Netzwerkmanagement Thomas Böttge, Solution Architect, HP Networking thomas.boettge@hp.com 25.11.2010 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Disclaimer This presentation contains forward looking statements regarding future operations, product development, product capabilities and availability dates. This information is subject to substantial uncertainties and is subject to change at any time without prior notification. Statements contained in this document concerning these matters only reflect HP Network s predictions and / or expectations as of the date of this document and actual results and future plans of HP Network s may differ significantly as a result of, among other things, changes in product strategy resulting from technological, internal corporate, market and other changes. This is not a commitment to deliver any material, code or functionality and should not be relied upon in making purchasing decisions. 2 4 June 2010
Agenda Einführung Was ist Netzwerkmanagement Kosten sparen durch Netzwerkmanagement Ratschläge für effektives Netzwerkmanagement Netzwerkmanagement mit HP Networking ProCurve Manager Plus (E-PCM+) imc Intelligent Management Center Einfacher als gedacht Installation von PCM+ als Beispiel Live Demo PCM+ imc 3 4 June 2010
Netzwerkmanagement Einführung 4 4 June 2010
Definition Netzwerkmanagement Unter Netzwerkmanagement versteht man die Verwaltung, Betriebstechnik und Überwachung von IT-Netzwerken und Telekommunikationsnetzen. Der englische Fachbegriff für diese Tätigkeiten lautet OAM, Operation, Administration and Maintenance. (Wikipedia) Netzwerkmanagement ist die Bezeichnung der Gesamtheit aller Funktionen und Komponenten zur Überwachung und Steuerung von Netzwerken. (Lexikon IT-Administrator.de) Netzwerkmanagement ist der Prozess des Überwachen und Steuern eines Datennetzwerks, um dessen Effizienz und Produktivität zu optimieren oder zu maximieren. (Hochschule Fulda) 5 4 June 2010
Definition Netzwerkmanagement Die ISO (International Organization for Standardization) definiert fünf Funktionsbereiche für das Netzwerkmanagement (das FCAPS-Modell): (F) Fault Management / Fehlermanagement: Erkennen, Protokollieren, Melden und Beheben von auftretenden Fehlerzuständen (C) Configuration Management / Konfigurationsmanagement: Erfassung aller Komponenten (Configuration Items), die überwacht werden müssen (A) Accounting Management / Abrechnungsmanagement: Erfassen der Benutzung des Netzes, so dass Rechnungen gestellt werden können (P) Performance Management / Leistungsmanagement: Verkehrswerte/Leistungsdaten sammeln und Statistiken führen, Grenzwerte festlegen (S) Security Management / Sicherheitsmanagement: Authentifizierung von Benutzern, Autorisierung von Zugriff und Nutzung 6 4 June 2010
Netzwerkmanagement Kosten senken mit Netzwerkmanagement 7 4 June 2010
Anforderungen an ein Netzwerkmanagement Business Network Operations Kostenreduzierung Reduzierte Übernahme und Support Kosten, Erhöhte Produktivität der IT Hohe Effizienz Schutz von Firmenwerten Zuverlässiges und schnelles Netzwerk Aufrechterhaltung der Netzwerk Sicherheit und Firmen-Richtlinien, Dokumentation 8 4 June 2010
Kosten senken: 9 4 June 2010
Kosten vermeiden: 10 4 June 2010
Netzwerkmanagement Ratschläge für effektives Netzwerkmanagement 11 4 June 2010
Fehleinschätzungen: 12 4 June 2010
Ratschläge: 13 4 June 2010
Proaktives Netzwerkmanagement: 14 4 June 2010
Netzwerkmanagement mit HP Networking E-PCM+ (ProCurve Manager Plus) 15 4 June 2010
PCM+ Merkmale 16 4 June 2010
Depth of Management Features and Breadth of HP Device Support HP ProCurve Manager v3 Breath of support for all E-Series and most A-Series devices Depth of features for HP Networking devices 17 4 June 2010 HP Confidential Depth of Features: Auto-discovery, mapping, polling Event management Event-driven policy actions Policy-based device management Configuration management Traffic management Network Analysis / Diagnostics Flexible and automated reporting Integration capabilities Support: HPN E-Series HPN A-Series Many Cisco Devices
Systemvoraussetzungen (minimum) 18 4 June 2010
Systemvoraussetzungen (empfohlen) 19 4 June 2010
Platform Support HP ProCurve Manager ProCurve Manager has been certified to support several new* platforms (v3.10 and newer) Windows Platforms Windows Server 2008 R2 (64-bit)* Windows Server 2008 (32-bit and 64-bit) Windows Server 2003 (32-bit) Windows XP (32-bit) PCM Client also supported on Windows 7* Windows Vista (32-bit) Virtual Servers Microsoft Hyper-V* VMware ESX v4* VMware ESX 3.5 Geräteunterstützung: Bis zu 2000 Geräte pro Server/1200 Geräte pro virtuellem Server 20 4 June 2010
