SevOne logo
You must be logged into the NMS to search.

Table of Contents (Start)

SevOne Implementation Guide

SevOne Documentation

All SevOne user documentation is available online from the SevOne Support customer portal.

Copyright © 2005-2020 SevOne, Inc. All rights reserved worldwide.

All right, title, and interest in and to the software and documentation are and shall remain the exclusive property of SevOne and its respective licensors. No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of SevOne.

In no event shall SevOne, its suppliers, nor its licensors be liable for any damages, whether arising in tort, contract, or any other legal theory even if SevOne has been advised of the possibility of such damages, and SevOne disclaims all warranties, conditions, or other terms, express or implied, statutory or otherwise, on software and documentation furnished hereunder including without limitation the warranties of design, merchantability, or fitness for a particular purpose, and noninfringement.

All SevOne marks identified or used on the SevOne website, as updated by SevOne from time to time, may be, or are, registered with the U.S. Patent and Trademark Office and may be registered or pending registration in other countries. All other trademarks or registered trademarks contained and/or mentioned herein are used for identification purposes only and may be trademarks or registered trademarks of their respective companies.

Introduction

The SevOne NMS software is loaded on your virtual machine or you appliance which this document will refer to as a peer from this point on. After you follow the steps in the SevOne Installation Guide to assign the peer an IP address, you are ready to use this document to get started with the SevOne application. If you plan to use SevOne NMS in a manner that meets Common Criteria security standards, please see the Common Criteria Considerations chapter in this document.

This document describes what you can do to have SevOne NMS discover and poll the devices in your network and what you can do to have SevOne PLA monitor the log data in your network.

Multi-Peer Implementations

The Cluster Manager provides an Integration tab to enable you to build your cluster and to add new appliances as peers into an existing cluster. See the Build Your SevOne NMS Cluster chapter in this document for details.

Install vPAS License File

Your license file is attached to the email.

  1. Save the <license>.dat file to a location that is accessible by the SevOne appliance.

  2. Enter the URL for the SevOne appliance into your web browser to display the license agreement.

    images/download/attachments/33035915/licenseAgreement.png
  3. Click Accept to display the License Upload page.

    images/download/attachments/33035915/licenseUploadPage.png
  4. Click Browse.

  5. Navigate your file hierarchy to the license.dat file, select the <license>.dat file, and click Open.

  6. Click Submit to import the license.

  7. On the Finish Importing Certificate message, click OK.

  8. Restart your browser.

SevOne NMS Log On

Perform the following steps to log onto your SevOne NMS appliance. You will change the default admin user password in a later step.

  1. Enter the URL for the SevOne NMS appliance into your web browser to display the Login page.

    If Single Sign-On is Disabled

    images/download/attachments/33035915/loginPage.png

    Continue to bullet 2. below.

    If Single Sign-On is Enabled

    images/download/attachments/33035915/ssoLogin.png

    In this example, besides having the ability to login with SevOne auth, you see an Identity Provider, Okta saml, supported on the appliance.

    Okta saml is only an example. Besides Log in with SevOne auth, you will see your own list of Identity Providers.

    Example

    Click on Log in with SevOne auth or Log in with Okta saml.

    If Log in with SevOne auth is selected, you will get the following display. Continue to bullet 2. below.
    images/download/attachments/33035915/ssoLoginSevOne.png

    If Log in with Okta saml is selected, you will get the following display. images/download/attachments/33035915/ssologinOkta.png

    To continue, please refer to SevOne SAML Single Sign-On Setup Guide.

  2. In the Username field, enter admin.

  3. In the Password field, enter SevOne (case-sensitive).

  4. You will be prompted to create a new password. On the Configuration pop-up, perform the following actions:

    images/download/attachments/33035915/popup_configuration_changePassword.png

    1. In the Old Password field, enter the current password (the one you just entered).

    2. In the New Password field, enter a new password.

    3. In the Confirm Password field, re-enter the new password.

    4. Click Save.

Configure Time Zone

Perform the following steps to configure the time zone for your SevOne NMS appliance.

  1. From the navigation bar, click Administration and select My Preferences.

    images/download/attachments/33035915/preferencesAdmin.png
  2. In the EmailAddress field, enter an email address. An email address is required here in order to save the changes you will be making in the next steps.

