...
See the following procedures to install and deploy your NetMRI Operations Center appliances:
- 1st Step: Configuring Basic Settings for the Operations Center Controller
- 2nd Step: Installing the Operations Center License on the Controller
- 3rd Step: Running Configure Tunserver on the Controller
- 4th Step: Installation for Operations Center Collectors
- 5th Step: Installing the Operations Center Collector Licenses
- 6th Step: Registering NetMRI Collectors
- Configuring Network Interfaces for Operations Center
...
- Keep device management levels below the licensed device limits on each collector appliance.
- Though you have greater flexibility for network connectivity through using network views, multiple scan interfaces and virtual scan interfaces, these features do not influence the licensing limits and capacities of your appliances.
- License limits should be defined to allow for organic and anticipated growth of the network. Consult with your Infoblox sales representative for a detailed assessment of your licensing needs.
- License limits are enforced on each collector appliance in an OC deployment. Your OC design should avoid having excessive numbers of licenses on collectors, which can overwhelm the Operations Center and prevent timely operation.
- New devices can 'bump' older previously-discovered devices from the license limit.
- Devices in higher-ranked device groups will be prioritized for licensing. (You can change device group rankings in Settings icon –> > Setup –> > Collection and Groups –> > Groups tab.)
- Avoid using device licenses on devices in end-user network segments.
- During setup of a new deployment, use the default network view when you define your first discovery ranges to initially discover the network.
- An initial network view will be present in a new Operations Center deployment. Initial setup for a new Operations Center deployment automatically creates a default network view, named Network 1, as part of the procedure. This network view is automatically assigned to the Collector appliance's LAN1 port before you perform discovery of the network.
- When you create your initial discovery ranges, the Network 1 network view is automatically assigned to the LAN1 interface on the Collector. This network view represents the global routed network, which is the network that NetMRI will discover that is not reliant on virtual networks to route traffic.
- When you create your discovery ranges, static IP addresses and Seed Routers (in Settings icon –> > Setup –> > Discovery Settings –> > Ranges/Static IPs/Seed Routers), each range provides a Network View drop-down menu. You select one network view for each discovery setting; however, a network view can work with multiple discovery ranges. A single network view can use all three discovery objects.
You define network views (under Settings icon –> > Setup –> > Network Views) and can assign other networks to those views. - For VRF discovery, you do not need to define discovery ranges in the initial rollout. NetMRI will discover VRF-aware devices in its first discovery of the global enterprise network. The system then displays a System Health alert notifying you that unassigned VRFs have been discovered.
...
- Avoid using too many device groups. Target using 50 or fewer Extended device groups. Platform Limits also influence the number of device groups allowable in your system.
- Device groups govern summary data aggregations and other device processing within each group. Device groups are defined in two varieties: Basic device groups, which offer minimal functionality and simply provide a basic categorization for discovered devices such as end hosts; and Extended device groups, which allow the enabling and disabling of specialized group features based upon the type of devices in the group. For more information, see the sections beginning with Device Groups and Switch Port Management and Creating Device Groups.
- You can define the required device groups for your deployment; delete those that you do not need. Also, avoid frequent group definition changes, additions and deletions.
- Keep the Unknown and Name Only device groups; do not delete these device groups.
- Also see Understanding Platform Limits for your Deployment.
...
- Ensure reliable network connections between collectors and the Operations Center node.
- Avoid disruption of network connections between the Operation Center and its associated collectors.
- Also ensure that DNS resolution is complete between all Collector appliances and the Operations Center Controller appliance. All Collectors should consistently be able to synchronize correctly with the Controller. (By itself, registering successfully with the Controller does not guarantee this, because registering is done solely by the Controller IP address. This could occur, for example, if a Collector is placed in the DMZ for an enterprise network.) You can use the show tunclient command on each Collector to verify DNS resolution of the Controller on the Collector. If you see RESOLVE: Cannot resolve host address messages in the show tunclient command output, add an entry for the Operations Center Controller to the Collector's /etc/hosts file.
...
- Use recommended methods to improve reporting performance for your Operations Center.
- Filter down to the most important data, such as individual device groups, specific time windows and other Report settings.
- Schedule large, complex reports to run during off-hours.
