Raritan-computer COMMANDCENTER NOC Uživatelský manuál

CommandCenter® NOC Administrator Guide Release 5.4 Copyright © 2006 Raritan Computer, Inc. CCNOC-0D-E June 2006 255-80-5301-00

x FIGURES Figure 52 Add a New Network Route...

88 COMMANDCENTER NOC ADMINISTRATOR GUIDE Edit Modem Parameters In this step, you will set up the modem parameters. If your modem requires special p

CHAPTER 7: MANAGING ASSETS 89 Chapter 7: Managing Assets This chapter describes procedures to configure a CC-NOC so it can track and share importa

90 COMMANDCENTER NOC ADMINISTRATOR GUIDE 3. Click Import Assets. Figure 114 Importing assets 4. Paste your comma-separated values into this tex

CHAPTER 7: MANAGING ASSETS 91 Export Assets All the nodes with asset information can be exported to a comma-separated value file (CSV), which is s

92 COMMANDCENTER NOC ADMINISTRATOR GUIDE Clear All Asset Records This allows you to remove all asset records from the CC-NOC. Be sure to export the

CHAPTER 8: CREATING USERS, CATEGORIES, VIEWS 93 Chapter 8: Creating Users, Categories, Views This chapter describes procedures to add users, delete

94 COMMANDCENTER NOC ADMINISTRATOR GUIDE • Operators  have access to everything on the CC-NOC except administrative configurations. • Executive

CHAPTER 8: CREATING USERS, CATEGORIES, VIEWS 95 5. Supply a full name and enter comments. This is optional. 6. If desired, provide Executive User

96 COMMANDCENTER NOC ADMINISTRATOR GUIDE 6. Choose the start time and stop time from the select boxes. If a user works a shift that spans midnight

CHAPTER 8: CREATING USERS, CATEGORIES, VIEWS 97 Web Servers Includes all managed interfaces which are running an HTTP (web) server on port 80 or o

FIGURES xi Figure 105 Modify Notification Paths ...

98 COMMANDCENTER NOC ADMINISTRATOR GUIDE 7. Specify either IP addresses/ranges or services that will be included in this category. The category wi

CHAPTER 8: CREATING USERS, CATEGORIES, VIEWS 99 Configure Views Configuring views allows you to create a mapping between users and views, or sets o

100 COMMANDCENTER NOC ADMINISTRATOR GUIDE Add/Modify an Existing View In this page, you can add a new view or modify an existing one, including add

CHAPTER 8: CREATING USERS, CATEGORIES, VIEWS 101 Map Users After creating views, you can now map users to a view that will be displayed after they

102 COMMANDCENTER NOC ADMINISTRATOR GUIDE

APPENDIX B: TROUBLESHOOTING 103 Appendix A: Specifications V1 Platform General Specifications Form Factor 1U Dimensions (DxWxH) 24.21”x 19.09”

104 COMMANDCENTER NOC ADMINISTRATOR GUIDE NON-OPERATING Temperature -40 - +60 (-40-140) Humidity 5% - 95% RH Altitude Operate properly at any

APPENDIX B: TROUBLESHOOTING 105 Appendix B: Troubleshooting Raritan wants to be involved from the beginning of your deployment and throughout the

106 COMMANDCENTER NOC ADMINISTRATOR GUIDE Checking Appliance Database Settings From time to time, you may see this message: It is recommended yo

APPENDIX B: TROUBLESHOOTING 107 Capability Scanning The capability scanning service scans individual nodes to discover which services are support

xii FIGURES

108 COMMANDCENTER NOC ADMINISTRATOR GUIDE The notifications service does not generate any events; it only reacts to them. It does, however, save it

APPENDIX B: TROUBLESHOOTING 109 Your Network Understanding and maintaining your network is the key to success. The Raritan services will help you

110 COMMANDCENTER NOC ADMINISTRATOR GUIDE If you are confident that the CC-NOC can ping the node in question, the next step is to confirm that the

APPENDIX B: TROUBLESHOOTING 111 the Admin tab, Network Management, and Configure Pollers. For each service that responds during the intelligent

112 COMMANDCENTER NOC ADMINISTRATOR GUIDE Why Can’t My CC-NOC Manage X Service? ICMP - If a device responds to a "ping", which uses ICMP

APPENDIX B: TROUBLESHOOTING 113 If a service successfully connects, but otherwise "fails", a "service unresponsive" event is

114 COMMANDCENTER NOC ADMINISTRATOR GUIDE The Management group receives notifications for any default notifications sent to the Network/Systems,

