Table of Contents
CA NSM Administration Guide
Contents
1: Introduction
About CA NSM
About This Guide
UNIX and Linux Support
CA NSM Databases
Management Data Base
Distributed Intelligence Architecture
Discovery
Visualizing Your Enterprise
Management Command Center
Providing Access to CA NSM Components in the Management Command Center
Start the Management Command Center
Other CA NSM User Interfaces
Unicenter Browser Interface
Unicenter Classic
WorldView Classic
Agent Dashboards
Discovery Classic
WorldView
Business Process View Management
Smart BPV
Customizing Your Business Views Using Unicenter Management Portal
Monitoring Your Enterprise
Unicenter Configuration Manager
Unicenter Remote Monitoring
Administering Critical Events
Event Management
Alert Management System
Analyzing Systems Performance
Correlating Important Events
Advanced Event Correlation
Unicenter Notification Services
Creating Customized Reports
Trap Manager
System Monitoring for z/OS
Integration with Other Products
Unicenter Service Desk
Unicenter Management for MOM
Unicenter Cisco Integration
Intel Active Management Technology
eHealth Integration with the Management Command Center
SPECTRUM Integration
Related Publications
2: Securing CA NSM
Role-based Security
Securing the MDB
MDB Users (Microsoft SQL Server Databases)
MDB User Groups (Ingres Databases)
MDB Users (Ingres Databases)
Operating System Users
How You Create Additional CA NSM Administrators (Microsoft SQL Server Databases)
How You Create Additional CA NSM Administrators (Ingres Databases)
Ingres Virtual Node Names (VNODES)
Component-Level Security
What is Security Management
Administrators or Power Users Group
How You Change the CA NSM Administrator Password On Windows
Change the Password for the Severity Propagation Engine User Accounts (Windows)
How You Change File Privileges on Microsoft Windows 2003 Server
Run Utilities Requiring Administrator Privileges on Windows Vista
Create Additional Users with Administrator Privileges to Run Discovery (Microsoft SQL Server Databases)
How You Create Additional Users Without Administrator Privileges (SQL Server Databases)
Create Additional Users with Administrator Privileges to Run Discovery (Ingres Databases)
How You Create Additional Users Without Administrator Privileges (Ingres Databases)
WorldView Security
Set up Read-Only Windows-Authenticated Users (Microsoft SQL Server Databases)
Set Up Read-Only Microsoft SQL Users for WorldView
Set Up Read-Only Users for WorldView (Ingres Databases)
Connect Remotely to Another MDB Using WorldView Classic (Windows)
Connect to a Remote Repository
Define a Logical Repository (Windows)
Define a Logical Repository (UNIX/Linux)
Management Command Center Security
Access to the Management Command Center
Grant Non-Root Access to the Management Command Center
Override the Management Command Center User ID
Deactivate Password Caching
Integrating with eTrust Access Control
How Integration and Migration Works
Rules and Statistics Not Migrated
Attributes Not Migrated
Protecting and Filtering MDB Data Using Data Scoping
Data Scoping Rules
Types of Data Scoping Rules
How Data Scoping Rules are Inherited
How Data Scoping Order of Precedence Rules Are Applied
Rule Performance Issues
How Data Scoping Rules Impact MDB Performance
Data Scoping Security on Windows
Data Scoping Security on UNIX/Linux
User IDs Required for Data Scoping Rule Evaluations
User IDs for Data Scoping Evaluation on Windows Platforms (Microsoft SQL Server Databases)
User IDs for Data Scoping Evaluation on Windows Platforms (Ingres Databases)
User IDs for Data Scoping Rule Evaluation on UNIX/Linux Platforms
Data Scoping Rule Evaluation Using Windows Local Groups
Data Scoping Rule Evaluation Using Windows Domain Groups (Microsoft SQL Server Databases)
Data Scoping Rule Evaluation Using Windows Domain Groups (Ingres Databases)