- Avoid unnecessarily large reports. Example: Save out monthly reports instead of running multiple-month reports.
- Disable details for reports offering that function, if and when desirable and the details are not germane to the report.
- If you have simultaneously running reports, change the Concurrently Running Reports setting under Settings icon
...
- >General Settings
...
- >Advanced Settings page.
...
- Manage Syslog Traffic.
- When sending syslog to the appliance, limit the log level to reduce volume.
- You can find a description of the specific Syslogs that NetMRI processes at the example URL: https://your-netmri/netmri/api/change/syslog-config.tdf?contentType=text/xml.
...
- Disable or adjust VM performance monitoring systems for the product.
- Because Operations Center VMs tend to be extremely I/O intensive, with continuous 100% CPU utilization, vSphere performance monitoring should be reduced or disabled.
- Because Operations Center VMs tend to be extremely I/O intensive, with continuous 100% CPU utilization, vSphere performance monitoring should be reduced or disabled.
- Avoid placing multiple NetMRI instances on the same host.
Operations Center/NetMRI instances present significant demands on I/O, particularly on virtual machine hosts. Avoid attempting to run Operations Center appliance instances on hosts with other VMs.
- Avoid sharing storage with other virtual applications.
- Use dedicated local storage if at all possible.
- For network-based storage, assign dedicated spindles to the virtual machine.
...
- In the host, use a high-quality RAID controller.
- Operations Center and NetMRI virtual machines are sensitive to RAID controller quality, such as using software RAID or a RAID controller on the motherboard. Using these options is in fact worse than using no RAID at all.
- Infoblox recommends an enterprise-grade controller with a battery-backed write cache.
- Infoblox recommends use of RAID-10.
4. Enable Intel VT options in the BIOS of the host system.
...
- Begin with a small set of devices and ensure your discovery ranges, defined credentials, and seed routers are all correct.
- Ensure that firewall gateways for any networks to be discovered allow discovery traffic through open TCP/UDP ports 161 and 162, to allow SNMP traffic.
- Ensure that your discovery ranges, static IPs and seed routers are associated with their correct network views. For initial discovery, your ranges and other discovery settings can simply be associated with the Network 1 network view, which is automatically created during appliance setup and is bound to the SCAN1 port on your Collector appliance. For more information, see Configuring Network Views.
- Avoid defining large Discovery Ranges such as /8 or /16, and avoid defining more than 1000 ranges of any size. However, having a large discovery range and seed routers is a more effective discovery technique than using hundreds of small ranges. (You can change device group rankings in Settings icon –> > Setup –> > Discovery Settings). For more information, see Configuring Discovery Ranges.
- For discovery using ping sweeps, avoid attempting ping sweeps of greater than /22 subnets. Ping sweeps use protocols other than ICMP and can incur delays in refreshing previously discovered devices. For information on Smart Subnet ping sweep, see Defining Group Data Collection Settings.
...
NetMRI provides a detailed System Health feature set that helps enforce key evaluation elements such as Platform Limits, Licensing Limits and Effective Limits for a deployment. For more information, see the section Understanding Platform Limits, Licensing Limits and Effective Limits.
NetMRI Platform limits, Licensed limits, and Effective limits apply to all collector appliances and instances in an Operations Center. On the Operations Center, the Settings icon –> > Setup –> > Tunnels and Collectors page separately lists each collector's status and their associated device limits. For more information, see Checking NetMRI Collectors Operation.
...
Take the following procedures to install and configure an Operations Center:
1st Step: Configuring Basic Settings for the Operations Center Controller
2nd Step: Installing the Operations Center License on the Controller
3rd Step: Running Configure Tunserver on the Controller
4th Step: Installation for Operations Center Collectors
5th Step: Installing the Operations Center Collector Licenses
6th Step: Registering NetMRI Collectors
...
Communication between the Controller and its associated Collectors takes place over a set of Secure Sockets Layer Virtual Private Networks (SSL VPN) across their designated management network. You monitor Operations Center VPN tunnels and basic collector communication from the Settings icon –> > Setup –> > Tunnels and Collectors page. Each VPN tunnel between the Operations Center and the associated Collectors appear in the list.
...
- Use a terminal program to connect to the management IP address of the Controller appliance.
- Log in using the default admin/admin username/password account.
