Configuring SNMP Settings
Configure Simple Network Management Protocol (SNMP) Network protocol used to monitor the status of network-connected devices. Configuring SNMP settings on ztC Endurance allows remote monitoring of the system by management applications, and allows the system to send messages to designated recipients if alert conditions occur. settings for the ztC Endurance system to allow SNMP management applications to remotely monitor your systems. (SNMP information pertains to systems as well as many system components, such as compute modules A customer-replaceable unit (CRU) located at the front of the ztC Endurance system. It is equipped with processors, RDIMMs, BIOS, BMC, fans, and other technology to boot and run the ztC Endurance system. Each system contains two compute modules., storage modules CRU modules located at the front of the ztC Endurance system. Storage modules are equipped with status LEDs and include six slots for data disk drives. Each ztC Endurance system contains two storage modules., disks, and so on.) You can enable SNMP requests and SNMP traps:
- SNMP request—A request sent to the system to retrieve the values of objects listed in the Management Information Bases (MIBs) supported by the Automated Uptime Layer with Smart Exchange software. These MIBs include a system-specific MIB that is a collection of objects describing the ztC Endurance system. You can download a copy of the MIB file from the Stratus Customer Service Portal at https://service.stratus.com. For instructions for downloading software, see Getting Help
- SNMP trap—A message initiated by one of the components in the ztC Endurance system after an event such as an alert that is then sent to an identified list of recipients, typically a network management station (NMS).
Managing Firewall Settings
You may need to modify some firewalls in order to communicate SNMP requests or traps from or to an NMS.
-
When you installed the ztC Endurance software, your organization's firewall was automatically configured to open port 161 (Get/Walk) and 162 (Traps) for inbound and outbound traffic to the virtual machine (VM). No user action is needed.
-
No configuration of the ESXi host firewall is needed when communicating with a VM running on the host.
-
If there is a firewall between the network that the ztC Endurance system is on and the location of the NMS, you may need to update your organization's firewall. Contact your network administrator about modifying the firewall.
Follow the appropriate procedure to enable SNMP requests or traps.
To enable SNMP requests, perform one of the following actions:
- Enable SNMP requests from the SNMP Configuration page of the ztC Endurance console:
- Add an SNMPv3 user who can enable SNMPv3 requests and who has read-only access to the full MIB in the ztC Endurance system.
- Configure access control for SNMPv1 and SNMPv2 requests, where you allow no users (Restricted) or any user using the default public community (Unrestricted) to send requests.
- Customize SNMP request functionality by editing
snmpd.conf
files. You can customize access control for SNMPv1 requests and SNMPv2 requests. You can also customize the list of users for SNMPv3 requests. For information, see To customize SNMP request functionality (below).
To enable SNMP requests from the SNMP Configuration page
- In the left-hand navigation panel, click SNMP Configuration under NOTIFICATION.
-
On the SNMP Configuration page, activate the check box next to Enable SNMP Requests.
-
The List of Users for SNMP Requests (version 3) appears.
If a username appears below the List of Users for SNMP Requests (version 3), the user's security level is displayed and a read-only display of the
snmpd.conf
file also appears. The user has read-only access to the full MIB. Note that the system supports only one SNMP Requests (version 3) user.If a username does not appear, you can add an SNMPv3 user.
Notice: Always use this procedure to add or remove SNMPv3 users. Do not edit the/etc/snmp/snmpd.conf
and/var/lib/net-snmp/snmpd.conf
files for this purpose.To add an SNMPv3 user- Click the Add button, which opens the Add a User wizard.
-
Enter values for the following:
Username—The name of a user who has access to the SNMPv3 agent. The name must be unique.
Security Level—The user's security level. Valid values are:
- No Authentication and No Privacy: No security is applied to messages; messages are not authenticated or encrypted.
- Authentication and No Privacy: Messages are authenticated but not encrypted. You must enter values for Authentication Type and Authentication Password.
- Authentication and Privacy: Messages are authenticated and encrypted. You must enter values for Authentication Type, Authentication Password, Encryption Type, and Encryption Password.
