Building network components for Phase 1

In this section, we will describe the relevant major steps for building each of the components shown in Figure 11. While we will not provide detailed instructions, we will highlight any important configuration issues that need consideration.

3.3.2.1 FW1 Firewall Server

Our first step in building our environment was to establish proper

communications between our 10.69.14.x and 192.168.104.x networks. After installing Windows NT 4.0 on FW1, we configured the two interfaces with TCP/IP and IP addresses, as shown in Figure 11. Service Pack 5 was applied after TCP/IP configuration and the server was rebooted. IP routing was enabled so FW1 could function as a simple router between the two networks.

This was achieved by simply enabling IP Forwarding by selecting Networking->TCP IP Settings->IP Routing Tab. The IP Routing tab is shown in Figure 12 on page 48.

We then tested the basic routing function by executing a ping from MLM1 in the 192.168.104.x network to ITSO18 in the 10.69.14.x network.

Figure 12. IP routing on Windows NT 4.0

3.3.2.2 NetView for AIX

The main steps in building a NetView Server are fully documented in the redbook Tivoli NetView 6.01 and Friends, SG24-6019. However, these are the basic steps we used to install and configure NetView 6.01 for ITSO8:

1. Install AIX Version 4.3.3 on the RS/6000 Server, if it has not been installed.

2. Configure TCP/IP communications as shown in Figure 11 on page 47 with the default gateway as 10.69.14.253. If the server already has a default gateway, you may need to add a static route by issuing the command route add 192.168.104.0 10.69.14.253 at the shell prompt.

3. Test TCP/IP communications by pinging ITSO7.

4. If DNS is not available, add the hostname of all the nodes so far in the environment into the /etc/hosts file, especially the TMR server ITSO7.

Proper name resolution is especially important, as we discovered that remote installation of MLM requires the AIX ^rexec command. We needed to properly configure the host file of the MLM2 host file for reverse name resolution as well.

5. Ensure that the SNMP daemon is installed and running. You can check that it is running by running the command ps -ef | grep snmpd in a shell.

6. From the TMR server ITSO7, use the Tivoli desktop to install the managed node software to ITSO8, establishing it as part of the ITSO7 Tivoli Managed Region.

7. From the Tivoli Desktop of ITSO7, insert the Tivoli NetView 6.0 CD in the server and install the Tivoli NetView Server software onto the ITSO8 managed node.

8. Install the NetView Database Support module. (This will later be used in the management scenario in Section 4.4, “TDS cooperation” on page 116, where we will also introduce Tivoli Decision Support, which will use the event data provided by NetView.)

9. Insert the Tivoli NetView 6.01 Patch CD into the server and install the NetView 6.01 Patch Module onto ITSO8.

10. Ensure that NetView Daemons are running by either running ^ovstatus from the NetView server, or right-clicking on the NetView server icon at the Tivoli Desktop and selecting Control->Display Tivoli NetView Status->Display Status of Daemons.

11. From the NetView Server, open a shell and enter ^netview at the command prompt to start the NetView GUI client. Ensure that the IP map shows the NetView server. You should be able to see the nodes on your network, as shown in Figure 13. Note that all nodes on our network used “public” as the default SNMP community string with read-only access, and “itso” as the community string with read/write access.

Figure 13. NetView IP map topology

12. To ensure that SNMP communications are functioning properly, you can also issue the command snmpwalk itso7 system at the shell prompt. This should return system MIBII SNMP information back from ITSO7, as shown in following screen.

3.3.2.3 Tivoli NetView 6.01 for Windows NT

Installing Tivoli NetView 6.01 for the Windows NT platform is a relatively straightforward process. Again, for further installation instructions, you should refer to the redbook Tivoli NetView 6.01 and Friends, SG24-6019. The only point we should note in the following steps is the installation of Windows NT SNMP service, which is a prerequisite for installing NetView, just as the SNMP daemon is a prerequisite for NetView for AIX. These are the steps we followed:

1. Install Windows NT 4.0 if it has not already been installed. In our environment, the server is ITSO18.

2. Windows NT SNMP Service needs to be installed using the menu path Control Panel->Networking->Services. We rebooted the machine.

3. Service Pack 5 needs to be installed after the SNMP Service is installed;

otherwise, an SNMP Service error will occur when rebooting. Install the Service Pack and reboot the machine again.

4. We test to see if the SNMP service is functioning by issuing the ^snmpwalk itso18 system command from AIX NetView. It should produce a result similar to the one shown in the previous screen figure.

