Highlighted
Respected Contributor.
Respected Contributor.
273 views

NNMi 10.1 Security Groups

Jump to solution

Hello experts, we are running NNMi 10.1 on RedHat Linux.

I have created a Security Group in NNMi as preparation for testing the integration of NNMi to Network Automation.  I manually assigned all the nodes from a particular node group to be part of the newly created Security Group.  My concern is that I had to assign the nodes themselves to the Security Group, it would be much easier, and dynamic, if I could assign a node group to the Security Group.  As far as I can tell, when a node is auto discovered, it will be placed in the default security group, then I will have to somehow identify that new node and assign it to the proper security group.

Do you have any suggestions on how to automate the process of assigning nodes to the proper Security Group as they are auto discovered by NNMi?

0 Likes
1 Solution

Accepted Solutions
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: NNMi 10.1 Security Groups

Jump to solution

 Hello Dan,

 

as you stated there is no out-of-the-box way. To automate the process I would use a script which does the following:

dump nodes of the node group (%NnmInstallDir%\support\nnmtwiddle.ovpl invoke com.hp.ov.nms.monitoring:mbean=NodeGroupAssignmentCacheService dumpCacheForGroup <NG-Name>)

Get nodes in security group úsing nnmsecurity.ovpl -listNodeInSecurityGroup <SG-Name>

Compair both lists to get nodes for deassignment (nnmsecurity.ovpl -assignNodeToSecurityGroup <Default SG>) or assignment (same command but for the custom security group)

 

You can then schedule the script to run .e.g daily.

 

HTH and kind regards

 

Allessandro

View solution in original post

0 Likes
4 Replies
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: NNMi 10.1 Security Groups

Jump to solution

Hello Dan

Thanks for posting

I think what you are looking for can be done using the nnmloadnodegroups.ovpl. I have attached the reference pages so you can check the doc.

Regards,

Vincent Montenegro Mena
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the STAR at the bottom left of the post and show your appreciation.
0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: NNMi 10.1 Security Groups

Jump to solution

Thanks for your response.

Using the nnmloadnodegroups.ovpl, I was able to associate a Security Group with a Node Group, in the sense that an Additional Filter was added to the Node Group definition which stated "securityGroupName = <mysecuritygroup>".  So this gets used as a filter to add nodes, in the custom security group, to that Node Group.   This is not what I was trying to do.

 

I realize now, that since a node can belong to several Node Groups, NNMi is not set up to assign it a Secuity Group based solely on Node Group membership since that could cause problems.

0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: NNMi 10.1 Security Groups

Jump to solution

 Hello Dan,

 

as you stated there is no out-of-the-box way. To automate the process I would use a script which does the following:

dump nodes of the node group (%NnmInstallDir%\support\nnmtwiddle.ovpl invoke com.hp.ov.nms.monitoring:mbean=NodeGroupAssignmentCacheService dumpCacheForGroup <NG-Name>)

Get nodes in security group úsing nnmsecurity.ovpl -listNodeInSecurityGroup <SG-Name>

Compair both lists to get nodes for deassignment (nnmsecurity.ovpl -assignNodeToSecurityGroup <Default SG>) or assignment (same command but for the custom security group)

 

You can then schedule the script to run .e.g daily.

 

HTH and kind regards

 

Allessandro

View solution in original post

0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: NNMi 10.1 Security Groups

Jump to solution

I will pursue the scripting method you mentioned.  Thanks for the assistance.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.