Step-by Step Integrate between Opentext NNMi and Network Automation (NA) with Screenshots | 2023.05

 

An enterprise-class network device modification and configuration management tool is Network Automation software (NA). A policy-based change management methodology ensures compliance standards are upheld while removing human error from device configuration modifications. In addition to a keystroke log of command line changes made through the NA telnet proxy, NA keeps an exhaustive audit trail of all device changes.

When issues arise, you will have access to more information thanks to the NNMi-NA integration, which combines the NA configuration change detection capabilities with the NNMi network monitoring capabilities.

Let check the integration steps :

Components of Integration

The NNMi–NA integration requires the following components:

1. NNMi
2. NA 

Prerequisite Tasks

1.   Install NNMi.

2.   Install NA.


Steps:

1) First, log in to the NA server.
(Note: This step applies only to NA version 2021.11 or later.) Once logged in, on the NA core server, run the following command to find out the alias of the NA certificate:
    • Windows: C:\NA\jre\bin\keytool.exe -v -list -keystore C:\NA\server\ext\appserver\standalone\configuration\truecontrol.keystore -storetype PKCS12 -storepass
    • Linux: /opt/NA/jre/bin/keytool -v -list -keystore /opt/NA/ server/ext/appserver/standalone/configuration/truecontrol.keystore -storetype PKCS12 -storepass

Note: At the end of command you have to give keystore password which you have configured during NA Installation process.

2)  On the NA core server, export the NA certificates from the truecontrol.keystore file:

    • Windows: C:\NA\jre\bin\keytool.exe -export -alias<alias>-file C:\temp\na.cer -keystore C:\NA\server\ext\appserver\standalone\configuration\truecontrol.keystore -storetype PKCS12 -storepass <storepass>
    • Linux: /opt/NA/jre/bin/keytool -export -alias<alias>-file /var/tmp/na.cer -keystore /opt/NA/server/ext/appserver/standalone/configuration/truecontrol.keystore -storetype PKCS12 -storepass <storepass>  

In this instance, <alias> is the alias of the NA certificate. For the self-signed certificate, the alias is sentinel .


3) Copy the NA certificate file (na.cer) that you created in the previous step to the NNMi management server. 

Now Perform the below steps on NNMi Server:

  1. Check the NNMi certificate repository type:
    1. On the NNMi management server, as root or administer, run the following command:
      • On Windows: %nnminstalldir%\bin\nnmprops –l
      • /opt/OV/bin/nnmprops -l


2. From the command output, note the value of the javax.net.ssl.trustStoreType property. The value of this property indicates the type of certificate repository.


3. Run the following command to import the NA certificate to the NNMi truststore.
    • Windows: %NnmInstallDir%\bin\nnmimportcert.ovpl -alias <alias> -file "<certificate file directory>\na.cer" 
    • /opt/OV/bin/nnmimportcert.ovpl -alias <alias> -file <certificate file directory>/na.cer 


4. Run the following command to restart NNMi:
ovstop -c
ovstart -c


5. On the NNMi management server, run the following command to determine the alias of the NNMi certificate:

  • For PKCS#12:
    • Windows: %NnmInstallDir%\bin\nnmkeytool.ovpl -v -list -keystore %NnmDataDir%\shared\nnm\certificates\nnm-key.p12 -storetype PKCS12 -storepass nnmkeypass
    • Linux: /opt/OV/bin/nnmkeytool.ovpl -v -list -keystore /var/opt/OV/shared/nnm/certificates/nnm-key.p12 -storetype PKCS12 -storepass nnmkeypass
Note: Note down the Alias name from output of above command, its going to be used in next command.

6. Export the NNMi certificate to a file ( nnm.cer ) by using the following command:

·                     For PKCS#12:

    • Windows: %NnmInstallDir%\bin\nnmkeytool.ovpl -v -export -alias <nnmi_alias> -file <directory>\nnm.cer -keystore %NnmDataDir%\shared\nnm\certificates\nnm-key.p12 -storetype PKCS12 -storepass nnmkeypass
    • Linux: /opt/OV/bin/nnmkeytool.ovpl -v -export -alias <nnmi_alias> -file <directory>/nnm.cer -keystore /var/opt/OV/shared/nnm/certificates/nnm-key.p12 -storetype PKCS12 -storepass nnmkeypass

7. Copy the NNMi certificate file (nnm.cer) to each NA core server.

8. On each NA core, import the NNMi certificate to the truecontrol.truststore file by running the following command:

    • Windows: C:\NA \jre\bin\keytool.exe -import -alias <nnmi_alias> -file <Directory>\nnm.cer -keystore C:\NA \server\ext\appserver\standalone\configuration\truecontrol.truststore -storetype PKCS12 -storepass <storepass>
    • Linux: /opt/NA/jre/bin/keytool -import -alias <nnmi_alias> -file <Directory>/nnm.cer -keystore /opt/NA/server/ext/appserver/standalone/configuration/truecontrol.truststore -storetype PKCS12-storepass <storepass>
Make sure you answer yes when asked whether to trust this certificate.


On each NA core server, restart the NA services.















No comments

Powered by Blogger.