security module. Cisco VPNSC IPsec Solution The Cisco VPNSC (Security) IPsec Solution enables you to automatically configure Internet Key Exchange (IKE) and IPsec tunnels between routers that use the following Cisco software: Cisco IOS Cisco 3000 Series concentrators Cisco PIX Firewall This solution automates tasks such as resolving incompatible or inconsistent IPsec and IKE policies among devices and the routing protocols among sites. As with the Cisco MPLS solution, Cisco VPNSC for IPsec provides open APIs to enable integration with existing service provider OSSs.

16 16 Chapter 1 Product Overview About IPsec VPNs In an IPsec VPN, a CPE router on one site connects to a CPE router on another site as defined by the IPsec protocol. The IPsec traffic sent and received across this connection is monitored by a process on the CPE s secure interface. This data is sent to the destination CPE router through a process that provides security for the data and stores it in files on the destination CPE router. Cisco VPNSC for IPsec accesses these data files and obtains the information necessary to manage the IPsec VPN. Cisco VPNSC Features Cisco VPNSC offers the following features: Provisioning module. This service management module supports scheduled VPN service provisioning. You use this module to configure VPNs and to link CE routers to PE routers. The provisioning module has a database of all CE routers and PE routers (and links between them) and their associations with VPNs, customers, customer sites, and so on. The provisioning module also serves as a source of element and group information for LAN/WAN and Router/Switch reporting. Templates for provisioning. Cisco VPNSC templates allow flexible provisioning of Cisco IOS software commands. QoS provisioning. This feature enables you to offer and monitor different classes of service (COS). Cisco VPNSC measures SLA compliance and generates router configurations that allocate bandwidth to different COS. SLA module. This module monitors specific SLAs for round-trip times, availability, and usage. It collects and stores performance information, and reports on SLA conformance based on Service Assurance (SA) Agent probes in Cisco routers. Through this module, you can configure thresholds so that violations are reported. The data that this module monitors can also serve as a data source for Response reports.

17 About ehealth Cisco VPNSC 17 Accounting server. The accounting server is based on a Cisco NetFlow FlowCollector that collects, stores, and reports on a traffic matrix in this case, one that passes through a VPN. Service auditing. A Cisco VPNSC auditor validates IP VPN service configuration, monitors performance, and identifies faults to ensure network integrity and quality service. Service quality assurance. Cisco service assurance features ensure that VPN target devices remain correctly provisioned and that the VPN itself is operational. 1 NOTE Of these features, ehealth provides reporting capabilities for provisioning and SLA monitoring. About ehealth Cisco VPNSC For more information about additional features, the Cisco MPLS solution, or the Cisco IPsec solution, refer to the Cisco Systems, Inc. documentation. The ehealth Release 5.6 version of the ehealth Cisco VPNSC integration module supports the Cisco VPNSC IPsec and Cisco VPNSC MPLS solutions. ehealth Cisco VPNSC collects configuration information and statistics data for PE, CE, and CPE routers in your VPN. It gathers response statistics from the Cisco VPNSC database and collects performance statistics for routers by polling them directly. ehealth provides a setup program that you run on your ehealth system. This program allows you to configure CORBA, Cisco VPNSC, and ehealth system settings for integrating ehealth with Cisco VPNSC. If you have the appropriate ehealth licenses, you can use ehealth Cisco VPNSC to report on LAN/WAN, router/switch, and response path elements.

18 18 Chapter 1 Product Overview The Cisco SA Agent is a Cisco IOS technology that monitors network performance and response time between a Cisco router and a remote device. How ehealth Cisco VPNSC Works ehealth Cisco VPNSC performs the following tasks to gather the information that you need to manage and report on your VPNs: Collects Cisco SA Agent configuration information and the response statistics that these agents measure. Collects router configuration information, which ehealth uses to discover routers in your VPN. Collects router performance statistics data by polling routers directly. Collects and groups information about Cisco VPNSC group types that you can display in ehealth reports. When you set up ehealth Cisco VPNSC and use it for the first time, you collect configuration information for the routers and SA Agents in your VPN from the Cisco VPNSC database. You run the nhgetvpnscrouterconfig command on the ehealth system to extract the configuration information for routers, and you run the nhgetvpnscslaconfig command to extract the configuration information for SA Agents. Cisco VPNSC provides a CORBA API through which ehealth Cisco VPNSC accesses this information. ehealth Cisco VPNSC updates the ehealth poller configuration with the new configuration information. Once this information resides in ehealth, you run the ehealth Discover process to discover all Cisco routers and SA Agents in your VPN. After ehealth discovers these devices and saves them as elements in ehealth, ehealth Cisco VPNSC begins to import response statistics data from the Cisco VPNSC database through the ehealth import polling process. To collect performance statistics for the routers in your VPN, you must use the ehealth statistics polling process (SNMP polling) to poll these routers directly. For more information, refer to Gathering Statistics Data on page 19. Figure 1 on page 19 illustrates an ehealth Cisco VPNSC integration configuration.

