HP IMC (Intelligent Management Center)
- IMC overview
- Download of IMC
- Installation on CentOS6/RHEL6
- Customizing CentOS6/RHEL6
- Installation of IMC
- Running IMC
- Backup and restore of IMC
- IMC Readme file
- IMC usage
- Monitor Linux hosts
- Other tools
- Module installation
- IMC Network Traffic Analyzer
- Switch sFlow configuration
HP Intelligent Management Center (IMC) Enterprise Edition is a stand-alone, comprehensive management platform for networking.
HP IMC instruction videos are on Youtube at http://www.youtube.com/results?search_query=HP+IMC+7.0.
You should be aware that HPE has released in October 2017 an update for its Intelligent Management Center (iMC) platform to address several vulnerabilities, including critical flaws that allow remote attackers to execute arbitrary code on affected systems: Critical Remote Code Execution Flaws Found in HPE iMC.
Fixes are in IMC PLAT 7.3 E0506P03.
The default installation is made in the top-level directory /opt/iMC. Some logfiles we have identified are in:
- IMC logfiles: /opt/iMC/deploy/log/dmslog.txt
- IMC server log: /opt/iMC/server/conf/log/
- Database log: /opt/iMC/dbman/log/
yum install telnet ftp ksh
Unfortunately HP's documentation requires you to lower significantly the system security.
Disable the firewall:
chkconfig iptables off service iptables stop
Disable SELinux by editing this line in /etc/selinux/config:
Either reboot the system, or use this command:
The installation guide defines prerequisites:
yum install glibc libaio libgcc libstdc++-4.4.7
and the removal of built-in mysql:
yum remove mysql-server mysql rpm -e --nodeps mysql-libs
The installation guide does not explain how to obtain MySQL 5.5 RPMs.
RHEL6 RPM packages mysql55-* can be downloaded fron RHN in the Red Hat Software Collections 1 Beta (RHEL 6 Server x86_64).
NOTICE: The MySQL 5.5 software will be installed in this root directory:
yum install centos-release-SCL
Then install MySQL 5.5 by:
yum install mysql55
Start the MySQL 5.5 service:
chkconfig mysql55-mysqld on service mysql55-mysqld start
The IMC Install wizard GUI tool apparently has hard-coded the path to all MySQL commands, so you have to make some soft links:
ln -s /opt/rh/mysql55/root/usr/bin/mysql /usr/bin/mysql ln -s /opt/rh/mysql55/root/usr/bin/mysqldump /usr/bin/mysqldump
Add the MySQL to your $PATH:
Secure the MySQL server (enter root password etc.):
Now we follow instructions in the Manuals named Red Hat Enterprise Linux Server 6.4 Installation Guide. First stop the MySQL service:
service mysql55-mysqld stop
Use a different config file:
cp -p /opt/rh/mysql55/root/usr/share/mysql/my-huge.cnf /opt/rh/mysql55/root/etc/my.cnf
Customize a number of parameters in my.cnf under [mysqld]:
[mysqld] ... # BEGIN Special configurations for HP IMC MySQL server default-storage-engine = INNODB max_connections = 400 character-set-server=latin1 lower_case_table_names=1 # log-bin=mysql-bin # Comment out this line in my.cnf innodb_buffer_pool_size=512M innodb_additional_mem_pool_size=16M max_allowed_packet = 200M # max_allowed_packet = 1M # Comment out this line in my.cnf # END Special configurations for HP IMC MySQL server
Start the MySQL server:
service mysql55-mysqld start
Maybe not needed? Create a database user:
# mysql -uroot -p<password> > grant all privileges on *.* to iMC_mysql@'%' identified by 'iMCpassword' with grant option;
Make sure that the single quotes are not some other similar character (as copied from manuals)!!
Download the IMC, Standard – manage 50 nodes software package (named iMC_PLAT_7.0_E0202_Standard_Linux or later) from the trial_download page and unzip it. Start the Install wizard GUI tool (requires X11):
cd [...]/iMC_PLAT_7.0_E0202_Standard_Linux/linux/install sh install.sh
If you get an error about database access, verify that the wizard's hard-coded command /usr/bin/mysql works correctly (see above).
