NOTICE: Branded Content
NOTICE: Certain versions of content (“Material”) accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.
IT Operations Management (ITOM)
cancel

Enabling the NNMi classic & OpsBridge CDF Topology Integration

Enabling the NNMi classic & OpsBridge CDF Topology Integration

Micro Focus Frequent Contributor

In a consolidated infrastructure monitoring setup, it is a common practice to integrate the network topology from NNMi to the central monitoring tool. For this purpose, NNMi topology can be integrated with Operation Bridge Manager (if it is part of the solution) using HTTP or HTTPS.

There is a need to integrate NNMi deployed with classic install and OBM (OMi is renamed to OBM) deployed with CDF. This document focuses on the integration between NNMi classic & OBM CDF using HTTPS. Please note there is no OBM available with HTTP with CDF install.

Below is a step by step procedure which can be followed to make this integration work seamlessly but before we proceed, please note:

  • This document only provides the method for HTTPS communication between NNMi classic & OBM CDF. For additional integration aspects and other details, please refer to the integration guide available with the product.
  • While the steps/procedure should be the same across the versions, we tested these steps with NNMi 10.50 & OBM CDF 2018.05
  • The steps below are for Self-signed certificates, and a similar procedure should work with the certificate issued by a Certification Authority.
  • For simplicity, we are using default password in all the commands below, replace the same with a password for your environment.

Detailed procedure:

  1. Using OBM UI, create a new User which can be used for Integration. Make sure it has admin privileges.
  2. Copy the OBM self-signed certificate to NNMi system.

This can be achieved by either of the following:

A. Use openssl on NNMi system to retrieve remote OBM certificate and store that in a file:

openssl s_client -connect OBM_MASTER_NODE:PORT </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/OBM.pem

B. If OpenSSL is not working, as an alternate, retrieve certificate from OBM system:

a. Login to OBM master system and get into OBM pod:

kubectl exec -it omi-0 -n opsbridge1 -c omi bash

Please replace the namespace as the case might be.

 b. List the certificates:

/opt/OV/bin/ovcert –list

c. Export the certificate:

/opt/OV/bin/ovcert -exporttrusted -alias <trusted certificate name> -file <location of file>

For example:

/opt/OV/bin/ovcert -exporttrusted -alias CA_c37xxxxxxxxxxxxxxxxxxxxxxx_2048 -file /tmp/OBM.pem

d. Exit from the omi-0 pod

exit

e. Copy the export OMi certificate from pod onto filesystem:

kubectl cp opsbridge1/omi-0:/tmp/OBM.pem /tmp -c omi

f. Copy /tmp/OBM.pem to NNMi system at /tmp/OBM.pem

With either of the approach, we shall have OBM certificate at /tmp/OBM.pem on NNMi system.

  1. Copy CA certificate from /opt/kubernetes/ssl/ca.cer to NNMi system

Note: this is likely to change in later versions

  1. Import OBM certificate and CA certificate in NNMi trust store

A. Import OBM certificate

nnmkeytool.ovpl -import –alias <ANY_NAME> -keystore /var/opt/OV/shared/nnm/certificates/nnm-trust.p12 -storepass ovpass -storetype PKCS12 -file /tmp/OBM.pem

B. Import CA certificate

nnmkeytool.ovpl -import –alias <ANY_NAME> -keystore /var/opt/OV/shared/nnm/certificates/nnm-trust.p12 -storepass ovpass -storetype PKCS12 -file /tmp/ca.cer

5. Export NNMi self-signed certificate to a file

A. List the NNMi certificate:

nnmkeytool.ovpl -list -keystore /var/opt/OV/shared/nnm/certificates/nnm-key.p12 -storetype pkcs12 -storepass nnmkeypass

B. Note down the alias, mostly selfsigned

C. Export the NNMi certificate:

nnmkeytool.ovpl -exportcert -alias <ALIAS_NAME> -keystore /var/opt/OV/shared/nnm/certificates/nnm-key.p12 -storetype pkcs12 -storepass nnmkeypass -file /tmp/nnmi.pem -rfc

D. Copy this file on OMi CDF master system (say at /tmp/nnmi.pem)

  1. Import NNMi certificate into OBM trust store

A. Copy the NNMi certificate into OMi pod (omi-0):

kubectl cp /tmp/nnmi.pem opsbridge1/omi-0:/tmp/ -c omi

B. Open a session into OMi pod:

kubectl exec -ti omi-0 -n opsbridge1 -c omi bash

C. Import the NNMi certificate

/opt/OV/bin/ovcert –importtrusted -file /tmp/nnmi.cer

D. List the certificates and ensure that NNMi certificate is listed there.

/opt/OV/bin/ovcert –list

E. Exit from of pod

exit

  1. Restart NNMi & OBM

The restart is needed because Java reads certificates only at the startup of the JVM

  1. Use NNMi Configuration Wizard as described in the HPE Network Node Manager i Software—HPE Business Service Management/Universal CMDB Topology Integration Guide to set up the topology integration.NNMi-OBM_InteForm.pngNNMi-OBM Integration Form
  1. Once integration is done, the following two figures show the results, comparing an NNMi Layer 2 Neighbor View with the equivalent Layer 2 by NNMi view in OBM

 

 NNMi_Map.pngNNMi Layer 2 MapOBM_Map.pngOBM equivalent map

All the BEST!!