Add to collection(s) Add to saved
  1. No category
Uploaded by 邵追风

20230119 1KGT151221 Using ManageEngine Network Configuration Manager with EDS500

advertisement 
Using ManageEngine Network
Configuration Manager with EDS500
Application Note
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Contents
1.
Introduction ............................................................................................................................ 3
1.1. Preface ................................................................................................................................ 3
1.2. Motivation ............................................................................................................................ 3
2.
Preparation ............................................................................................................................. 4
2.1. Prepare EDS500 devices .................................................................................................... 4
2.2. Add the EDS500 device template ....................................................................................... 4
2.3. Add the EDS500 configuration templates ........................................................................... 7
2.4. Set up device authentication ............................................................................................... 8
2.5. Set up SNMP discovery authentication ............................................................................. 12
3.
Manage devices ................................................................................................................... 14
3.1. Add a network node .......................................................................................................... 14
3.2. Configuration backup ........................................................................................................ 19
3.3. Configuration restore ......................................................................................................... 24
3.4. Execute mass configuration changes ................................................................................ 27
3.5. Firmware rollout ................................................................................................................. 30
4.
References ........................................................................................................................... 33
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
2/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
1.
Introduction
1.1.
Preface
The document describes how to integrate and use EDS500 managed switches with SolarWinds
Network Configuration Manager (NCM) (Orion platform). EDS500 Firmware release 3.1.2 or above
is required to support all funcitons. This document refers to SolarWinds Orion Platform HF4, NCM
HF1: 2020.2.6.
The EDS500 products referenced provide Ethernet based communication including wide area
networking via fiber optical SFP modules as well as SHDSL via copper lines. In addition, serial
interfaces can be used to connect legacy devices.
EDS500 managed switches offer a wide range of configuration and monitoring options starting from
web browser to powerful command line interface (CLI) access.
The configuration examples and screenshots are taken from a SolarWinds NCM installation on
Windows 10.
1.2.
Motivation
When dealing with larger amounts of installed devices, it may be necessary to update all devices
within a short timeframe. The reason for this might be a security related firmware update or a configuration change to reflect new or changed requirements.
While the manual process of updating the configuration or firmware of hundreds of devices is time
consuming, an automated process saves time and eliminates the risk of human failure.
When dealing with the automated change of devices it is recommended to initially test the up-date
or command sequence in the lab, afterwards extend to a small lot of pilot devices in the field and
finally execute the rollout to all devices.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
3/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
2.
Preparation
SolarWinds Network Configuration Manager (NCM) is able to update the firmware of managed
devices. As a prerequisite the actions below must be performed.
2.1.
Prepare EDS500 devices
Due to an incompatibility between EDS500 and ManageEngines’ SSH client the key exchange
algorithm needs to be modiefied from supporting diffie hellman group key exchange and elliptic
curve key exchange to use elliptic curve key exchange only.
On EDS500 enter the command “set system ssh dh-group no-modp” in enabled mode to disable
diffie hellman group based key exchanges. Make sure to save the configuration.
2.2.
Add the EDS500 device template
Stop the ManageEngine OpManager Service by richt-clicking on the ManageEngine tray icon.
Click “Stop Service”
Wait until the service is stopped. When the operation has completed the message below shows up.
As an alternative you can put the mouse on the try icon for the service status (the status is
“Stopped” when completed).
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
4/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
With the explorer, navigate to the directory “C:\Program
Files\ManageEngine\OpManager\protocol\parser” and copy the file
“HitachiEgyEDS500HardwarePropParser.xml” to this directory. The file can be obtained from the
EDS500 homepage at https://hitachienergy.com/eds500. If administrator permission is requested
acknowledge that.
Start the ManageEngine OpManager Service by richt-clicking on the ManageEngine tray icon. Click
“Start Service”.
Wait until the service is started. When the operation has completed the message below shows up.
