Cisco Systems 1 manual Mapping Ldap users to PVM roles, Adding a NAM through the GUI

Page 13

ldap.auth.scheme=ssl

ldap.account.name=admin

ldap.server.name=ware.trendium.com

ldap.server.port=636

Note:

The parameters such as ldap.account.name, ldap.server.name and ldap.server.port are relative to the test environment. The PVM administrator needs to obtain these parameters from LDAP administrator.

For SSL communication with the LDAP server, you need to import the public key from the LDAP server. Assume that you have copied the public certificate (including the BEGIN and END lines) to a text file /opt/CSCOpvm/cert.txt on the PVM server. Then you need to perform the following steps to import the certificate into Cisco PVM.

1.Ensure that the cacerts file is writable:

$cd /opt/CSCOpvm/j2sdk142/jre/lib/security $chmod +w cacerts

2.Import the public key into the keystore:

$/opt/CSCOpvm/j2sdk142/bin/keytool -import -file "/opt/CSCOpvm/cert.txt" -keystore cacerts

When asked for the keystore password type changeit. When asked if PVM should trust the certificate, type yes.

The output is as follows:

Enter keystore password: changeit

Owner: CN=ware, OU=Engineering, O=Trendium, L=Sunrise, ST=FL, C=US

Issuer: CN=ware, OU=Engineering, O=Trendium, L=Sunrise, ST=FL, C=US

Serial number: 81523838

Valid from: Tue Jan 17 13:04:26 EST 2006 until: Tue Apr 17 14:04:26 EDT 2007

Certificate fingerprints:

MD5: 91:58:60:10:C6:62:59:C2:41:C1:F9:E6:69:11:72:41

SHA1: C1:ED:01:F5:21:C9:C9:A1:AD:34:B0:99:70:D2:52:52:06:7B:7E:D5

Trust this certificate? [no]: yes

Certificate was added to keystore

Ensure that the information you enter is appropriate for your organization.

Mapping LDAP users to PVM roles

Cisco PVM uses two user groups: Admin and General. To map the various LDAP groups to PVM user groups, you can change the following two properties in the config file:

ldap.admin.group.name=<ldap group name>, <another ldap group name> ldap.general.group.name=<ldap group name>, <another ldap group name>

You can put multiple ldap groups separated by commas.

Adding a NAM through the GUI

Configuring NAMs and their associated devices in Cisco PVM is an easy process, and can be done in one of two ways. You can either add an individual NAM and its associated device through the Cisco PVM GUI, or you can import multiple NAMs and their devices through the import feature. This section describes the steps involved in configuring NAMs in Cisco PVM.

Cisco Internal Use Only

Copyright © 2006 Cisco Systems, Inc. All rights reserved.

Page 13 of 66

Page 12 Page 14
Image 13
Page 12 Page 14
Contents Corporate Headquarters USA Cisco Performance Visibility Manager Traffic Analysis including Top-N Analysis Data Collection and Traffic AnalysisART Monitoring Historical InformationCiscoWorks and Ldap Integration NAM GUI Drill downSample Deployment Scenario PVM in LAN and WAN Placing Cisco NAM in Your Network Basic questions about the Problems to be addressedTypical workflow for deploying Cisco PVM Configure the NAMs in Your NetworkDeploy PVM and add the NAMs in Cisco PVM Create the Datasource Groups DSGs in Cisco PVM Start monitoring your network using Cisco PVM Usage Scenarios NAM SetupUser Setup Cisco PVM Initial SetupUser Management through the GUI User management through Ldap Adding a NAM through the GUI Mapping Ldap users to PVM rolesCisco Internal Use Only Importing Multiple Devices DCR Export File Import File FormatsUser created CSV file Datasource Group DSG Creation Cisco Internal Use Only Scenario 1 Traffic Profiling Contd Cisco Internal Use Only Cisco Internal Use Only Cisco Internal Use Only Contd Create an ART Group that carries traffic you are interested Scenario 2 Proactive MonitoringContd Click the Setup tab Click the Thresholds menu item Click Add Contd Cisco Internal Use Only PVM displays the details of the threshold violation Scenario 3 Troubleshooting Click Refresh Verify the link utilization on the client Branch RouterClick Connect Cisco Internal Use Only Overview of PVM functionality Traffic Analysis using Cisco PVMMonitoring Cisco Internal Use Only Aggregation Schemes Report Views Real-Time and Trend ChartsDrill-downs Reporting Report Name Drill-Down Reports AvailableCisco Internal Use Only Application Response Time Analysis in Cisco PVM Art SetupArt Reports Cisco Internal Use Only ART Report Archives Baselining and Alerts in Cisco PVM Cisco Internal Use Only Generating Snmp Traps Alerts in Cisco PVM Cisco Internal Use Only Minimum Server Requirements Hardware Cisco PVM Requirements and SizingSoftware Minimum Client Requirements HardwareMaximum NAMs CPUs Cisco PVM Installation and UninstallationDisk Space Required Cd PVMINSTALLDIR/j2sdk142/bin Install ProcedureUninstall Procedure $su pvmadm $pvm stop Start and Stop ProcedureMaintaining and Troubleshooting Cisco PVM Troubleshooting TipsPurging and retention period Database ManagementArchiving $su pvmadmImporting the archived files Gunzip -c archivefilenamecpio -icvB *switchConclusion Deployment Q&A AppendixCisco Internal Use Only Cisco Internal Use Only Deployment Troubleshooting Cisco Internal Use Only For More Information USA
Top Page Image Contents