HPE Community
Server Management - Systems Insight Manager
1753808 Members
8603 Online
108805 Solutions
New Discussion

Who Me Too'd this topic

Richard Munn
Frequent Advisor

‎02-14-2013 11:48 PM

‎02-14-2013 11:48 PM

The SNMPv3 question again.

HPSIM does not support SNMPv3

Our MIS folks have said that the use of "insecure" protocols must cease which includes SNMP V1 and V2c.

Secure ones like SNMPV3 and WBEM, SSH, HTTPS etc are OK.

 

They have relented a bit and agreed that SNMPV1 traps are OK but not SNMPV1 GETs.

Please don't suggest that SNMPv3 is not the way to go, the decision has been made and there is no turning back.

 

There have been postings about SNMPV3 for years but it seems that HP is not going to include it. They do in products like Ops Manager and NNM but I suspect it's a cost related thing since I think this is provided by a 3rd party buy in.

 

90% of our environment is Linux based and most of the windows hosts are just workstations that are not meant to be monitored.

 

For HPSIM we then considered the use of WBEM but it appears HP has dropped all support for WBEM on Linux.

There was talk long ago about the SMH being capable of providing all discovery information but alas that is not the case and SSH only gets some of info. The other proptocols are not applicable to Linux.

 

So it's SNMPV3 or nothing as far as I can tell.

 

I know that it possible to setup a proxy that converts the SNMPV3 user credentials to or from V1 communities. In fact I believe that the standard net-snmp includes all proxy capabilities and lots of examples of V3 to V1 but V1 to V3 is not so well covered.

 

My thoughts were that we could pass the V1 traps back to the CMS as is and when it wanted to go identify the client etc it could issues a V1 request which we would tunnel through a proxy to convert it to V3 which the client would accept and respond to. But I'm really not sure how you would go about doing this. Has anyone tried something like this? If so I would really like to know how.

 

Another thought that I really do not want to do but if no other choice is to collect all the required info on the client (via SNMP on localhost) then convert it to an XML file that mxnode can define the client with (i.e. without ever doing a discovery and identification). This seems feasible for simple servers but gets a lot more complicated for complex things like bladecenters and storage arrays unless they have WBEM. Has anyone ever tackled this one?

 

/Richard

 

2 people had this problem.
Reply
Who Me Too'd this topic
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.