Data Scoping Rule Evaluation in Management Command Center
Data Scoping Rule Evaluation Using Ingres Databases
Data Scoping Limitations When the MDB Resides on UNIX/Linux
Data Scoping Limitations on UNIX/Linux When the MDB Resides on Windows
Data Scoping in the 2D Map (Windows)
Activate Data Scoping on Windows
Deactivate Data Scoping on Windows
Activate Data Scoping on UNIX/Linux
Deactivate Data Scoping on UNIX or Linux
DataScope Rule Editor
Implement End-to-End Data Scoping
Communication Protocol Security
Encryption Levels
Agent to Manager Communication Security
Common Communications Interface (CAICCI)
CAICCI Secure Sockets Facility (CCISSF)
3: Discovering Your Enterprise
Discovery
How You Can Combine Running Classic and Continuous Discovery
Classic Discovery Multi-Homed Device Support
Discovery Classification Engine
Discovery Timestamp
How Subnet Filters Work
How Timeout Values Affect Discovery
Discovery Object Creation Rules
Types of Discovery Methods
How You Modify or Write Classification Rules
How to Enable Classification of New Classes
methods.xml file--Configure Classification Methods
classifyrule.xml--Configure Classification Rules
Device Not Discovered
Discovering Your Network Devices Continuously in Real-Time Mode
Continuous Discovery Architecture
How Continuous Discovery Monitors Your Network
How Continuous Discovery Discovers and Monitors Subnets
Continuous Discovery Default Configuration
DHCP Engine Configuration
Set the Admin Status Property for an Object Using Continuous Discovery
Exclude Classes from Discovery
How You Set Up SNMP Community Strings for Continuous Discovery
Discovery Managers
Set Properties for Continuous Discovery Managers
Discovery Events Reported to the Event Console
Discovery Agents
Configure a Discovery Agent to Manage Additional Subnets
Set Properties for Continuous Discovery Agents
Change Continuous Discovery Agent Polling Interval
Change Continuous Discovery Agent Manager
Discovery and Firewalls
Continuous Discovery Rapidly Consumes Memory
Discovering Your Network Devices on Demand Using Classic Discovery
Discovery Methods
How Agent Discovery Works
How IPX Discovery Works
How SAN Discovery Works
How Discovery Uses Subnets
How Discovery Handles a New Subnet
How You Prepare to Run Discovery
How You Discover a Single Network
How You Discover an Entire Intranet
How You Determine the Time Required to Ping a Class B Network
How Names of Discovered Devices are Determined
Discovery Creates Incorrect Subnets
Discovering IPv6 Network Devices using Common Discovery
Common Discovery
Discovery Web Client
Discovery Request Client
CA Common Discovery GUI
Using Common Discovery GUI
Configure New Discovery Server
Set Discovery Server Options
Set Discovery Agent Options
Understanding IPv6 Discovery
Using IPv6 Discovery
4: Visualizing Your Enterprise
WorldView Components
Managed Objects
Viewing Your Network Topology Using the 2D Map
2D Map
Billboards
Background Maps
Save Arrangement of Objects in 2D Map
Custom Views
Favorite Views
How Navigation Works in the 2D Map
Business Process Views
Types of Business Process Views
Dynamic Business Process Views
Dynamic Containment Service (DCS)
Determining the Relative Importance of an Object in Your Network
Severity Levels
Weighted Severity
Object Importance
Change Default Importance Thresholds
Set Policies for a Managed Object's Severity Using Alarmsets
Severity Propagation Service
How You Correctly Stop and Restart the Microsoft SQL Server Database
Viewing Object Details and Properties
Modifying Class Properties with the Class Editor
Reviewing Class Definitions
Viewing MIBs and WBEM Data with ObjectView
DashBoard Monitor
Customize Chart Overview
Graph Wizard Overview
Viewing Relationships Among Objects Using the Association Browser
Context Menu
Viewing Links Between Objects
Open the Link Browser
