August 15, 2014 at 16:54

Centralize network management

    image

    If by the nature of your activity you are a network or IT administrator, then you probably have come across situations where existing software and hardware technical solutions in operation lack a transparent, intuitive, centralized management, debugging and monitoring tool.

    No matter what the developers of network infrastructure management systems come up with in an attempt to provide the technical staff with a convenient tool with a graphical interface that would replace all other management tools, to this day the workhorse of the “network fraternity” remains the familiar and familiar CLI for a long time (it’s also a command line). Here I will not consider small solutions, such as home routers or switches for SMB, since they initially do not imply a wide selection of supported technologies and protocols, and a simple web interface is quite enough there (although there is some kind of CLI on them). Rather, we are talking about integrated distributed networks, including multi-level architecture, logical and physical segmentation, geographical distribution, as well as the heterogeneity of the equipment manufacturers represented.



    - most of the existing management, monitoring, debugging platforms do not provide the full functionality that the command line is endowed with. Some systems are more advanced, some less, but in general, the need to go into the CLI and manually drive something always remains;

    - even in small networks you can find a whole “zoo” from the names of iron manufacturers and their models (this is especially common in companies that have been working for quite some time without a clear IT management policy). On the other hand, we see that each manufacturer seeks to limit end users to the use of their own equipment, and therefore there is no talk of multi-vendor support for control systems;

    - existing data networks have reached the stage of development when even well-designed and built networks are replete with so many different protocols and technologies (especially from the beginning of the rapid construction of data centers and the development of virtualization of computing resources) that find the right software product to meet all tasks and requirements are extremely difficult;

    - the gradual disappearance of a clear line between the traditional data network and computing environments as virtualization technologies develop. Examples include protocols such as OpenFlow or VEPA. And since the distribution of areas of responsibility between “networkers” and “server”, as a rule, is always completely understandable and defined, it is not clear to whom to write and how to position the final product;

    - how to centralize the management of various functional segments of the network - the question remains open: the wireless network is controlled through one application, security policies and the now extremely popular BYOD are implemented through another, orchestration of the data center environment through the third ...

    There are still many similar arguments, but they will all otherwise it comes down to the above. How can I implement functions of configuration, monitoring, management, troubleshooting and troubleshooting for wired and wireless infrastructure, data center resources, remote sites, SDN and MPLS networks through a single window?

    HP has traditionally adhered to / adheres to the principle of open architectures and the use of standardized solutions and protocols, so when choosing a strategy for developing our own management system, a course was taken to centralize the management of all functional subsystems of the network environment, providing support for a wide range of equipment from different manufacturers. The product development model provides for a homogeneous architecture, where the functionality is not sprayed over several separate from each other products that require self-administration. We strive to combine the entire set of tools for managing various networks into a single, convenient and intuitive interface.



    It is practically impossible to provide comprehensive information on this product within the framework of one article, so I would like to start with questions related primarily to the design and deployment of a control system, general questions on the choice of model and architecture that will allow us not to make a mistake in the strategic plan. Subsequent articles will necessarily be devoted to a deep analysis of functionality with practical examples.

    So what is IMC? This is a modular software tool that implements the functions of FCAPS (Fault, Configuration, Accounting, Performance, Security), and by dropping marketing abbreviations, it simply allows you to centrally manage the network infrastructure, search for and debug problems, monitor various services and resources, create and apply various politicians, as well as generate various reporting information.

    A short list of supported functions is as follows:

    • automatic detection and detection of network devices;
    • automatic construction of L2 and L3 topologies, IRF, LLDP-MED, VMware and Hyper-V virtual networks, as well as their customization;
    • graphical display and management of xSTP protocols;
    • management of emergency events, their correlation;
    • generation of statistics and reporting documentation;
    • generation of various graphs and analysis of network performance;
    • ACL access list management;
    • management of virtual VLANs;
    • management of configurations and software of network devices;
    • real-time monitoring;
    • distribution of tasks by roles;
    • guest access control;
    • the presence of a mobile client for Android and iOS,

    and much, much more.

    To date, the 7th version is the most relevant. The user interface was completely redesigned in it (now almost all modules use HTML5), many new and useful functions were added to the base platform, such as support for MDC, VCF, ISSU, dynamic topology rendering, new modules were added, UI for mobile devices became more convenient and clear licensing scheme. The list of changes is very large, so it is better to read the corresponding release note, which is attached to the file with the IMC distribution kit.