APPENDIX B: TROUBLESHOOTING 115 Of these five, Raritan only uses three: • GET - A message sent from the Manager to the Agent requesting informat

116 COMMANDCENTER NOC ADMINISTRATOR GUIDE In most cases, if the CC-NOC is not collecting data from a particular device, it’s usually because of a m

APPENDIX B: TROUBLESHOOTING 117 from the CC-NOC to the device and that TCP and UDP are working. If you have already performed the troubleshooting

CHAPTER 1: INTRODUCTION 1 Chapter 1: Introduction The primary function of a CommandCenter NOC (CC-NOC) is to manage nodes in your network. Nodes

118 COMMANDCENTER NOC ADMINISTRATOR GUIDE SNMP, used for collection performance data for reporting, is still considered a service and as such, if a

APPENDIX B: TROUBLESHOOTING 119 • If you are a reseller seeking technical resources, please send an email to [email protected]. • For technical

120 COMMANDCENTER NOC ADMINISTRATOR GUIDE

APPENDIX C: PERFORMANCE MONITORING 121 Appendix C: Performance Monitoring Overview The CC-NOC is designed to provide you with the information ne

122 COMMANDCENTER NOC ADMINISTRATOR GUIDE Equipment Vendor Device Type Metric(s) Relevance All Any device supporting MIB2 (RF 1213) In/Out Octe

APPENDIX C: PERFORMANCE MONITORING 123 Checkpoint Firewall products State information stored Process Contexts Allocated storage CPU Utilization P

124 COMMANDCENTER NOC ADMINISTRATOR GUIDE Cisco Network gear CPU Utilization Free Memory Buffer failures Buffer memory allocation failures Provid

APPENDIX C: PERFORMANCE MONITORING 125 Memory In Use Free Physical Memory Total Logical Memory Logical Memory In Use Percent Logical Memory In Us

126 COMMANDCENTER NOC ADMINISTRATOR GUIDE on demand. The remaining item is determining when performance metrics have reached a point at which they

APPENDIX C: PERFORMANCE MONITORING 127 Example Here’s an example. There is a high threshold set with a value of 70, a trigger of 3, and a rearm o

2 COMMANDCENTER NOC ADMINISTRATOR GUIDE User PC Preparation To access CC-SG and any targets managed by CC-SG, the browser must have the correct ver

128 COMMANDCENTER NOC ADMINISTRATOR GUIDE Windows Performance Metric Thresholds The following values apply to data reported by Windows boxes. Not

APPENDIX D: SETTING UP WMI ON TARGET MACHINES 129 Appendix D: Setting up WMI on Target Machines Configuring a Windows 98/ME box for Remote WMI Mana

130 COMMANDCENTER NOC ADMINISTRATOR GUIDE 3. Add the machine to the domain using the control panel, network settings by doing the following: • St

APPENDIX D: SETTING UP WMI ON TARGET MACHINES 131 Note: Using Windows 98/ME, XP Home, or any NT 4.0 system is not recommended or supported as a pro

132 COMMANDCENTER NOC ADMINISTRATOR GUIDE

APPENDIX E: MANAGING AND RESPONDING TO INTRUSION DETECTION EVENTS 133 Appendix E: Managing and Responding to Intrusion Detection Events This appen

134 COMMANDCENTER NOC ADMINISTRATOR GUIDE as to whether or not new signatures should be applied to a given CC-NOC. This reduces your workload, whil

APPENDIX E: MANAGING AND RESPONDING TO INTRUSION DETECTION EVENTS 135 • Are all of your systems at the most recent revision of operating system an

136 COMMANDCENTER NOC ADMINISTRATOR GUIDE

APPENDIX F: NOTIFICATION PARAMETERS 137 Appendix F: Notification Parameters Notification Parameter Substitution The notification subsystem is very

CHAPTER 1: INTRODUCTION 3 • Vulnerability Scanning • Event Viewing and Searching • Performance Monitoring per category or device • Integratio

138 COMMANDCENTER NOC ADMINISTRATOR GUIDE %event[parm[name]]% replaced by the value of the parameter named 'name', if present%event[parm

APPENDIX G: NETWORK TRAFFIC OVERHEAD: NETWORK MANAGEMENT’S NECESSARY EVIL 139 Appendix G: Network Traffic Overhead: Network Management’s Necessary

140 COMMANDCENTER NOC ADMINISTRATOR GUIDE CK-ACK three-way handshake, which when completed, indicates that the port is listening and accepting conn

APPENDIX G: NETWORK TRAFFIC OVERHEAD: NETWORK MANAGEMENT’S NECESSARY EVIL 141 host, and an additional five metrics per managed interface. The host