As an alternative you can put the mouse on the try icon for the service status (the status is
“Running” when completed).
Log on to the ManageEngine Web Console, for example by right-clicking the tray icon and selecting
“Open Web Console”. Enter your credentials and click “Login”.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
5/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Under “Config Automation” -> “Device Templates” click “CLI Device Templates”.
Click “Import”.
Click “Browse” and select the file “Hitachi_Energy_EDS500.xml” which can be obtained from the
EDS500 homepage at https://hitachienergy.com/eds500. Click “Import”.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
6/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
2.3.
Add the EDS500 configuration templates
Under “Config Automation” -> “Configlets” click “CLI Configlets”.
Click on the three dashes at the upper right corner.
Click “Import”.
Click “Browse” and select the file “Configlets.xml” which can be obtained from the EDS500
homepage at https://hitachienergy.com/eds500. Click “Save”.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
7/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
2.4.
Set up device authentication
Under “Config Automation” -> “Credentials” click “Credential Profile”.
Click on the “+” sign to add a new credentials template.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
8/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Depending on your username and password configuration fill the dialog regarding SSH credentials
as desired (the example uses the standard loginname “edslogin”). Make sure to leave the field
“Enable UserName” empty.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
9/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
If desired also enter the Telnet credentials (optional). If doing so make sure not to populate the
username fields. Usernames are not supported by EDS500 via Telnet access.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
10/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Enter the SNMP information. Make sure the configuration matches the EDS500 configuration. For
security reasons SNMP Version V3 is recommended. When everything is complete click “Save”.
The credential template should now show up in the template listing.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
11/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
2.5.
Set up SNMP discovery authentication
Under “Settings” -> “Discovery” click “Credentials”.
Click “Add Credential”
Click “SNMP v3”. Due to security reasons we do not recommend using SNMP v1/2c.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
12/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Enter the SNMP information. Make sure the configuration matches the EDS500 configuration. You
may set the “SNMP Retires” to 1 to overcome light packet loss situations. When everything is
complete click “Save”.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
13/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
3.
Manage devices
3.1.
Add a network node
Navigate to “Inventory” -> “Devices” and click “Add Device”
Enter the IP address of the device to be added and choose “Hitachi Energy” as vendor and
“EDS500” as template name. Click “Add”.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
14/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
As protocol select “SSH – TFTP” and the choose the credential profile created in chapter 2.4. You
may want to enable the checkbox “Backup the device immediately after updating the credentials” or
do this later on. This document assumes backing up configuration is triggered later manually (as
part of this chapter). Click “Save & Test”.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
15/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Wait for the testing to complete.
When testing is completed, click “Close”. If testing is unsuccessful review the credentials in the
device and ManageEngine NCM. Make also sure, that no other TFTP server then the one from
ManageEngine is currently running. Also make sure any firewall is configured to pass through TFTP
traffic (TFTP source port on EDS500 is fix UDP 32534).
Click on the newly generated device.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
16/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Click on “SNMP Credentials”.
Add the new device to the SNMP profile created under chapter 2.5 and click update.
Complete the device entry by clicking “Backup Now?”.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
17/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Wait for the operation to complete.
After successful operation running and startup configuration should be present and can be viewed.
Device system information (like series, model and firmware version) will be updated regularly by
ManageEngine NCM. So, after some time this information will be available.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
18/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
3.2.
Configuration backup
ManageEngine NCM will by default backup the running and start configuration of all devices every
hour (this can be modified under “Config Automation” -> “Schedule” -> “All Schedules” -> “Example
Hourly Config Backup”. the backup is only stored if a change to the previous backup is detectd. If
you need to trigger a backup manually navigate to “Inventory” and click “Devices”.
Click on the device to backup.
Under “Actions” at the top right side click “Backup”
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
19/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Hint: ManageEngine NCM holds a reference configuration named “Baseline Version” for the
running-config as well as for the startup-config. If the configuration is changed compared to the
reference a “Baseline-Running Conflict” is detected. To set a changed configuration as reference,
click on the last startup configurtation in the device view under “Summary”.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
20/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
This opens the selected configuration file.