Distributed Management the Value of Agents HP ProCurve Manager v3 Agents are flexible Deploy centrally increase scalability Distribute regionally/globally correspond to network Agents are secure SSL session is established between agent and server PCM Agent PCM Agent No SNMP, telnet, etc across the WAN PCM Server Agents are reliable Continue to manage if connectivity to server is lost Agents reduce management impact PCM Agent Discovery and polling is closer to the devices Significantly reduced WAN traffic Discovery, Traffic Monitoring, Device Monitoring, etc PCM Agent Agents Support Network Security Firewall traversal to manage secure remote sites Supports service provider model multiple customers from a single management station 21 4 June 2010
ProCurve Network Management Suite HP ProCurve Mobility Manager Wireless LAN planning, deployment, management and monitoring HP ProCurve Identity Driven Manager Policy-based network access control and monitoring HP ProCurve Network Immunity Mgr Network threat monitoring and management Network Management Fault management Configuration management Accounting management Performance management Security management HP ProCurve Manager Plus Network management server platform providing centralized and unified monitoring and management of a wired and wireless LAN environment Centralized console and interface for all ProCurve management tools 22 4 June 2010
PCM+ Plug-In s Identity Driven Manager (E-IDM): Key features: Policy- and identity-based network access rights Provides appropriate access to network resources Dynamically configures security and performance Resilient architecture promotes high availability Integrates with MS Network Access Protection Identity Driven Manager is a powerful tool that allows network administrators to efficiently manage the users and devices connecting to their network. 23 4 June 2010
PCM+ Plug-In s Network Immunity Manager (E-NIM): Key features: Intrusion detection Intrusion response Security Management, including Security Dashboard Policy Management based on event source, location, time and action Centralized Management of HP TMS zl Module Reporting HP Network Immunity Manager detects and automatically responds to internal network threats such as virus attacks. 24 4 June 2010
PCM+ Plug-In s Mobility Manager (E-MM) Key features: Real-time performance monitoring of MSM devices Dashboard of APs, rogues, neighbors, and clients Rich set of wireless services usage graphs Centralized configuration maintenance through PCM Site planning tool and heat map features HP ProCurve Mobility Manager (PMM) is a software module that monitors wireless networks, aids in RF visualization, and leverages HP ProCurve Manager Plus tools in the management of mobility devices 25 4 June 2010
ProCurve ONE Module Management HP ProCurve Manager v3.20 Simplifies the deployment of ProCurve ONE modules and applications Discovers ProCurve ONE Modules in the network A wizard steps users through the process of: Installing a ONE application on the module Activating the ONE application Enables the uninstall a ONE application from a module in order to deploy a different ONE application Can be used to easily deploy the ProCurve Manager Plus Agent application on a ProCurve ONE module 26 4 June 2010
Custom Script Wizard HP ProCurve Manager v3.20 Enables secure user-defined extensions to the ProCurve Manager Plus platform Secure Only authorized PCM+ users can invoke scripts on devices PCM+ maintains credentials so they are not in external scripts Uses secure protocol such as SSH when available on device(s) Easier to use Script wizard handles device interactions such as login and prompts allowing script to focus on control logic Integrates with PCM Can be triggered by events or automation policies within PCM+ Allows for passing information via command line parameters 27 4 June 2010
PCM+ Agent with ONE zl Module is compatible with ProCurve Manager v3.20 28 4 June 2010
PCM+ Agent with ONE zl Module What is it? PCM+ Agent functionality running on a ProCurve ONE Service zl Module! 29 4 June 2010 HP Confidential
Why? Reduced TCO Simplified processes Acquisition the module can be ordered along with other network equipment and is considered a network device, therefore does not require interactions with a server team to deploy a PC server Deployment the module is pre-loaded with the PCM+ agent software, simplifying the deployment process at remote sites where technical expertise may be lacking Management the module includes the PCM+ agent software and the operating system, removing the on-going management of a PC server An integrated and tested solution Reduced footprint the module form-factor reduces the number devices in a rack or at a site Proven interoperability the hardware and software have been tested together, minimizing the chance of integration issues while ensuring a single point of contact for any support issues 30 4 June 2010
Bundle Components PCM+ Agent with ONE Services Module HDD with PCM+ Agent ONE Module Label HP ProCurve Manager Plus Agent PCM+ Agent Application Registration Card ONE Services Module w/o HDD Startup Guide Also available as a ProCurve ONE Application which can be loaded onto the HP ProCurve ONE Services zl Module (J9289A) 31 4 June 2010