142 COMMANDCENTER NOC ADMINISTRATOR GUIDE In addition to polling overhead, our services scan will run less than once a day and generate traffic rou

APPENDIX G: NETWORK TRAFFIC OVERHEAD: NETWORK MANAGEMENT’S NECESSARY EVIL 143 255-80-5301-00

World Headquarters Raritan Computer, Inc. 400 Cottontail Lane Somerset, NJ 08873 USA Tel. (732) 764-8886 Fax (732) 764-8887 Email: [email protected]

4 COMMANDCENTER NOC ADMINISTRATOR GUIDE • ICMP – (Internet Control Management Protocol) ICMP is used by the CC-NOC to discover devices in your net

CHAPTER 1: INTRODUCTION 5 • SSO – Single Sign-On. With Single Sign-on (SSO) access to CC-SG targets, CC-NOC users can connect to targets seamles

6 COMMANDCENTER NOC ADMINISTRATOR GUIDE Licensing Explained As devices are discovered in your network, data is collected from the device and the de

CHAPTER 1: INTRODUCTION 7 Workstation A Workstation license can be assigned to any type of device, be it a Windows or non-Windows system. For exa

This page intentionally left blank.

8 COMMANDCENTER NOC ADMINISTRATOR GUIDE

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 9 Chapter 2: General and Advanced Administration Power Down CC-NOC If running CC-NOC on the V1 pla

10 COMMANDCENTER NOC ADMINISTRATOR GUIDE Configure Date and Time This page allows you to modify the current time zone and set the local time or con

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 11 Configure Network Connection This page allows you to change the fixed IP address associated with

12 COMMANDCENTER NOC ADMINISTRATOR GUIDE 3. Click Change the ISP Gateway Address. Figure 4 Configure Network Connection 4. Type the IP address

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 13 email address is a required field and will be used to send status information on the CC-NOC itse

14 COMMANDCENTER NOC ADMINISTRATOR GUIDE WMI management range – see Specifying Windows Management Ranges in Chapter 4: Configuring Windows Manageme

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 15 Important! Ensure your discovery range is not too wide, for example, entering multiple Class B a

16 COMMANDCENTER NOC ADMINISTRATOR GUIDE 3. Click Edit the SNMP Ranges. Figure 8 Edit SNMP Ranges 4. Click add new community or edit next to th

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 17 3. Click Configure Schedule Outages. Figure 10 Configuring Scheduled Outages 4. Type a name

Copyright and Trademark Information This document contains proprietary information that is protected by copyright. All rights reserved. No part o

18 COMMANDCENTER NOC ADMINISTRATOR GUIDE 8. Specify an outage window. For outage windows that are set to Recurring Weekly, you cannot specify outa

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 19 intervals (they were initially set at 5 minutes for a reason), timeouts and/or retries without p

20 COMMANDCENTER NOC ADMINISTRATOR GUIDE 3. Click Manage, Unmanage, Rescan, or Delete Devices. Figure 13 Manage, Unmanage, Rescan, or Delete Dev

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 21 Configure Performance Thresholds This page displays the current values at which SNMP performance

22 COMMANDCENTER NOC ADMINISTRATOR GUIDE 4. Each time you adjust the performance thresholds, click save thresholds to commit the changes. 5. Yo

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 23 SNMP Reparenting Exclusion List This page allows you to specify addresses that should be exclude

24 COMMANDCENTER NOC ADMINISTRATOR GUIDE 3. Click add association. Figure 20 Configure a CommandCenter Secure Gateway 4. Type an IP address or

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 25 Create a CC-SG Peer via a Secure Channel After configuring the CC-SG with CC-NOC information, fo

26 COMMANDCENTER NOC ADMINISTRATOR GUIDE Important! To successfully connect, you must enter the passcodes in CC-NOC within five minutes after they

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 27 Important! Configuring these mappings is required in order for remote authentication to work. Al

Safety Guidelines To avoid potentially fatal shock hazard and possible damage to Raritan equipment: • Do not use a 2-wire power cord in any produc

28 COMMANDCENTER NOC ADMINISTRATOR GUIDE Configure Event Forwarding This page allows you to configure the events, for example, SNMP traps you want

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 29 address or a hostname that this appliance can resolve. Example: Protocol=Trap, Host= 192.168.51.