19 About ehealth Cisco VPNSC 19 ehealth Database ehealth System Discover and SNMP Polling 1 CORBA API Cisco VPNSC System Configuration Information and Response Statistics Data Cisco VPNSC Database Cisco VPNSC Managed Network PE Routers CE Routers Customer Edge CE Routers Routers CPE Router SA Agent SA Agent Figure 1. ehealth Cisco VPNSC Integration Configuration For detailed instructions about how to run the commands to obtain this configuration information, refer to Chapter 3, Configuring Cisco VPNSC Elements in ehealth. ehealth Cisco VPNSC gathers data that Cisco Service Assurance (SA) Agents collect to monitor network availability, usage, and response time for service level agreements (SLAs). Gathering Statistics Data ehealth Cisco VPNSC gathers statistics data for response times and router performance using two types of polling processes: import polling and SNMP polling.

20 20 Chapter 1 Product Overview Using Import Polling. ehealth Cisco VPNSC uses import polling to gather response statistics data from the Cisco VPNSC database at the interval you specify when you set up the integration module. ehealth Cisco VPNSC accesses this data through a Cisco VPNSC CORBA interface which allows ehealth Cisco VPNSC to query for data at specific intervals. Cisco VPNSC saves response statistics in one-hour blocks or buckets. After a block is complete, it is available the next time ehealth polls for data. After ehealth imports data, it translates the statistics into ehealth DCI files and imports these files into the ehealth database. NOTE By default, ehealth polls for these statistics every 60 minutes. If new data is not available when ehealth polls, ehealth does not import any data. If several blocks of new data are available, ehealth imports all of them. Using SNMP Polling. Although Cisco VPNSC gathers some router information, ehealth requires more data about router performance to display in ehealth reports. To gather this data, ehealth polls routers directly using SNMP polling. For more information about polling network devices with SNMP, refer to the ehealth Administration Guide. Comparing Import Polling and SNMP Polling. Note the following advantages and disadvantages of import polling and SNMP polling. Import polling offers the following advantages: It transfers statistics in an efficient manner, using the enhanced grouping capabilities of Cisco VPNSC. You do not lose data when you stop the ehealth server. When you restart ehealth and it polls Cisco VPNSC for data, ehealth Cisco VPNSC collects all data stored in the Cisco VPNSC database with hourly queries.

21 About ehealth Cisco VPNSC 21 The disadvantage of import polling is that you have less control over the granularity of the data. SNMP polling has the following advantages: It provides more control over the granularity of the data. It populates all charts within ehealth reports. SNMP polling has the following disadvantages: Depending upon the number of elements, it increases network traffic according to the number of SNMP polling requests. (ehealth sends one request per element.) SNMP queries can impact router performance. 1 ehealth Reporting You can generate ehealth reports for response time and router activity performance data in your VPN. ehealth Cisco VPNSC integrates ehealth s reporting capabilities with the service-management capabilities of Cisco VPNSC. If you have the appropriate ehealth licenses, you can run a variety of ehealth reports on response, router, and LAN/WAN elements. For more information about ehealth reports, refer to the ehealth Reports Guide and the ehealth Web Help.

