SolarWinds Technical Reference



Similar documents
Using SolarWinds Orion for Cisco Assessments

SolarWinds Technical Reference

Configuring and Integrating JMX

SolarWinds Technical Reference

Migrating Cirrus. Revised 7/19/2007

SolarWinds Technical Reference

SolarWinds Technical Reference

Configuring WMI on Windows Vista and Windows Server 2008 for Application Performance Monitor

SolarWinds. Understanding SolarWinds Charts and Graphs Technical Reference

SolarWinds Migrating SolarWinds NPM Technical Reference

SolarWinds Orion Integrated Virtual Infrastructure Monitor Supplement

SolarWinds Technical Reference

SolarWinds Technical Reference

SolarWinds Technical Reference

SolarWinds Technical Reference

Configuring and Integrating MAPI

AKIPS Network Monitor User Manual (DRAFT) Version 15.x. AKIPS Pty Ltd

SolarWinds. Packet Analysis Sensor Deployment Guide

SolarWinds Scalability Engine Guidelines for SolarWinds Products Technical Reference

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

SolarWinds Technical Reference

SolarWinds Toolset Migrating Guide

DameWare Server. Administrator Guide

A Guide to Understanding SNMP

SolarWinds Technical Reference

SolarWinds Toolset Quick Start Guide

Configuring and Integrating Oracle

SolarWinds Technical Reference

Copyright 2014 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified,

Copyright 2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified,

Using SolarWinds Log and Event Manager (LEM) Filters and Alerts

Configuring and Monitoring Citrix Branch Repeater

SolarWinds Certified Professional. Exam Preparation Guide

Managing Orion Performance

SolarWinds Technical Reference

SNMP SECURITY A CLOSER LOOK JEFFERY E. HAMMONDS EAST CAROLINA UNIVERSITY ICTN 6865

AKIPS Network Monitor Installation, Configuration & Upgrade Guide Version 15. AKIPS Pty Ltd

Technical Notes P/N Rev 01

AKIPS Network Monitor Installation, Configuration & Upgrade Guide Version 16. AKIPS Pty Ltd

Blue Coat Systems. Client Manager Redundancy for ProxyClient Deployments

Configuring and Monitoring Bluecoat AntiVirus

SolarWinds Technical Reference

Configuring and Monitoring Citrix Access Gateway-Linux Servers. eg Enterprise v5.6

IBM FlashSystem. SNMP Guide

Configuring SNMP Cisco and/or its affiliates. All rights reserved. 1

Monitoring Traffic manager

Smart Business Architecture for Midsize Networks Network Management Deployment Guide

QoS: CBQoS Management Policy-to- Interface Mapping Support Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)

Organized, Hybridized Network Monitoring

CA Spectrum and CA Performance Center

You can contact SolarWinds in a number of ways, including the following:

Simple Network Management Protocol

Comparison of SNMP. Versions 1, 2 and 3

Service Description: Cisco Prime Home Hosted Services. This document describes the Cisco Prime Home Hosted Services.

SNMP -overview. Based on: W.Stallings Data and Computer Communications

Contents Firewall Monitor Overview Getting Started Setting Up Firewall Monitor Attack Alerts Viewing Firewall Monitor Attack Alerts

Chapter 19: Network Management. Business Data Communications, 5e

Boundary Encryption.cloud Deployment Process Overview

NETWORK PUBLIC TRAINING CLASS

Monitoring DoubleTake Availability

How to Use SNMP in Network Problem Resolution

Configuring and Monitoring SiteMinder Policy Servers

7750 SR OS System Management Guide

Portal Administration. Administrator Guide

SOLARWINDS ORION. Patch Manager Evaluation Guide

Defender Delegated Administration. User Guide

SolarWinds Network Topology Mapper Administrator Guide

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

Configuring and Monitoring Hitachi SAN Servers

Monitoring QNAP NAS system

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)

Simple Network Management Protocol

SOLARWINDS PUBLIC TRAINING CLASSES MODULES COVERED: NPM, SAM, NCM, NTA, IPAM & VNQM FEATURES & BENEFITS

Monitoring Network Elements

MBAM Self-Help Portals

SolarWinds Toolset Quick Start Guide

SafeNet Authentication Manager Express. Upgrade Instructions All versions

Synology DiskStation

Dell InTrust Preparing for Auditing Microsoft SQL Server

Simulation of an SNMP Agent: Operations, Analysis and Results

Network Configuration Manager

SNMP I/O Devices Make Monitoring Environmental Conditions Easy. Austin Lin Product Manager Wayne Chen Technical Service Moxa Inc.

SolarWinds Network Management Guide. Revision: H2CY10

HP LeftHand SAN Solutions

SolarWinds Orion Network Configuration Manager Administrator Guide

Table of Contents. Contents

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Dell One Identity Cloud Access Manager Installation Guide

technical brief browsing to an installation of HP Web Jetadmin. Internal Access HTTP Port Access List User Profiles HTTP Port

+ Configuration+Guide+ +Monitoring+ Meraki+Access+Points+with+Solarwinds+ Orion+using+SNMP+

Blue Coat Systems. Reference Guide. WCCP Reference Guide. For SGOS 5.3

SolarWinds LANsurveyor LANsurveyor Express Administrator Guide

Installing the IPSecuritas IPSec Client

Symantec Mobile Management for Configuration Manager

Dell Unified Communications Command Suite - Diagnostics 8.0. Data Recorder User Guide