    The distribution is available for download and allows you to use the application for free in trial mode for 60 days, after which you will either need to enter a license or reinstall from scratch.

    IMC Versions

    There are currently 6 versions available for download:

    • Standard
    • Enterprise
    • Basic
    • Basic WLAN Manager
    • Smart Connect
    • Smart Connect with WSM Virtual Appliance

    In most cases, either Standard or Enterprise versions are suitable for you, since both of them, in addition to the functions of the base platform, offer a serious extension of the functionality by installing additional modules (which I will talk about later). Both versions include a license for 50 devices. We can say that one IP address of a device in IMC is equal to one license. If with switches, routers, controllers, firewalls it is all the more less clear, then what about clusters of several devices (for example, a stack of switches or routers with integrated control plane). Since the management IP address is one on the entire stack, the license will be used alone.

    Both versions also allow you to use the hierarchical installation model, which I will also mention later, and increase the number of devices managed through IMC. With maximum server hardware resources, you can manage up to 15,000 devices from one platform.

    Why Enterprise is better than Standard:

    • NTA (Network Traffic Analyzer) module and a license for 5 devices for it come with the main IMC platform
    • eAPI is available for writing your own scripts and developing your own extensions and customizations
    • It can be a Master in a hierarchical implementation model

    In short, Enterprise is focused on very large application models in large distributed networks; Standard meets the requirements of mid-level enterprises.

    Before installation

    The minimum hardware computing resources can be calculated based on the tables below:



















    Bit depth OS

    		Number of devices

    		Number of collection units *

    		Number of operators online

    		# Of CPU cores
    **


    		Memory size

    		Memory Size for
    Java

    		Hard disk space for installation

    		Hard disk capacity for operation

    32 bits

    		 0 - 200

    		 0-5K

    		 20

    		 2

    		 4 GB

    		 512 Mb

    		 3 GB

    		 30 GB

    5K-50K

    		 10

    		 60 GB

    200 - 500

    		 0 - 10K

    		 thirty

    		 4

    		 6 GB

    		 1 GB

    		 3 GB

    		 50 GB

    10K - 100K

    		 10

    		 100 GB





















    Bit depth OS

    		Number of devices

    		Number of collection units *


    		Number of operators online

    		# Of CPU cores
    **


    		Memory size

    		Memory Size for
    Java

    		Hard disk space for installation

    		Hard disk capacity for operation

    64 bits

    		 0 - 200

    		 0-5K

    		 20

    		 2

    		 4 GB

    		 2 GB

    		 3 GB

    		 30 GB

    5K-50K

    		 10

    		 60 GB

    200 - 500

    		 0 - 10K

    		 thirty

    		 4

    		 8 GB

    		 2 GB

    		 3 GB

    		 50 GB

    10K - 100K

    		 10

    		 100 GB

    1K - 2K

    		 0 - 20K

    		 thirty

    		 6

    		 12 GB

    		 4 GB

    		 4 GB

    		 60 GB

    20K-200K

    		 10

    		 200 GB

    2K - 5K

    		 0 - 30K

    		 40

    		 8

    		 24 GB

    		 8 GB

    		 5 GB

    		 80 GB

    30K - 300K

    		 20

    		 250 GB

    5K - 10K

    		 0 - 40K

    		 fifty

    		 16

    		 32 GB

    		 12 GB

    		 7 GB

    		 100 GB

    40K - 400K

    		 20

    		 300 GB

    10K - 15K

    		 0 - 40K

    		 fifty

    		 24

    		 64 GB

    		 16 GB

    		 10 GB

    		 200 GB

    40K - 400K

    		 20

    		 600 GB


    Unit of collection * - is the collection of any statistics in 5 minutes. For example, if we monitor the loading of a physical interface with outgoing traffic once every 1 minute, then it is considered that we use 5 collection units. If we measure outgoing + incoming traffic, then 10 units of collection.

    CPU ** - CPU core refers to physical cores, not virtual ones.

    These requirements apply only to the IMC platform itself without taking into account additional modules.