22

23 2 Getting Started with ehealth Cisco VPNSC Before You Begin This chapter contains the following information that you need to get started with ehealth Cisco VPNSC: Setup checklists ehealth system requirements Cisco VPNSC system requirements Starting ehealth and Licensing ehealth Cisco VPNSC procedures ehealth Cisco VPNSC setup procedure Before you run the ehealth Cisco VPNSC setup program, complete the checklists in the following section, review the ehealth and Cisco VPNSC system requirements, and obtain an ehealth Cisco VPNSC license for your ehealth system. After you complete the setup procedure, you must configure your Cisco VPNSC elements before you can use the integration module. (For instructions, refer to Chapter 3, Configuring Cisco VPNSC Elements in ehealth. ) The following steps outline the order in which you must perform the procedures to get started with ehealth Cisco VPNSC. 23

24 24 Chapter 2 Getting Started with ehealth Cisco VPNSC NOTE This guide assumes that you are already using Cisco VPNSC for IPsec, MPLS, or for both. For information about installing, configuring, and managing these products, refer to the Cisco Systems, Inc. documentation. 1. Install ehealth on a dedicated Solaris system. Refer to your ehealth Installation Guide. 2. Request an ehealth Cisco VPNSC license. Refer to License Request Information on page Complete the checklists in the following section. 4. Review the ehealth and Cisco VPNSC requirements on page 26 and the performance considerations on page Obtain user permissions to systems and services on the Cisco VPNSC system. Refer to Obtaining User Permissions for Services on page Start ehealth and license the integration module. Refer to Starting ehealth and Licensing ehealth Cisco VPNSC on page Run the ehealth Cisco VPNSC setup program. Refer to Setting up ehealth Cisco VPNSC on page Configure your Cisco VPNSC elements in ehealth. Refer to Chapter 3, Configuring Cisco VPNSC Elements in ehealth. Setup Checklists The setup checklists outline the information that you must provide when you run the integration module setup program. Make copies of these checklists and complete them with your system information. Prior to running the setup program, you can research the information for which the program will prompt you.

25 Before You Begin 25 Concord recommends that you save the completed checklists for future reference. You can refer to them each time you run the setup program and use them to provide Concord Technical Support with information if you require assistance. Cisco VPNSC System Checklist Use this checklist to record the information that you must provide for the CORBA name service and the Cisco VPNSC system settings. 1 2 Table 2. Cisco VPNSC System Checklist Description Your System Information The hostname or IP address of the system on which the CORBA name service is installed. NOTE: In most cases, this is the hostname of the Cisco VPNSC system. The port number that the CORBA server is using. Default: The default port number is Use this number unless it has already been allocated for use by another application. The hostname or IP address of the Cisco VPNSC system. Default: The default value should appear as the same value that you entered for the hostname or IP address of the CORBA name service system. The UNIX user name that ehealth uses to log in to the Cisco VPNSC system. Default: vpnadm The password for this user name. The user name that enables access to the Cisco VPNSC software. Default: admin The password for this user name.

26 26 Chapter 2 Getting Started with ehealth Cisco VPNSC ehealth System Checklist Use this checklist to record the information that you will provide for the polling interval and configuration extraction times on the ehealth system. Table 3. ehealth System Checklist Description Your System Information The ehealth polling interval in minutes. NOTE: Specify a polling interval that is approximately the same as the rate at which the Cisco VPNSC system collects data. Valid values (minutes): 15, 30, 45, 60, 75, 90, 105, or 120 Default: 60 minutes The maximum time (in minutes) to allow a configuration extraction to complete. Valid range: 1 to 1,440 minutes Default: 15 ehealth System Requirements This version of the ehealth Cisco VPNSC integration module supports Cisco VPNSC Releases 2.1 and 2.2 and is available with ehealth Release 5.6. NOTE This release of the integration module supports both Cisco VPNSC MPLS and Cisco VPNSC IPsec. ehealth Cisco VPNSC runs on Solaris systems only. Therefore, you must install ehealth Release 5.6 or later on a Solaris system to access the setup program for this version of the integration module. Install ehealth according to the instructions and requirements provided by your ehealth Installation Guide. The following sections describe additional installation and operational requirements for the ehealth system.