After IMC has been installed, you can run the Linux Deployment Monitoring Agent:
Once the server is running, you can access the IMC user interface using a Web browser. A Windows PC with IE9 or Firefox 26 (or later) may be required.
Enter the following address in the Address Bar of a browser:
Where hostname is the host name or IP address of the IMC server (the default is localhost if you launch the Web browser on the IMC server machine), and port is the Web server port (the default is 8080) used by IMC. You can also access the IMC user interface with Web browser through HTTPS. Enter the following address in the address bar of a browser:
When the IMC login page appears, use the username admin and password admin to log into IMC. Refer to the IMC Online Help for details on how to add operators, and add your devices to IMC.
The IMC web-server should be configured for secure HTTPS connections only, and the v7.0 HP Intelligent Management Center Getting Started Guide explains in the section Logging in to IMC how to configure this.
Unfortunately, these instructions for HTTPS seem to pertain to Windows, only. The Linux configuration files in /opt/iMC/client/conf/ do not contain the documented configuration lines :-(
If the IMC server could be configured with the usual firewall, we could block port 8080.
Backup of IMC will be needed for safety copies and possible restores or migration to a different server, the MySQL database must be backed up.
See the Manuals entitled HP Intelligent Management Center v7.1 Centralized Deployment Guide with ... Database Section 10 Database backup and restoration. Both the backup and restore operations of IMC are described.
For backup and restore of IMC run the Linux Deployment Monitoring Agent:
In the window click the Environment tab. In the Database Backup and Restore pane clock on Backup for a manual backup. Create and select a directory for the backup files.
The /usr/bin/mysqldump command is used for backup, and it must be soft-linked to /opt/rh/mysql55/root/usr/bin/mysqldump as shown above.
You can view the README information in the file /opt/iMC/deploy/readme/readme*.html. Selected Readme information:
IMC uses the following TCP/IP ports:
Port Usage TCP 8025 Used to receive SHUTDOWN command for the jserver process. TCP 9091 The JMX monitoring port used by the jserver process. TCP 9044 Used to receive SHUTDOWN command to the "HP IMC Server" service process. TCP 9055 Used to receive SHUTDOWN command to the "Deployment Monitoring Agent" process. TCP 61616 Used for communication in a distributed deployment environment. TCP 61626 Used for communication to the HP IMC Server and Deployment Monitoring Agent. UDP 161 Used to access network elements through SNMP. UDP 162 Used to accept SNMP Traps from network elements. TCP 22 SSH/SFTP port, which the configuration center uses to back up and restore the device software and configuration file through SSH/SFTP. TCP 20/21 FTP port, which the configuration center uses to back up and restore the device software and configuration file through FTP. TCP 23 Telnet port, which the resource management module, ACL management module, and configuration center use to access the device through Telnet. TCP 25 SMTP port, which the resource management module uses to send alarms through email. ICMP ICMP port, which the resource management module uses to discover devices and check the reachability of the devices. UDP 69 IMC-specific tftp daemon. TCP 80 Used to launch the Web network management system of the device. TCP 443 HTTPS port, which the virtual network management module uses to obtain VMware virtual network data in SSL. UDP 514/515 IMC-specific syslog daemon. TCP/UDP 137 NetBIOS name resolution service port, used by the IMC resource management module and terminal access module. TCP 8080 IMC-specific Web server for HTTP protocol, which can be changed during installation. TCP 8443 IMC-specific Web server for HTTPS protocol, which can be changed during installation. TCP 8800 IMC messaging gateway listening port. TCP 1433
In order to use IMC efficiently, all switches should be configured for SNMP and login before adding them to IMC. Also, switch logins using telnet or SSH should be set up in order to read switch configurations (and later possibly reconfigure them). This may be a manual process requiring logins to every switch one by one, but only once and for all! At this time we do not discuss the use of secure SNMP v3 configuration.
snmp-server community "public" operator restricted snmp-server community "very_secret" manager unrestricted
The read-only community name public is a default value, whereas the very_secret community name (don't use this!) is a secret password-like string chosen by the system manager.