    Currently supported installation on the following operating systems:

    • Windows Server 2003 with Service Pack 2
    • Windows Server 2003 X64 with Service Pack 2 and KB942288
    • Windows Server 2003 R2 with Service Pack 2
    • Windows Server 2003 R2 X64 with Service Pack 2 with KB942288
    • Windows Server 2008 with Service Pack 2
    • Windows Server 2008 X64 with Service Pack 2
    • Windows Server 2008 R2 with Service Pack 1
    • Red Hat Enterprise Linux 5
    • Red Hat Enterprise Linux 5 X64
    • Red Hat Enterprise Linux 5.5
    • Red Hat Enterprise Linux 5.5 X64
    • Red Hat Enterprise Linux 6.1 X64

    I would also like to provide a list of supported databases if you need something more productive and scalable than what comes with the platform:

    • Microsoft SQL Server 2005 Service Pack 3 (Windows only)
    • Microsoft SQL Server 2008 Service Pack 3 (Windows only)
    • Microsoft SQL Server 2008 Service Pack 3 (64-bit only — Windows 64-bit)
    • Microsoft SQL Server 2008 R2 Service Pack 1 (Windows only)
    • Microsoft SQL Server 2008 R2 Service Pack 1 (64-bit — Windows only)
    • Oracle 11g Release 1 (Linux only)
    • Oracle 11g Release 2 (Linux only)
    • Oracle 11g Release 2 (64-bit — Linux only)
    • MySQL Enterprise Server 5.1 (Linux and Windows — up to 1,000 devices)
    • MySQL Enterprise Server 5.5 (Linux and Windows — up to 1,000 devices)

    It is also worth noting that HP recommends installing IMC on a separate physical server. However, this does not interfere with deploying the platform on a virtual machine with similar hardware characteristics.

    The following recommendations are available to increase I / O performance:

    • If the number of collection units is 100,000 - 200,000, it is recommended to use 2 or more hard drives and a RAID card with a cache of 256 MB or more;
    • If the number of collection units is 200,000 - 300,000, it is recommended to use 2 or more hard drives and a RAID card with a cache of 512 MB or more;
    • If the number of collection units is 300,000 - 400,000, it is recommended to use 2 or more hard drives and a RAID card with a cache of 1 GB or more;
    • HP recommends Level 5 RAID, which requires 3 or more drives. If you use more than 4 disks, it is recommended to use the RAID level 0 + 1.

    Installation

    The installation process itself takes about 2-3 hours, depending on the complexity of the selected solution. I will not give it here, since it is very simple and similar to installing any application under Windows. It is also described in great detail in manuals attached to the installation image of the platform itself.

    I would like to focus on conceptual issues that will help you not to make a mistake when designing and implementing the platform.

    Centralized or hierarchical implementation

    Centralized solutionIMC is an ideal solution for infrastructures with a small number of managed nodes, each of which is located in one or more buildings of the same city. In this case, the IMC should be installed on a dedicated server, and the database can be installed together with the platform, or on a separate server.





    In what cases is it better to apply centralized management:

    • When the number of nodes managed by IMC is less than 5000
    • When most of the nodes are located geographically in one place
    • When the number of collection units does not exceed 400,000
    • When the number of IMC operators with simultaneous access does not exceed 50.

    Hierarchicalthe implementation method meets management requirements in large geographically distributed networks with a large number of managed nodes. Each of the IMC platforms works with its own built-in or external database. The operator, when accessing the child IMC platform, gets full access to the functionality. At the same time, performance and crash information is replicated to parent IMC. It is worth noting that only the version of IMC Enterprise can act as a parent.



    In which cases it is better to apply centralized management:

    • When the number of nodes managed by IMC is more than 5000
    • When most of the nodes are geographically separated from each other
    • When IMC operators are geographically in different places
    • When the number of collection units exceeds 400 000
    • When the number of IMC operators with simultaneous access exceeds 50.

    IMC protocol card

    If firewalls work on one of the network sections, it is useful to know which protocols and ports work IMC.



    Options for ensuring fault tolerance

    IMC platform includes DBman tool, which allows you to automatically back up and restore the database, because it contains all the useful information about your network. Also, this tool is responsible for backing up information of service expansion modules. You can choose one of two backup models: single system HA or dual system HA.

    Single system HA. This is the simplest implementation of fault tolerance when a database is copied either to a local hard drive or to an external server.



    Dual system HA. This model is the most resistant to all sorts of troubles, since we actually have 2 IMC platforms that have the same set of functional modules and which synchronize their databases, ensuring continuous operation of the control system in case of failure of the main copy. If the shutdown of IMC threatens your network with significant consequences in the provision of the service, this particular fault tolerance model should be considered first.



    Additional information on the platform and modules for it, various config and admin guides can be found on our website in the corresponding section .
    Tags:

    Also popular now: