HPE Software is now Micro Focus
HPE Software is now Micro Focus
IT Operations Management (ITOM)
cancel

Topology Integration between NNMi & UCMDB.... Demystified!

Topology Integration between NNMi & UCMDB.... Demystified!

AkashDeep

Co-authored by Mamta Goyal.

In a consolidated infrastructure monitoring setup, it is a common practice to integrate the network topology from Network Node Manager i to the central monitoring tool. For this purpose, NNMi topology can be integrated with OMi RTSM or with UCMDB (if it is part of the solution) using HTTP or HTTPS. This document focuses on the topology integration between NNMi & UCMDB using HTTP or HTTPS.

Below is a step-by-step process which can be followed to make this integration work seamlessly. But before we proceed, please note:

  • This document only provides the procedure for HTTP/HTTPS communication between NNMi and UCMDB. For additional integration aspects, please refer to integration guide available with the product.
  • While the steps/procedures should be same across the versions, we tested these steps with NNMi 10.30 and UCMDB 10.30
  • The steps below are for self-signed certificates and same procedure should work with the certificate issued by a Certification Authority.

Procedure:

To enable this integration, we have to perform a few steps on the UCMDB server first and then on the NNMi server.

 On the UCMDB server:

  1. Create a new UCMDB User
  • Open the UCMDB console.
  • Select Security.
  • Click on Roles Manager
  • Create a New Role (example NNMi Integration Role)
  • Click on General Actions tab
  • Add “Run Legacy API” in actions and Save it.

UCMDB_Action.png

 

  • Next, Click Users and Groups.
  • Add a new user and enter the user name and password for the same
  • For the roles association, Go to Roles Tab, click on Edit
  • Select “Discovery and Integration Admin” and newly created Role “NNMi Integration Role” as roles
  • Save the new user

UCMDB_Role.png

 

2. Add an additional attribute to the InfrastructureElement CIType

  • Open the UCMDB console.
  • Select Modelling
  • Click on CI Type Manager
  • Expand ConfigurationItem
  • Click on IntrastructureElement
  • Open Attributes Tab
  • Add a new Attribute using (+) sign with Name as monitored_by, Display Name as Monitored By and Type as List of String
  • Save the same

 UCMDB_Attributes.png

 

Note: If you are using HTTP communication, you can go to step 6 directly.

3. Generate a new certificate on the UCMDB server host with CN as UCMDB server FQDN hostname

  • Take a backup of the following certificate files.

C:\HP\UCMDB\UCMDBServer\conf\security\server.keystore

C:\HP\UCMDB\UCMDBServer\conf\security\server.truststore

  • Delete the existing server.keystore file at 

C:\hp\UCMDB\UCMDBServer\conf\security\server.keystore

  • Make sure you know the keystore password (default is hppass). To confirm, execute:

keytool.exe -list –v -keystore C:\HP\UCMDB\UCMDBServer\conf\security\server.keystore -storepass <PASSWORD>

Replace PASSWORD with an actual password and if it displays the certificate, we are good for the next step.

For simplicity, we would use default password in commands below, replace the same with a password for your setup.

  •  Generate a new certificate:

keytool.exe -genkey -dname “CN=<UCMDB HOSTNAME>, OU=Unknown, O=Unknown, L=Unknown, C=Unknown” -alias hpcert -validity 3650 -keyalg RSA -keysize 2048 -keystore C:\hp\UCMDB\UCMDBServer\conf\security\server.keystore -storepass hppass

Alternatively, you can replace Unknown for OrganizationUnit, Organization, Location and Company to actual values, for example:

keytool.exe -genkey -dname “CN=UCMDBserver.hpesw.net, OU=Engineering, O=HPESW, L=IN, C=HPE” -alias hpcert -validity 3650 -keyalg RSA -keysize 2048 -keystore C:\hp\UCMDB\UCMDBServer\conf\security\server.keystore –storepass hppass

List the new certificate to confirm:

keytool.exe -list –v -keystore C:\HP\UCMDB\UCMDBServer\conf\security\server.keystore –storepass hppass

  • Export the new certificate to a file:

keytool.exe -export -alias hpcert -keystore C:\hp\UCMDB\UCMDBServer\conf\security\server.keystore -storepass hppass -file c:\temp\hpcert.crt

  •  Update the trust store server.truststore with the newly generated certificate.

List the certificates in trust store

keytool.exe -list –v -keystore C:\HP\UCMDB\UCMDBServer\conf\security\server.truststore

Make sure that older UCMDB Server certificate is stored with alias as “hpcert”. If you have used a different alias please use that in following commands.

Delete the older certiifcate, using

keytool.exe -delete -alias hpcert -keystore C:\HP\UCMDB\UCMDBServer\conf\security\server.truststore -storepass hppass

Import the certificate into the truststore

keytool.exe -import -trustcacerts -keystore C:\HP\UCMDB\UCMDBServer\conf\security\server.truststore -alias hpcert -file c:\temp\hpcert.crt

 Make sure you have a new certificate in truststore:

keytool.exe -list –v -keystore C:\HP\UCMDB\UCMDBServer\conf\security\server.truststore

  • Restart the UCMDB server

 Now, UCMDB server is all set for integration.

  •  Copy c:\temp\hpcert.crt file from UCMDB server to NNMi server (say as /tmp/hpcert.crt)

 

Now, log on to the NNMi server and perform the following:

4. List the trusted certificates on nnm truststore

nnmkeytool.ovpl -list –v -keystore /var/opt/OV/shared/nnm/certificates/nnm-trust.p12 -storepass ovpass -storetype PKCS12

If you have any older certificates from UCMDB, delete the same:

nnmkeytool.ovpl -delete -alias <ALIAS_FROM_LISTING> -keystore /var/opt/OV/shared/nnm/certificates/nnm-trust.p12 -storepass ovpass -storetype PKCS12

5. Import the new UCMDB certificate into the NNMi trust store

nnmkeytool.ovpl -import –alias <ANY_NAME> -keystore /var/opt/OV/shared/nnm/certificates/nnm-trust.p12 -storepass ovpass -storetype PKCS12 -file /tmp/hpcert.crt

6. Use NNMi Configuration Wizard as described in the HPE Network Node Manager i Software—HPE Business Service Management/Universal CMDB Topology Integration Guide to setup the topology integration.

 All the BEST!

Technical Success Manager - NOM Suite, HPE SW
  • infrastructure management
About the Author

AkashDeep

Comments
Mukesh Patel
N/A

Nice. helpful

Honored Contributor.

Should you delete the keystore? In other products from HP, deleting the existing cert and then importing the new with the same alias seems to be the recommended procedure.

 --Chris

Hi Chris,

server.keystore have only one certificate so you replace that in store or generate a new file with the new certificate is the same.

Akash

Trusted Contributor.

Thank You Akashdeep for good article on integration NNMi and UCMDB.  Will be bookmarking for future reference.