For STA to monitor libraries at your site, you must perform some configuration activities on the libraries and some on the STA server. This chapter describes activities performed on the libraries. You should complete the activities in this chapter before continuing to Chapter 6, "Configuring Library Connections in STA".
This chapter includes the following sections:
For general information about the SNMP implementation on the StorageTek libraries, see the StorageTek Modular Libraries SNMP Reference Guide.
Communication between STA and the libraries it monitors is through the Simple Network Management Protocol (SNMP). The libraries send data to STA through SNMP traps and informs, and STA retrieves library configuration data through SNMP get functions. In SNMP terms, STA is a client agent and each library is a server agent.
For optimal SNMP security, Oracle recommends using the SNMP v3 protocol for communication between STA and the libraries. The authentication, encryption, and message integrity features in SNMP v3 provide a secure mechanism for sending library data. SNMP v3 is also required for the STA media validation feature. (STA media validation is available for supported libraries only; see the STA Requirements Guide for details.)
This chapter describes the recommended SNMP v3 configuration. Depending on your site requirements, however, and if security is not a concern, you may choose to use the less secure SNMP v2c protocol for one or more libraries. See Appendix F, "Configuring SNMP v2c Mode" for SNMP v2c configuration instructions.
Note:
While the SNMP v3 protocol is used for SNMP traps and get functions, the initial communication handshake between a library and STA is always through the SNMP v2c protocol.On each library, you set up SNMP v3 communication between STA and each library by defining the library as an SNMP v3 user and the STA server as an SNMP v3 trap recipient. In addition, you must specify authorization and privacy mechanisms and passwords. For STA, the authorization method is always SHA (Secure Hash Algorithm), and the privacy method is always DES (Data Encryption Standard).
The initial communication handshake between a library and STA is always through the SNMP v2c protocol; therefore, you must define an SNMP v2c community string, even if you are using the recommended SNMP v3 protocol for SNMP communication.
The community string is a password or phrase you assign for the STA community. Following are requirements.
STA supports only one SNMP v2c community string. You must define the same community string on STA and on all libraries monitored by that STA instance.
Your libraries may already have one or more SNMP v2c community strings, and you can use one of these for STA; however, Oracle highly recommends defining a new, unique SNMP v2c community string for this purpose.
Oracle recommends not using the values "public" or "private" for the STA community string, as these values are well known and present a security risk. Oracle recommends using values that are not as easily discovered.
If a library includes a community string set to "public", do not remove it without first consulting Oracle Support; in some cases, a community string with this value is required for Oracle Service Delivery Platform (SDP).
The community string can only contain alphanumeric characters (a–z, A–Z, 0–9). Special characters are not allowed.
Following are requirements for the SNMP v3 user.
STA supports only one SNMP v3 user. You must define the same user on STA and on all libraries monitored by that STA instance.
Your libraries may already have one or more SNMP v3 users and you can use one of these for STA; however, Oracle highly recommends defining a new, unique SNMP v3 user for this purpose.
Oracle recommends not using the values "public" or "private" for the SNMP v3 username, as these values are well known and present a security risk. Oracle recommends using values that are not as easily discovered.
The username can only contain alphanumeric characters (a–z, A–Z, 0–9). Special characters are not allowed.
To define the SNMP v3 user, you must provide the following values. See Appendix C for a worksheet you can use to record the values you will use.
The STA server listens for traps sent by this user. It is also the SNMP v3 recipient name used when creating trap recipients. Must be the same on all libraries.
Authorization password you assign to the SNMP v3 user. Must be at least eight characters in length, and cannot contain commas (,), semicolons (;), or equal signs (=).
Privacy password you assign to the SNMP v3 user. Must be at least eight characters in length, and cannot contain commas (,), semicolons (;), or equal signs (=).
SNMP v2c user community string. Oracle recommends not using the values "public" or "private", as these values are well known and present a security risk. See "SNMP v2c Community String" for complete requirements.