27 Before You Begin 27 ehealth Licenses You must add an ehealth Cisco VPNSC license for your ehealth system before you run the setup program for this integration module. For instructions, refer to Starting ehealth and Licensing ehealth Cisco VPNSC on page 32. When you create groups and grouplists for your response and router elements (as Chapter 3 describes), these appear in Service Level reports. This type of ehealth report requires a license for your ehealth system. For more information about additional ehealth reports that you can run to display your information, and for information about report licensing requirements, refer to the ehealth Reports Guide and your ehealth Installation Guide. 1 2 Telnet Access The ehealth system must have reliable Telnet access to the Cisco VPNSC system. ehealth uses Telnet to determine the version of Cisco VPNSC and to verify the settings that you specify when you run the setup program. Guidelines for Multiple ehealth Systems You can run ehealth Cisco VPNSC on several ehealth systems. However, every ehealth system extracts information from the same Cisco VPNSC system. If you do run the integration module on multiple ehealth systems, you must use the following guidelines: Do not run the nhvpnscsetup command (which launches the setup program) on multiple ehealth systems at the same time. Do not run the nhconfig command (which extracts configuration information from the VPNSC database) on multiple ehealth systems at the same time. Running either of these commands simultaneously could cause the commands to fail.

28 28 Chapter 2 Getting Started with ehealth Cisco VPNSC Synchronizing System Clocks Make sure that the system clocks on the ehealth systems and the Cisco VPNSC server are synchronized to within five minutes of each other. CORBA Interface Connection and Permissions for ehealth The Cisco VPNSC application server platform is CORBA. The CORBA-standard interfaces of Cisco VPNSC are Orbix application programming interfaces (APIs). NOTE Orbix is an application services product and a trademark of IONA Technologies. ehealth systems require reliable connections through the CORBA API of the Cisco VPNSC system, and ehealth Cisco VPNSC requires permissions to communicate with the Cisco VPNSC name services. The administrator of the Cisco VPNSC system must grant the following user permissions to all ehealth administrators who want to set up ehealth Cisco VPNSC or configure the Cisco VPNSC elements that reside in ehealth: User permissions to the DataSetServer and VpnInvServer systems on Cisco VPNSC User permissions to the CORBA name service For instructions, refer to Obtaining User Permissions for Services on page 29. Cisco VPNSC System Requirements Cisco VPNSC must reside on the same version of Solaris on which ehealth resides. (Concord recommends that you install each product on a separate system for optimal performance.) You must configure only one Cisco VPNSC system from which ehealth systems collect data.

29 Before You Begin 29 Cisco VPNSC Licenses You must install the following licenses on your Cisco VPNSC system to enable the integration: Cisco VPNSC API enabling license Cisco VPNSC MPLS GUI license For information about installing these licenses, refer to the Cisco Systems, Inc. documentation. 1 2 Cisco VPNSC Middleware You must ensure that the Orbix CORBA middleware (version 3.0.1) is installed. For information about the latest Patch version of Orbix that you must use for this version of Cisco VPNSC, refer to Cisco Systems, Inc. documentation. Time Zones Ensure that your ehealth and Cisco VPNSC systems use the same time zone. The VPNSC system must be set to the C locale (for global monitoring capabilities). Obtaining User Permissions for Services The Cisco VPNSC administrator must perform two procedures on the Cisco VPNSC system to enable user permissions for all ehealth administrators. As the ehealth administrator, you must do the following: Ensure that the Cisco VPNSC administrator configures Cisco VPNSC to allow connections to, and accept data from, the ehealth systems. Verify that all ehealth administrator user names on the ehealth and Cisco VPNSC systems are the same, and that both systems use a common user authentication mechanism.

30 30 Chapter 2 Getting Started with ehealth Cisco VPNSC Coordinate with the Cisco VPNSC administrator to obtain user permissions to the DataSetServer and VpnInvServer servers and to the Orbix CORBA name service on the Cisco VPNSC system. (These procedures are described in the following sections.) NOTE The following procedures assume that you are running ehealth Cisco VPNSC on multiple ehealth systems. The commands that the Cisco VPNSC administrator enters provide permissions for all ehealth administrators. If you do not want to grant permissions to all ehealth administrators, you can specify individual user IDs (instead of +all). Obtaining Permissions to DataSetServer and VpnInvServer To obtain permissions to the DataSetServer and VpnInvServer servers, the Cisco VPNSC administrator must perform the following procedure on the Cisco VPNSC system. To grant permissions to the Cisco VPNSC servers: 1. Log in to the VPNSC system as vpnadm. 2. Change to the VPNSC directory by entering the following command: cd /vpn 3. Source the permissions file by entering the following command: source vpnenv.csh