Product Release Info ProCurve Manager v3.20 32 4 June 2010
Product Availability and Licensing ProCurve Manager Plus v3.20 HP ProCurve Manager Plus v3.20 Availability web download available July 12, 2010 Licensing Same product structure as PCM v3.00 release for new customers Free update for customers with who registered PCM v3 license within last 12 months Purchase of extended maintenance SKU is required for customers who activated more than 1 year ago, enables update and extended phone support J9630A HP ProCurve Manager Plus v3 Platform 50-device License Additional 1-year Maintenance J9631A HP ProCurve Manager Plus v3 Platform Unlimited-device License Additional 1-year Maintenance 33 4 June 2010
HP ProCurve Manager Plus Network Management Suite Target Customers Medium to Large networks ranging from 10 up to 3500 network devices Primarily ProCurve networks Solution Benefits Broad management capabilities from a single management platform Reduced TCO tiered pricing, minimal time-to-value, reduced management overhead Secure management for distributed networks Integrates with HP Network Management Center tools for deeper management of ProCurve devices 34 4 June 2010
Licensing Model HP PCM+ (NIM, MM) Comes with support for 50 devices (Device = IP address) IDM starts with 500 devices Extra Node Licenses can be purchased Add in steps of 100 devices or unlimited IDM: add in steps of 1000 devices or unlimited Download Evaluation version from HP web site Will run as full version for 60 days, after 60 days as limited PCM version 35 4 June 2010
Netzwerkmanagement mit HP Networking imc (intelligent Management Center) 36 4 June 2010
What is IMC and why is it different? IMC is our next generation management platform for A Series networks HP IMC Enterprise & HP IMC Standard Unique Highly Integrated Single Pane Management Integrated management of Resources, Service and Users Single platform for managing Cisco and HP networks Supports Cisco, HP (E-Series/ProCurve), H3C, 3Com, and 3 rd party devices Ideal for managing through vendor transition or introduction Single interface and application to manage entire network Delivers full FCAPS solution Rich portfolio of Modules extend functionality as needed UAM/EAD deliver power full NAC Wireless, QoS, SLA etc.. 37 4 June 2010
Enterprise Network Management Problems I have too many tools Every vendor, every technology is requiring its own management interface. There is a need to Do more with less My network is unstable due to changing configurations I ve no visibility or control of what's happening on my network I need to control who has access to what Change accounts for 69% of network downtime and degradation. How do I handle, secure, and audit change? Who is doing what on my network? How are my business critical applications and services running? Is my network optimized to deliver services for my users Who has access, What and When do they have access, but also What are they doing once they have access 38 4 June 2010
Minimum System Requirements 39 4 June 2010
System Requirements 40 4 June 2010
Highly Resilient & Scalable Deployment EAD MVM UAM EAD ACLM WSM UAM ACLM WSM Performance management MVM... Alarm management NE management Slave 1 Slave 2 Slave 3 Slave n Resource management Performance management Resource management Centralized deployment Alarm management Distributed deployment Master NE management Browser Browser Browser Number of supported devices only limited by Server Hardware! 41 4 June 2010
IMC Platform Portfolio HP IMC Enterprise Hierarchical top level Supports 200 nodes Unlimited Node support Platforms Linux / Oracle / MySQL Win Server 2003 / MS SQL 2005 Win Server 2008 / MS SQL 2008 Includes NTA module No integrated DB HP IMC Standard Can be slave Supports 100 nodes Unlimited Node support Platforms Linux / Oracle / MySQL Win Server 2003 / MS SQL 2005 Win Server 2008 / MS SQL 2008 Integrated DB MS SQL Express Additional incremental node licenses 100, 500, 1000, 5000 & Unlimited Some features only with imc v5.0 Release available November 2011! 42 4 June 2010
HP IMC Standard Service Components Intelligent Configuration Center Device Manager ACL Manager Security Control Center Platform imc Platform 43 4 June 2010
HP IMC Enterprise Service Components Intelligent Configuration Center Network Traffic Analysis Device Manager ACL Manager Security Control Center Platform imc Platform 44 4 June 2010
HP IMC Enterprise & HP IMC Standard MPLS VPN Manager EPON Management Service Components IPSec VPN Manager Intelligent Configuration Center Wireless Management User Access Management Endpoint Admission Defense Network Traffic Analysis Security Management Component QoS Audit Component Behavior Audit Component Device Manager ACL Manager Security Control Center Platform imc Platform EPON = Ethernet Passive Optical Network used for Fiber-to-the-building 45 4 June 2010
