Chapter 1 Introduction to the System Management Agent

The System Management Agent is the Sun Microsystems implementation of the open source Net-SNMP agent. This chapter describes the key principles of SNMP. This chapter also provides an overview of the System Management Agent.

This chapter contains information on the following topics:

• Overview of SNMP and Network Management

• Structure of Management Information

• Overview of the System Management Agent

• System Management Agent Components

Overview of SNMP and Network Management

The Simple Network Management Protocol (SNMP) is an Internet standard. SNMP provides a common way to query, monitor, and manage devices connected to IP networks. The protocol is defined in RFC 2571. For more information, see http://www.ietf.org/rfc/rfc2571.txt. Many details of SNMP are further defined in other RFCs.

SNMP is widely used in enterprise networks to effectively manage systems, network devices, and networks. One of the benefits of SNMP is how quickly solutions can be created to support the increasing numbers of networking components and applications. Within SNMP networks, systems, components, and applications are described as entities. The number of entities that need to be managed is growing rapidly.

SNMP uses a manager and agent architecture. The SNMP manager is a program, also known as a network management station (NMS), that runs on a host on the network. The manager sends requests to one or more SNMP agents running on devices connected to the network. An agent, or daemon, is a program that listens for SNMP requests from the manager.

Agent hierarchy consists of a master agent and subagents. The master agent receives the SNMP-based management requests from the managers. The master agent sends responses to these management requests. Responses are sent after retrieving the appropriate values from respective subagents.

Subagents provide management of different components. Management is based on a Management Information Base (MIB) specifically designed for components or applications. A MIB is a specification containing definitions of management information. Through the use of a MIB: networks and networked systems can be remotely monitored, remotely configured, and remotely controlled.

An agent receives a request and looks up information in the MIB and returns information to the manager. Each object in the MIB represents a piece of data about the managed device, and each object is assigned a unique identifier in the MIB. The manager and agent must have access to the same MIB to be able to communicate about the managed device. The manager uses the MIB to specify identifiers for the information that the agent is to act upon. The agent uses the MIB to look up the identifiers that were passed in the SNMP request from the manager. The agent gets or sets values for the requested data. The MIBs supported by the System Management Agent are listed in Supported MIBs.

SNMP Versions

The System Management Agent supports three SNMP protocols. Along with their associated RFCs, these protocols are:

SNMP v1

SNMP v1 is defined in RFC 1155 and 1157 at http://www.ietf.org/rfc/rfc1155.txt and http://www.ietf.org/rfc/rfc1157.txt

SNMP v2c

SNMP v2c is defined in RFC 1901 at http://www.ietf.org/rfc/rfc1901.txt

SNMP v3

SNMP v3 is defined in RFC 2570 at http://www.ietf.org/rfc/rfc2570.txt

These versions of SNMP supported by the System Management Agent can co-exist following the guidelines laid down in RFC 3584 at http://www.ietf.org/rfc/rfc3584.txt.

Some security models and other instances described in this manual do not support all versions of SNMP. Restrictions regarding which version of SNMP you can use are indicated in this book and in the relevant man pages. Restrictions are due in part to the enhanced packet structure of SNMPv3. The SNMPv3 packet structure is shown in Figure 1–1.

Figure 1–1 SNMPv3 Packet Structure

The packets outlined in Figure 1–1 are:

msgVersion

The SNMP version of the packet. Possible values are 1, 2, or, in the case of SNMPv3, 3.

msgID

Used to coordinate request and response messages between the manager and the agent. The msgID in a response must be the same as the msgID in a request.

msgMaxSize

Conveys the maximum size of a message that the sender can accept from another SNMP engine.

msgFlags

A single octet to indicate how the message is to be processed. For more information, see Where VACM Security Information Is Contained.

msgSecurityModel

Specifies the security model used to generate the message. For more information, see Where VACM Security Information Is Contained.

msgSecurityParameters

An octet string containing data about the security model. For more information, see Where VACM Security Information Is Contained.

scopedPDU

Contains the normal Protocol Data Unit (PDU) and information for identifying the administratively unique context for processing the PDU. For more information, see Where VACM Security Information Is Contained.

