13.4.2 Initial preparation
- Organization of this subsection
(1) Port availability: Configuring the firewall
For the global network management feature to function properly, verify that certain well-known ports are open for TCP access from global1 to regional1 and regional2. The NNMi installation script sets port 80 by default, but you can change this value during installation.
- Reference note
-
In the example discussed in this subsection, global1 establishes TCP access to regional1 and regional2. Firewalls are usually configured based on the server initiating the connection. After global1 establishes the connection to regional1 and regional2, traffic flows in both directions.
Edit the following file to see the current values or to make changes to the port configuration:
-
Windows: %NNM_CONF%\nnm\props\nms-local.properties
-
UNIX: $NNM_CONF/nnm/props/nms-local.properties
The following table shows the well-known ports that need to be accessible.
Security |
Parameter |
TCP port |
---|---|---|
Non-SSL |
nmsas.server.port.web.http |
80 |
nmsas.server.port.hq |
4457 |
|
SSL |
nmsas.server.port.web.https |
443 |
nmsas.server.port.hq.ssl |
4459 |
(2) Configuring self-signed certificates
If you plan to use the global network management feature with secure sockets layer (SSL) between global1 and the two regional NNMi management servers (regional1 and regional2), you must do some additional work. During NNMi installation, the NNMi installation script creates a self-signed certificate on the NNMi management server so it can identify itself to other entities. Configure the NNMi management servers you plan to use with the global network management feature with the correct certificates. Complete the steps shown in 8.6 Configuring the global network management feature to use self-signed certificates.
(3) NNMi management server sizing considerations
This example assumes you plan to use existing NNMi management servers in a global network management configuration. The global network management feature differs from the distributed solution used in earlier NNM products. The global network management feature avoids polling nodes being managed by regional systems, so you do not need to be as concerned about network bandwidth and computer resources.
For specific information about the size of a server required to house NNMi, see the manual Job Management Partner 1/Consolidated Management 2/Network Node Manager i Installation Guide and the Release Notes.
(4) Synchronizing system clocks
It is important that you synchronize the NNMi management server clocks for global1, regional1, and regional2 before you connect these servers in a global network management configuration. All NNMi management servers in your network environment that participate in global network management (global managers and regional managers) or single sign-on (SSO) must have their internal time clocks synchronized in universal time. Use a time synchronization program, such as the UNIX (HP-UX/Linux/Solaris) Network Time Protocol Daemon (NTPD) tool or one of the available Windows operating system tools. For details, see Clock Synchronization Issues (SSO/Global Network Management) or Troubleshoot Global Network Management in NNMi Help and 13.11.2 Clock synchronization.
- Reference note
-
NNMi opens a warning message at the bottom of the NNMi console if there is a connection problem with a regional manager, such as a server clock synchronization issue.
(5) Using the application failover feature with self-signed certificates in global network management
If you plan to use the global network management feature using self-signed certificates in an application failover configuration, you must complete some additional steps.
(6) Using self-signed certificates in global network management
If you plan to use the global network management feature using self-signed certificates, you must complete some additional steps. For details, see 8.6 Configuring the global network management feature to use self-signed certificates.
(7) Using a Certificate Authority in global network management
If you plan to use the global network management feature using a Certificate Authority, you must complete some additional steps. For details, see 8.7 Configuring the global network management feature to use a Certificate Authority.
(8) Listing the critical equipment you want to monitor
Make a list of the equipment managed by regional1 and regional2 that you want to monitor from global1. You will use this information in a forwarding filter (discussed later). Carefully consider the possible outcomes of limiting the information forwarded to global1 from regional1 and regional2. Below are some points to consider during your planning:
-
Be careful not to exclude too many devices, as global1 needs a complete topology from regional1 and regional2 to do a complete analysis to generate accurate incidents.
-
Excluding non-critical devices helps reduce license costs at global1.
-
Excluding non-critical devices helps improve the solution's overall scalability and reduce the network traffic required by NNMi.
(9) Reviewing the global and regional managers' management domains
Each of the NNMi management servers, global1, regional1, and regional2, manages its own set of nodes. Later in this example, you will configure regional1 and regional2 to forward to global1 information about the equipment each one manages.
Use the procedure below to understand the equipment that global1, regional1, and regional2 currently monitor. This will assist you in selecting the critical equipment you want regional1 and regional2 to forward to global1.
For this example, complete the following steps to review this information:
-
Point your browser to global1's NNMi console.
-
Sign in.
-
Click Inventory workspace.
-
From here you can review the discovered inventory global1 currently monitors.
-
Point your browser to regional1's NNMi console.
-
Sign in.
-
Click Inventory workspace.
-
Review the nodes that regional1 monitors and make a list of the devices you want to monitor from global1.
-
Point your browser to regional2's NNMi console.
-
Sign in.
-
Click Inventory workspace.
-
Review the nodes that regional2 monitors and make a list of the devices you want to monitor from global1.
(10) Reviewing NNMi Help topics
To review all the Help topics related to global network management, complete the following steps:
-
From NNMi Help, click Search.
-
In the Search field, type Global Network Management.
-
Click Search.
This search will result in more than 50 topics related to global network management.