The SNMP v2c trap community string. This field is used only if SNMP v2c is used for communication with the library and is ignored if you are using the recommended SNMP v3 protocol. Oracle recommends not using the values "public" or "private", as these values are well known and present a security risk. See "SNMP v2c Community String" for complete requirements.
Because the SNMP v3 protocol requires each SNMP device to have a globally unique engine ID, the STA server and the libraries each have their own engine IDs. In the case of SL8500 library complexes, each library in the complex also has its own SNMP agent, and therefore its own unique engine ID. The engine ID contains a maximum of 31 hexadecimal characters.
SNMP traps use the sender's engine ID; therefore, you must specify the library engine ID when you define STA as the SNMP v3 trap recipient.
Table 5-1 summarizes the process for configuring libraries to send proper SNMP data to STA. You must perform the tasks in the order listed, on each library you want STA to monitor.
Table 5-1 Tasks to Configure Libraries for STA
| Task | SL150 | SL500 | SL3000 | SL8500 |
|---|---|---|---|---|
|
Yes |
Yes |
Yes |
Yes |
|
|
Yes |
Yes |
Yes |
Yes |
|
|
Yes |
Yes |
Yes |
Yes |
|
|
Yes |
Yes |
Yes |
Yes |
|
|
"Retrieve the Library SNMP Engine ID (all libraries except SL150)" |
– |
Yes |
Yes |
Yes |
|
Yes |
Yes |
Yes |
Yes |
Note:
These procedures assume you are using the recommended SNMP v3 protocol for communication between STA and the libraries. See "Understanding Library SNMP Configuration for STA" for details.Note:
For SL500, SL3000, and SL8500 libraries, some tasks allow you to choose which interface to use—CLI or SL Console. For SL150 libraries, you must always use the browser-based user interface.Use this procedure to retrieve and record the library IP address, which you will use to configure the connection with the library.
For SL3000 and SL8500 libraries, choose the method to support either Redundant Electronics, Dual TCP/IP, or neither. See "Dual TCP/IP and Redundant Electronics (SL3000 and SL8500 only)" for details.
This procedure is performed using the SL Console or the SL150 browser-based interface.
SL500 IP Address
From the Tools menu, select System Detail.
In the navigation tree, select Library.
Select the Properties tab, then select the General tab.
The library IP address is listed under the Library Interface TCP/IP section.
Record the library IP address as the primary library IP address. (This address corresponds to the 1B port.)
SL3000 or SL8500 IP Addresses—Redundant Electronics Support
From the Tools menu, select System Detail.
In the navigation tree, select the Redundant Electronics folder.
If this folder is not listed, the Redundant Electronics feature is not available on the library.
In the Device State field, verify that one library controller shows Duplex: software ready, switch possible (this is the active card) and the other shows Standby: software ready (this is the standby card).
These statuses indicate that the controller cards are functioning normally. If you do not see these statuses, contact Oracle Support.
Expand the Redundant Electronics folder, and then select the active controller card.
Record the IP address of the 2B port.
Repeat Step 4 and Step 5 for the alternate (standby) controller card.
SL3000 or SL8500 IP Addresses—Dual TCP/IP Support
From the Tools menu, select System Detail.
In the navigation tree, select Library.
Select the Properties tab, then select the General tab.
The IP address information is displayed in the Host Interface TCP/IP 2B and Host Interface TCP/IP 2A sections.
Note:
If the library also includes the Redundant Electronics feature, the IP addresses displayed are for the active controller card only.Record the primary IP address (2B section) and secondary IP address (2A section).
SL3000 or SL8500 IP Addresses—Neither Dual TCP/IP Nor Redundant Electronics
From the Tools menu, select System Detail.
In the navigation tree, select Library.
Select the Properties tab, then select the General tab.
The IP address information is displayed in the Host Interface TCP/IP 2B section. There is no IP address information in the 2A section.