31 Before You Begin Enter the following commands, as needed: chmodit DataSetServer i+all chmodit VpnInvServer i+all chmodit DataSetServer l+all chmodit VpnInvServer l+all 1 2 If you have an Orbix admin account, you can use this account to grant permissions to the naming service. However, you are no longer required to use this account. You can use your VPN admin account to grant all permissions. Obtaining Permissions to the Orbix CORBA Name Service To obtain permissions to the Orbix CORBA name service, the Cisco VPNSC or Orbix administrator must perform the following procedure. To grant user permissions to the Orbix Corba name service: 1. Log in to the Orbix server by entering the following command on the Cisco VPNSC system: orbixadm NOTE NOTE If you do not have an Orbix Admin account, you can enter vpnadm. 2. Change to the Orbix3 directory by entering the following command: cd /Orbix3 3. Source the permissions file by entering the following command: source setenvs.csh 4. Enter the following commands for the name service: chmodit NS i+all chmodit NS l+all

32 32 Chapter 2 Getting Started with ehealth Cisco VPNSC As the ehealth administrator, make sure that the appropriate permissions have been granted and review the performance considerations in the following section before you license and set up ehealth Cisco VPNSC. ehealth Cisco VPNSC Performance Considerations When you run the ehealth Cisco VPNSC setup program, it does not install software on the Cisco VPNSC system. Therefore, you do not have to consider memory or disk space usage. However, when you use this integration module, it slightly increases network traffic between the following: Routers and the ehealth system, as a result of the SNMP polling activity associated with statistics collection The Cisco VPNSC and ehealth system, as a result of importing configuration data In addition, ehealth Cisco VPNSC extracts performance information from Cisco VPNSC through its CORBA API. The extraction process has a small impact on the Cisco VPNSC processing load for the following reasons: It occurs entirely through the CORBA interface. It typically runs only once per hour. It requires no computation. (It only extracts raw data.) Starting ehealth and Licensing ehealth Cisco VPNSC Before you run the ehealth Cisco VPNSC setup program, you must add an ehealth Cisco VPNSC license for your ehealth system. In addition, you must enter licenses for all ehealth products that you plan to use. For more information about adding other licenses, refer to the ehealth Installation Guide. The following sections describe how to start ehealth and license this integration module.

33 Starting ehealth and Licensing ehealth Cisco VPNSC 33 Starting ehealth Use the following procedure to start ehealth and open the console. To start ehealth: Log in to the ehealth system as the ehealth administrator. 2. Open a terminal window and change to the ehealth directory by entering the following command, where ehealth is the full pathname of that directory: cd ehealth 3. Optionally, use one of the commands listed in Table 4 to source the appropriate ehealth resource file to set your environment. Table 4. Sourcing the ehealth Resource File Shell Bourne C Korn Command. nethealthrc.sh source nethealthrc.csh. nethealthrc.ksh NOTE NOTE If you do not source the resource file, change to the $NH_HOME/bin directory, or specify the full pathname in your ehealth commands. 4. Enter the following command: ehealth The ehealth console appears on your screen.

34 34 Chapter 2 Getting Started with ehealth Cisco VPNSC Licensing ehealth Cisco VPNSC If you are starting ehealth and specifying license information for the first time, the Enter Licenses dialog box appears and prompts you for license information. If you have been using ehealth, you must access this dialog box to add the new ehealth Cisco VPNSC license. To access the Enter Licenses dialog box and add license information: 1. Select Setup Enter Licenses from the ehealth console. The Enter Licenses dialog box appears. 2. Click Add. The Add Licenses dialog box appears. 3. Enter your license information. NOTE NOTE For specific information about entering information in this dialog box, click Help. Setting up ehealth Cisco VPNSC After you add your ehealth Cisco VPNSC license information, ehealth does the following: Updates the console with the appropriate buttons and menu options Opens one or more polling status windows Opens the Discover dialog box For more information about the ehealth console, polling status windows, and the Discover dialog box, refer to the ehealth Administration Guide. ehealth provides an ehealth Cisco VPNSC setup program that you run on your ehealth system. This program allows you to specify the settings through which ehealth communicates with Cisco VPNSC. Before you run this program, as the ehealth administrator you must ensure that you have met the prerequisites outlined in the following section.