Viewing Historical Information about Your Network
Importing and Exporting Objects to and from WorldView
Export Methods
Trix Script Files
How to Export and Import Objects Using WorldView Classic
How to Export and Import Objects Using Unicenter Browser
Understanding IPv6 Discovery
IPv6 Import Tool
Registering and Updating Unicenter Components Using Unicenter Registration Services
Configuring Business Process Objects Using Business Process Views
Business Process Objects
Rules
Child Count Rule
State Count Rule
Propagation Thresholds Rule
Boolean Logic Rule
Child Update Rule
Integration with Event Management
Notification Events
Impact Events
Creating Business Process Views Using SmartBPV
Business Process Views
Benefits of SmartBPV
How SmartBPV Works
SmartBPV Examples
How Optimizing SmartBPV Enhances Implementation
5: Customizing Your Business Views
Why You Need Unicenter Management Portal
CleverPath Portal Technology
Users, Workgroups, and Security Profiles
Scoreboards and Dashboards
Scoreboards and Dashboards Distributed with Unicenter MP
Unicenter MP Administration
Administration Wizard
Task 1: Manage Components
Workplace Templates
Create Workplaces from Templates
Working with Components
Working with Unicenter WorldView
Business Process View Scoreboards
Resource Scoreboards
Portal Explorer
Severity Browser
Working with Agent Management
Agent Map Scoreboards
Host Map Scoreboards
Agent View and Server View Dashboards
Working with Unicenter Event Management
Event Scoreboard
Event Console
Event Actions
Manage Event Filters
Working with Unicenter Alert Management
Alert Scoreboard
Alert Console
Alert Actions
Working with Unicenter MP Notification
Working with Unicenter MP Reports
Working with Unicenter Service Metric Analysis
Working with Unicenter Service Desk
eHealth Integration with Unicenter MP
How the eHealth Integration Works
Working with SPECTRUM
Additional Component Integrations
6: Monitoring Your Enterprise
Using Agent Technology to Monitor Resources
Understanding Unicenter Remote Monitoring
Remote Monitoring Architecture
Resource Types You Can Monitor
Securing Access to Remote Monitoring
Understanding Resource Monitoring
Basic Concepts
General Functions
Auto Watchers and Available Lists
Call-Back Mechanism
Cluster Awareness
Configuring Resource Auto Discovery
Editing Watchers
Evaluation Policy
Generic Resources Monitoring
History Group
Independent Warning and Critical Thresholds
Loss and Existence
Message and Action Records
Minimum and Maximum Metrics
Modification Policy
Overall Status of Each Functional Area
Overloading Thresholds
Periodic Configuration Write-Back
Poll Method
Resource Monitoring at an Instance Level
Resource Selection Capabilities
Status Deltas
Status Lags
SNMPv3 Support
Traps with Total Values
Watcher
Monitoring System Resources
Active Directory Resources
CICS Resources
7: Host Resources MIB
Log Agent Resources
Script Agent Resources
SystemEDGE Agent
UNIX/Linux System Resources
Windows Management Instrumentation Resources
Windows System Resources
z/OS Resources
Understanding Systems Management
Understanding the Architecture
Communication Status (Monitoring Layer)
Managing the Enterprise (Manager Layer)
View the Enterprise (WorldView Level)
Tools to Configure Managed Resources
Agent View
DSM View
Event Browser
MIB Browser
Node View
Remote Ping
Repository Monitor
Agent Technology Services Manager
SNMP Administrator
Configuring Managed Nodes
Benefits of Configuration Sets
Defining a Configuration File Name
Using a Configuration File
Using Adaptive Configuration
Loading a Configuration File
Distributing Configurations
Configuring a DSM Environment
Understanding DSM Configuration
Understand DSM Wizard
Monitoring the Health of your DSM
DSM Monitor Interfaces
DSM Monitor View
DSM Monitor Node View
DSM Monitor Dashboard
Understanding Configuration Manager
