Hitachi

JP1 Version 12 JP1/Network Node Manager i Setup Guide


5.3.4 Discover and monitor Cisco ACI networks

If you want to discover and monitor networks running on Cisco ACI, you must perform the following additional tasks:

Task 1: Create a read-only user in the Cisco APIC console

Create a Cisco APIC user with read-only privilege; the user must have read access to all REST APIs of Cisco APIC. This user will be used by NNMi to discover Cisco APIC systems. While creating the user, select all in the Security Domain section on the Create Local User page.

Task 2: Configure NNMi to communicate with Cisco APIC systems

For each Cisco APIC system that you want to discover, provide the access credentials by using the Device Credentials form. These credentials help NNMi connect with Cisco APIC systems. Also, to facilitate HTTPS communication between NNMi and Cisco APIC systems, you must upload Cisco ACI or CA-trusted certificates to the NNMi management server.

To have the system recognize a Cisco ACI node as a Cisco ACI node, it is necessary to ensure that each node is detected as an SNMP node.

Follow these steps to complete this task:

  1. Identify one Cisco APIC system in each cluster that you want to discover. Make sure that the SNMP agent is enabled on every Cisco APIC system in all the clusters that you want to discover.

    Discovering only one Cisco APIC system in an APIC cluster enables NNMi to eventually discover all the Cisco APIC systems in the cluster.

  2. Obtain all trusted certificates for use with Cisco APIC systems.

    You can use a set of certificates where each certificate is specific for a particular Cisco APIC system; you can use CA-signed certificates; you can use a combination of the two.

  3. Configure NNMi to communicate with Cisco APIC systems by accessing the Cisco ACI APIs.

    1. Obtain the credentials that were created in Task 1: Create a read-only user in the Cisco APIC console.

    2. In the Communication Configuration form, go to the Specific Node Settings tab.

      Tip

      You will be able to access the API of Cisco ACI and communicate with the Cisco APIC system regardless of whether you are using region settings, or are using the default settings.

    3. Add a new node.

      In the Specific Node Settings tab, click New, and then define a new node in the Specific Node Settings form.

      Or, double-click an existing node.

    4. In the Specific Node Settings form, go to the Device Credentials tab.

    5. Click New.

    6. Specify the SNMP v1 or v2c community string or SNMPv3 credentials in the SNMPv1/v2 Community Strings or SNMPv3 Settings tab.

    7. In the Specific Node Device Credentials form, select Type as CiscoACI, and then specify the credentials of the Cisco ACI user that you created in Task 1: Create a read-only user in the Cisco APIC console.

    8. Upload trusted certificates. Skip this step if you want to configure HTTP communication.

      1. In the Specific Node Settings form, go to the Trusted Certificates tab.

      2. Click Upload Certificate.

        The Open window appears.

      3. In the Open window, select a certificate, and then click Open.

        You can use any one of the following:

        • A CA-signed certificate to communicate with the Cisco APIC system

          You can use only the following certificate formats:

          • .pem
          • .crt
          • .cer
          • .der
    9. Click Save & Close.

Task 3: Configure and run discovery

Configure NNMi to seed the Cisco APIC systems in the environment. While configuring seeding, specify fully qualified domain names or IP addresses of one Cisco APIC system in each cluster that you want to discover.

Wait for NNMi discovery to gather information. NNMi discovers the APIC clusters and all the Cisco ACI Leaf and Spine nodes managed by the discovered Cisco APIC systems.

Note

If the settings described in task 1 to task 3 are not specified and Cisco ACI nodes are detected, it is necessary to run configuration polls for the Cisco APIC nodes twice in order to monitor Cisco ACI network using this function.