  3. Click the Date Format drop-down and select a different date format if desired.

  4. Click the Time Zone drop-down and select a time zone for your appliance.

  5. Select the Startup Check check box to confirm that the browser time zone and the user time zone are the same at logon.

Startup Wizard

When the admin user logs on to SevOne NMS for the first time, the Startup Wizard appears to guide you through the first initial steps to get devices you want to monitor and poll into SevOne NMS for discovery. If this is your first SevOne appliance proceed through the Startup Wizard.

Users with administration roles can access the Startup Wizard from the navigation bar, however the intent of the Startup Wizard is to help with your initial SevOne NMS implementation. All Startup Wizard workflows are duplicated within the application as noted in this document. If needed, click the Administration menu and select Startup Wizard.

images/download/attachments/33035915/startupwizard.png

Welcome

The Welcome page on the Startup Wizard provides a link to the SevOne Connect community where you can post questions about SevOne NMS.

First Appliance Option

To start a new SevOne NMS implementation, select the This is my first SevOne appliance option and click Next to display the Scan Subnets page on the Startup Wizard.

Existing Cluster Option

If you intend to add this appliance as a new peer in an existing cluster, DO NOT ADD DEVICES TO THIS APPLIANCE until after you add this appliance to your cluster. There is no way to combine the device databases of non-clustered/non-peered appliances.

  1. Select the Add this appliance to your existing SevOne NMS cluster option and click Next to access the Cluster Manager Integration tab. See the Build Your SevOne NMS Cluster chapter.

  2. Use the Device Mover to move devices to the new peer after you add the appliance as a new peer in the cluster.

Scan Subnets

The Scan Subnets wizard page enables you to create IP address ranges to scan your network for items that can be pinged.

images/download/attachments/33035915/startupwizardscansubnets.png

Each IP address range assigns devices to the peer on which you are logged on, creates devices, checks SNMP, and groups devices into a device group with the name you give to the IP address range. All subnets are scanned one time upon click of the Finish button. The entries you make on this wizard page are duplicated on the Discovery Manager Watched Subnets tab. The Device Manager displays the devices from which data is polled.

  1. Click Add Subnet to add a row to the list.

  2. In the Subnet Name field, enter the name of the subnet block.

  3. In the Start IP Address field, enter the low end of the IP address range.

  4. In the End IP Address field, enter the high end of the IP address range.

  5. Click Update to add the subnet to the list to watch.

  6. Repeat the previous steps to create additional subnets.

  7. Click Next.

Technologies

When you enable devices to send data to SevOne NMS, default settings enable you to monitor the many technologies on the devices you add to SevOne NMS. SNMP and VMware require you to enter some information about your network and the Technologies wizard page enables you to get started.

images/download/attachments/33035915/startupwizardtechnologies.png

SNMP

The SNMP subtab enables you to enter the community strings SevOne NMS needs to monitor SNMP data. You can update these settings on the Cluster Manager > Cluster Settings tab.

  1. In either the Read Community Strings column or the Write Community Strings column click Add to add a row to the list.

  2. In the Name field, enter the community string.

  3. Click Update to add the string.

  4. Repeat the previous steps to add additional strings.

  5. Click images/download/attachments/33035915/triangleupgreen.png or images/download/attachments/33035915/triangledowngreen.png to move the string up or down through the list. SevOne NMS tries each string in the sequence in which they appear and stops at the first successful string.

VMware

The VMware vCenter subtab enables you to enter the VMware vCenter login credentials. This enables SevOne NMS to discover and monitor the virtual hosts and virtual machines on the vCenter. The VMware Browser enables you to add additional vCenters and to manage the devices from which to poll VMware data.

  1. In the VMware vCenter IP Address field, enter the IP address of the VMware vCenter.

  2. In the Username field, enter the user name SevOne NMS needs to authenticate onto the vCenter.

  3. In the Password field, enter the password SevOne NMS needs to authenticate onto the vCenter.

  4. Select the Automatically Discover Devices check box to poll the vCenter's hosts and virtual machines on a daily basis.

Click Next.