Resource Model Groups
Create a Group
Base Profiles
Create a Base Profile
Differential Profiles
Create a Differential Profile
File Packages
Create a File Package
Delivery Schedules
Create a Delivery Schedule
Configuration Bundles
Create a Configuration Bundle
Reporting Feature
8: Administering Critical Events
Event Management
Events
Event Management Policies
Event Agent
Non-Root Event Agent
How Event Agents Are Implemented
Configure the Event Agent
Dates and Times for Automated Event Processing
Automatic Responses to Event Messages
Event Sources
Message Records
Message Actions
Message Activity Distribution
Message Action Policy Definitions and Servers
Test Policy by Simulating Messages
Message Routing to Remote Hosts
Message Action Restriction
Environment Variables for Messages and Actions
Message Enhancement
Event Correlation
Event Console
Security for Console Log Viewing
Console Log File
Event Logs and Mobile Devices
Multiple Remote Console Logs
SNMP Traps
Support for SNMP Version 3 Traps
Authorize SNMP Version 3 Users for CATRAPD
Examples
Encrypt the snmpv3.dat File
Trap Destinations
How catrapd Formats Traps
Enable Automatic Formatting of Traps
How catrap Issues Traps
Binary and Hex Octet String Varbinds
TRAP and MIB Table Manipulation
MIBs
Sample Pseudo-MIB
Event Policy Packs
Message Record and Action Policy Packs
Advanced Event Correlation Policy Packs
Wireless Message Delivery
How Wireless Messaging Works
Wireless Messaging Client - capagecl
Message File
Configuration Files
Settings for Command Messaging
Wireless Messaging Policy Writer
Template Files
View the WIreless Messaging Icon
Alert Management System
What Are Alerts?
How Alert Management Works
Understanding Alert Policies
Viewing and Responding to Alerts in the Management Command Center
By Alert Queue
For a Managed Object
Integrating with Unicenter Service Desk
How the Integration with Service Desk Works
Scenarios
9: Correlating Important Events
Unicenter Notification Services
How Unicenter Notification Services Works
Features of Unicenter Notification Services
Configuration and Diagnostics
Notification Services Usage of SSL
Email - SMTP/POP3 Protocol Issues
Wireless - WCTP Protocol Issues
Instant Message - Sametime Protocol Issues
Page - SNPP Protocol Issues
Page - TAP Protocol Issues
Short Message - SMSHTTP Protocol Issues
Voice - TAPI Issues
Script Protocol Issues
Advanced Event Correlation
Why Use AEC?
How AEC Works
Alert Management Integration
Event Definitions
Configure AEC
Start the IDE Policy Editor
Start the Web Policy Editor
Impact Analysis
Implement AEC
Deploy Policy
Check the AEC Engine Status
Check Policy Status and Utilization
Event Log Player
Understanding the AEC Components
Components of a Correlation Rule
Boolean Logic in AEC Rules
Timing Parameters
Tokens
Global Constants
Credentials
Calendar Support
Template Rules
Regular Expressions
10: Improving Systems Performance
Analyzing Systems Performance
Performance Scope Usage
Working with Performance Trend
Effective Reporting with Performance Reporting
Charging for Resource Usage with Performance Chargeback
Data Fundamentals
Real-time Data Gathering
Historical Data Gathering
Performance Architecture
Data Accessibility and Management by the Performance Data Grid
Configuration Services
Main Performance Architecture Components
Performance Domain Server
Performance Distribution Server
Systems Performance and the MDB
Administrative Tools
Secure, Centralized Configuration with Performance Configuration
Command-Line Utilities
11: Creating Customized Reports
Types of Reports
Report Templates
12: Securing CA NSM Objects
What is Security Management
How Security Management Works
Security Policies
How the Commit Process Works
How Security Management Is Implemented
Phase 1: Customize Security Management Options
How You Modify Windows Security Management Option Settings