For command-line (CLI) logins the switches should have a telnet password. SSH logins can be configured on newer switches, the HP Procurve command may be:
ip ssh version 2
Use the menu item Resource->Auto discory to add IP address ranges (Network Segments) where switches are found. Then click on Go to Advanced and (probably) select Routing based Auto Discovery Mode so that you can define SNMP and telnet/SSH login templates for switches.
Finally click on the Auto discovery button.
Basic system settings are in System -> System Configuration -> System Settings:
- Change administrator username and password in NNMi Configuration.
- Configure DNS caching servers in DNS Server Setting.
snmp-server host ZZZZ community "public" trap-level Not-INFO
where ZZZZ is the IP-address of the IMC server (preferably on the switch's management VLAN).
IMC unfortunately generates alarms (audible, too!) whenever a PC device is disconnected from a switch (this happens lots of times every day!). This behavior seems to be a bug.
Possible solutions are discussed in the IMC_Forum article Problem with an Interface State DOWN found during iMC device poll. Suggested solution:
- Go to System -> System Configuration -> System Settings.
- Find the Interface Up/Down Alarm section.
- Set the alarms Alarms for PC-connected links and Alarms for disconnected links to the value Filter.
See also this video: http://www.youtube.com/watch?v=u2n9YYwx8iw with authoritative solutions, including how to filter traps at the device and port level. The above solution is at the end of this video.
Monitoring alarms will be issued whenever some thresholds are exceeded. The threshold settings are configured in the menu Resource->Performance Management->Global Index Settings.
The network interface bandwidth global settings are set by default for 100 Mbit/s networks with alarm thresholds at 10 and 50 Mbit/s, respectively, see System: Interface statistics settings. For Gigabit networks, double-click on the settings named Interface transmitting rate and Interface receiving rate and change Thresholds 1 and 2 to 100 and 500 Mbit/s, respectively.
To change settings for an individual device, only, go the the menu Resource->Performance Management->Monitoring Settings. Click on the device's Modify button. In the new window you may change many settings to non-global values for a single device.
To find the location of a device given its IP or MAC address, see the video HP IMC 7.0 IP Address Management.
Go to Resource->Terminal Access->Real-Time Location and search for either IP or MAC address.
You may want to go also to the History Access Log page and click the box Periodically Retrieve Data so that you can look up historical data.
In the History Access Log List click on Query (upper right corner) to search the lists.
To monitor the usage of your IP address ranges go to Resource->Terminal Access->IP Address Allocation. Add the IP segments (subnets) in your network. For the network segments configured, look at the column Operations and click on the icon named Auto scanning to scan the subnet.
See the instruction video HP IMC 7.0 IP Address Management.
To view the IMC discovered network switch topology, select the menu item Resource->Network topology or the Java-based Resource->Network topology (Applet). Open the My network view icon in the new window.
The Java-based menu item Resource->Network topology (Applet) is capable of displaying the real-time network traffic information.
In the My network view window, click on the Traffic topology icon (second icon from right: yellow/black/grey) and select the type of traffic data you would like the tool to display.
The snmpd daemon may be started on Linux hosts to offer monitoring. HP Proliant servers with HP Service Pack for ProLiant already run the snmpd.
Install required packages:
yum install net-snmp net-snmp-libs net-snmp-utils
Permit firewall access to the SNMP ports in /etc/sysconfig/iptables:
# SNMP read requests -A INPUT -p udp -m udp --dport 161 -j ACCEPT -A INPUT -p udp -m udp --dport 162 -j ACCEPT
Configure the snmpd daemon in /etc/snmp/snmpd.conf:
rwcommunity XXX 127.0.0.1 rocommunity XXX 127.0.0.1 rwcommunity XXX ZZZZ rocommunity public ZZZZ trapcommunity XXX trapsink ZZZZ XXX syscontact firstname.lastname@example.org syslocation Building-room
where XXX is the secret read-write password. The IP-address ZZZZ is that of our IMC server.
