HP IMC (Intelligent Management Center)

IMC overview

HP Intelligent Management Center (IMC) Enterprise Edition is a stand-alone, comprehensive management platform for networking.

See the IMC Documentation and Manuals. It may be useful to consult HP's IMC_Forum discussions.

HP IMC instruction videos are on Youtube at http://www.youtube.com/results?search_query=HP+IMC+7.0.

IMC security

You should be aware that HPE has released in October 2017 an update for its Intelligent Management Center (iMC) platform to address several vulnerabilities, including critical flaws that allow remote attackers to execute arbitrary code on affected systems: Critical Remote Code Execution Flaws Found in HPE iMC.

Fixes are in IMC PLAT 7.3 E0506P03.

IMC versions

Note the following restrictions in IMC versions:

  • IMC Basic version: Max 50 nodes, Windows only, cannot be extended, cannot upgrade trial to licensed version!
  • IMC Standard version: Windows and Linux, 50 nodes, IMC modules. Can be extended, can upgrade trial to licensed version.

Download of IMC

Register to get a free 60 day trial of IMC. Download software from the trial_download page.

Installation on CentOS6/RHEL6

IMC on Linux servers uses the MySQL 5.5 (or later) database. See the Setup and install Manuals named HP Intelligent Management Center v7.0 MySQL 5.5 Installation and Configuration Guide (Linux).

File locations

The default installation is made in the top-level directory /opt/iMC. Some logfiles we have identified are in:

  • IMC logfiles: /opt/iMC/deploy/log/dmslog.txt
  • IMC server log: /opt/iMC/server/conf/log/
  • Database log: /opt/iMC/dbman/log/

Customizing CentOS6/RHEL6

According to the Manuals named Red Hat Enterprise Linux Server 6.4 Installation Guide the CentOS6/RHEL6 installation must be customized before the installation of IMC. In summary this is:

yum install telnet ftp ksh

Disable security features

Unfortunately HP's documentation requires you to lower significantly the system security.

Disable the firewall:

chkconfig iptables off
service iptables stop

Disable SELinux by editing this line in /etc/selinux/config:

SELINUX=disabled

Either reboot the system, or use this command:

setenforce 0

Prepare system for IMC

The installation guide defines prerequisites:

yum install glibc libaio libgcc libstdc++-4.4.7

and the removal of built-in mysql:

yum remove mysql-server mysql
rpm -e --nodeps mysql-libs

The installation guide does not explain how to obtain MySQL 5.5 RPMs.

Installing MySQL 5.5

RHEL6 RPM packages mysql55-* can be downloaded fron RHN in the Red Hat Software Collections 1 Beta (RHEL 6 Server x86_64).

NOTICE: The MySQL 5.5 software will be installed in this root directory:

/opt/rh/mysql55/root/

CentOS6 RPM packages are available from the Software Collections (SCL) Repository. Enable SCL by:

yum install centos-release-SCL

Then install MySQL 5.5 by:

yum install mysql55

Start the MySQL 5.5 service:

chkconfig mysql55-mysqld on
service mysql55-mysqld start

The IMC Install wizard GUI tool apparently has hard-coded the path to all MySQL commands, so you have to make some soft links:

ln -s /opt/rh/mysql55/root/usr/bin/mysql /usr/bin/mysql
ln -s /opt/rh/mysql55/root/usr/bin/mysqldump /usr/bin/mysqldump

Configuring MySQL

Add the MySQL to your $PATH:

export PATH=/opt/rh/mysql55/root/usr/bin:$PATH

Secure the MySQL server (enter root password etc.):

/opt/rh/mysql55/root/usr/bin/mysql_secure_installation

Now we follow instructions in the Manuals named Red Hat Enterprise Linux Server 6.4 Installation Guide. First stop the MySQL service:

service mysql55-mysqld stop

Use a different config file:

cp -p /opt/rh/mysql55/root/usr/share/mysql/my-huge.cnf /opt/rh/mysql55/root/etc/my.cnf

Customize a number of parameters in my.cnf under [mysqld]:

[mysqld]
...
# BEGIN Special configurations for HP IMC MySQL server
default-storage-engine = INNODB
max_connections = 400
character-set-server=latin1
lower_case_table_names=1
# log-bin=mysql-bin    # Comment out this line in my.cnf
innodb_buffer_pool_size=512M
innodb_additional_mem_pool_size=16M
max_allowed_packet = 200M
# max_allowed_packet = 1M    # Comment out this line in my.cnf
# END Special configurations for HP IMC MySQL server

Start the MySQL server:

service mysql55-mysqld start

Maybe not needed? Create a database user:

# mysql -uroot -p<password>
> grant all privileges on *.* to iMC_mysql@'%' identified by 'iMCpassword' with grant option;

Make sure that the single quotes are not some other similar character (as copied from manuals)!!