Structure of Management Information

The writing of MIBs is governed by a set of rules known as the Structure of Management Information, (SMI). This set of documents contains industry-accepted methods and rules for specifying the following information:

• The model of management information

• Types of management information

• Types of events

The System Management Agent uses SMIv2. SMIv2 instructs about organization object names so that logical access can occur. SMIv2 states that each managed object must have the following attributes:

A name

The name, an object identifier (OID), uniquely identifies the object. The assignment of an OID value to an object registers that object. For more information, see ISO Namespace Tree.

A syntax

The syntax defines the data type, such as an integer or a string of octets.

An encoding

The encoding describes how the information associated with the managed objects is serialized for transmission between machines.

Community String

In SNMP, one or several managers together with an agent is known as a community. SNMPv1 and v2c messages contain the name of a community, known as a community string. While SNMPv3 packets are associated to users specified in USM settings, SNMPv2 and v1 packets have an associated community string. The community string is an octet string variable used for the following checks:

• Identifying the requesting entity.

• Indicating the location of the requesting entity.

• Determining the MIB view information.

The VACM supported by the SMA elaborates on the community string model with a dynamic access control model. The dynamic access control model for SNMPv3 is explained in Using VACM for Access Control.

The com2sec token maps a community to an SNMPv3 security name, so that the community can use VACM views. For more information, see Chapter 4, Managing Security.

Overview of the System Management Agent

The System Management Agent implements RFC 3411 at http://www.ietf.org/rfc/rfc3411.txt. The SMA is a lightweight agent that uses SNMP protocols for the management of systems. The SMA provides a standardized SNMP agent infrastructure to the Solaris software. The SMA can be extended through the use of modules written to application programming interfaces and Agent X subagents. For information on extending modules in the System Management Agent, see Solaris System Management Agent Developer’s Guide. For information about AgentX, see http://www.ietf.org/rfc/rfc2741.txt.

The System Management Agent is designed to be a standalone agent. The SMA can be accessed by multiple management applications, provided that these management applications communicate with the SMA using SNMP protocols. The SMA can coexist with existing SNMP agents. The SMA replaces some legacy SNMP agents.

The SMA is a new SNMP agent offering from Sun, based on the Net-SNMP open source implementation version 5.0.9. This open source implementation is described at http://www.net-snmp.org/. This open source implementation was formerly known as UCD-SNMP. The System Management Agent is designed to support the latest SNMP standards.

In this Solaris release, the System Management Agent can co-exist with the Solstice Enterprise Agents^TM software. For more information about the Solstice Enterprise Agents software, see the Solstice Enterprise Agents 1.0 User Guide. From an SNMP manager view, the System Management Agent operates in the same way the Solstice Enterprise Agents software. Unlike the Solstice Enterprise Agents software, the System Management Agent supports SNMPv3. The System Management Agent supports more default MIBs than the Solstice Enterprise Agents software.

For information about migration from the Solstice Enterprise Agents to the System Management Agent, see Migration From Solstice Enterprise Agents Software. For information about migrating your applications from the Solstice Enterprise Agents to the System Management Agent, see the Solaris System Management Agent Developer’s Guide.

System Management Agent Components

The System Management Agent implements the agent component of standards relating to the SNMP management framework. Several standards that form part of this framework. These standards include the following:

• AgentX Protocol: industry standard mechanism, defined in RFC 2741 at: http://www.ietf.org/rfc/rfc2741.txt.

• USM: User based Security Model for authentication and privacy, defined in RFC 3414 at: http://www.ietf.org/rfc/rfc3414.txt. See also Using USM for Authentication and Message Privacy.

• VACM: View based Access Control Model for authorization, defined in RFC 3415 at: http://www.ietf.org/rfc/rfc3415.txt. See also Using VACM for Access Control.