At the top right corner click on the three dashes.
Click “Set as Baseline”, once done click the top right “X” to close the action window.
Click on the IP address of the device to return to the device summary page.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
21/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Repeat the same procedure for the running configuration which resolves the “Baseline-Running
Conflict”.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
22/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Hint: ManageEngine NCM tracks changes of the configuration for auditing purposes. Any change
detected from the regular config check is marked initially “Unauthorized”. You can authorize the
new configuration by clicking a specific configuration.
When the configuration opens, click the green thumb at the top right corner.
Enter some meaningful notice if required and click “Save”.
Click on the IP address of the device to return to the device summary page.
Repeat the same procedure for all unauthorized config changes if required.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
23/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
3.3.
Configuration restore
Navigate to “Inventory” and click “Devices”.
Click on the device to restore a configuration to.
Under “Actions” at the top right side select “Execute” and click “Upload Config”
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
24/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
For EDS500 you can only upload the startup configuration set as reference (baseline). Click
“Upload”. You can view the configuration by clicking on the appropriate entry.
If you like to check the status of this operation click “Operations” in the device page and look at the
operation history.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
25/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
After the configuration upload a reboot of the device is required to apply the new configuration. This
is not done automatically. If you like to reboot the click “Actions”, select “Execute” and click
“Execute Configlet”.
Selct the vendor “Hitachi Energy”, and choose “EDS500 Reload”. When done make sure the device
to reload is present in the device list and click “Execute”.
The device will restart.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
26/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
3.4.
Execute mass configuration changes
Navigate to “Config Automation” -> “Configlets” and click “CLI Configlets”.
Click “Search”.
Once the search line opens, enter “Hitachi Energy” in the vendor field to filter the list.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
27/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Select the appriopriate action (or define a new command line action via the “+” button at the top). In
this example we change the enable password on all devices. Click “Execute” in the appropriate
line.
Enter the new loginpass.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
28/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Click on devices (or device group) and select the appropriate devices by clicking on the arrow and
moving the devices into the “Selected Devices” list. Finally click “Execute”.
You can review the success by opening the operation in the “CLI Configlets History”. You can also
download a report for all devices and/or each individual device.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
29/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
3.5.
Firmware rollout
Hints
•
•
•
When firmware updates fail, in most cases there is a firewall configuration issue at the PC
executing SolarWinds or in the network. The firmware update uses TFTP transmission at
UDP target port 69. The originating port on EDS500 is always UDP port 32534. The
connection is initiated by EDS500.
You need to manually copy the firmware file to ManageEngines’ TFTP-Root directory
which is by default located under “C:\Program Files\ManageEngine\OpManager\tftp_files\”
There is no need to manually start ManageEngines’ TFTP server
Procedure
Navigate to “Config Automation” -> “Configlets” and click “CLI Configlets”.
Click “Search” and type “Hitachi Energy into the field “Vendor”.
Look for “EDS500 Firmware Update - Scheduled Reload” and click Execute. A scheduled reload
(instead of immediate reload after update) is used to be independent from the topology, meaning all
devices are updated first and then rebooted simultaneously. For this to work a time server needs to
be configured at each device.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
30/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
Enter the required parameters SOURCE_FILE_NAME (the binary firmware image file) and
REBOOT_TIME (time all devices will reboot to execute the new image). Make sure you have
copied the firmware image to ManageEngines’ TFTP folder (by default “C:\Program
Files\ManageEngine\OpManager\tftp_files\”). Next, select the devices to update and click
“Execute”.
You can review the success by opening the operation in the “CLI Configlets History”.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
31/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
You can also download a report for all devices and/or each individual device. In this example a
firmware update has failed due to a missing time server configuration at the first device (without
having a time source configured, the device is not able to perform the scheduled reboot). This can
be examined in the report.