35 Setting up ehealth Cisco VPNSC 35 Prerequisites Before you run the setup program, verify that you have done the following: Installed ehealth on a dedicated Solaris system. For detailed information, refer to the instructions provided in the ehealth Installation Guide. Met the requirements outlined in ehealth System Requirements on page 26 and Cisco VPNSC System Requirements on page 28. Obtained all necessary user permissions, as described in Obtaining User Permissions for Services on page 29. Licensed this integration module as described in Licensing ehealth Cisco VPNSC on page 34. Completed the checklists provided in Setup Checklists on page Running the Setup Program The setup program presents a series of questions, validates your answers, and prompts you to supply a new answer if the one that you provided is invalid. When you run the setup program, default responses that are available for a particular question appear in brackets [ ]. You can press Return to accept the default response. You can exit the setup program at any time by entering q to quit. The first portion of the setup program prompts you for information about your CORBA settings and your Cisco VPNSC system settings. The second portion prompts you for information about your ehealth system settings. The first time that you run the setup program, make sure that you have completed copies of the checklists available. Refer to the information that you recorded to configure the Cisco VPNSC system and to configure the ehealth polling settings.

36 36 Chapter 2 Getting Started with ehealth Cisco VPNSC After you run the initial setup, you can run the setup program on additional ehealth systems. However, these systems will have to collect data from the same Cisco VPNSC system that you specify during the initial setup. To run the ehealth Cisco VPNSC setup program: 1. Log in to the ehealth system as the ehealth administrator. 2. Open a terminal window and change to the ehealth directory by entering the following command, where ehealth is the full pathname of that directory: cd ehealth 3. Optionally, use one of the commands listed in Table 4 on page 33 to source the appropriate ehealth resource file to set your environment. 4. Run the setup program by entering the following command: nhvpnscsetup The setup program menu appears and displays the following options: 1. Perform a complete setup 2. Modify CORBA settings 3. Modify Cisco VPN Solutions Center settings 4. Modify ehealth polling settings q. Quit 5. Enter 1 to run the complete setup. The program prompts you for information about the CORBA name service, the Cisco VPNSC system, and the ehealth system.

37 Setting up ehealth Cisco VPNSC Enter the required information at the appropriate prompts. Use the values that you recorded in the Cisco VPNSC System Checklist on page 25 and in the ehealth System Checklist on page 26. During the setup, the program displays various messages while it verifies the existence of Telnet access, user names and passwords, and the version of Cisco VPNSC. It also displays messages when portions of the program complete successfully. When the setup completes, it prompts you to restart the ehealth server to save the changes. 7. Enter y to restart the ehealth server and save your ehealth Cisco VPNSC integration module configuration. Note the pathname of the log file for the setup. ehealth Cisco VPNSC stores each setup session in a log file named /ehealth/log/install/installvpnscn.log. (The variable n represents a number that increments by one each time the setup runs.) This log file can be useful if you need to troubleshoot installation problems. 1 2 Modifying ehealth Cisco VPNSC Settings After you run the complete setup, you can run all or portions of the ehealth Cisco VPNSC setup program at any time to modify the following: CORBA settings Cisco VPNSC settings ehealth polling settings When you modify any of these settings, you must restart the ehealth server to save your changes. If you modify the setting for the ehealth polling interval, refer to the following section for information about this change.

38 38 Chapter 2 Getting Started with ehealth Cisco VPNSC Changing the ehealth Polling Interval If you change the ehealth polling interval, ehealth does not begin polling at the new interval until it has performed two additional polls. For example, assume you poll every 60 minutes as shown in Figure 2. You then change the polling interval to 45 minutes between the second and third polls (P2 and P3). ehealth polls two more times at the old (60-minute) interval (P3 and P4) before starting to poll at the new (45-minute) interval. 60 mins 60 mins 60 mins 45 mins P1 P2 P3 P4 P5 Change polling interval to 45 minutes Figure 2. Changing the ehealth Polling Interval Before you use ehealth Cisco VPNSC, you must configure your Cisco elements in ehealth as described in Chapter 3, Configuring Cisco VPNSC Elements in ehealth.