Record the IP address as the primary library IP address.
SL150 IP Address
In the navigation tree, select Configuration.
Select Settings, then select Network. The library IP address is displayed in the Network Port 1 Settings section. (The Network Port 2 Settings section is reserved for service use.)
Note:
The Configure IPxx field value must be Static. If it is not, click the Configure button, and then select Configure Network Settings to specify a static IP address.Use this procedure to enable SNMP on the library public port.
Using the library CLI
Depending on library model, use one of the following commands:
For SL3000 and SL8500 libraries, enable SNMP on port 2B. If the library includes the Dual TCP/IP feature, this command also enables SNMP on port 2A.
> snmp enable port2b
For SL500 libraries, enable SNMP on port 1B.
> snmp enable port1B
Using the SL Console (SL500 only)
From the Tools menu, select System Detail.
In the navigation tree, select Library.
Select the SNMP tab, then select the Port Control tab.
Complete the Port Control section as follows:
Port: Select Public (1B).
Command: Select Enable.
Click Apply.
Using the SL150 user interface
In the navigation tree, select SNMP.
If SNMP shows as disabled, select Enable SNMP.
In the confirmation window, click OK.
An SNMP v2c user is required for the initial handshake between the library and the STA server. See "SNMP v2c Community String" for complete requirements.
Using the library CLI (all libraries except SL150)
Establish a CLI session on the library.
Add the SNMP v2c user.
> snmp addUser version v2c community community_name
Where community_name is the SNMP v2c user community string. For example:
SL3000> snmp addUser version v2c community stasnmp
List the SNMP users to verify that the SNMP v2c user has been added correctly.
> snmp listUsers
...
Attributes Community stasnmp
Index 1
Version v2c
Object Snmp snmp
...
Using the SL Console (SL500 only)
Use the SL Console to log in to the library.
From the Tools menu, select System Detail.
In the navigation tree, select Library.
Select the SNMP tab and then the Add Users tab.
Complete the Add Users screen as follows:
Version: Select v2c.
Community: Specify the SNMP v2c user community string (for example, stasnmp).
Click Apply.
Using the SL150 user interface
Log in to the library.
In the navigation tree, select Settings.
Select the SNMP tab.
In the SNMP Users table, select Add SNMP User.
Complete the Add SNMP User screen as follows:
Version: Select v2c.
Community Name: Specify the SNMP v2c user community string (for example, stasnmp).
Click OK.
All SNMP traps and MIB (management information base) data are sent to the STA server through the SNMP v3 user. Note the user name and passwords you specify, as you will use this information when you define an SNMP v3 trap recipient.
Note the following configuration requirements:
The authorization method must be SHA (Secure Hash Algorithm), and the privacy method must be DES (Data Encryption Standard).
All libraries monitored by a single STA instance must have the same SNMP v3 user name. You should create a new, unique user for this purpose.
Authorization and privacy passwords must be at least eight characters in length, and cannot contain commas, semicolons, or equal signs.
Using the library CLI (all libraries except SL150)
Create an SNMP v3 user:
> snmp addUser version v3 name name auth SHA authPass auth_password priv DES privPass priv_password
Where:
name is the SNMP v3 user name
auth_password and priv_password are the authorization password and privacy password.
Note:
For SL3000 and SL8500 libraries, enclose all variables in single quotes (Example 5-1).List the SNMP users to verify that the SNMP v3 user has been added correctly.
> snmp listUsers
Using the SL Console (SL500 libraries only)
From the Tools menu, select System Detail.
In the navigation tree, select Library.
Select the SNMP tab, then select the Add Users tab.
Complete the Add Users tab as follows:
Version: Select v3.
UserName: The name of the SNMP v3 user.
Auth: Select SHA.
AuthPass: Specify an authorization password.
Priv: Select DES.
PrivPass: Specify a privacy password.
Click Apply.