Note: The values you enter in the configure server command are the default values that will appear in this series of steps. If your Operations Center is configured through DHCP, default values from that service appear here. Avoid overwriting DHCP-provided settings if this is the case.
...
- At the Admin Shell prompt, enter configure server and press Enter.
admin-na206.corp100.com> configure server
...
- Press Y to respond Yes to begin system setup.
Default values can be erased by pressing the spacebar and pressing Enter or by entering new values.
...
- Enter the new Database Name and press Enter.
Database Name is a descriptive name for this deployment. It is used in reports titles, headers, etc.
Recommended: Begin name with uppercase letter.
Database Name []: Corp100_west
...
- For the first-time installation, you can choose to generate a new HTTPS certificate.
Do you want to generate a new HTTPS Certificate? (y/n) [n]: y
...
- Enter the local domain name in which the controller resides. This value is used for truncating device names in NetMRI data sets throughout the system.
Domain Name 1 (e.g., example.com) []: corp100.com
Domain Name 2 (optional) []:
...
- Enter the time server IP address if one is available or is necessary:
Time Server [us.pool.ntp.org]:
...
Enter the time zone region by typing in the suggested numeric value from the list:
Time Zone Regions
Choose your local region.0.Africa1.Antarctica2.Arctic3.Asia4.Atlantic5.Australia6.Brazil7.Canada8.CET9.Chile10.EET11.GMT12.GMT-113.GMT+114.GMT-215.GMT+216.GMT-317.GMT+318.GMT-419.GMT+420.GMT-521.GMT+522.GMT-623.GMT+624.GMT-725.GMT+726.GMT-827.GMT+828.GMT-929.GMT+930.GMT-1031.GMT+1032.GMT-1133.GMT+1134.GMT-1235.GMT+1236.Europe37.Hongkong38.Iceland39.Indian40.Israel41.Mexico42.NZ43.NZ-CHAT44.Pacific45.US46.UTC47.WETEnter choice (0-47) [0]: 45
...
Enter the time zone location by typing in the suggested numeric value from the list:
Choose a location within your time zone.0.Alaska1.Aleutian2.Arizona3.Central4.East-Indiana5.Eastern6.Hawaii7.Indiana-Starke8.Michigan9.Mountain10.Pacific11.SamoaEnter choice (0-11) [0]: 10
...
Follow the steps for configuring the management port IP settings:
+++ Configuring Management Port Settings
You must configure an IPv4 or IPv6 address/mask on the management port.
NetMRI can perform analysis from the management port or a separate scan port.
IP Address (optional) []: 10.120.25.212Subnet Mask (optional) []: 255.255.255.0IPv6 Address (optional):IPv6 Prefix (optional):You must provide either an IPv4 gateway, an IPv6 gateway, or both.IPv4 Default Gateway (optional) []: 10.120.25.1IPv6 Default Gateway (optional) []:
...
Enter n for No and press Enter to skip the step for configuring the SCAN port on the Controller appliance:
Do you want to configure the Scan Port? (y/n) [n]: <enter>
You will not use the SCAN ports LAN1 and LAN2 on the Controller appliance in an OC deployment.
...
Enter the address(es) of the primary and secondary DNS server, if required:
DNS Server 1 (IP) []: 172.23.16.21
DNS Server 2 (optional) []:
...
The setup utility lists the configuration settings and queries whether you wish to edit them.
Edit these settings? (y/n) [n]:
...
Finally, the setup utility requests that you commit your settings. Press Enter to accept the Y (yes) default.
Configure the system with these settings? (y/n) [y]:
Configuring system ...
+++ Validating Interfaces ...
+++++ eth0 ... OK
+++++ eth1 ... OK
The controller appliance restarts.
...
Verify your settings by entering the following:
admin-na206.corp100.com> show settings
This command lists the complete config settings for the Operations Center.
For the controller appliance, continue to the next topic, 2nd Step: Installing the Operations Center License on the Controller.
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...
- After logging in to the Controller appliance, re-run the configure server command:
admin-na206.corp100.com> configure server - Press Y to respond Yes to continue system setup. You step through the settings you defined in your first run of the configure server command by pressing Enter at each prompt. (You do not need to change any settings unless changes are required for administrative reasons.) When you come to the end of the configure server command sequence, enter N to commit the previously defined settings to the system.