How You Modify UNIX/Linux Security Management Option Settings
Options to Consider for Your Operations
Default Permission Option
System Violation Mode
USE_PAT Option (UNIX/Linux Only)
Authorized User List (for QUIET Mode)
Remote CAISSF Return Codes
Rule Server Support (Windows only)
User Group Server Support (Windows)
Security Management Automatic Startup (Windows)
Additional Options for UNIX/Linux Platforms
Node Support Implementation
Asset Definitions
Set Certain Options to Absolute Values
Phase 2: Start Security in QUIET Mode
Phase 3: Create Rules for Production in WARN Mode
Defining User Groups
Nested User Groups
Defining Asset Groups
Nested Asset Groups
Asset Permissions
Access Types
Date and Time Controls
Defining Access Permissions
Access Determination
Rule Evaluation
How CAISSF Scoping Options Work
CAISSF Scoping Options
Phase 4: Set Options for Production, FAIL Mode
How You Commit Rules in Fail Mode
How You Deactivate Security Management
Security Management Reports
Access Violations Written to the Event Console Log
UNIX/Linux Reports
Whohas Report
What-Has Report
A: Unicenter NSM r11.2 UNIX and Linux Support
UNIX and Linux Support
Supported Components
UNIX and Linux Support Quick Reference
B: FIPS-140-2 Encryption
CA NSM FIPS 140-2 Compliance
Compliant Components
Systems Performance
Data Encrypted
Data Encryption Key
Turn on FIPS Mode
Installation Considerations
How to Install Systems Performance with FIPS Mode Off
How to Switch to FIPS Mode
How to Change the FIPS Encryption Key
How to Switch Off FIPS Mode
How to Migrate from a Previous Release
How to Add the Performance Agent to an Existing FIPS Enabled Enterprise
How to Update the User Domain Access File in a FIPS Environment
CASPKeyUtil Utility--Generate a New Key
CASPEncrypt.exe Utility--Reencrypt Data
Active Directory Management
Data Encrypted
Data Encryption Key
Installation and Migration Considerations
Convert Password File to FIPS Encryption
Agent Technology
Data Encrypted
Data Encryption Key
Installation Considerations
Migration Considerations
Common Communications Interface
Data Encrypted
Turn on FIPS Mode
Installation Considerations
Management Command Center
Data Encrypted
Data Encryption Key
Installation Considerations
Migration Considerations
Configure CAM to Use TLS Encryption
Turn Off Password Caching for Event Management and WorldView Credentials
Unicenter Management Portal
Data Encrypted
Data Encryption Key
Installation Considerations
Web Reporting Server
Data Encrypted
Data Encryption Key
Installation Considerations
C: Managing Traps Using the Trap Manager
Trap Daemon
Trap Filters
Local Versus Remote Installation
D: Managing Cisco Devices Using Cisco Integration
Analyzing CISCO Integration
Cisco Device Recognition
E: Replicating Objects in the WorldView Repository
Analyzing Repository Bridge
How Repository Bridge Works
Repository Bridge Architectures
Fanout Architecture
Aggregation Architecture
How to Determine Which Architecture to Use
Repository Bridge Components
Bridge Configuration
Bridge Control
Bridge Instances
Repository Bridge Supported Platforms
Repository Bridge in a Distributed Organization
Repository Bridge for a Restricted View of Resources
Repository Bridge for Problem Notification
Troubleshooting
View Repository Bridge Log Files
How to Create a Bridge Configuration File (Windows Only)
Bridging Rules (Windows)
Bridging Objects to A Repository Where a DSM is Running
Start the Bridge Configuration GUI (Windows Only)
Manage Repository Bridge Instances Using a Windows Service (Windows Only)
Create a Configuration File (UNIX/Linux)
Rule File Parameters for UNIX/Linux
F: Support for DMI, MOM, and SCOM
Desktop Management Interface (DMI)
DMI Service Provider
Unicenter Support for Desktop Management Interface (DMI)
Install the DMI Manager and DMI Agent
