HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Server Management - Systems Insight Manager
cancel
Showing results for 
Search instead for 
Did you mean: 

The SNMPv3 question again.

 
SOLVED
Go to solution
Richard Munn
Frequent Advisor

The SNMPv3 question again.

HPSIM does not support SNMPv3

Our MIS folks have said that the use of "insecure" protocols must cease which includes SNMP V1 and V2c.

Secure ones like SNMPV3 and WBEM, SSH, HTTPS etc are OK.

 

They have relented a bit and agreed that SNMPV1 traps are OK but not SNMPV1 GETs.

Please don't suggest that SNMPv3 is not the way to go, the decision has been made and there is no turning back.

 

There have been postings about SNMPV3 for years but it seems that HP is not going to include it. They do in products like Ops Manager and NNM but I suspect it's a cost related thing since I think this is provided by a 3rd party buy in.

 

90% of our environment is Linux based and most of the windows hosts are just workstations that are not meant to be monitored.

 

For HPSIM we then considered the use of WBEM but it appears HP has dropped all support for WBEM on Linux.

There was talk long ago about the SMH being capable of providing all discovery information but alas that is not the case and SSH only gets some of info. The other proptocols are not applicable to Linux.

 

So it's SNMPV3 or nothing as far as I can tell.

 

I know that it possible to setup a proxy that converts the SNMPV3 user credentials to or from V1 communities. In fact I believe that the standard net-snmp includes all proxy capabilities and lots of examples of V3 to V1 but V1 to V3 is not so well covered.

 

My thoughts were that we could pass the V1 traps back to the CMS as is and when it wanted to go identify the client etc it could issues a V1 request which we would tunnel through a proxy to convert it to V3 which the client would accept and respond to. But I'm really not sure how you would go about doing this. Has anyone tried something like this? If so I would really like to know how.

 

Another thought that I really do not want to do but if no other choice is to collect all the required info on the client (via SNMP on localhost) then convert it to an XML file that mxnode can define the client with (i.e. without ever doing a discovery and identification). This seems feasible for simple servers but gets a lot more complicated for complex things like bladecenters and storage arrays unless they have WBEM. Has anyone ever tackled this one?

 

/Richard

 

4 REPLIES
Tushar Bajpai
Trusted Contributor
Solution

Re: The SNMPv3 question again.

Just Wait for few more days for SNMPv3

if it helped, award me Kudos or Points. Thanks :)

\T Bajpai
HP Employee

Richard Munn
Frequent Advisor

Re: The SNMPv3 question again.

Tushar, thanks for that.

I only just noticed that 7.2's specs say it includes SNMPv3. I hope it's got all the things needed to support V3 hosts. I'll wait and see what it looks likes.

Server-Support
Super Advisor

Re: The SNMPv3 question again.

Tushar,

 

Does that means HP SIM v7.2 is no longer supports SNMPv1 and v2 ?

 

My goal in using HP SIM is that to monitor all HP server fleets that runs WIndows (using WBEM through agent perhaps?) and Vmware ESX server (which is non windows, through SNMPv3 perhaps?), how can I achieve that ?

SenneVL
Frequent Advisor

Re: The SNMPv3 question again.

Hi,

 

I assume snmpv1 & v2 will keep on working/be supported; after all Microsoft already announced they will never offer built-in support for snmpv3 in favor of WS-MAN/WINRM.

 

On top, there are a lot of legacy devices out there that are not supporting any other protocols. Even with HP's quite strict support policies, I cannot imagine they remove working features just to piss of _a lot_ of customers.

 

/my 2 ct