To: | nv-l@lists.tivoli.com |
---|---|
Subject: | RE: NetView & MLM in firewall scenario |
From: | "Cowan, Chris" <Chris.Cowan@2ndwaveinc.com> |
Date: | Sun, 11 Mar 2001 10:32:02 -0600 |
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. I tried it. I don't think it will fly, there appears to be no easy way to get the discovery to happen via a proxy. (That's what I wanted, and that's what I think you're asking for). I had the NV Server able to talk SNMP and ICMP to one or more MLMs, where the MLMs were on the other side of a FW (actually it was a private VLAN with ACLs, but close enough!). The MLM, then had complete access to the desired Managed Objects spread across multiple subnets. I soon discovered that the MLMs rely on the NV server far more than I realized for discovery. There were a couple of problems that I ran into: 1. The discovery engine on the MLM only finds things on subnets that it is directly connect to. The MLM discovery is far more simplistic than what netmon is capable of. (Yes, you can change the scope of what it's polling using by change the rules for the MLM domain smart sets, but there's no easy way to do that until the objects are actually in the object database). In other words, there's not really a seed file for the MLM. 2. The MLM does not have the capability to do anything other than ICMP echo (ping) discoveries. (Unless there's an undocumented feature). The only way I could possibly see doing this, is to manually prime the MLM tables with a script, explicitly entering nodes. But this could get very ugly from maintenance and scalability standpoint. I would love to find out that I'm in left field on this, and that there is an elegant solution. But, I haven't found it with my own experimentation. PS. Yes, I do realize that things are little different with an Attended MLM running on NT NV. As time goes on, I'm more and more convinced that using 2 NetView Servers instead of one server and an MLM is the only way to solve this problem. -----Original Message----- From: Jane Curry [mailto:jane.curry@skills-1st.co.uk] Sent: Sunday, March 11, 2001 7:57 AM To: NetView mailing list Subject: [NV-L] NetView & MLM in firewall scenario Has anyone tried the following???? I want to use an MLM to do discovery and status polling beyond a packet-filtering firewall. NetView ------> Firewall ------> MLM -------> Managed Devices The firewall ONLY permits UDP/162 NetView <-> MLM, and UDP/161 NetView <-> MLM; there is no SNMP/161 or ping allowed to the managed devices. I also have UDP/162 (traps) from the Managed Devices to MLM and/or NetView. At this stage, I don't have ping to the MLM either but I can tell netmon to poll the MLM using SNMP in the seedfile. I have no firewall between MLM and the managed devices so ping and SNMP traffic is fine. If I tell netmon to use MLM for both discovery and polling, I should have full comms to the MLM - no problem. I hope that the MLM will then discover the Managed Devices, pass them back to NetView, and also add them to his MLM status polling table. WILL THIS WORK????? - even though NetView himself cannot ping or demand poll the devices? I want the Managed Devices to appear in the NetView topology as managed by the MLM. I don't care if NetView thinks they don't support SNMP, so long as the box is there and it goes red/green depending on the Node Up/Down traps passed from the MLM. I would much appreciate any feedback from anyone who has been down this route. Kind regards, Jane -- Tivoli Certified Enterprise Consultant & Instructor Skills 1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK Tel: +44 (0)1628 782565 Copyright (c) 2001 Jane Curry <jane.curry@skills-1st.co.uk>. All rights reserved. _________________________________________________________________________ NV-L List information and Archives: http://www.tkg.com/nv-l I tried it. I don't think it will fly, there appears to be no easy way to get the discovery to happen via a proxy.
I soon discovered that the MLMs rely on the NV server far more than I realized for discovery. There were a couple of problems that I ran into: 1. The discovery engine on the MLM only finds things on subnets that it is directly connect to. The MLM discovery is far more simplistic than what netmon is capable of. (Yes, you can change the scope of what it's polling using by change the rules for the MLM domain smart sets, but there's no easy way to do that until the objects are actually in the object database). In other words, there's not really a seed file for the MLM. 2. The MLM does not have the capability to do anything other than ICMP echo (ping) discoveries. (Unless there's an undocumented feature). The only way I could possibly see doing this, is to manually prime the MLM tables with a script, explicitly entering nodes. But this could get very ugly from maintenance and scalability standpoint. I would love to find out that I'm in left field on this, and that there is an elegant solution. But, I haven't found it with my own experimentation. PS. Yes, I do realize that things are little different with an Attended MLM running on NT NV.
-----Original Message-----
Has anyone tried the following???? I want to use an MLM to do discovery
NetView ------> Firewall ------> MLM -------> Managed Devices The firewall ONLY permits UDP/162 NetView <-> MLM, and UDP/161 NetView
At this stage, I don't have ping to the MLM either but I can tell netmon
If I tell netmon to use MLM for both discovery and polling, I should
I would much appreciate any feedback from anyone who has been down this
_________________________________________________________________________
|
<Prev in Thread] | Current Thread | [Next in Thread> |
---|---|---|
|
Previous by Date: | NetView & MLM in firewall scenario, Jane Curry |
---|---|
Next by Date: | RE: nvcorrd queue, James_Shanks |
Previous by Thread: | NetView & MLM in firewall scenario, Jane Curry |
Next by Thread: | Re: NetView & MLM in firewall scenario, Don Sykes |
Indexes: | [Date] [Thread] [Top] [All Lists] |
Archive operated by Skills 1st Ltd
See also: The NetView Web