Now restart the snmpd daemon, and make sure it starts at boot time:
service snmpd restart chkconfig snmpd on
To test that you can read a switch using SNMP use, for example, this command:
snmpwalk -Os -c <community-string> -v <protocol-version> <device-address> system
For example, on a Linux host test the localhost:
snmpwalk -Os -c public -v 2c localhost system
For a remote system b307-XXX:
snmpwalk -Os -c public -v 2c b307-XXX system
This command is included in the net-snmp-utils RPM. For command options see man snmpcmd.
An overview of optional IMC modules is (only?) available on the trial_download page. Download and unpack the module files to the local file system. Then run the Linux Deployment Monitoring Agent GUI tool:
and click on the Monitor->Install button. Then browse for the components directory of the downloaded files and install it. This may take a long time, and the IMC service will be restarted.
HP IMC Network Traffic Analyzer (NTA) Software Module is a graphical network-monitoring tool that provides network administrators with real-time information about users and applications consuming network bandwidth. A reliable solution for enterprise and campus network traffic analysis, it defends the network against virus attacks and applies varying levels of bandwidth traffic to different services and applications. The IMC NTA software module's network bandwidth statistics help plan, monitor, enhance, and troubleshoot networks, as well as identify bottlenecks and apply corrective measures for enhanced throughput. The software also monitors Internet egress traffic, helping administrators to analyze the bandwidth usage of specific applications and monitor the impact of non-business applications (e.g., network games) on user productivity. Granular, network-wide surveillance of complex, multilayer switched and routed environments helps rapidly identify and resolve network threats:
- Real-time monitoring of database space
- Automatic generation of four types of reports
- Uses instruments embedded in switches/routers
- Support for sFlow, NetFlow, and NetStream
- Granular insight of applications, users, and ports
Based on the iMC platform, two components have been developed: Network Traffic Analyzer (NTA) and User Behavior Auditor (UBA). NTA monitors and analyzes network traffic while UBA audits user behavior. Both of them support log collection through a probe.
You should watch the video HP IMC - Setting Up Network Traffic Analysis first.
Download HP Intelligent Management Center v7.0 Network Traffic Analyzer Software Administrator Guide from the NTA manuals page.
The NTA Administrator Guide (ch. 2) defines devices such as switches and probes:
- NTA supports two types of devices as network flow data sources. The first type of devices are devices such as routers and switches that support NetStream v5/v9, NetFlow v5/v9, or sFlow v5 monitoring. You can add devices to NTA using the Device Management feature. When network flow data from one or more of these devices is necessary, you can modify the NTA server configuration, and deploy the new configuration. This makes it easy to adjust your network flow analysis configuration as your needs change.
- The second device type for which NTA processes network flow data is a probe. A probe in NTA is a server that has the probe application program installed. A probe creates network flow records from devices that do not support network flow record generation. Using the probe, you can mirror traffic from a router or switch port or through an inline tap to a probe server that collects and analyzes the traffic before forwarding to an NTA server. As with Device Management, the Probe Management feature of NTA allows you to
The probe may be optional Revise later.
Download from JF384A HP IMC NTA S/W Module w/10-node License. Unpack the zip-file iMC_NTA_7.0_E0201.zip to get a folder NTA and go there. Installation instructions HP IMC Probe Installation Guide.pdf are in the folder manual/:
chmod 755 probe/install/probe_installer.sh ./probe/install/probe_installer.sh
You have to define all network interfaces (such as eth0) which will be used by the probe.
After NTA probe installation the server must be rebooted. This will start the new service probed running the executable /usr/local/unba/bin/probe.
The NTA Administrator Guide (ch. 2) defines Service > Traffic Analysis and Audit > Settings, then click the Device Management link and add a device IP and name, for example one of our switches*.
sflow 1 destination ZZZZ sflow 1 sampling all 1000 sflow 1 polling all 20
Here ZZZZ is the IMC management station IP address. The CLI on-line help explains the command parameters.