30 COMMANDCENTER NOC ADMINISTRATOR GUIDE 3. Click Configure Trap Relaying. Figure 31 Configure Trap Relaying 4. Click add recipient. Figure 32

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 31 Edit Performance Thresholds (Per Device) In addition to configuring performance values per categ

32 COMMANDCENTER NOC ADMINISTRATOR GUIDE Administrator Tools Administrator tools help you diagnose and fix problems with the CC-NOC. These tools al

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 33 3. Click Check Disk Utilization on Appliance. Figure 37 Check Disk Utilization on Appliance Th

34 COMMANDCENTER NOC ADMINISTRATOR GUIDE 4. Type a description of the problem you are experiencing in the text box. 5. Type an email address in

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 35 Download Data Archives Every 24 hours, the previous day’s events are placed into an event archiv

36 COMMANDCENTER NOC ADMINISTRATOR GUIDE All CC-NOC patches and updates are made available on a web server which can be automatically checked by yo

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 37 4. Click Install Updates. Figure 44 Install Updates 5. Click install to install any of the

FIGURES v Contents Chapter 1: Introduction ... 1 Stand-alone Appliances...

38 COMMANDCENTER NOC ADMINISTRATOR GUIDE available, yet do not want them automatically installed, set Auto Download to enable, but leave Auto Insta

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 39 Appliance Database Administration This page allows you to clean out unnecessary or unused inform

40 COMMANDCENTER NOC ADMINISTRATOR GUIDE 1. Click on the Admin tab in the top navigation bar. 2. Click Advanced Administration. 3. Click Data

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 41 2. Click Advanced Administration. 3. Click Manage Routes. Figure 51 Manage Routes 4. To de

42 COMMANDCENTER NOC ADMINISTRATOR GUIDE Delete Management Settings and Data This page gives you a way to completely reset the appliance to nearly

CHAPTER 2: GENERAL AND ADVANCED ADMINISTRATION 43 3. Click Delete Traffic Analysis Performance Information. Figure 55 Delete Traffic Analysis P

44 COMMANDCENTER NOC ADMINISTRATOR GUIDE Note: In a distributed environment, to install a license for a CC-NOC 2500M or CC-NOC 2500S, from the CC-N

CHAPTER 3: CONFIGURING INTRUSION DETECTION 45 Chapter 3: Configuring Intrusion Detection This chapter describes procedures to configure a CC-NOC s

46 COMMANDCENTER NOC ADMINISTRATOR GUIDE Deployment Place the Ethernet TAP on the Ethernet cable in the same location where an Ethernet hub would b

CHAPTER 3: CONFIGURING INTRUSION DETECTION 47 4. Choose the appliance that you wish to configure by clicking Configure next to it. Figure 60 Con

vi FIGURES Chapter 3: Configuring Intrusion Detection... 45 Configure a Spanned or Mirrored Port ...

48 COMMANDCENTER NOC ADMINISTRATOR GUIDE All of the Intrusion Detection appliances that can communicate with this system are listed in the box. The

CHAPTER 3: CONFIGURING INTRUSION DETECTION 49 Determining which ports are open on a target machine is often the first step towards a successful at

50 COMMANDCENTER NOC ADMINISTRATOR GUIDE Select Intrusion Detection Appliance(s) All of the Intrusion Detection appliances that can communicate wi

CHAPTER 3: CONFIGURING INTRUSION DETECTION 51 Select Types of Signatures to Monitor When in doubt, enable detection. There is no disadvantage to e

52 COMMANDCENTER NOC ADMINISTRATOR GUIDE Load Default Signatures or Settings from Another Appliance Alternatively, you can quickly configure your I

CHAPTER 3: CONFIGURING INTRUSION DETECTION 53 Advanced Intrusion Detection Administration Advanced administration assists in fine tuning the set

54 COMMANDCENTER NOC ADMINISTRATOR GUIDE Upload Custom Signatures Tool The Upload Custom Signatures page allows you to upload a specific set of rul

CHAPTER 4: CONFIGURING WINDOWS MANAGEMENT 55 Chapter 4: Configuring Windows Management This chapter describes procedures to configure a CC-NOC so

56 COMMANDCENTER NOC ADMINISTRATOR GUIDE External Proxy Host Requirements For best results, it is recommended to use Windows XP Professional, Servi

CHAPTER 4: CONFIGURING WINDOWS MANAGEMENT 57 4. Unzip the ProxyInstaller archive on your Windows machine and move the directory to a location whe

FIGURES vii Map Users ...