Configure the system with these settings? (y/n) [y]: nConfiguring system ...+++ Validating Interfaces ...+++++ eth0 ... OK+++++ eth1 ... OKThe controller appliance restarts.
- Continue to the next topic, 3rd Step: Running Configure Tunserver on the Controller.
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...
To check operation of VPN tunnel connections with Collector appliances, go to Settings icon –> > Setup –> > Tunnels & Collectors on the Controller.
...
- Use a terminal program to connect to the management IP address of the Collector appliance.
- Log in using the default admin/admin username/password account.
- At the Admin Shell command prompt, enter configure server and press Enter.
- Complete the following:
Note: If your Operations Center Collectors are configured through DHCP, default values from that service will appear here. Do not override DHCP settings while using the configure server command. In this procedure, we assume use of a static IP address on the management network for each Collector.
...
- At the Admin Shell prompt, enter configure server and press Enter.
...
- Press Y to respond Yes to begin system setup:
Do you want to start system setup now? (y/n) [n]: y
Default values, when available, are given within [].
You may clear defaults by typing a SPACE and pressing Enter.
+++ Configuring Network Identification Settings
...
- Enter the new Database Name and press Enter.
Database Name is a descriptive name for this deployment. It is used in reports titles, headers, etc.
Recommended: Begin name with uppercase letter.
Database Name []: Corp100_west
...
- Enter the new Server Name and press Enter.
The Server Name identifies this system in SNMP and HTTPS server certificates.
The installed HTTPS certificate contains the following subject:
subject= /CN=NetworkAutomation-2210201208100028/O=NetMRI
Server Name []: corp100_187
...
- For the first-time installation, you can choose to generate a new HTTPS certificate.
Do you want to generate a new HTTPS Certificate? (y/n) [n]: y
...
- Enter the local domain name in which the appliance resides. This value is used for truncating device names in NetMRI data sets throughout the system.
Domain Name 1 (e.g., example.com) []: corp100.com
Domain Name 2 (optional) []:
...
- Enter the time server IP address if one is available:
Time Server [us.pool.ntp.org]:
...
Enter the time zone region by typing in the suggested numeric value from the list:
Time Zone Regions
Choose your local region.
Time Zone Regions
Choose your local region.0.Africa1.Antarctica2.Arctic3.Asia4.Atlantic5.Australia6.Brazil7.Canada8.CET9.Chile10.EET11.GMT12.GMT-113.GMT+114.GMT-215.GMT+216.GMT-317.GMT+318.GMT-419.GMT+420.GMT-521.GMT+522.GMT-623.GMT+624.GMT-725.GMT+726.GMT-827.GMT+828.GMT-929.GMT+930.GMT-1031.GMT+1032.GMT-1133.GMT+1134.GMT-1235.GMT+1236.Europe37.Hongkong38.Iceland39.Indian40.Israel41.Mexico42.NZ43.NZ-CHAT44.Pacific45.US46.UTC47.WETEnter choice (0-47) [0]: 45
...
Enter the time zone location by typing in the suggested numeric value from the list:
Choose a location within your time zone.0.Alaska1.Aleutian2.Arizona3.Central4.East-Indiana5.Eastern6.Hawaii7.Indiana-Starke8.Michigan9.Mountain10.Pacific11.SamoaEnter choice (0-11) [0]: 10You continue by configuring the management port settings. You define the IPv4 and IPv6 addresses and subnet masks the default gateway IP address for the management port:
You must configure an IPv4 or IPv6 address/mask on the management port.
NetMRI can perform analysis from the management port or a separate scan port.
IPv4 Address (optional) []: 10.120.32.181
IPv4 Subnet Mask (optional) []: 255.255.255.0
IPv6 Address (optional):
IPv6 Prefix (optional):
IPv4 Default Gateway (optional) []: 10.120.32.1
IPv6 Default Gateway (optional) []:
Note: When registering a Collector to the OC, make sure that they both are in the same time zone. Use theconfigure servercommand to set the Collector time zone to match the OC (US/Eastern). Changing the time zone requires a system reboot.
...