39 3 Configuring Cisco VPNSC Elements in ehealth Before You Begin This chapter describes how to obtain configuration information from the Cisco VPNSC database and how to configure Cisco VPNSC elements that reside in ehealth. Before you run the ehealth configuration process, make sure that you have done the following: Installed ehealth Release 5.6 or later on a Solaris system. Refer to your ehealth Installation Guide. Obtained user permissions to the Cisco VPNSC services. Refer to Obtaining User Permissions for Services on page 29. Licensed and set up ehealth Cisco VPNSC. Refer to Licensing ehealth Cisco VPNSC on page 34 and Setting up ehealth Cisco VPNSC on page

40 40 Chapter 3 Configuring Cisco VPNSC Elements in ehealth About the Configuration Process The ehealth configuration process extracts Cisco SA Agent and Cisco router configuration information from the Cisco VPNSC database and adds it to the ehealth poller configuration. After you license and set up ehealth Cisco VPNSC, you run the commands described in the following procedures so that ehealth can access this information through the Cisco VPNSC CORBA interface. The nhgetvpnscslaconfig command extracts configuration information for SA Agents, and the nhgetvpnscrouterconfig command extracts elements for routers on your managed network. Optionally, you can run variations of these commands to create groups and group lists for this information. (Refer to Grouping Elements on page 42.) You can also schedule the configuration process to update your poller configuration automatically. For instructions, refer to Scheduling the Configuration Process on page 50. Adding Configuration Information to ehealth Elements in the ehealth poller configuration represent the routers, objects, and other devices for which ehealth collects data. Use the following procedures to add SA Agent and router configuration information to ehealth. This information is stored in ehealth as element information. Adding SA Agent Information When you add SA Agent (response) configuration information to ehealth, it resides in the ehealth poller configuration and database as response element information. To add response element information: 1. Log in to the ehealth system as the ehealth administrator. 2. Open a terminal window and change to the ehealth directory by entering the following command, where ehealth is the full pathname of that directory. cd ehealth

41 Adding Configuration Information to ehealth Optionally, source the ehealth resource file that is appropriate for your shell environment using one of the commands in Table 4 on page Enter the following command and argument: nhconfig -dcicmd "nhgetvpnscslaconfig" Adding Router Information When you add router configuration information to ehealth, ehealth updates the poller configuration with information about CE, PE, and CPE router information and saves this information as elements in the ehealth database. For information about the ehealth elements that represent these routers, refer to Table 5 on page To add router element information: 1. Complete Steps 1 through 3 in the previous procedure to log in to the ehealth system, change to the ehealth directory, and optionally source the ehealth resource file. 2. Enter the following form of the nhconfig command: nhconfig -dcicmd "nhgetvpnscrouterconfig" Reconfiguring Response and Router Information It is important to update the ehealth database periodically to reflect changes that occur in the Cisco VPNSC database when SA Agent (response) and router information is added or reconfigured. To do so, you can run the commands described in the previous procedures periodically.

42 42 Chapter 3 Configuring Cisco VPNSC Elements in ehealth When you run these commands, the ehealth configuration process detects changes in the Cisco VPNSC database and updates the ehealth database and poller configuration. Optionally, you can schedule the configuration process to update your poller configuration automatically. For instructions, refer to Scheduling the Configuration Process on page 50. Grouping Elements You can organize your data according to the way in which you want ehealth to store it, and present it in reports. For example, you can create groups of elements of the same type and you can create group lists for certain group types. Before you group your elements, you need to understand the ehealth elements that represent the objects in your Cisco VPNSC-managed network. Table 5 lists these objects and elements. Table 5. ehealth Elements for Network Objects Cisco VPNSC-Managed Network Object CE router PE router CPE router CE router acting as a source router for an SA Agent PE router acting as a source router for an SA Agent SA Agent SA Agent acting as a target element ehealth Element Router/switch element with child interface elements Router/switch element with child interface elements Router/switch element with child interface elements Response source endpoint element Response source endpoint element Response path element Response destination endpoint element

Similar documents
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information