Installation of IMC

Download the IMC, Standard – manage 50 nodes software package (named iMC_PLAT_7.0_E0202_Standard_Linux or later) from the trial_download page and unzip it. Start the Install wizard GUI tool (requires X11):

cd [...]/iMC_PLAT_7.0_E0202_Standard_Linux/linux/install
sh install.sh

If you get an error about database access, verify that the wizard's hard-coded command /usr/bin/mysql works correctly (see above).

Running IMC

After IMC has been installed, you can run the Linux Deployment Monitoring Agent:

/opt/iMC/deploy/dma.sh

Logging in to IMC through a Web Browser

Once the server is running, you can access the IMC user interface using a Web browser. A Windows PC with IE9 or Firefox 26 (or later) may be required.

Enter the following address in the Address Bar of a browser:

Where hostname is the host name or IP address of the IMC server (the default is localhost if you launch the Web browser on the IMC server machine), and port is the Web server port (the default is 8080) used by IMC. You can also access the IMC user interface with Web browser through HTTPS. Enter the following address in the address bar of a browser:

When the IMC login page appears, use the username admin and password admin to log into IMC. Refer to the IMC Online Help for details on how to add operators, and add your devices to IMC.

Securing IMC by HTTPS

The IMC web-server should be configured for secure HTTPS connections only, and the v7.0 HP Intelligent Management Center Getting Started Guide explains in the section Logging in to IMC how to configure this.

Unfortunately, these instructions for HTTPS seem to pertain to Windows, only. The Linux configuration files in /opt/iMC/client/conf/ do not contain the documented configuration lines :-(

If the IMC server could be configured with the usual firewall, we could block port 8080.

Backup and restore of IMC

Backup of IMC will be needed for safety copies and possible restores or migration to a different server, the MySQL database must be backed up.

IMC backup procedure

See the Manuals entitled HP Intelligent Management Center v7.1 Centralized Deployment Guide with ... Database Section 10 Database backup and restoration. Both the backup and restore operations of IMC are described.

For backup and restore of IMC run the Linux Deployment Monitoring Agent:

/opt/iMC/deploy/dma.sh

In the window click the Environment tab. In the Database Backup and Restore pane clock on Backup for a manual backup. Create and select a directory for the backup files.

The /usr/bin/mysqldump command is used for backup, and it must be soft-linked to /opt/rh/mysql55/root/usr/bin/mysqldump as shown above.

IMC Readme file

You can view the README information in the file /opt/iMC/deploy/readme/readme*.html. Selected Readme information:

IMC Port Usage

IMC uses the following TCP/IP ports:

Port  Usage
TCP 8025  Used to receive SHUTDOWN command for the jserver process.
TCP 9091  The JMX monitoring port used by the jserver process.
TCP 9044  Used to receive SHUTDOWN command to the "HP IMC Server" service process.
TCP 9055  Used to receive SHUTDOWN command to the "Deployment Monitoring Agent" process.
TCP 61616  Used for communication in a distributed deployment environment.
TCP 61626  Used for communication to the HP IMC Server and Deployment Monitoring Agent.
UDP 161  Used to access network elements through SNMP.
UDP 162  Used to accept SNMP Traps from network elements.
TCP 22  SSH/SFTP port, which the configuration center uses to back up and restore the device software and configuration file through SSH/SFTP.
TCP 20/21  FTP port, which the configuration center uses to back up and restore the device software and configuration file through FTP.
TCP 23  Telnet port, which the resource management module, ACL management module, and configuration center use to access the device through Telnet.
TCP 25  SMTP port, which the resource management module uses to send alarms through email.
ICMP  ICMP port, which the resource management module uses to discover devices and check the reachability of the devices.
UDP 69  IMC-specific tftp daemon.
TCP 80  Used to launch the Web network management system of the device.
TCP 443  HTTPS port, which the virtual network management module uses to obtain VMware virtual network data in SSL.
UDP 514/515  IMC-specific syslog daemon.
TCP/UDP 137  NetBIOS name resolution service port, used by the IMC resource management module and terminal access module.
TCP 8080  IMC-specific Web server for HTTP protocol, which can be changed during installation.
TCP 8443  IMC-specific Web server for HTTPS protocol, which can be changed during installation.
TCP 8800  IMC messaging gateway listening port.
TCP 1433

Linux - General Issues

  • The IMC server must be run from a root user account in order to receive SNMP traps, accept syslog messages, and facilitate ftp file transfers.
  • UNIX filenames are case sensitive. Care must be taken when references are made to python scripts and xml files.

IMC usage

To start using IMC in a web browser, first consult the Manuals v7.0 HP Intelligent Management Center Getting Started Guide.