Transcription:

SolarWinds Technical Reference Implementing SNMPv3 Why SNMPv3?... 3 SNMPv3 Security... 4 General Implementation... 6 SolarWinds Product-Specific Implementation... 7 SolarWinds SNMPv3 input mapped to IOS.. 7 This paper examines the steps required to implement SNMPv3 and how to use SNMPv3 in SolarWinds Products. network management simplified - solarwinds.com

Implementing SNMPv3 2 Copyright 1995-2010 SolarWinds. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of SolarWinds. All right, title and interest in and to the software and documentation are and shall remain the exclusive property of SolarWinds and its licensors. SolarWinds Orion, SolarWinds Cirrus, and SolarWinds Toolset are trademarks of SolarWinds and SolarWinds.net and the SolarWinds logo are registered trademarks of SolarWinds All other trademarks contained in this document and in the Software are the property of their respective owners. SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS OR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Document Revised: 03/31/2010

Implementing SNMPv3 3 Why SNMPv3? SNMP version 1 and version 2 provide a very simple model for device management communications. Unfortunately, they also lack some critical features in the areas of security and flexibility, including the following: Weak Authentication Security. Community strings are transmitted in clear text. A packet capture will expose read-only and read/write community. Only two roles are allowed, read only and read/write. Default community strings for read only (public) and read/write (private) can be easily implemented in production networks, allowing access to devices by rogue SNMP managers. Provides no ability to authenticate the source of an SNMP request. Weak Privacy. Requests and replies are easily decoded, exposing entire SNMP conversations, including aspects of system configurations. No Access Control Model. SNMP v1 and v2 do not define access control mechanisms, so once a device gains access to the device using v1 or v2 that device has unrestricted access.

Implementing SNMPv3 4 SNMPv3 Security The three problems with SNMP version 1 and version 2 listed above are addressed in SNMPv3 through the implementation of the following enhancements: Authentications Enhancements User-Based Security Model (USM). Individual messages can be authenticated to known SNMP authorities, such as a particular Network Management System (NMS). Messages contain multiple timing mechanisms preventing capture and replay. These include SNMP authority engine uptime. The time since the last reset of the authority s SNMP engine. SNMP authority up time. The uptime of the NMS. Because this information is passed in encrypted form, a device attempting to mimic the authority has no way of knowing these details. Below is a depiction of SNMPv3 USM. SNMP v3 USM Strong Privacy. Data encryption options strengthen message privacy. Access Control - View-Based Access Control (VBAC) VBAC allows the configuration of SNMP agents to restrict the authority access to the following: Access certain portions of a MIB or deny access to all of a MIB on a per-authority basis. Define the rights to the level of access, read, read/write, and notify (trap) on a per OID per authority basis. VBAC creates a six step process for gaining access to MIB variables. Here is how this is accomplished:

SNMPv3 VBAC Implementing SNMPv3 5

Implementing SNMPv3 6 General Implementation Implementation of SNMPv3 is not difficult if it is done with proper planning. Here are the steps: 1. The following should be considered when planning the deployment. a. Mapping the authority (NMS), access to devices and MIBs. groups, views, contexts and users needs to be planned and documented before configuring managed devices. If this is not done in advance, chances are you will have to configure devices multiple times to provide access for all authorities. 2. Configure the device to be managed for SNMPv3 management according to the manufacturer s documentation and the planned authority access. 3. Add the device to the Authority (NMS) using the SNMPv3 configuration parameters from step 1. 4. Test the SNMPv3 communications from the NMS. 5. If the test fails review the device configuration, NMS configurations, and any firewall or ACL rules that may be interfering. 6. Create a record of the NMS SNMP users and associated passwords and store them in a secure location. Because this information is not recorded in the running configuration of most devices it cannot be backed up or restored.

Implementing SNMPv3 7 SolarWinds Product-Specific Implementation Once the planning and implementation of SNMPv3 on the managed devices is complete you will need to enter the proper information into the SolarWinds product to allow SNMPv3 polling and traps. Here is how to map the SNMPv3 configured on the managed device to the required fields in your SolarWinds products. Orion Add Node SNMPv3 Screen SolarWinds SNMPv3 input mapped to IOS SNMP Credentials Area Used to set read credentials SNMP Read/Write Credentials Area Used to set read/write credentials Authentication SNMP v3 Username = user defined in snmp-server user command. SNMP v3 Context = context defined in snmp-server group command.

Implementing SNMPv3 8 SNMP v3 Authentication Method = method defined in snmp-server group command. Password/Key = you have the option of entering the password defined in snmp-server user command or a defined key. If you use a password, we will convert the password to a shared key. If you use a key, we will simply use that key Privacy SNMP v3 Privacy/Encryption = as defined in snmp-server user command. Password/Key = you have the option of entering the password defined in snmp-server user command or a defined key. Credential set Library Name you choose to save the credential set on the SolarWinds Product. This is not communicated to the managed devices or configured in IOS.

Implementing SNMPv3 9 Minor differences exist in the exact order of these fields or the implementation method, such as in Engineer s Toolset read/write is specified with a check box rather than a separate input area. Engineer s Toolset Manage Credentials Screen

Implementing SNMPv3 10 Network Configuration Manager (NCM) names the SNMPv3 fields the same as found in NPM. The ${Global} values you see below reflect the ability to use variables in NCM. NCM Credentials Screen

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information