Using the SL150 user interface
In the navigation tree, select SNMP.
In the SNMP Users section, select Add SNMP User.
For Version, select v3, and then complete the information as follows:
User Name: The name of the SNMP v3 user.
Authentication Protocol: Select SHA.
Authentication Passphrase: Specify an authorization password.
Privacy Protocol: Select DES.
Privacy Passphrase: Specify a privacy password.
Click OK.
Use this procedure to display the library's SNMP engine ID (for example, 0x81031f88804b7e542f49701753).
This procedure is performed using the library CLI.
Depending on the library model, use one of the following commands:
For SL3000 and SL8500 libraries:
> snmp engineId print
For SL500 libraries:
> snmp engineId
Save the engine ID to a text file for use in the remaining SNMP configuration tasks.
Use this procedure to define the STA server as an authorized recipient of SNMP traps, and to define the traps that the library will send.
Note the following configuration requirements:
To avoid duplicate records, do not define the STA server as a trap recipient in multiple instances. For example, do not create both an SNMP v3 and SNMP v2c trap recipient definition for the STA server.
Trap levels 13 (Test Trap) and 14 (Health Trap) are new for STA 2.0.x. Trap level 4 may not be supported by older library firmware versions; however, it can always be specified when creating a trap recipient.
Using the library CLI (all libraries except SL150)
Create an SNMP v3 trap recipient. Separate the trap levels with commas.
> snmp addTrapRecipient trapLevel 1,2,3,4,11,13,14,21,25,27,41,45,61,63,65,81,85,100 host STA_server_IP version v3 name recipient_name auth SHA authPass auth_password priv DES privPass priv_password engineId library_engineID
Where:
STA_server_IP is the IP address of the STA server.
recipient_name is the SNMP user name you created in "Create an SNMP v3 User".
auth_password and priv_password are the authorization and privacy passwords you created in "Create an SNMP v3 User".
library_engineID is the library engine ID you displayed in "Retrieve the Library SNMP Engine ID (all libraries except SL150)", including the 0x prefix.
Note:
For SL3000 and SL8500 libraries, enclose recipient_name, auth_password, and priv_password in single quotes (Example 5-3).List the trap recipients, and verify the recipient has been added correctly.
> snmp listTrapRecipients
Using the SL Console (SL500 libraries only)
From the Tools menu, select System Detail.
In the navigation tree, select Library.
Select the SNMP tab, then select the Add Trap Recipients tab.
Complete the Trap Recipients screen fields as follows:
Host: The IP address of the STA server.
TrapLevel—Comma-separated list of trap levels the library should send to STA: 1,2,3,4,11,13,14,21,25,27,41,45,61,63,65,81,85,100.
Version—Select v3.
TrapUserName: SNMP user name you created in "Create an SNMP v3 User".
Auth—Select SHA.
AuthPass—Authorization password you created in "Create an SNMP v3 User".
Priv—Select DES.
PrivPass—Privacy password you created in "Create an SNMP v3 User".
EngineID—Library engine ID you displayed in "Retrieve the Library SNMP Engine ID (all libraries except SL150)". Do not enter the 0x prefix.
Click Apply.
Using the SL150 user interface
In the navigation tree, select SNMP.
In the SNMP Trap Recipients section, select Add Trap Recipient.
Complete the fields as follows:
Host Address—IP address of the STA server.
Trap Level—Comma-separated list of trap levels the library should send to STA: 1,2,3,4,11,13,14,21,25,27,41,45,61,63,65,81,85,100.
Version—Select v3.
Trap User Name—SNMP user name you created in "Create an SNMP v3 User".
Authentication Protocol—Select SHA.
Authentication Passphrase—Authorization password you created in "Create an SNMP v3 User".
Privacy Protocol—Select DES.
Privacy Passphrase—Privacy password you created in "Create an SNMP v3 User".
Engine ID—This field will be supplied automatically. Do not modify the value.
Click OK.