imc Features 46 4 June 2010
Powerful Administration Control Multi User Role based management Administrator controls who can manage what Full audit trails of operator actions 47 4 June 2010
Rich Resource Management Powerful Discovery and Topology Full Inventory of network infrastructure Layer 2, Layer 3 and VLAN Topologies Organise and visualise network via Customer Views Integrated Element Management 48 4 June 2010
Powerful Performance Management Maximise network availability through powerful monitoring of CPU, memory and bandwidth utilization, device response times & availability and much more TopN statistics highlight most loaded area & devices Threshold based alarming quickly highlight issues Customizable Alarm filters stops information overload 49 4 June 2010
Efficient Fault & Event Management Allows in dept correlation and analysis of alarms IMC, Trap and Syslog Helps efficient trouble shooting Experience capture ensures lessons are shared 50 4 June 2010
Flexible Reporting Analysis of network trends and capacity planning Predefined and Custom reports Schedulable and flexible delivery options including email 51 4 June 2010
Simplified VLAN Management Simplifies the deployment and management of VLANs View current VLAN configuration Including VLAN topology Bulk deploy VLANs across the network 52 4 June 2010
Comprehensive Configuration Management Fast efficient roll out of network changes Bulk configuration Lock down network configuration Scheduled Backup & restore Baselining and notification of network changes Flexible Agent Administration Running or standby deployment 53 4 June 2010
ACL Management Simplified definition and deployment of ACLs Enables network based security and QoS ACL rule optimisation ensure efficient use of ACL resources 54 4 June 2010
Network Traffic Analysis Unlock the power of sflow, NetFlow and NetStream Allows greater visibility and control of network usage Enables User based traffic flows and network usage Including fault and SLA analysis, Easy to understand reports based on traffic, application and session baseline and trend of network traffic 55 4 June 2010 55
IMC Cisco Support Comprehensive support of Cisco Discovery / Topology Monitoring / Performance Management Events / Traps Configuration Backup / Restore Configuration comparison Baselining and change notification Bulk Configuration Single management solution for mixed HP/Cisco Network Ideal for product migration 56 4 June 2010
Licensing Model HP IMC Enterprise and HP IMC Standard Comes with support for 100 devices (Device = IP address) 200 devices with Enterprise Edition with imc 5.0 Extra Node Licenses can be purchased Add incrementally 100, 500, 1000, 5000 or unlimited Download Evaluation version from HP web site Will run for 60 days 50 node limit for evolution Enterprise requires a database Can use Windows XP & MS SQL Express for evaluation only 57 4 June 2010
New Features in HP IMC 5.0 Dynamic B/S Architecture Custom Homepage IP/Network Topology (STP/MSTP Topology, Visio Export) Datacenter Topology (with 3D!) VMWare Management Performance Enhancement Enhanced Cisco Support including Software upgrades, VLAN Management, Network Traffic Analysis 58 4 June 2010
Netzwerkmanagement Installation PCM+ als Beispiel 59 4 June 2010
Parameter Physikalisch: Hardware: Software: 2.5 Ghz Quad-Core AMD Phenom CPU 4 GB Arbeitsspeicher 1 TB Festplatte Windows 7 (32 Bit) VMWare Workstation 6.5.3 Virtuell: Hardware: 1 Prozessor für VM 2 GB Arbeitsspeicher 100 GB Festplatte Software: Windows XP Professional Service Pack 3 60 4 June 2010
Start installation 61 4 June 2010
Introduction 62 4 June 2010
License Agreement and Read Me First 63 4 June 2010
Auto detection of current configuration 64 4 June 2010
Auto detection of current configuration (2) 65 4 June 2010
Choose Install Set For inital installation, it is recommended to install PCM without Plug-In s! 66 4 June 2010
Choose Install Folder Make sure you have enough free space on your harddisk! 67 4 June 2010
Pre-Installation Summary 68 4 June 2010
Installing......takes some time... 69 4 June 2010
NNMi Integration 70 4 June 2010
Configure User Settings Make sure you remember your passwords!!!!!!!!! 71 4 June 2010
PCM Administrator Password Make sure you remember your passwords!!!!!!!!! 72 4 June 2010
Initial Discovery Setting 73 4 June 2010
Set SNMP parameters 74 4 June 2010
Set CLI parameters 75 4 June 2010
Set Proxy parameters 76 4 June 2010
Automatic Update parameters 77 4 June 2010
Done!!! 78 4 June 2010
First Start of PCM+ Connect to server (Localhost) Login (if you still know your password...) 79 4 June 2010
Here we go... 80 4 June 2010
Found some devices automatically 81 4 June 2010
Netzwerkmanagement Live Demo s 82 4 June 2010
83 4 June 2010 Outcomes that matter.