Enter Y (yes) to perform the step for configuring the LAN1 port on the collector appliance:
Do you want to configure the Scan Port? (y/n) [n]: y
You must configure an IPv4 or IPv6 address/mask on the scan port.
IP Address (optional) []: 10.0.60.181
Subnet Mask (optional) [] 255.255.255.0 :
IPv6 Address (optional):
IPv6 Prefix (optional):
You must provide either an IPv4 gateway, an IPv6 gateway, or both.
IPv4 Default Gateway (optional) [] 10.0.60.1 :
IPv6 Default Gateway (optional) []:
...
Enter the address(es) of the primary and secondary DNS server, if required:
DNS Servers are used to map hostnames to IP addresses.
You may enter up to 2 name servers below.
DNS Server 1 (IP) []: 172.23.16.21
DNS Server 2 (optional) []:
...
The setup utility lists the configuration settings and queries whether you wish to edit them.
Edit these settings? (y/n) [n]:
...
The setup utility requests that you commit your settings. Enter to accept the Y (yes) default.
Configure the system with these settings? (y/n) [y]:
Configuring system ...
+++ Validating Interfaces ...
+++++ eth0 ... OK
+++++ eth1 ... OK
The Collector appliance restarts.
You continue by installing the license for each Collector appliance. Continue to the next topic, 5th Step: Installing the Operations Center Collector Licenses.
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...
- Use a terminal program to connect to the management IP address of each Collector appliance.
- Log in using the default admin/admin username/password account.
- Execute the following Admin Shell CLI commands on a newly installed or reset Operations Center appliance:
admin-na206.corp100.com> register
NOTICE: The inactivity timeout is being disabled temporarily while this command is run.
+++ Configuring Tunnel Registration Settings
Registration Server/IP [e.g., example.com]: 10.1.21.2
Registration protocol (http|https) [https]:
Registration username: admin
Registration password:#$^%#*#$
Register this system? (y/n) [y]:y
...
- Press Y to establish the secure communication link between the Collector and the Operations Center appliance.
You can migrate from a standalone NetMRI appliance to an Operations Center environment. This procedure is described in the following section, Importing Data From a Reference NetMRI Instance section.
For how to delete a NetMRI collector, see Deleting NetMRI Collectors.
Deleting NetMRI Collectors
...
- Choose the NetMRI instance as a reference system from which data will be copied.
Only information from the reference NetMRI can be imported into the Operations Center. When adding multiple NetMRI instances to an Operations Center environment, the scripts, policies and settings may differ between NetMRI instances. Therefore, any of the deltas you want imported into the Operations Center must either be manually added to the reference NetMRI, or imported into the Operations Center after the reference NetMRI is restored on the Operations Center.
...
- Configure the Controller:
- Log in to the admin shell on the Operations Center Controller.
- At the command prompt, enter configure tunserver.
- When prompted to
Enter the reference system serial number or RETURN to skip, type the serial number of the NetMRI reference system, then press ENTER.
Tip: In each prompt, defaults are shown in square brackets [ ]. To accept the default, simply press ENTER.
...
- When prompted:
Use these settings?, enter y.
- When prompted:
...
- When prompted to restart the Controller, enter y.
The complete package of scripts, policies and user data is downloaded by the Operations Center. You install the data in a following step.
- When prompted to restart the Controller, enter y.
...
- Register the reference system with the Controller:
- Log in to the admin shell on the reference system.
- At the command prompt, enter register.
- When prompted to
Register this system?, enter y. - You are prompted to run
restore-settingson the master server. Continue in step 4.
...
- Define restore settings on the Controller: (This installs the uploaded reference data.)
- If needed, log in to the admin shell on the Controller.
- At the command prompt, enter restore-settings.
- At the
Continue with import?prompt, enter y. (This installs the reference data on the Controller.) - When prompted to restart the Controller, enter y.
...
- Re-register the reference unit with the Controller.
- If needed, log in to the admin shell on the reference system.
- At the command prompt, enter register.
- When prompted to
Register this system?, enter y. - The appliance restarts. After restarting, the instance will be a collector in the Operations Center system.
...
- Convert the NetMRI appliance to an Operations Center Controller:
- Obtain an Operations Center license from Infoblox.
- Upload the license into the admin account's /Backup directory using WinSCP or a similar program.