Set SNMP Destinations in the CA DMI Agent
Unicenter Management for Microsoft Operations Manager
MOM Terminology
How MOM Management Works
MOM Alerts as Event Messages
Status of MOM Entities in WorldView
Using MOM Management
Integration with Microsoft System Center Operations Manager (SCOM)
Minimum Software Requirements
SCOM Terminology
How the SCOM Integration Works
SCOM Alerts as Event Messages
Status of SCOM Entities in WorldView
SCOMMsgconfig Utility
Configure SCOMMsgconfig Utility
G: Scanning the Systems for Viruses
Virus Scan
Downloading Virus Signature Updates
Deleting Old Scan Logs
H: Using Ports to Transfer Data
Utilizing and Configuring Ports
Required Open Ports
Optional Ports
Configure the DIA Communications Port
CA Message Queuing Service (CAM)
Supported Transport Layer Protocols
Components That Use CAM/CAFT
CAM/CAFT Configuration Files
CAM/CAFT Binaries
How to Encrypt the MCC Data Transport (CAM) for AIS Providers
Install the CA Secure Socket Adapter
Integrating with the Secure Socket Adapter
I: Integrating with CA Spectrum Service Assurance
CA NSM Connector Import
J: Integrating with CA Spectrum
CA Spectrum-NSM Integration Kit
CA Spectrum Infrastructure Manager and CA NSM Integration Guide
K: Integrating with CA Virtual Performance Management 11.7 VC AIM
Introduction to CA Virtual Performance Management
CA SystemEDGE Agent
Logical Partition (LPAR) AIM
Service Response Monitor (SRM) AIM
VMware vCenter (VC) AIM
Xen AIM
Zones AIM
Integration with CA Virtual Performance Management
Discover VPM Resources
IBM LPAR Object Discovered
Start the LPAR AIM Agent View
Sun Zones Objects Discovered
Start the Zones AIM Agent View
Citrix XenServer Objects Discovered
Start the Citrix XenServer AIM View
VMware Objects Discovered
Start the VC AIM Agent View
Enable AIMs in VPM integration
L: Integrating with VMware Virtual Center
Integrating with VMware Virtual Center 2.5 and 4.0
VMware Virtual Center Credentials
VMware Virtual Center Password Utility
M: Job Management Option
How CA NSM Job Management Option Works
CA NSM Job Management Option Job Server
Unicenter Universal Job Management Agent
CA NSM JM Option Profiles
CA NSM JM Option Variables
Types of Job Scheduling
How to Specify Where to Perform Work
How to Identify Resource Requirements for Workload Balancing
How to Schedule Work by Dates
Expanded Calendar Processing
How to Form Groups of Related Tasks (Jobsets)
Jobset Resources
Resource Amount, Weight, and Usage
Jobset Predecessors
Nonexistent Predecessor Evaluation
Canceled Predecessors
How to Identify Work to Perform
Jobset Membership
Early Start Time
External Predecessors
Job Resources
Job Submission
Job Predecessors
Password Validation for Job Submission (UNIX/Linux)
Cyclic Job Submission
How to Schedule Work by Special Events
Use caevent
Triggers as Predecessors (UNIX/Linux)
Run a Job on Demand
Demand a DYNAMIC Job
How to Test Your CA NSM JM Option Policy Definitions
How to Run Additional CA NSM JM Option Reports
Autoscan
How a Job or Jobset Qualifies for Selection During Autoscan
Cleanup and Backlogging
Workload Processing
Maintenance Considerations
Job Management Logs (UNIX/Linux)
Tracking File
Undefined Calendars During Autoscan
Purge Old History Records (UNIX/Linux)
Unload the CA NSM JM Option Database Definitions to a Text File
How to Submit Jobs on Behalf of Another User
Agent/Server Configurations
Single Server
Multiple Hosts in an Agent/Server Relationship
Cross-Platform Scheduling
Job Management Managers and Agents
Configuring Job Management Managers and Agents
Implementation
Centralized Implementation
Decentralized Implementation
WorldView Implementation
Windows Configuration Environment Variables
UNIX/Linux Configuration Environment Variables
Environment Variables for Jobs and Actions
Monitor Workload Status
Jobflow Tracking on Windows
Jobflow Forecast View
Index