58 COMMANDCENTER NOC ADMINISTRATOR GUIDE The Windows Management Configuration Wizard is an interface to specify and configure proxy hosts, which fa

CHAPTER 4: CONFIGURING WINDOWS MANAGEMENT 59 6. Type the IP address for the proxy host. This should be the same host that the configuration tool

60 COMMANDCENTER NOC ADMINISTRATOR GUIDE Note: After windows discovery process is complete, you may notice an overlap in devices that were specifie

CHAPTER 4: CONFIGURING WINDOWS MANAGEMENT 61 Note: Any local user defined must be a member of the Local Administrators group to authenticate and

62 COMMANDCENTER NOC ADMINISTRATOR GUIDE Configuring a WINS Server or LMHOSTS File If you need to collect WMI data from Windows servers that exist

CHAPTER 4: CONFIGURING WINDOWS MANAGEMENT 63 8. Click on the WINS tab. Figure 77Selecting WINS Tab 9. Click the Add… button and specify the ad

64 COMMANDCENTER NOC ADMINISTRATOR GUIDE Authenticate Windows Computers This option allows you to change the authentication usernames and passwords

CHAPTER 4: CONFIGURING WINDOWS MANAGEMENT 65 5. Choose the desired operation, for example, change license type to Promoted Workstation. 6. Clic

66 COMMANDCENTER NOC ADMINISTRATOR GUIDE To edit WINS settings: 1. Click on the Admin tab in the top navigation bar. 2. Click CommandCenter NOC

CHAPTER 4: CONFIGURING WINDOWS MANAGEMENT 67 Edit LMHOSTS File To resolve Windows NetBIOS names to IP addresses, you can edit the lmhosts file if

viii FIGURES Configuring a Windows 98/ME box for Remote WMI Management...129 Configuring a Windows Proxy

68 COMMANDCENTER NOC ADMINISTRATOR GUIDE 5. Specify the IP address of each remote Windows server from which you wish to collect WMI data. 6. You

CHAPTER 5: CONFIGURING VULNERABILITY SCANNING 69 Chapter 5: Configuring Vulnerability Scanning This chapter describes procedures to configure a CC-

70 COMMANDCENTER NOC ADMINISTRATOR GUIDE 3. Read the warning and at the bottom of the page, click I Agree. By clicking on I Agree and proceeding

CHAPTER 5: CONFIGURING VULNERABILITY SCANNING 71 Scan Level 4 Scan Level 4 performs all checks of previous levels and also attempts exploits that a

72 COMMANDCENTER NOC ADMINISTRATOR GUIDE 3. Click add to have the targets added, or excluded, from the scan. 4. Click save settings to save all

CHAPTER 6: CONFIGURING NOTIFICATIONS 73 Chapter 6: Configuring Notifications This chapter describes procedures to configure a CC-NOC so it can send

74 COMMANDCENTER NOC ADMINISTRATOR GUIDE Configure Event Notifications By configuring event notifications, each system event can be configured to s

CHAPTER 6: CONFIGURING NOTIFICATIONS 75 Select Event Type The first step when adding or editing a notification is to select one event type to assoc

76 COMMANDCENTER NOC ADMINISTRATOR GUIDE 6. Click one of the radio buttons: • To NOT build a rule, click Do not constrain notice against interfa

CHAPTER 6: CONFIGURING NOTIFICATIONS 77 8. If you do not wish to validate the rule or did not define an interface/service rule, click skip result

FIGURES ix Figures Figure 1 Appliance Shutdown/Restart...

78 COMMANDCENTER NOC ADMINISTRATOR GUIDE and will also appear in the Notification Browser as described in Raritan’s CC-NOC User Guide. 15. Type an

CHAPTER 6: CONFIGURING NOTIFICATIONS 79 notification path – please see section Configure Notification Paths later in this chapter for additional in

80 COMMANDCENTER NOC ADMINISTRATOR GUIDE Figure 99 Assigning Users to a Notification Group 5. Type in comments that describe the group. This is o

CHAPTER 6: CONFIGURING NOTIFICATIONS 81 Configure Notification Paths In this section, you will create notification paths that defines the users or

82 COMMANDCENTER NOC ADMINISTRATOR GUIDE Create New Path Name and Specify Targets In this step, you need to specify a new name and select a target,

CHAPTER 6: CONFIGURING NOTIFICATIONS 83 • For Group Target, select only one group as previously defined, please see section Configure Notificatio

84 COMMANDCENTER NOC ADMINISTRATOR GUIDE Define Escalation in Notification Path In this step, you need to define how long the CC-NOC will wait unti

CHAPTER 6: CONFIGURING NOTIFICATIONS 85 • For Group Target, select only one group as previously defined, see section Configure Notification Group

86 COMMANDCENTER NOC ADMINISTRATOR GUIDE Configure TAP Paging This section explains configuring the Telocator Alphanumeric Protocol (TAP) for a sp

CHAPTER 6: CONFIGURING NOTIFICATIONS 87 Add a new TAP Service In this step, you need to enter the phone number, baud rate, and other information fo