Configuring switches for SNMP and login

In order to use IMC efficiently, all switches should be configured for SNMP and login before adding them to IMC. Also, switch logins using telnet or SSH should be set up in order to read switch configurations (and later possibly reconfigure them). This may be a manual process requiring logins to every switch one by one, but only once and for all! At this time we do not discuss the use of secure SNMP v3 configuration.

To configure HP Procurve switches for SNMP v1/v2 public restricted (i.e., read-only) and unrestricted (i.e., read-write) management access:

snmp-server community "public" operator restricted
snmp-server community "very_secret" manager unrestricted

The read-only community name public is a default value, whereas the very_secret community name (don't use this!) is a secret password-like string chosen by the system manager.

For command-line (CLI) logins the switches should have a telnet password. SSH logins can be configured on newer switches, the HP Procurve command may be:

ip ssh version 2

Discovering switch devices

Use the menu item Resource->Auto discory to add IP address ranges (Network Segments) where switches are found. Then click on Go to Advanced and (probably) select Routing based Auto Discovery Mode so that you can define SNMP and telnet/SSH login templates for switches.

Finally click on the Auto discovery button.

Configure system settings

Basic system settings are in System -> System Configuration -> System Settings:

  • Change administrator username and password in NNMi Configuration.
  • Configure DNS caching servers in DNS Server Setting.

Setting up SNMP traps in switches

It is extremely useful to configure switches to send SNMP traps to the IMC server immediately when some event occurs on the switch. The HP Procurve switch command is:

snmp-server host ZZZZ community "public" trap-level Not-INFO

where ZZZZ is the IP-address of the IMC server (preferably on the switch's management VLAN).

Alarm settings

IMC unfortunately generates alarms (audible, too!) whenever a PC device is disconnected from a switch (this happens lots of times every day!). This behavior seems to be a bug.

Possible solutions are discussed in the IMC_Forum article Problem with an Interface State DOWN found during iMC device poll. Suggested solution:

  1. Go to System -> System Configuration -> System Settings.
  2. Find the Interface Up/Down Alarm section.
  3. Set the alarms Alarms for PC-connected links and Alarms for disconnected links to the value Filter.

See also this video: http://www.youtube.com/watch?v=u2n9YYwx8iw with authoritative solutions, including how to filter traps at the device and port level. The above solution is at the end of this video.

Threshold setting

Monitoring alarms will be issued whenever some thresholds are exceeded. The threshold settings are configured in the menu Resource->Performance Management->Global Index Settings.

The network interface bandwidth global settings are set by default for 100 Mbit/s networks with alarm thresholds at 10 and 50 Mbit/s, respectively, see System: Interface statistics settings. For Gigabit networks, double-click on the settings named Interface transmitting rate and Interface receiving rate and change Thresholds 1 and 2 to 100 and 500 Mbit/s, respectively.

To change settings for an individual device, only, go the the menu Resource->Performance Management->Monitoring Settings. Click on the device's Modify button. In the new window you may change many settings to non-global values for a single device.

Locating devices

To find the location of a device given its IP or MAC address, see the video HP IMC 7.0 IP Address Management.

Go to Resource->Terminal Access->Real-Time Location and search for either IP or MAC address.

You may want to go also to the History Access Log page and click the box Periodically Retrieve Data so that you can look up historical data.

In the History Access Log List click on Query (upper right corner) to search the lists.

IP address management

To monitor the usage of your IP address ranges go to Resource->Terminal Access->IP Address Allocation. Add the IP segments (subnets) in your network. For the network segments configured, look at the column Operations and click on the icon named Auto scanning to scan the subnet.

See the instruction video HP IMC 7.0 IP Address Management.

Network topology

To view the IMC discovered network switch topology, select the menu item Resource->Network topology or the Java-based Resource->Network topology (Applet). Open the My network view icon in the new window.

Traffic monitoring

The Java-based menu item Resource->Network topology (Applet) is capable of displaying the real-time network traffic information.

In the My network view window, click on the Traffic topology icon (second icon from right: yellow/black/grey) and select the type of traffic data you would like the tool to display.

Monitor Linux hosts

The snmpd daemon may be started on Linux hosts to offer monitoring. HP Proliant servers with HP Service Pack for ProLiant already run the snmpd.

Install required packages:

yum install net-snmp net-snmp-libs net-snmp-utils

Permit firewall access to the SNMP ports in /etc/sysconfig/iptables:

# SNMP read requests
-A INPUT -p udp -m udp --dport 161 -j ACCEPT
-A INPUT -p udp -m udp --dport 162 -j ACCEPT

Configure the snmpd daemon in /etc/snmp/snmpd.conf:

rwcommunity  XXX  127.0.0.1
rocommunity  XXX  127.0.0.1
rwcommunity  XXX ZZZZ
rocommunity  public ZZZZ
trapcommunity XXX
trapsink ZZZZ XXX
syscontact  support@your.domain
syslocation  Building-room

where XXX is the secret read-write password. The IP-address ZZZZ is that of our IMC server.