- Log into the admin shell and enter the license <NameOfLicenseFile> command.
- Log in to the administrative shell and enter the
configure tunservercommand. Answer the prompts to set up the basic tunnel server settings, as described in the section 3rd Step: Running Configure Tunserver on the Controller.
| Anchor | ||
|---|---|---|
|
...
|
...
|
| Anchor | ||||
|---|---|---|---|---|
|
NetMRI requires a connection to each network you wish to directly discover, manage or control. Scan Interfaces are the ports on NetMRI appliances and virtual appliances that perform this function. Physical scan interfaces are actual Ethernet ports on the appliance.
...
- Log in to the Standby Operations Center command line via SSH using the admin/admin system credentials.
- Execute the following Admin Shell CLI commands on a newly installed or reset Standby Operations Center instance:
- Define the management port IP configuration for the Standby Operations Center:
admin-na206.corp100.
- Define the management port IP configuration for the Standby Operations Center:
...
com> configure server- Install the license for the Standby Operations Center:
- For a physical appliance, generate a license by running the license generate command. For more information, see license generate command.
- For a virtual appliance,
- For a physical appliance, generate a license by running the license generate command. For more information, see license generate command.
...
...
- com> license <license filename>.gpg.
- Define server settings for the Standby Operations Center:
admin-na206.corp100.
...
com> configure server
Make a note of your settings for Step 6 of this Procedure.
Note: The configure server command also generates a new self-signed certificate for the Standby Operations Center. In cases where a CA-signed certificate is used in the original Operations Center, the HTTPS certificates need to be configured using the procedures described in the topic NetMRI Security Settings in the Admin Guide and in the online Help.
...
- Verify your settings by entering the following commands:
admin-na206.corp100.com> show settings
List the complete config settings for the Standby Operations Center.
admin-na206.corp100.com> show license
Show the installed license for the Standby Operations Center.
...
- Via SCP, manually transfer the Primary Operations Center database archive to the Standby Operations Center.
Note: You can also configure the database backup for the Primary as an automated transfer, using the Settings icon > Database Settings > Scheduled Archive screen on the Primary Operations Center to archive the OC database to the system designated as the Standby. The backup directory in this case should be set as "Backup"; for more information, see Database Archiving Functions in the Admin Guide and in the online Help.
Note: When using the automated database backup, you must first log in to the Standby Operations Center through your web browser, and set the admin password to a value different from the "admin" factory default.
In this case, after the Standby OC system is activated as the Primary, click the Settings > Database Settings > Scheduled Archive tab and define another remote system to back up the new OC's database archive.If you schedule the transfer to occur within six hours of the start of weekly maintenance, no new archive will be created. Instead, the archive generated by weekly maintenance will be used. For large deployments with a lot of data, configuring backups to occur more frequently than the weekly interval may affect overall system performance.
...
- Using the Admin Shell on the Standby Operations Center, restore the database archive on the Standby Operations Center. Restore time depends upon the size of the database, and may take several hours for a large system.
admin-na206.corp100.com> restore ExampleNet_4050201203200004-20130221-641
Note: The admin credentials (that default to admin/admin) are changed on the Standby Operations Center following the database restore operation. The Standby Operations Center will use the admin credentials that previously applied on the Primary Operations Center.
...
- When the database restore task finishes on the Standby Operations Center, run configure server a second time to regenerate the Standby Operations Center's self-signed certificate for HTTPS access. Retain your settings previously defined in Step 2 of this Procedure.
...
- In the administrative shell on the Standby Operations Center, configure the VPN tunnel server on the Standby Operations Center using the same VPN subnet and other settings as on the Primary. When asked for the Server Public Name or IP address, be sure to enter the correct value for the Standby Operations Center. Do not configure a reference collector. The following listing is a sample capture for an entire session:
admin-na206.corp100.com> configure tunserver
+++ Configuring CA Settings
CA key expiry in days [5475]:
CA key size in bits [1024]:
+++ Configuring Server Settings
Server key expiry in days [5475]:
Server key size in bits [1024]:
Server Public Name or IP address: 172.23.27.170 <new IP address for Standby>
Protocol (tcp, udp, udp6) [tcp]:
Tunnel network base [5.0.0.0]:
Block cipher:
0. None (RSA auth)
1. Blowfish-CBC
2. AES-128-CBC
3. Triple DES
4. AES-256-CBC
Enter Choice [2]:
Use compression [y]:
You can optionally designate a NetMRI client system as a "reference" system that will be used as a source of common settings.
