Hitachi

JP1 Version 12 JP1/Network Node Manager i Setup Guide

5.3.3 Discover and monitor VMware hypervisor-based virtual networks

Organization of this subsection

(1) Prerequisites to Monitor Virtual Machines Hosted on Hypervisors

NNMi supports:

The following table describes the pre-requisites for discovering hypervisors and the virtual machines

Table 5‒1: Pre-Requisites for Monitoring hypervisor and its VMs

What you want to discover?

Prerequisite(s)

For more information

Hypervisor

The hypervisor must support SNMP communication and be accessible from NNMi using SNMP.

Not Applicable

NNMi must be configured to communicate with the associated SNMP Agent (IP Address and Community String or SNMPv3 authentication).

To configure using NNMi user interface, see Help for Administer > Configuring Communication Protocol, see instructions for SNMP settings for Default, Regions, or Specific Nodes.

To configure using command line interface (CLI), see the nnmcommunication.ovpl reference page, or the Linux manpage, for more information.

NNMi must be configured to communicate with the hypervisor using HTTPS.

Note: (VMware only) You must replace the VMware default certificate (localhost.localdomain) with a certificate that is generated using the hostname of the ESXi server. For more information, see the VMware documentation.

To configure using CLI, see "(3) Configuring NNMi to Communicate with Hypervisors Using HTTPS" . To configure using NNMi user interface, see Help for Administer > Configuring Communication Protocol, instructions for Trusted Certificate Settings for Default, Regions, or Specific Nodes.

Virtual Machines on the hypervisor

In addition to the SNMP requirements mentioned for hypervisors, you need to configure the hypervisor device credentials in NNMi to authenticate with the hypervisor's web-service.

To configure using NNMi user interface, see Help for Administer > Configuring Communication Protocol, instructions for Credential Settings for Default, Regions, or Specific Nodes.

To configure using CLI, see nnmcommunication.ovpl reference page.

To Page Top

(2) Replacing the VMware Default Certificate

Important

The self-signed or CA-signed certificate must be generated using the fully qualified domain name as the hostname for the ESXi server.

By default, a VMware certificate uses localhost.localdomain as the hostname for the ESXi server.

It is necessary to replace the VMware default certificate with the certificate generated by using the host name of the ESXi server. For details about the procedure, see the VMware documentation.

To Page Top

(3) Configuring NNMi to Communicate with Hypervisors Using HTTPS

This section provides instructions to upload certificates by using the CLI. For upload instructions using NNMi user interface, see Help for Administer > Configuring Communication Protocol.

Note
  • If you need to use HTTP to communicate with hypervisors, also see "(4) Enable HTTP to Communicate with Hypervisors".
  • To enable NNMi to monitor VMs hosted on a hypervisor (such as VMWare ESXi) using HTTPS protocol, you must upload the hypervisor's trusted certificate to NNMi by using one of the following options:
    • Upload trusted certificate using NNMi user interface.
    • Upload trusted certificate by using command line interface (CLI).
  • A Trusted Certificate is an SSL certificate that NNMi uses to establish trusted connection with hypervisors using HTTPS protocol. At Default and Region levels, it is a CA certificate that NNMi uses to trust hypervisors that use the certificates issued by the same CA. At Node level, it is the hypervisor's SSL certificate (self-signed or CA signed) generated by using FQDN as the subject name.

To upload a trusted certificate to NNMi, follow these steps:

  1. Obtain the hypervisor's trusted certificate and copy it to a temporary location on the NNMi management server.

    Note

    (VMware only) You must replace the VMware default certificate (localhost.localdomain) with a certificate that is generated using the hostname of the ESXi server. For more information, see the VMware documentation.

  2. Verify that the certificate is of the supported format. The supported trusted certificate file extensions are .pem, .crt, .cer and .der.

  3. Execute the appropriate command to upload the certificate at the required level. From the following table, choose the command that meets your requirements:

    Level

    Purpose

    Command

    Default

    (Global)

    To upload a trusted certificate at the default level for organizations that use certificates signed by the same CA on hypervisors globally.

    nnmcommunication.ovpl addCertificate -default -cert <fully qualified path to the certificate file>

    Region

    To upload a trusted certificate for the region for organizations that use certificates signed by the same CA on hypervisors in a given region.

    nnmcommunication.ovpl addCertificate -region <region name or UUID> -cert <fully qualified path to the certificate file>

    Node

    To upload an SSL certificate (CA-Signed or Self-Signed certificate) used on a specific hypervisor.

    Note: The self-signed or CA-signed certificate must be generated using the fully qualified domain name (FQDN) as the subject name.

    nnmcommunication.ovpl addCertificate -nodeSetting <node name or UUID> -cert <fully qualified path to the certificate file>

    Sample Commands:

    • Default: nnmcommunication.ovpl addCertificate -default -cert /tmp/new.pem

    • Region: nnmcommunication.ovpl addCertificate -region region1 -cert /tmp/region1.der

    • Node: nnmcommunication.ovpl addCertificate -nodeSetting node1 -cert /tmp/node1.crt

  4. Upon successful execution, the command output displays information about the uploaded certificate. Verify the certificate information.
Tip
  • You can view or delete the uploaded certificates by using listCertificates and removeCertificate commands. See the nnmcommunication.ovpl reference page for more information.
  • After a hypervisor is discovered, you can upload, replace, or delete a certificate directly on the Web Agent by using the command updateWebagentSettings. See the nnmcommunication.ovpl reference page for more information.

To Page Top

(4) Enable HTTP to Communicate with Hypervisors

By default. NNMi uses the HTTPS protocol to communicate with hypervisors.

If you need to use HTTP, add the required property to the server.properties file:

  1. Navigate to the server.properties file:

    Windows:%NnmDataDir%nmsas\NNM\server.properties

    Linux:$NnmDataDir/nmsas/NNM/server.properties

  2. Add the following lines:
    #Determines whether http should be used to communicate with SOAP agents such as the VMware vSphere API.
#HP recommends this property only be enabled in demonstration or test environments and that HTTPS be
#configured for production environments.
nms.comm.soap.targetconfig.HTTP_ENABLED=true

  3. Restart the NNMi management server:

    Run the ovstop command on the NNMi management server.

    Run the ovstart command on the NNMi management server.

To disable HTTP for hypervisor communication:

  1. Navigate to the server.properties file:

    Windows:%NnmDataDir%nmsas\NNM\server.properties

    Linux:$NnmDataDir/nmsas/NNM/server.properties

  2. Change the HTTP_ENABLED property value to false:
    nms.comm.soap.targetconfig.HTTP_ENABLED=false

  3. Restart the NNMi management server:

    Run the ovstop command on the NNMi management server.

    Run the ovstart command on the NNMi management server.

  4. Follow the steps described in "(3) Configuring NNMi to Communicate with Hypervisors Using HTTPS".

To Page Top

© Copyright 2009-2021 Micro Focus or one of its affiliates.

All Rights Reserved. Copyright (C) 2019, 2021, Hitachi, Ltd.

This software and documentation are based in part on software and documentation under license from Micro Focus or one of its affiliates.