Now restart the snmpd daemon, and make sure it starts at boot time:

service snmpd restart
chkconfig snmpd on

Other tools

SNMP test

To test that you can read a switch using SNMP use, for example, this command:

snmpwalk -Os -c <community-string> -v <protocol-version> <device-address> system

For example, on a Linux host test the localhost:

snmpwalk -Os -c public -v 2c localhost system

For a remote system b307-XXX:

snmpwalk -Os -c public -v 2c b307-XXX system

This command is included in the net-snmp-utils RPM. For command options see man snmpcmd.

Module installation

An overview of optional IMC modules is (only?) available on the trial_download page. Download and unpack the module files to the local file system. Then run the Linux Deployment Monitoring Agent GUI tool:

/opt/iMC/deploy/dma.sh

and click on the Monitor->Install button. Then browse for the components directory of the downloaded files and install it. This may take a long time, and the IMC service will be restarted.

IMC Network Traffic Analyzer

Product overview

HP IMC Network Traffic Analyzer (NTA) Software Module is a graphical network-monitoring tool that provides network administrators with real-time information about users and applications consuming network bandwidth. A reliable solution for enterprise and campus network traffic analysis, it defends the network against virus attacks and applies varying levels of bandwidth traffic to different services and applications. The IMC NTA software module's network bandwidth statistics help plan, monitor, enhance, and troubleshoot networks, as well as identify bottlenecks and apply corrective measures for enhanced throughput. The software also monitors Internet egress traffic, helping administrators to analyze the bandwidth usage of specific applications and monitor the impact of non-business applications (e.g., network games) on user productivity. Granular, network-wide surveillance of complex, multilayer switched and routed environments helps rapidly identify and resolve network threats:

  • Real-time monitoring of database space
  • Automatic generation of four types of reports
  • Uses instruments embedded in switches/routers
  • Support for sFlow, NetFlow, and NetStream
  • Granular insight of applications, users, and ports

Based on the iMC platform, two components have been developed: Network Traffic Analyzer (NTA) and User Behavior Auditor (UBA). NTA monitors and analyzes network traffic while UBA audits user behavior. Both of them support log collection through a probe.

NTA documentation

You should watch the video HP IMC - Setting Up Network Traffic Analysis first.

Download HP Intelligent Management Center v7.0 Network Traffic Analyzer Software Administrator Guide from the NTA manuals page.

The NTA Administrator Guide (ch. 2) defines devices such as switches and probes:

  • NTA supports two types of devices as network flow data sources. The first type of devices are devices such as routers and switches that support NetStream v5/v9, NetFlow v5/v9, or sFlow v5 monitoring. You can add devices to NTA using the Device Management feature. When network flow data from one or more of these devices is necessary, you can modify the NTA server configuration, and deploy the new configuration. This makes it easy to adjust your network flow analysis configuration as your needs change.
  • The second device type for which NTA processes network flow data is a probe. A probe in NTA is a server that has the probe application program installed. A probe creates network flow records from devices that do not support network flow record generation. Using the probe, you can mirror traffic from a router or switch port or through an inline tap to a probe server that collects and analyzes the traffic before forwarding to an NTA server. As with Device Management, the Probe Management feature of NTA allows you to

NTA probe installation

The probe may be optional Revise later.

Download from JF384A HP IMC NTA S/W Module w/10-node License. Unpack the zip-file iMC_NTA_7.0_E0201.zip to get a folder NTA and go there. Installation instructions HP IMC Probe Installation Guide.pdf are in the folder manual/:

chmod 755 probe/install/probe_installer.sh
./probe/install/probe_installer.sh

You have to define all network interfaces (such as eth0) which will be used by the probe.

After NTA probe installation the server must be rebooted. This will start the new service probed running the executable /usr/local/unba/bin/probe.

NTA device management

The NTA Administrator Guide (ch. 2) defines Service > Traffic Analysis and Audit > Settings, then click the Device Management link and add a device IP and name, for example one of our switches*.

Switch sFlow configuration

sFlow is an industry standard technology for monitoring high speed switched networks. Switches must have hardware support if sFlow is to be used.

The Procurve 2530 switches have sFlow hardware capability. An example of sFlow configuration using CLI is:

sflow 1 destination ZZZZ
sflow 1 sampling all 1000
sflow 1 polling all 20

Here ZZZZ is the IMC management station IP address. The CLI on-line help explains the command parameters.

IT-wiki: IMC (last edited 2017-10-09 12:46:36 by OleHolmNielsen)