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
32/34
USI NG MA NA GEE NGI NE NE TWORK CO NF IG URATI O N M ANA GE R WIT H E DS 500
4.
References
References
Product
Reference(s)
EDS500
SNMP MIB File: HITACHI-EDS500-MIB
500NMDxx
Product Presentation
500NMDxx
Brochure
EDS500
Product Homepage
Contact
Technical questions:
eds-sales-support@hitachienergy.com
Commercial topics, orders:
substationautomation-products@hitachienergy.com
© 2022 HITACHI ENERGY. ALL RIGHTS RESERVED
33/34
Note:
The specifications, data, design or other information contained in this document (the “Brochure”)
- together: the “Information” - shall only be for information purposes and shall in no respect be
binding. The Brochure does not claim to be exhaustive. Technical data in the Information are only
approximate figures. We reserve the right at any time to make technical changes or modify the
contents of this document without prior notice. The user shall be solely responsible for the use of
any application example or information described within this document. The described examples
and solutions are examples only and do not represent any comprehensive or complete solution.
The user shall determine at its sole discretion, or as the case may be, customize, program or add
value to the Hitachi Energy products including software by creating solutions for the end customer
and to assess whether and to what extent the products are suitable and need to be adjusted or
customized.
This product is designed to be connected to and to communicate information and data via a network
interface. It is the users sole responsibility to provide and continuously ensure a secure connection
between the product and users or end customers network or any other network (as the case may
be). The user shall establish and maintain any appropriate measures (such as but not limited to the
installation of firewalls, application of authentication measures, encryption of data, installation of
anti-virus programs, etc) to protect the product, the network, its system and the interface against
any kind of security breaches, unauthorized access, interference, intrusion, leakage and/or theft
of data or information. Hitachi Energy is not liable for any damages and/or losses related to such
security breaches, any unauthorized access, interference, intrusion, leakage and/or theft of data or
information.
Hitachi Energy shall be under no warranty whatsoever whether express or implied and assumes
no responsibility for the information contained in this document or for any errors that may appear
in this document. Hitachi Energy's liability under or in connection with this Brochure or the files
included within the Brochure, irrespective of the legal ground towards any person or entity, to which
the Brochure has been made available, in view of any damages including costs or losses shall be
excluded. In particular Hitachi Energy shall in no event be liable for any indirect, consequential or
special damages, such as – but not limited to – loss of profit, loss of production, loss of revenue,
loss of data, loss of use, loss of earnings, cost of capital or cost connected with an interruption
of business or operation, third party claims. The exclusion of liability shall not apply in the case
of intention or gross negligence. The present declaration shall be governed by and construed in
accordance with the laws of Switzerland under exclusion of its conflict of laws rules and of the
Vienna Convention on the International Sale of Goods (CISG).
Hitachi Energy reserves all rights in particular copyrights and other intellectual property rights.
Any reproduction, disclosure to third parties or utilization of its contents - in whole or in part - is not
permitted without the prior written consent of Hitachi Energy.
© Copyright Hitachi Energy 2022
All rights reserved
1KGT151221
Related documents
ASSIGNMENT#3 DIRECT VARIATION
ASSIGNMENT#3 DIRECT VARIATION
brochure1(1)
brochure1(1)
TOPIC TEST 1 TERM 1 2022 GRADE 8 HISTORY
TOPIC TEST 1 TERM 1 2022 GRADE 8 HISTORY
TRAINING FOR WORK SCHOLARSHIP PROGRAM
TRAINING FOR WORK SCHOLARSHIP PROGRAM
Mission Critical Business Critical EMS Solutions for High Reliability
Mission Critical Business Critical EMS Solutions for High Reliability
MAT 22
MAT 22
Colonial Advantages – USI 6d
Colonial Advantages – USI 6d
MN116 Assignment 2
MN116 Assignment 2
Download
advertisement