5. Ensure that other prerequisites are met, including Microsoft ODBC drivers versions that are required.

6. Now we were ready to install NetView. After installing NetView, we ran the NetView Console and saw that it was working as it should, with the IP Map containing all the nodes on the local network (as shown in Figure 14 on page 51).

7. For AIX, the Agent Policy Manager daemon C5d also needs to be running in order to enable NetView server to automatically manage MLMs it discovers. NetView for Windows NT automatically offloads polling to

root@itso8 > snmpwalk itso7 system

system.sysDescr.0 : DISPLAY STRING- (ascii): IBM PowerPC CHRP Computer Machine Type: 0x0800004c Processor id: 000677154C00

Base Operating System Runtime AIX version: 04.03.0003.0000 TCP/IP Client Support version: 04.03.0003.0000

system.sysObjectID.0 : OBJECT IDENTIFIER: .iso.org.dod.internet.private.en terprises.ibm.3.1.2.1.1.3

system.sysUpTime.0 : Timeticks: (6679183) 18:33:11.83 system.sysContact.0 : DISPLAY STRING- (ascii):

system.sysName.0 : DISPLAY STRING- (ascii): itso7 system.sysLocation.0 : DISPLAY STRING- (ascii):

system.sysServices.0 : INTEGER: 72 root@itso8 >

discovered MLMs. To register and run the daemon for AIX, following these steps:

a. Run the serversetup command.

b. Select Configure –> Set options for daemons –> Set options for Agent Policy Manager daemon.

c. Set the appropriate options required, such as logging, and click OK.

This will register the daemon in the /usr/OV/conf/ovsuf file. It will start the daemon every time NetView is restarted.

d. Run ovstart -v C5d. This will start the daemon.

e. Run netmon -a 50. This will issue an action to create a SmartSet collection for the MLMs that ^netmon discovers. Note this is useful when you want to distribute the load of status of polling of nodes to particular MLMs, as well as allowing MLMs to manage nodes outside their own segment. Refer to the Tivoli NetView Mid-level Manager Users Guide, GC31-8445 and the man page for ^netmon for more information.

f. You can check that the C5d daemon is running by issuing the ovstatus command. You can also check that the MLM SmartSet has been created.

Figure 14. NetView for Windows NT IP map topology

3.3.2.4 MLM1 server (Windows NT)

The MLM1 server is used in Scenario 1 to be one of our basic managed devices as well as our Windows NT MLM server. We installed Windows NT 4.0 with TCP/IP configured with the IP address shown in Figure 15 on page 53. The SNMP Service was then installed and tested, as we did with the Windows NT NetView Server ITSO18. The SNMP Service was installed with

both a read-only community string (“public”) and a read/write community string (“itso”). The read/write community string is essential as the NetView server sends SNMP set packets to configure the MLM. The MLM software will be installed in the next phase of this scenario.

3.3.2.5 MLM2 server (AIX)

At this stage,MLM2 is also used as a managed device for NetView, with only AIX Version 4.3.3 installed, TCP/IP has been configured and the basic SNMP daemon is running. We tested the SNMP agent from ITSO8 and were able to retrieve MIBII information. The only issue to highlight here again is that the read/write community string “itso” needed to be configured in the

/etc/snmpd.conf file. We used the following steps to change the default

“private” community string for read/write:

1. Open the /etc/snmpd.conf file.

2. Search for the line with “community private 127.0.0.1...” and add the line

“community itso itso18 255.255.255.0 read/write” below it. We copied this line with host itso8 instead of itso18. This will allow only itso18 and itso8 to communicate with this community string. The snmpd.conf file provides documentation on the format for community string entries.

3. We refreshed the snmp daemon to reload the new community strings by issuing the command refresh -s snmpd.

4. We then ran a quick test using the command snmpwalk -c itso mlm2 system from ITSO8 and successfully retrieved system information through SNMP.

Again we note that this server is only a managed device running an SNMP MIBII agent. The process of remotely installing MLM for AIX and the communication implications in a firewall environment is one of the main objectives for scenario 1.

3.3.2.6 Phase 1 testing

To ensure every component was functioning as it should, we also tested basic SNMP communications across FW1 to MLM1. It was evident that it was functioning properly, because the Computer icon was correctly displayed for MLM1 and MLM2 on the IP Map topology on both NetView for Windows NT and AIX.

Because only the basic SNMP service is installed on MLM1 and MLM2 at this stage, no MLMs will be placed in the MLM SmartSet by NetView at this time.

Note