Enter reference system serial number or RETURN to skip: <press Enter here>
Use these settings? (y/n) [n]: y
+++ Initializing CA (may take a minute) ...
+++ Creating Server Params and Keypair ...
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
....++*++*++*
+++ Creating Server Config ...
Successfully configured Tunnel CA and Server
The server needs to be restarted for these changes to take effect.
Do you wish to restart the server now? (y/n) [y]: y
+++ Restarting Server ... OK
...
- Check the Standby Operation Center’s VPN tunnel server settings, which are used for communications between the Operations Center and its collectors, before proceeding:
example-oc> show tunserver
CA configured: Yes
Server configured: Yes
ServerPublicName: 172.23.27.170
Proto: tcp
Port: 443
KeySize: 1024
Network: 5.0.0.0
Cipher: AES-128-CBC
Compression: Yes
Service running: Yes
Reference NetMRI SN: N/A
Reference NetMRI Import: Skipped
Client Sessions:
UnitSerialNo: 1200201202100020
UnitName: oc-170-coll-1
UnitIPAddress: 5.0.0.15
Network: ExampleNet
UnitID: 1
Status: Offline: Last seen 2013-02-21 03:01:01
...
- ...
...
- Using a Web browser, log in to the Standby Operations Center. Note that the admin password for the Standby Operations Center system will now be set to the password of the Primary Operations Center.
...
To re-enable all data collectors needed for the configuration, click the Settings icon > Setup > Collection and Groups.
Note title Note Note: You must re-enable SNMP collection on this page, as it is automatically disabled on a restore.
...
- To verify that all collectors are listed, click the Settings icon > Setup > Tunnels and Collectors,
...
...
- Register the collectors to the Standby Operations Center by executing the following commands on each of the collectors. You use these commands to specify the Standby Operations Center IP address and new admin credentials:
admin-collector111.corp100.com> reset tunclient
admin-collector111.corp100.com> register
...
- Verify Operations Center collector registration and communication by entering the following:
example-oc> show tunclient
Client configured: Yes
Server: 172.23.27.182
Proto: tcp
Port: 443
Cipher: AES-128-CBC
Compression: On
Tunnel Server IP: 5.0.0.1
Tunnel Client IP: 5.0.0.10
Server reachable: Yes
Service running: Yes
Latest Service Log Entries:
Apr 10 17:02:51 localhost openvpn[20804]: VERIFY KU OK
Apr 10 17:02:51 localhost openvpn[20804]: Validating certificate extended key usage
Apr 10 17:02:51 localhost openvpn[20804]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Apr 10 17:02:51 localhost openvpn[20804]: VERIFY EKU OK
Apr 10 17:02:51 localhost openvpn[20804]: VERIFY OK: depth=0, /C=US/ST=CA/L=Santa_Clara/O=Infoblox/OU=na_Operations_Center/CN=OC182/name=Tunnel-Server/emailAddress=support@infoblox.com
Apr 10 17:02:51 localhost openvpn[20804]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Apr 10 17:02:51 localhost openvpn[20804]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 10 17:02:51 localhost openvpn[20804]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Apr 10 17:02:51 localhost openvpn[20804]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 10 17:02:51 localhost openvpn[20804]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
...
- example-oc>
...
- Log back in to the Standby Operations Center UI. In Settings > Setup > Tunnels and Collectors, verify that each of the registered collectors are online. The Operations Center will begin receiving data from collectors immediately after the connection is established. Data processing and analysis will catch up in a time interval similar to how long the collectors were offline.
...
- In Settings
...
- > Database Settings
...
- > Scheduled Archive, define the new archiving settings that you will need for the new Operations Center system, including enabling automatic archiving, defining the recurrence pattern, and defining the remote systems that will receive the periodic archives.
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...
- Install the standalone license on the replacement collector. For more information, see 5th Step: Installing the Operations Center Collector Licenses.
To replace a collector in an Operations Center environment, complete the following:
...