For details of other associated RFCs, see Supported MIBs. The System Management Agent is configurable. Command line tools are provided to handle configuration as well as other simple SNMP operations. The System Management Agent can be extended through dynamic modules as well as Agent-X subagents. For more information, see Solaris System Management Agent Developer’s Guide.

The various packages that are included in the System Management Agent are outlined in Platforms and Packages.

The relationship of some of the components in the System Management Agent is illustrated by Figure 1–2.

Figure 1–2 Components of the System Management Agent

This diagram shows the inter-relationship of the message processor, dispatcher and the programs that handle OID registration, with security and authorization. The diagram depicts other SNMP agents interacting with the System Management Agent by means of a proxy. The diagram also shows that AgentX subagents interact with the System Management Agent through the AgentX protocol. For further information on AgentX, see Using the AgentX Protocol. For further information on the interaction of the components described in Figure 1–2, see Overview of the System Management Agent in Solaris System Management Agent Developer’s Guide.

ISO Namespace Tree

Every managed object, whether a device or the characteristics of a device, has a name, a syntax, and an encoding. The name, an object identifier (OID), uniquely identifies the object. The OID is written as a sequence of integers separated by periods. For example, the sequence 1.3.6.1.2.1.1.1.0 specifies the system description within the system group of the management subtree. The OID scheme was created partly by the ISO organization. The ISO organization gives its name to the rooted tree diagrams used to represent OID values. An ISO diagram of the overall System Management Agent is shown in Figure 1–3.

The OID for SMA is 1.3.6.1.4.1.42.2.2.4

This OID corresponds to the data:

iso.org.dod.internet.private.enterprises.sun.products.management.sma

Figure 1–3 ISO Namespace Tree Diagram

Supported MIBs

The System Management Agent supports the following MIBs

SNMP-COMMUNITY MIB

Defined in RFC 2576. See http://www.ietf.org/rfc/rfc2576.txt

SNMPv2-TM (Transport Mappings)

Defined in RFC 3417. See http://www.ietf.org/rfc/rfc3417.txt

SNMP-MPD-MIB (Message Processing and Dispatching)

Defined in RFC 3412. See http://www.ietf.org/rfc/rfc3412.txt

SNMP-TARGET-MIB (Specification of targets for traps)

Defined in RFC 3413. See http://www.ietf.org/rfc/rfc3413.txt

SNMP-NOTIFICATION-MIB (Trap filtering)

Defined in RFC 3413. See http://www.ietf.org/rfc/rfc3413.txt

SNMP-PROXY-MIB (Trap forwarding)

Defined in RFC 3413. See http://www.ietf.org/rfc/rfc3413.txt

SNMP-USER-BASED-SM-MIB (User-based Security Model for SNMPv3)

Defined in RFC 3414. See http://www.ietf.org/rfc/rfc3414.txt

SNMP-VIEW_BASED-ACM-MIB (View-based Access Control Model for SNMP)

Defined in RFC 3415. See http://www.ietf.org/rfc/rfc3415.txt

SNMPv2-MIB

Defined in RFC 3418. See http://www.ietf.org/rfc/rfc3418.txt

MIB II

Defined in RFC 1213. See http://www.ietf.org/rfc/rfc1213.txt

Host Resources MIB

Defined in RFC 2790. See http://www.ietf.org/rfc/rfc2790.txt

Sun MIB

Related to migration from the Solstice Enterprise Agents software. For further information, see Migration From Solstice Enterprise Agents Software. For information about the migration of applications from the Solstice Enterprise Agents software, see Chapter 10, Migration of Solstice Enterprise Agents to the System Management Agent, in Solaris System Management Agent Developer’s Guide.

You can see a list of those MIBs that are initialized after starting the System Management Agent by following the procedure described in To See Which MIBs Are Initialized.

You can see the text files of MIB definitions at /etc/sma/snmp/mibs/.