15.4.2 Initial preparation
- Organization of this subsection
(1) Port availability: Configuring the firewall
For the global network management feature to function properly, verify that certain well-known ports are open for TCP access from global1 to regional1 and regional2. The NNMi installation script sets http port 80 and https port 443 by default, but you can change this value during installation.
- Note
In the example discussed in this subsection, global1 establishes TCP access to regional1 and regional2. Firewalls are usually configured based on the server initiating the connection. After global1 establishes the connection to regional1 and regional2, traffic flows in both directions.
Edit the following file to see the current values or to make changes to the port configuration:
Windows: %NNM_CONF%\nnm\props\nms-local.properties
Linux: $NNM_CONF/nnm/props/nms-local.properties
The following table shows the well-known ports that need to be accessible.
Security |
Parameter |
TCP port |
|---|---|---|
Non-SSL |
nmsas.server.port.web.http |
80 |
nmsas.server.port.hq |
4457 |
|
SSL |
nmsas.server.port.web.https |
443 |
nmsas.server.port.hq.ssl |
4459 |
(2) Configuring Certificates
If you plan to use the global network management feature with a secure communication protocol between global1 and the two regional NNMi management servers (regional1 and regional2), you must configure the certificates. During NNMi installation, the NNMi installation script creates a self-signed certificate on the NNMi management server so it can identify itself to other entities. Configure the NNMi management servers you plan to use with the global network management feature with the correct certificates. Complete the steps shown in 10.3.7 Working with Certificates in Global Network Management Environments.
NNMi management servers upgraded to the version 11-50
If you are working with a set of NNMi management servers where some management servers were upgraded to NNMi 11-50 from an older version of NNMi and some management servers have newly installed instances of NNMi 11-50 you must perform some additional configuration tasks before configuring GNM.
Prior to the version 11-50, NNMi used to provide a Java KeyStore (JKS) repository to store certificates. NNMi 11-50 introduces a Public Key Cryptography Standards (PKCS) #12 repository to store certificates. The new PKCS #12 file-based certificate management technique is available for use as soon as you install a new instance of NNMi 11-50 on a system.
However, when you upgrade an older version of NNMi to the version 11-50, the PKCS #12 file-based certificate management does not immediately come into effect and NNMi continues to use the JKS repository for certificate management.
Before configuring GNM in this kind of environment, make sure that all upgraded NNMi management servers are configured to use the PKCS #12 file-based certificate management technique by following the instructions in 10.2 Configuring an Upgraded NNMi Environment to Use the New Keystore.
(3) NNMi management server sizing considerations
This example assumes you plan to use existing NNMi management servers in a global network management configuration.
For specific information about the size of server you need for NNMi, see the Release Notes.
(4) Synchronizing system clocks
It is important that you synchronize the NNMi management server clocks for global1, regional1, and regional2 before you connect these servers in a global network management configuration. All NNMi management servers in your network environment that participate in global network management (global managers and regional managers) or single sign-on (SSO) must have their internal time clocks synchronized in universal time. Use a time synchronization program, such as the Linux Network Time Protocol Daemon (NTPD) tool or one of the available Windows operating system tools. For details, see Clock Synchronization Issues (SSO/Global Network Management) or Troubleshoot Global Network Management in NNMi Help and 15.11.2 Clock synchronization.
- Note
NNMi opens a warning message at the bottom of the NNMi console if there is a connection problem with a regional manager, such as a server clock synchronization issue.
(5) Using the application failover feature with self-signed certificates in global network management
If you plan to use the global network management feature using self-signed certificates in an application failover configuration, you must complete some additional steps.
(6) Using self-signed certificates in global network management
If you plan to use the global network management feature using self-signed certificates, you must complete some additional steps. For details, see 10.3.7 Working with Certificates in Global Network Management Environments.
(7) Using a Certificate Authority in global network management
If you plan to use the global network management feature using a Certificate Authority, you must complete some additional steps. For details, see 10.3.7 Working with Certificates in Global Network Management Environments.
(8) Listing the critical equipment you want to monitor
Compile a list of the equipment managed by each regional manager and monitored from the global manager. For example, compile a list of the equipment managed by regional1 and regional2 that you want to monitor from global1. You use this information in a forwarding filter. For details, see 15.5 Configuring forwarding filters on the regional managers.
Carefully consider the possible outcomes of limiting the information forwarded to global1 from regional1 and regional2. Below are some points to consider during your planning:
Be careful not to exclude too many devices, as global1 needs a complete topology from regional1 and regional2 to do a complete analysis to generate accurate incidents.
Excluding non-critical devices helps reduce system performance costs on global1.
Excluding non-critical devices helps improve the solution's overall scalability and reduce the network traffic required by NNMi.
(9) Reviewing the global and regional managers' management domains
Review the global and regional managers' management domains to help determine the information you want to forward from the regional managers to the global manager.
In our example, NNMi management servers global1, regional1, and regional2 manage their own sets of nodes. Later in this example, you configure regional1 and regional2 to forward to global1 information about equipment they manage.
Use the procedure below to understand the equipment that global1, regional1, and regional2 currently monitor. This will assist you in selecting the critical equipment you want regional1 and regional2 to forward to global1.
For this example, complete the following steps to review this information:
Point your browser to global1's NNMi console.
Sign in.
Click Inventory workspace.
From here you can review the discovered inventory global1 currently monitors.
Point your browser to regional1's NNMi console.
Sign in.
Click Inventory workspace.
Review the nodes that regional1 monitors and compile a list of the devices you want to monitor from global1.
Point your browser to regional2's NNMi console.
Sign in.
Click Inventory workspace.
Review the nodes that regional2 monitors and compile a list of the devices you want to monitor from global1.
(10) Reviewing NNMi Help topics
To review all the Help topics related to global network management, complete the following steps:
From NNMi Help, click Search.
In the Search field, type Global Network Management.
Click Search.
This search will result in more than 50 topics related to global network management.