When the security level includes authentication or privacy, the following fields appear:
Authentication Type—The user's type of authentication. Valid values are:
- MD5: Configure the message digest algorithm (MD5) as the user's authentication type.
- SHA: Configure the secure hash algorithm (SHA) as the user's authentication type.
Authentication Password—The user's required password, which is used to generate the secret authentication key. The password must be a minimum of eight characters and cannot be the same as the username.
Encryption Type—The user's type of encryption. Valid values are:
- AES: Configure the advanced encryption standard (AES) as the user's encryption type.
- DES: Configure the data encryption standard (DES) as the user's encryption type.
Encryption Password—The user's required password, which is used to generate the secret encryption key. The password must be a minimum of eight characters and cannot be the same as the username.
-
Click Save to save the changes.
-
Restricted (the default)—Prevents users from sending SNMPv1 requests and SNMPv2 requests.
Unrestricted—Allows any user using the default public community to send SNMPv1 requests and SNMPv2 requests.
Customized (available when
snmpd.conf
has been manually edited by a user; see To customize SNMP request functionality, below)—Allows customized access. - Click Save. (Or click Cancel to restore the previously saved values.)
snmpd.conf
files
Customize SNMP request functionality by editing snmpd.conf
files.
Customize access control for SNMPv1 requests and SNMPv2 requests by editing the /etc/snmp/snmpd.conf
file:
- Log in to the host.
- Manually edit the standard
/etc/snmp/snmpd.conf
file. - Save the file.
- When you add a recipient for SNMP Traps (version 3), you need to confirm that the engine ID of the trap user on the recipient server is 0x80001370017F000001.
- When you enable or modify the SNMP trap settings, generate a test alert to confirm that traps are received.
- In the left-hand navigation panel, click SNMP Configuration under NOTIFICATION.
- On the SNMP Configuration page, activate the check box next to Enable SNMP Traps.
- Type the name of the SNMP Community, or keep the default (public).
-
Below the List of Recipients of SNMP Traps (version 3) is a list of the trap users, and the IP address of the recipient server where the trap user exists. The ztC Endurance system sends SNMPv3 traps to the trap user on the recipient server. Add a recipient, if necessary.
To add a recipient- Click the Add button, which opens the Add a Recipient wizard.
-
Enter values for the following:
Recipient Address—The host name or the IPv4 address of the recipient server.
Username—The name of a trap user on the recipient server. The name must be unique for the recipient.
Security Level—The user's security level. Valid values are:
- No Authentication and No Privacy: No security is applied to messages; messages are not authenticated or encrypted.
- Authentication and No Privacy: Messages are authenticated, but not encrypted. You must enter values for Authentication Type and Authentication Password.
- Authentication and Privacy: Messages are authenticated and encrypted. You must enter values for Authentication Type, Authentication Password, Encryption Type, and Encryption Password.
When the security level includes authentication or privacy, the following fields appear:
Authentication Type—The user's type of authentication. Valid values are:
- MD5: Configure the message digest algorithm (MD5) as the user's authentication type.
- SHA: Configure the secure hash algorithm (SHA) as the user's authentication type.
Authentication Password—The user's required password, which is used to generate the secret authentication key. The password must be a minimum of eight characters and cannot be the same as the username.
Encryption Type—The user's type of encryption. Valid values are:
- AES: Configure the advanced encryption standard (AES) as the user's encryption type.
- DES: Configure the data encryption standard (DES) as the user's encryption type.
Encryption Password—The user's required password, which is used to generate the secret encryption key. The password must be a minimum of eight characters and cannot be the same as the username.
-
Click Save to save the changes.
- Click Save. (Or click Cancel to restore the previously saved values.)
-
Click the Generate Test Alert button at the bottom of the configuration window.
The Automated Uptime Layer with Smart Exchange software generates a test alert and SNMP sends traps to recipients of SNMP traps; e-Alerts send a sample email with the subject "Test Alert" to all email recipients of e-Alerts, if configured (see Configuring e-Alerts); and Support Configuration sends a notification to Stratus Customer Service, if configured (see Configuring Remote Support Settings). Watch the Alert History log (see Alert History Page) for delivery status.