Discovery

The Discovery wizard page enables you to set the time for SevOne NMS to perform the daily Automatic Discovery process and to define the email server that SevOne NMS uses to email reports and alerts.

images/download/attachments/33035915/startupwizarddiscovery.png

Discovery is the process to query and update information about the devices that are in SevOne NMS. Device discovery creates new objects in SevOne NMS, updates existing objects, and ultimately deactivates and deletes unused objects.

  • Manual Discovery - The Manual Device discovery process runs every two minutes to scan the devices in SevOne NMS that you mark for discovery

  • Automatic Discovery - The Automatic Discovery process tests the various plugins/technologies you configure for each device and updates the device's current state.

You define the Automatic Discovery time for each peer in the cluster on the Cluster Manager > Peer Settings tab.

  1. Click the Run the Automatic Discovery daily at drop-down and select the time to run the Automatic Discovery process.

  2. Click the second drop-down and select the time zone.

Email Server

The rest of the page enables you to enter the email server information for SevOne NMS to use to notify users of alerts and to send reports to users. You can update these settings on the Cluster Manager > Cluster Settings tab.

Note: The email server must be able to accept large attachments because a .pdf report can be over 20MB.

  1. In the Email Server field, enter the hostname or IP address of the SMTP email server for SevOne NMS to use to send emails.

  2. In the Username field, enter the user name SevOne NMS needs to authenticate onto the email server.

  3. In the Password field, enter the password SevOne NMS needs to authenticate onto the email server.

  4. Click the Connection Security drop-down and select a connection security protocol.

  5. In the Port field, enter the port on the email server for SevOne NMS to use.

  6. In the Test Email Address field, enter the email address to which you want to send a test email.

  7. Click Send Test Email to send a test email to the address you enter in the previous step.

  8. Click Next.

User Access

The User Access page enables you to add users who are to be members of the Administrators user role. You must define the email server before you can add Administrator role users. You add all other users with any other user role on the User Role Manager.

images/download/attachments/33035915/startupwizarduseraccess.png

Each user can update their user settings, except username, on the Preferences page.

  1. Click Add User to add a row to the list.

  2. In the Username field, enter the name for the user to enter into the Username field on the Login page. After you save the user information, you cannot edit the Username.

  3. In the First Name field, enter the first name to display.

  4. In the Last Name field, enter the last name to display.

  5. In the Email Address field, enter the email address where you want SevOne NMS to send emails to the user.

  6. Click Update to save the user credentials. SevOne NMS sends an email to the user with the user's log on credentials.

  7. Click Finish to start the scan of any subnets you define on the Scan Subnets wizard page and to display the Setup is Complete wizard page.

Setup is Complete

The Setup is Complete wizard page provides links to additional workflows to help you get started.

images/download/attachments/33035915/startupwizardsetupiscomplete.png

  • Click Create Device Groups to navigate to the Device Groups page where you segment the devices in your network for user access, reports, and alerts.

  • Click Manage User Access & Authentication to navigate to the User Manager page where you manage user information, credentials, and user role assignments.

  • Click Create & View Reports to navigate to the Report Manager page that provides access to the workflows that enable you to combine and customize several graphs, tables, and other individual reports into a single easy to retrieve report.

Click Monitor Discovery Process to navigate to the Welcome Dashboard.

Change SevOne NMS Admin Password

You should change the admin user password to protect access to the SevOne NMS application. While you are on the User Manager, you will also change the password for the SevOneStats user. The SevOneStats user uses deferred data scripts and the API to perform self-monitoring tasks. If you already use the self-monitoring scripts you must contact SevOne Support to update the scripts to use the new password. For a new implementation, you will be prompted to enter the SevOneStats user password when you begin to use the self-monitoring feature. See the SevOne NMS Quick Start Guide - Self-monitoring for details.

Failure to change the default passwords presents a significant security risk.

images/download/attachments/33035915/welcome.png

Failure to change the default passwords presents a significant security risk. This publication includes the default password and this document has probably been made available to the public.

  1. Click the Manage Users link to display the User Manager (or Administration > Access Configuration > User Manager).

  2. Click images/download/attachments/33035915/editnew.png next to the admin user to display the Edit User pop-up.

  3. In the Password field, enter a new password for the admin user.

  4. In the Confirm field, re-enter the password.

  5. Click Save.

  6. Click images/download/attachments/33035915/editnew.png next to the SevOneStats user to display the Edit User pop-up.

  7. In the Password field, enter a new password for the SevOneStats user.

  8. In the Confirm field, re-enter the password.

  9. Click Save.

SevOne PLA Login

The SevOne PLA software application is fully loaded on the appliance.

images/download/attachments/33035915/loginPage.png

You will change the default admin user password in a later step.

  1. Enter the URL or IP address for the SevOne PLA appliance into your web browser to display the Login page.

  2. In the Username field, enter admin.

  3. In the Password field, enter SevOne (case sensitive). (You will change this password in a later step.)

  4. Press Enter.

SevOne PLA Email Server Setup

Perform the following steps to define the email server for the SevOne PLA to use to send report and alert emails. For SevOne NMS, skip this section.

  1. From the command line, enter the following command to display the current email server settings:
    set-email-server

  2. Enter the following to keep the current settings:
    ^C

  3. When prompted, enter the URL for the mail server.

  4. When prompted, enter the username for the mail sender.

  5. Enter the password for the sender to connect to the server (or leave blank for no password).

  6. Enter the email address from where emails are to be sent.

Change SevOne PLA Admin Password

You should change the admin user password to protect access to the SevOne PLA application.

Failure to change the default passwords presents a significant security risk.

images/download/attachments/33035915/settings-personalsettings.png

Failure to change the default passwords presents a significant security risk. This publication includes the default password and this document has probably been made available to the public.

  1. From the navigation bar, click Settings to display the Settings page.

  2. On the left, click Personal Preferences.

  3. Click the Change link next to the Password caption to display the Change Password pop-up.

  4. In the Old Password, enter your current password.

  5. In the New Password field, enter a new password for the admin user.

  6. In the Confirm field, re-enter the password.

  7. Click Save.

  8. Make any other applicable preference changes.

Build Your SevOne NMS Cluster

When you receive several new appliances/vPASs and/or your implementation includes a Hot Standby Appliance, perform the steps needed to get the new appliance/vPAS into your network before you add anything to the appliance.

Hot Standby Appliance

When you add the vPAS as a Hot Standby Appliance you must call SevOne Support to ensure that the Hot Standby Appliance is appropriately implemented.(Email: support@sevone.com - Phone: +1 302-319-5400)

New Appliance/vPAS to Add a Peer to an Existing Cluster

When you receive a new appliance/vPAS that you want to add to an existing cluster, perform the following steps. The SevOne NMS Cluster Manager Integration tab and the SevOne PLA Cluster Management page enable you to add this appliance as a new peer to your SevOne cluster.

  • All data on this peer/appliance will be deleted.

  • You need to know the name of this peer (appears in the cluster hierarchy on the left side of the SevOne NMS Cluster Manager). You define the peer name when you perform the steps in the SevOne Installation Guide and you can change the peer name from the peer level on the Cluster Manager.

  • You need to know the IP address of this appliance (appears in the cluster hierarchy on the left side of the SevOne NMS Cluster Manager). You define the IP address when you perform the steps in the SevOne Installation Guide.

  • You need to be able to access the Cluster Manager on a peer that is already in the cluster to which you intend to add this appliance.

  • If you do not complete the steps within ten minutes, you must start again at step 2. Click Allow Peering … to queue this peer/appliance for peering within the following ten minutes.

Perform the following steps to add this appliance to an existing SevOne cluster.

  1. SevOne NMS: From the Startup Wizard on the new appliance, select the Add this appliance to an existing SevOne NMS Cluster option and click Next to access the Cluster Manager Integration tab.
    SevOne PLA: Click Settings and select Cluster Management.

  2. Click Allow Peering on the new appliance.

  3. SevOne NMS: Log on to a peer that already exists in the destination SevOne NMS cluster.
    SevOne PLA: Log on to a peer that already exists in the destination SevOne PLA cluster.

  4. SevOne NMS: Click the Administration menu, select Cluster Manager, and then select the Peers tab.
    SevOne NMS: Click Settings and select Cluster Management.

  5. Click Add Peer to display a pop-up.

  6. Enter the Peer Name and the IP Address of the new peer/appliance.

  7. On the pop-up, click Add Peer.

    • All data on the peer/appliance you are adding is deleted.

    • Do not do anything on the peer you are adding until a Success message appears on the peer on which you click Add Peer.

    • You can continue working and performing business as usual on all peers that are already in the cluster.

    • The new peer appears on the Peers tab in the destination cluster with a status message. Click Refresh to update the status.

    • The new peer appears in the cluster hierarchy on the left.

  8. After the Success message appears on the peer in the destination cluster, you can go to the peer you just added and the entire cluster hierarchy to which you added the peer should appear on the left.

  9. SevOne NMS: You can use the Device Mover to move devices to the new peer.

If the integration fails, Click View Failed Logs on the SevOne NMS Peers tab on the peer that is in the destination cluster to display a log of the integration messages.

Click Clear Failed to remove failed attempts from the list. Failed attempts are not automatically removed from the list which enables you to navigate away from the Peers tab during the integration.

New Appliances in a New Multi Peer SevOne NMS Implementation

When you receive multiple PAS appliances/vPASs and you plan to create a brand new SevOne NMS cluster, there are two approaches.

Approach 1

  1. Use the Cluster Manager to add all of your new appliances as peers to the cluster.

  2. Add devices.

Approach 2

  1. Add all devices to one peer.

  2. Use the Cluster Manager to add all other appliances you want in the cluster as peers with this appliance.

  3. Use the Device Mover to move devices to other peers.

Add a SevOne PLA to a SevOne NMS Cluster

Perform the following steps to include the SevOne PLA in a SevOne NMS cluster.

Generate Token

You can enter the following command on the SevOne PAS appliance to generate a token for the PLA appliance.

wget http://<PLA Appliance IP Address>/rapid/req.php --post-data-data='{"action": "request-superadmin-action-tokens", "user":"admin", "pass":"test" }' -qO-

To avoid sending credentials over the wire, you can enter the following command on the PLA appliance. Substitute localhost for the IP address.

wget http://localhost/rapid/req.php --post-data='{"action": "request-superadmin-action-tokens", "user":"admin", "pass":"test" }' -qO-

Sample Return:

{"tokens":{"function":"get-mass-volume-info","token":"kNHtKMSisibA0tvpBXVt"}}

Store Authentication Token and PLA IP Address in the SevOne-act

Enter the following command on the SevOne PLA appliance.

SevOne-act pla init-set-pla --ip <PLA Appliance IP Address> --token <Token>

Map Log Data

To map the log data that SevOne PLA collects for volumes to the device groups/device types in SevOne NMS, perform the following steps on the Cluster Manager from a SevOne NMS appliance. This integration is available in SevOne NMS version 5.4.0 and higher.

  1. From the SevOne NMS navigation bar, click the Administration menu and select Cluster Manager.

  2. If needed, click images/download/attachments/33035915/icon_cluster.png Cluster in the cluster hierarchy on the left to display the cluster level configuration tabs.

  3. Select the Log Data Mapping tab.

    images/download/attachments/33035915/clusterlogdatamapping.png
  4. Click Add Mapping or click images/download/attachments/33035915/icon_greyWrench.png to display the Add/Edit Mapping pop-up.

  5. Click the Device Group drop-down and select the SevOne NMS device group/device type to which to map log data.

  6. Click the Volume drop-down and select the SevOne PLA volume from which to map log data.

  7. Click Save.

Common Criteria Considerations

Common Criteria is a framework for which computer systems can make claims about the security attributes of the application. Common Criteria provides assurance that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use.

SevOne NMS (v5.5.x and higher) can be run in a Common Criteria complaint manner under the following prerequisites.

  • The peer cannot be a part of a cluster.

  • The peer cannot have a Hot Standby Appliance.

  • You must log on to the appliance via HTTPS.

  • xStats adapter configuration is not available.

  • Group aggregated indicator features are not available.

Cluster Manager, Appliance Level, Appliance Settings For Common Criteria

The Cluster Manager enables you to implement Common Criteria mode for a single peer SevOne NMS implementation. Perform the following steps to enable the appliance to meet Common Criteria security standards.

  1. Log on to SevOne NMS via HTTPS.

  2. Click the Administration menu and select Cluster Manager to display the Cluster Manager.

  3. In the cluster hierarchy, click

    images/download/attachments/19272015/triangleright.png

    next to a peer then click <appliance IP address> to display the appliance level information on the Appliance Overview tab.

  4. Select the Appliance Settings tab.

  5. Select the Enable Common Criteria check box.

  6. Click Save to display a confirmation message pop-up.

  7. Click OK on the pop-up to display another confirmation pop-up that informs you that a restart is required to enable Common Criteria mode.

  8. Click OK on the second confirmation pop-up to start the Common Criteria enable process and to restart the appliance. If you click Cancel, the common Criteria enable process starts but remains incomplete until after the appliance is restarted.

  9. Watch the status messages as the system checks and adjusts settings to meet Common Criteria standards. The page displays green check marks to display the status of the Common Criteria mode success.

    If you did not click OK to restart the appliance, you must restart the appliance before the Common Criteria mode is enabled.

  10. Click Save. A Date and Time subtab appears to enable you to define the appliance system date and time for Common Criteria.

  11. Select the Date and Time subtab.

  12. In the Date and Time field, enter the system time for the appliance.

  13. Click Save to save the Date and Time settings.

Other Common Criteria Considerations

The Cluster Manager at the cluster level provides security settings that enforce password standards. On the Cluster Settings tab, the Security subtab enables you to define security settings.

  1. In the Inactivity Timeout field, enter the number of minutes a user can remain inactive before the user is logged off (between 5 minutes and 86400/60 days). You can override this setting for each individual user from the User Manager.

  2. In the Minimum Password Length field, enter the number of characters users must have in their password. Enter 0 (zero) to disable this feature.

  3. In the Enforce Password History field, enter the number of password changes a user must make before they can repeat a password.

  4. In the Minimum Password Age field enter the number of days a user must wait between password changes.

  5. In the Password Change Notification field, enter the number of days to wait after a password change, before a user is sent a password change notification.

  6. In the Maximum Password Age field, enter the number of days a user account can remain enabled before the user must change their password.

  7. Select the Mask Read Community Strings check box to mask Read Community Strings on user interfaces. Write Community Strings are masked by default.

  8. Select the Require Strong Passwords check box to enforce the complexity of user passwords. If you select this check box, passwords must contain at least one special character and at least two of the following three types of characters: Lower case letters, UPPERCASE LETTERS, and numbers. In addition, passwords cannot contain more than two of a given type of character in succession (upper and lower case letters count as the same type). Example: 8s0h43o@7!o(p3

  9. Select the Allow Forcelogin check box to enable SevOne NMS integration with other software applications via the Forcelogin script.

  10. Select the Force Same Origin Policy check box to prevent SevOne NMS from being loaded outside of the current domain. This includes portals and the use of the force login script to load SevOne NMS into an iframe from where a malicious user could log a user's activity. Note: If you clear this check box, the application security is lowered in a way that can prevent SevOne NMS from passing specific security scans.

  11. Select the Require HTTPS check box to require a secure connection for all dynamic content. You must log on via HTTPS to enable this check box.

  12. In the Account Lockout section:

    1. In the Disable Inactive Users field, enter the number of days a user can go without logging on before their account is disabled. Enter 0 (zero) to disable this feature.

      Note: This setting does not affect the Guest users you define on the Authentication Settings page for LDAP, TACACS, and RADIUS nor does it affect the “admin” user.

    2. In the Threshold field, enter the number of incorrect log on attempts a user can make (within the Counter Reset time span) before the account is locked. Enter 0 (zero) to disable this feature. Note: When you set this to anything other than 0 (zero), log on becomes dependent upon validation from the cluster master peer. If the cluster master peer is not accessible from a peer on which a user attempts to log on, access to the application will not be available.

    3. If you enter a number in the Threshold field, in the Counter Reset field, enter the number of minutes during which the user enters an incorrect user name and password combination before the account is locked. Set this to 0 (zero) to disable this feature. Example: Enter 3 as the Threshold and 2 as the Counter Reset. If the user incorrectly enters their user name and password combination three times in a two minute time span, the account is locked for the number of minutes you enter in the Duration field.

    4. If you enter a number in the Threshold field, in the Duration field, enter the number of minutes for the account to be locked after the Threshold/Counter Reset combination is exceeded.

  13. Click Save to save the Security settings.